반응형

설치하기는 yum을 통해 방법이 많으니 참고하시면 좋습니다.

 

/etc/samba/smb.conf 파일 내역

 

# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

# 최초 방화벽
# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload
#
# selinux 보안 추가(존재시)
# setsebool -P samba_enable_home_dirs on
# chcon -t samba_share_t /SAMBA
#

# 삼바가 사용할 공통 설정
[global]

# 캐릭터셋
        unix charset = UTF-8
        dos charset = CP949

# 긴 파일명이 깨지는것 방지
        mangled names = no
        vfs objects = catia
        catia:mappings = 0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6


# 작업 그룹명
        workgroup = WORKGROUP

# 인증 지정방식(user : 아이디 비번, share : no 인증, server : 별도 인증서버,  domain : 윈도우 NT 계열의 도메인 컨트롤러)
        security = user

# 특정 IP 대역만 허용
#        hosts allow = 192.168.10.
        passdb backend = tdbsam

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw

# 설정 추가시 (systemctl restart smb / systemctl restart nmb)
# 공유 폴더명
[제안(2019)]

        # 주석
        comment = 제안(2019) 

        # 2019년 9월 01 번째 제안서(mkdir 을 통해 생성)
        path = /SAMBA/201909_01
        public = yes

        # 쓰기 여부
        writable = yes

        # 유효한 사용자 ( useradd test1 ->  passwd test1 -> smbpasswd -a  test1 )
        #valid users = test1 test2 
        # groupadd 201909_01 / usermod -G 201909_01 test1
        valid users = @201909_01
 
        # 작성시 파일 권한 (기본 0777)
        create mask = 0777

        # 생성될 폴더 권한 수준 (기본 0777)
        directory mask = 0777
 

[public]
        path = /SAMBA/public
        writable = yes
        public = yes

        # 브라우저블
        browsable = yes

        # GUEST 가능
        guest ok = yes
        # guest only = yes
        create mask = 0777
        directory mask = 0777

반응형

'OS > Linux' 카테고리의 다른 글

Centos 모니터링 쉘 모음  (0) 2019.12.05
vimrc 공통 환경 설정  (1) 2019.12.03
vi 색상 표기  (0) 2019.05.08
CENTOS 7에 XRDP 설치하기  (0) 2017.08.26
리눅스 백업 및 복구  (0) 2013.01.25
반응형


11버전 설치했는데...

아래와 같이 설치후

부트로더 화면에서 e 키를 눌러 직접 수정해 줘야 했다.. -_-

제길슨...

root 패스워드 변경

sudo passwd root

일케 함..-_-

패키지 설치는...

http://packages.ubuntu.com 

검색하여 설치가능함 ~

출처 :  http://blog.naver.com/PostView.nhn?blogId=hseok74&logNo=120108619514&viewDate=&currentPage=1&listtype=0 


삼성 매직스테이션 (DM-V75)에 우분투 설치하기

 

삼성 매직스테이션에 리눅스 설치만 하면 부팅이 되다가 입력이 모두 홀드되어 아무것도 할수 없는 상태가 된다.

이것을 해결하기 위해서 다음과 같은 작업을 진행했고, 아래 링크를 참조했다.

 

참조사이트 : http://onthebeginningway.blogspot.com/2009/09/ubuntu-install-on-samsung-desktopdm-v75.html

 

1. 9.10 우분투 CD를 삽입하고 전원을 켠다.

2. "하드디스크 변경없이 우분투 사용" 에 선택 바를 놓고, F6, F8키를 누른다.

3. 부트 옵션 맨 앞쪽에 다음과 같이 추가하고 엔터를 친다.

   'acpi=off noapic pnpbios=off irqpoll'
4. 우분트가 뜨고, 설치를 시작

5. 설치가 끝나면 "계속사용" or "리부팅" 에서 "계속 사용"을 선택한다.

6. 우분트가 설치된 "/" 파티션을 찾아서 마운트 한다.

7. 'sudo vi <ROOT_PARTITION>/boot/grub/grub.cfg'를 하고 아래와 같이 3번 사항을 추가 한다.

