Books for you

Once a user has successfully logged into the database, that user??™s access is restricted
based on privileges, which are the rights to execute certain SQL commands. Some
privileges may be granted systemwide (such as the ability to delete rows anywhere in
the database), while others may apply only to a specific schema object in the database
(such as the ability to delete rows in a specific table).
Security | 141
Roles are named groups of privileges and may be created, altered, or dropped. In
most implementations, the DBA or security administrator creates usernames for
users and assigns roles to specific users, thereby granting them a set of privileges.
This is most commonly done today through the Oracle Enterprise Manager (EM)
console, described in Chapter 5. For example, youmight grant a role to provide
access to a specific set of applications, such as ???Human Resources,??? or you might
define multiple roles so that users assigned a certain role can update hourly pay in
the Human Resources applications, while users assigned other roles cannot.


Pages:
294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318