To allow other users to access a
procedure, you grant EXECUTE privileges on the procedure or package.
Object Privilege Data Dictionary Views
A number of data dictionary views contain information about object privileges assigned to users.
Table 9-10 lists the most important views containing object privilege information.
Creating, Assigning, and Maintaining Roles
A role is a named group of privileges, either system privileges or object privileges or a combination
of the two, that helps to ease the administration of privileges. Rather than granting system or
object privileges individually to each user, you can grant the group of system or object privileges
to a role, and in turn the role can be granted to the user instead. This reduces tremendously the
amount of administrative overhead involved in maintaining privileges for users. Figure 9-6 shows
how a role can reduce the number of grant commands (and ultimately revoke commands) that
need to be executed when roles are used to group privileges.
If the privileges for a group of people authorized by a role need to change, only the privileges
of the role need to be changed, and the capabilities of the users with that role automatically use
the new or changed privileges. Roles may selectively be enabled by a user; some roles may
automatically be enabled at login. In addition, passwords can be used to protect a role, adding
another level of authentication to the capabilities in the database.
Pages:
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512