<중략>

 ### BEGIN /etc/grub.d/10_linux ###
menuentry "Ubuntu, Linux 2.6.31-14-generic" {
        recordfail=1
        if [ -n ${have_grubenv} ]; then save_env recordfail; fi
        set quiet=1
        insmod ext2
        set root=(hd0,5)
        search --no-floppy --fs-uuid --set 8fb53ee5-0550-436f-afca-842b73d31ab4
        linux   /boot/vmlinuz-2.6.31-14-generic root=UUID=8fb53ee5-0550-436f-afca-842b73d31ab4 ro acpi=off noapic pnpbios=off irqpoll  quiet splash
        initrd  /boot/initrd.img-2.6.31-14-generic
}
menuentry "Ubuntu, Linux 2.6.31-14-generic (recovery mode)" {
        recordfail=1
<중략>

8. 루트 파티션 언마운트 후에 재부팅한다.

9. 재 부팅후에 잘 사용한다.(끝)

 

위 4개의 옵션이 모두 필요한지 모르겠다.

몇시간을 삽질한 것인지... 쩝

[출처] 삼성 매직스테이션(DM-V75)에 우분투 9.10 설치하기|작성자 땅콩과별

반응형
저작자표시

'OS > Linux' 카테고리의 다른 글

CENTOS 7에 XRDP 설치하기  (0) 2017.08.26
리눅스 백업 및 복구  (0) 2013.01.25
rkhunter (리눅스 침입 탐지 사용하기)  (1) 2010.10.14
ps auxc 와 ps aux 결과 비교하기  (0) 2010.01.21
AWK & SED chunk_1  (0) 2010.01.21
반응형

VistaUACMaker.zip




GUI 모드 사용법

In just 3 steps, your application will be ready to run on Vista/Win7

  • Select the application using browse button.
  • Set one of the privilege required for your application from selection box.
  • Check the "Yes" button if your application interacts with high privilege applications.
Once you have made the settings, click on "Make It" button. Now your application will automatically run as per the privilege set rather than usual "standard user" account.
 












콘솔 모드 사용법

Console tool makes it easy to automate the process. For example you can use it as post build step to make the application Vista/Win7 UAC compliant. Here is the typical usage information.
 
VistaUACMakerConsole [-d <description>] [-p <priv level>] [-ui] {exe_path}

Options:
   -d  Description of the project ( Default : My project )
   -p  Privilege level required. possible values : admin, invoker, highest
       admin = administrator
       invoker = same as parent process
       highest = Highest possible level for the user
   -ui Specify if the executable interacts with higher windows.
       (Default action is not to set this flag)

Example:
    VistaUACMakerConsole -d "Vista project" -p admin "c:\project.exe"
 























주소 : http://securityxploded.com/downloadfile.php?id=8111

반응형
저작자표시

'UTILITY' 카테고리의 다른 글

토드 초기화 하기  (0) 2011.03.28
파수 관련 autoit 작성 코드  (0) 2011.03.10
별표시 되는 암호 필드 값 조회 프로그램  (0) 2011.02.17
TCO Stream 제거  (0) 2011.02.16
파일 또는 폴더의 락 풀기"Unlocker Portable" v1.9.0 포터블  (0) 2011.02.08
반응형


시대가 바뀌어도 변하지 않는 건 보안이란 이슈가 아닐까? 전자문서에서도 일반 문서와 기밀 문서 등 기업의 중요한 정보를 담고 있기 때문에 늘 보안이 관심의 대상이 될 수밖에 없다. Acrobat 9가 출시되면서 256비트의 강력한 암호화 기능과 민감한 정보를 쉽게 삭제할 수 있는 교정(redaction) 기능이 업그레이드 되어 사용자들의 관심이 집중되고 있다. 또한 전사적으로 사용할 수 있는 다양한 보안 기능을 적용할 수 있는 Adobe Livecycle Rights Management ES로 업무에 활용할 수 있는 다양한 보안 패턴을 살펴보도록 하자.

글. 홍성원 | 한국어도비시스템즈 박규언 | 피라니아 대표

Acrobat 9의 보안 기능 중 가장 눈에 띄는 부분은 AES(Advanced Encryption Standard) 256비트 암호화 지원과 패턴 기반 교정(redaction) 기능에 대한 지원이다. AES는 미국 정부에서 암호화 표준으로 지정한 이후 전세계에서 널리 사용되고 있는 암호화 표준이다.
Acrobat 9부터 AES 256 비트 암호화를 지원하므로 PDF 문서에 AES 암호화에서 가장 강력한 256비트 암호화를 적용할 수 있다.




교정 기능은 문서에서 보안상 민감한 정보를 삭제하는 기능으로 Acrobat 8 버전부터 제공된 기능인데, Acrobat 9에서는 패턴 기반 교정 기능이 추가되어 삭제하고자 하는 정보가 반복적인 패턴을 가진 경우 훨씬 더 편리하게 적용할 수 있다.

교정 기능은 Acrobat 9 Pro 또는 Acrobat 9 Pro Extended 버전에서 제공되며 ‘고급 ? 검색 및 교정’을 선택하면 패턴 기반 교정을 실행할 수 있는 창이 실행된다.
Acrobat에서는 ‘전화번호, 신용카드, 사회 보장 번호(미국), 전자 메일 주소, 날짜’의 다섯 가지 패턴을 기본으로 제공하는데, 이러한 패턴은 정규식(Regular expression)을 사용해 사용자가 자유롭게 추가할 수 있으므로 반복되는 패턴을 가진 정보를 삭제해야 하는 경우 매우 유용한 기능이다.

패턴을 추가하는 방법은 튜토리얼에 영문으로 자세하게 나와 있는데, 영문 튜토리얼을 참고해 주민등록번호 패턴을 추가하는 방법을 살펴보도록 하겠다.(참고로 예제에서 사용한 주민등록번호 정규식은 하나의 예제일 뿐 주민등록번호 정규식은 다양한 형태로 표현될 수 있으니 예제에 제공된 정규식은 참고로 하고 정규식에 대한 서적과 자료를 참고해 자신이 원하는 정규식으로 변형해 사용하면 된다)



교정 기능을 위해 주민등록 번호 패턴을 추가하는 방법

1. Acrobat 프로그램을 종료한 후 아래 위치에서 교정 패턴 파일을 찾아 백업 파일을 만든다(백업을 위해 SearchRedactPatterns.xml을SearchRedactPatterns.bak라는 이름으로 저장한다).

Win XP
\ Documents and Settings\
Application Data\
Adobe\ Acroba\t 9.0\ Preferences\ Redaction\
SearchRedactPatterns.xml

Win Vista
\ Users\ \ AppData\ Roaming\ Adobe\ Acrobat 9.0
\ Preferences\ Redaction\ \ SearchRedactPatterns.xml

Mac Intel
/Users//Library/Preferences/
Acrobat/9.0_x86/
Redaction//SearchRedactPatterns.xml

Mac PPC
/Users//LibraryPreferences/ Acrobat/9.0/
Redaction/SearchRedactPatterns.xml

2. SearchRedactPatterns.xml을 메모장에서 열어 마지막 라인인 바로 앞에 다음 내용을 추가한다.


주민등록번호


(\d{6})[\-|\s]+([1|2|3|4]\d{6})


대한민국 주민등록번호 유형입니다.
예 : 780106-1388000



3. SearchRedactPatterns.xml 파일을 저장한다.

4. Acrobat을 실행한 후 “고급 ⇨ 검색 및 교정” 메뉴를 선택해 아래 그림과 같이 주민등록번호 패턴이 나오는지 확인한다.		  

<그림 1> 주민등록번호 패턴이 추가된 상태



<그림 2> 패턴 기반 교정 기능을 적용해 주민등록번호를 삭제한 문서의 예

<참고> 정규식 (Regular expression)
정규식(Regular expression)은 특정한 규칙을 가진 문자열 집합을 표현하기 위한 표현식으로 프로그래밍 언어나 텍스트 편집기에서 형식에 맞는 표현이 입력되었는지를 검사하거나 문자열을 검색 및 치환할 때 범용적으로 사용되는 표현식이다.
위 예제에서 주민등록번호 패턴을 정의하는데 사용된 정규식 구문의 의미는 다음과 같다.



예제에서 사용된 구문 이외에도 정규식에서는 매우 다양한 구문을 제공하므로 정규식을 활용하여 정의할 수 있는 패턴은 무궁무진하다. 참고로 정규식에 대한 정보는 웹이나 서적으로 매우 다양하게 나와왔으므로 쉽게 검색할 수 있으며 위 영문 튜토리얼에 소개되어 있는 RegexBuddy 등의 상용 소프트웨어를 사용하면 정규식 구문에 대한 지식없이도 원하는 정규식을 쉽게 만들 수 있다.




업무를 수행하면서 작성되는 각종 문서들은 널리 알려야 하는 정보를 포함하고 있는 일반 문서부터 상대방에게 알려지면 업무에 타격을 줄 수 있는 제한된 정보들도 있으며, 업무의 생명주기에 맞추어져서 문서 또한 생성, 변경, 폐기를 반복하는 유기적인 형태라 할 수 있다.

어도비에서는 Acrobat과 함께 문서 보안을 위한 서버 제품군도 갖추고 있다. 바로 Adobe LiveCycle Rights Management ES(이하 LC)이다. 특히 LC를 통해 진행할 수 있는 3가지 편의성을 보면 다음과 같다.





LC에서는 Acrobat과 같은 인터페이스를 제공해 MS 오피스 문서를 직접 제어해 변경/출력불가/폐기 등과 같은 문서 사용에 대한 권한을 부여할 수 있다. 따라서 MS 오피스 문서를 통해 저작 작업을 하거나 3D 모델링 도구인 CATIA의 문서를 저작과 동시에 제공된 플러그인 을 통해 문서를 암호화해서 저장할 수 있다.

또한 PTC Pro/Engineer WildFire4(Pro/E) 제품들은 자체 CAD 문서를 직접 보안할 수 있는 기능이 있는데, LC와 Acrobat 9 Pro Extended를 통해 제조업체에서는 제품 디자인 단계의 산출물이나 제품 제조 설명서 등과 같이 3D CAD의 내용을 그대로 살리면서 협력업체와 보안이 적용된 문서를 주고 받을 수 있다. <그림 1>


<그림 1> MS 파워포인트에 LC의 플러그인이 적용되어 저작 작업과 동시에 보안적용을 할 수 있다




LC는 미리 만들어 놓거나 동적으로 생성되는 정책(LC에서의 정책이란 문서의 보안설정과 권한이 부여된 사용자목록의 포함하고 있는 모음)이라는 것을 통해서 문서의 권한을 통제한다. 정책에는 사용자나 사용자 그룹별로 별도의 권한정책을 부여할 수 있다.

이에 LC에서는 보안정책을 정책이라는 묶음으로 정의해서 <그림 2>와 같이 하나의 문서에 조직 내부의 그룹이나 사용자별로 별도의 권한을 부여 할 수 있다.

따라서 실생활과 유사하게 배포자는 조직 내의 보안 규정이나 개인적인 취향에 따라 지금 저작되는 문서는 어떤 정책 묶음(Policy)에 의해 통제되는 문서인지만 인지하고 보안을 적용하면 혹여 발생할지 모르는 보안 적용의 위험에서 벗어날 수 있다.


<그림 2> LC의 정책 생성 중 사용자별 권한 설정




전자문서가 LC로 정책을 부여 받으면, 이 문서는 internal/external 환경에 있던지 혹은 개인 PC에 있다고 하더라도 LC의 통제하에 있다고 볼 수 있다.
누가 언제 문서를 열람하거나 출력하더라도 감사로그에 기록이 되며, 필요하다면 다른 배포정책으로 변경하거나, 즉시 문서를 폐기할 수 있다.

LC에서는 정책이 적용된 A 문서는 상대방이 문서를 열어봤는지, 출력을 했는지에 대한 정보부터 전달되어진 문서를 온라인상에서 간단히 폐기시킬 수 있다. 또한 문서가 변경되어 예전의 문서는 더 이상 정보로서 가치가 없을때 폐기와 동시에 새로운 문서를 지정해주면 비록 예전의 문서를 가지고 있는 열람자라고 하더라도 새로운 문서를 다운받을 수 있는 기능을 제공해 준다.


 
출처 : http://www.acrobatpdf.com/tip/detail_02.asp?id=33&gotopage=3&code=
반응형
저작자표시

'UTILITY > Acrobat' 카테고리의 다른 글

[배포와수집]양식 데이터 필드 설정  (0) 2010.03.09
전문가가 추천하는 ‘애크로뱃9′ 9대 기능  (0) 2010.03.09
제4과 : PDF 파일 주석 달기  (0) 2010.03.09
PDF를 이용하여 웹처럼 서비스 신청하기  (0) 2010.03.09
제3과 : PDF 파일 작업하기  (0) 2010.03.09
반응형

출처 : 오라클 사이트

http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_9013.htm#SQLRF01603

GRANT

Purpose

Use the GRANT statement to grant:

  • System privileges to users and roles.

  • Roles to users and roles. Both privileges and roles are either local, global, or external. Table 18-1 lists the system privileges (organized by the database object operated upon). Table 18-2 lists Oracle Database predefined roles.

  • Object privileges for a particular object to users, roles, and PUBLIC. Table 18-3 summarizes the object privileges that you can grant on each type of object. Table 18-4 lists object privileges and the operations that they authorize.

Notes on Authorizing Database Users You can authorize database users through means other than the database and the GRANT statement.

  • Many Oracle Database privileges are granted through supplied PL/SQL and Java packages. For information on those privileges, please refer to the documentation for the appropriate package.

  • Some operating systems have facilities that let you grant roles to Oracle Database users with the initialization parameter OS_ROLES. If you choose to grant roles to users through operating system facilities, then you cannot also grant roles to users with the GRANT statement, although you can use the GRANT statement to grant system privileges to users and system privileges and roles to other roles.

See Also:

Additional Topics

Prerequisites

To grant a system privilege, you must either have been granted the system privilege with the ADMIN OPTION or have been granted the GRANT ANY PRIVILEGE system privilege.

To grant a role, you must either have been granted the role with the ADMIN OPTION or have been granted the GRANT ANY ROLE system privilege, or you must have created the role.

To grant an object privilege, you must own the object, or the owner of the object must have granted you the object privileges with the GRANT OPTION, or you must have been granted the GRANT ANY OBJECT PRIVILEGE system privilege. If you have the GRANT ANY OBJECT PRIVILEGE, then you can grant the object privilege only if the object owner could have granted the same object privilege. In this case, the GRANTOR column of the DBA_TAB_PRIVS view displays the object owner rather than the user who issued the GRANT statement.

Syntax

grant::=

Description of grant.gif follows
Description of the illustration grant.gif

(grant_system_privileges::=, grant_object_privileges::=)

grant_system_privileges::=

Description of grant_system_privileges.gif follows
Description of the illustration grant_system_privileges.gif

(grantee_clause ::=)

grant_object_privileges::=

Description of grant_object_privileges.gif follows
Description of the illustration grant_object_privileges.gif

(on_object_clause ::=, grantee_clause ::=)

on_object_clause ::=

Description of on_object_clause.gif follows
Description of the illustration on_object_clause.gif

grantee_clause ::=

Description of grantee_clause.gif follows
Description of the illustration grantee_clause.gif

Semantics

grant_system_privileges

Use these clauses to grant system privileges.

system_privilege

Specify the system privilege you want to grant. Table 18-1 lists the system privileges, organized by the database object operated upon.

  • If you grant a privilege to a user, then the database adds the privilege to the user's privilege domain. The user can immediately exercise the privilege.

  • If you grant a privilege to a role, then the database adds the privilege to the privilege domain of the role. Users who have been granted and have enabled the role can immediately exercise the privilege. Other users who have been granted the role can enable the role and exercise the privilege.

    See Also:

    Granting a System Privilege to a User: Example and "Granting System Privileges to a Role: Example"

  • If you grant a privilege to PUBLIC, then the database adds the privilege to the privilege domains of each user. All users can immediately perform operations authorized by the privilege.

Oracle Database provides the ALL PRIVILEGES shortcut for granting all the system privileges listed in Table 18-1, except the SELECT ANY DICTIONARY privilege.

role

Specify the role you want to grant. You can grant an Oracle Database predefined role or a user-defined role. Table 18-2 lists the predefined roles.

  • If you grant a role to a user, then the database makes the role available to the user. The user can immediately enable the role and exercise the privileges in the privilege domain of the role.

  • If you grant a role to another role, then the database adds the privilege domain of the granted role to the privilege domain of the grantee role. Users who have been granted the grantee role can enable it and exercise the privileges in the granted role's privilege domain.

  • If you grant a role to PUBLIC, then the database makes the role available to all users. All users can immediately enable the role and exercise the privileges in the privilege domain of the role.

    See Also:

    "Granting a Role to a Role: Example" and CREATE ROLE for information on creating a user-defined role

IDENTIFIED BY Clause

Use the IDENTIFIED BY clause to specifically identify an existing user by password or to create a nonexistent user. This clause is not valid if the grantee is a role or PUBLIC. If the user specified in the grantee_clause does not exist, then the database creates the user with the password and with the privileges and roles specified in this clause.

See Also:

CREATE USER for restrictions on usernames and passwords

WITH ADMIN OPTION

Specify WITH ADMIN OPTION to enable the grantee to:

  • Grant the role to another user or role, unless the role is a GLOBAL role

  • Revoke the role from another user or role

  • Alter the role to change the authorization needed to access it

  • Drop the role

If you grant a system privilege or role to a user without specifying WITH ADMIN OPTION, and then subsequently grant the privilege or role to the user WITH ADMIN OPTION, then the user has the ADMIN OPTION on the privilege or role.

To revoke the ADMIN OPTION on a system privilege or role from a user, you must revoke the privilege or role from the user altogether and then grant the privilege or role to the user without the ADMIN OPTION.

See Also:

"Granting a Role with the Admin Option: Example"

grantee_clause

TO grantee_clause identifies users or roles to which the system privilege, role, or object privilege is granted.

Restriction on Grantees A user, role, or PUBLIC cannot appear more than once in TO grantee_clause.

PUBLIC Specify PUBLIC to grant the privileges to all users.

Restrictions on Granting System Privileges and Roles Privileges and roles are subject to the following restrictions:

  • A privilege or role cannot appear more than once in the list of privileges and roles to be granted.

  • You cannot grant a role to itself.

  • You cannot grant a role IDENTIFIED GLOBALLY to anything.

  • You cannot grant a role IDENTIFIED EXTERNALLY to a global user or global role.

  • You cannot grant roles circularly. For example, if you grant the role banker to the role teller, then you cannot subsequently grant teller to banker.

grant_object_privileges

Use these clauses to grant object privileges.

object_privilege

Specify the object privilege you want to grant. You can specify any of the values shown in Table 18-3. See also Table 18-4.

Restriction on Object Privileges A privilege cannot appear more than once in the list of privileges to be granted.

ALL [PRIVILEGES]

Specify ALL to grant all the privileges for the object that you have been granted with the GRANT OPTION. The user who owns the schema containing an object automatically has all privileges on the object with the GRANT OPTION. The keyword PRIVILEGES is provided for semantic clarity and is optional.

column

Specify the table or view column on which privileges are to be granted. You can specify columns only when granting the INSERT, REFERENCES, or UPDATE privilege. If you do not list columns, then the grantee has the specified privilege on all columns in the table or view.

For information on existing column object grants, query the USER_, ALL_, or DBA_COL_PRIVS data dictionary view.

See Also:

Oracle Database Reference for information on the data dictionary views and "Granting Multiple Object Privileges on Individual Columns: Example"

on_object_clause

The on_object_clause identifies the object on which the privileges are granted. Directory schema objects and Java source and resource schema objects are identified separately because they reside in separate namespaces.

If you can make this grant only because you have the GRANT ANY OBJECT PRIVILEGE system privilege--that is, you are not the owner of object, nor do you have object_privilege on object WITH GRANT OPTION--then the effect of this grant is that you are acting on behalf of the object owner. The *_TAB_PRIVS data dictionary views will reflect that this grant was made by the owner of object.

See Also:

WITH GRANT OPTION

Specify WITH GRANT OPTION to enable the grantee to grant the object privileges to other users and roles.

Restriction on Granting WITH GRANT OPTION You can specify WITH GRANT OPTION only when granting to a user or to PUBLIC, not when granting to a role.

WITH HIERARCHY OPTION

Specify WITH HIERARCHY OPTION to grant the specified object privilege on all subobjects of object, such as subviews created under a view, including subobjects created subsequent to this statement.

This clause is meaningful only in combination with the SELECT object privilege.

object Specify the schema object on which the privileges are to be granted. If you do not qualify object with schema, then the database assumes the object is in your own schema. The object can be one of the following types:

  • Table, view, or materialized view

  • Sequence

  • Procedure, function, or package

  • User-defined type

  • Synonym for any of the preceding items

  • Directory, library, operator, or indextype

  • Java source, class, or resource

You cannot grant privileges directly to a single partition of a partitioned table.

See Also:

"Granting Object Privileges on a Table to a User: Example", "Granting Object Privileges on a View: Example", and "Granting Object Privileges to a Sequence in Another Schema: Example"

DIRECTORY directory_name Specify a directory schema object on which privileges are to be granted. You cannot qualify directory_name with a schema name.

See Also:

CREATE DIRECTORY and "Granting an Object Privilege on a Directory: Example"

JAVA SOURCE | RESOURCE The JAVA clause lets you specify a Java source or resource schema object on which privileges are to be granted.

See Also:

CREATE JAVA

Listings of System and Object Privileges

Note:

When you grant a privilege on ANY object, such as CREATE ANY CLUSTER, the result is determined by the value of the O7_DICTIONARY_ACCESSIBILITY initialization parameter. By default, this parameter is set to FALSE, so that ANY privileges give the grantee access to that type of object in all schemas except the SYS schema. If you set O7_DICTIONARY_ACCESSIBILITY to TRUE, then the ANY privileges also give the grantee access, in the SYS schema, to all objects except Oracle Scheduler objects. For security reasons, Oracle recommends that you use this setting only with great caution.

Table 18-1 System Privileges

System Privilege Name Operations Authorized

Advisor Framework Privileges: All of the advisor framework privileges are part of the DBA role.

--

ADVISOR

Access the advisor framework through PL/SQL packages such as DBMS_ADVISOR and DBMS_SQLTUNE.

Please refer to PL/SQL Packages and Types Reference for information on these packages.

ADMINISTER SQL TUNING SET

Create, drop, select (read), load (write), and delete a SQL tuning set owned by the grantee through the DBMS_SQLTUNE package.

ADMINISTER ANY SQL TUNING SET

Create, drop, select (read), load (write), and delete a SQL tuning set owned by any user through the DBMS_SQLTUNE package.

CREATE ANY SQL PROFILE

Accept a SQL Profile recommended by the SQL Tuning Advisor, which is accessed through Enterprise Manager or by the DBMS_SQLTUNE package.

DROP ANY SQL PROFILE

Drop an existing SQL Profile.

ALTER ANY SQL PROFILE

Alter the attributes of an existing SQL Profile.

CLUSTERS:

--

CREATE CLUSTER

Create clusters in the grantee's schema.

CREATE ANY CLUSTER

Create a cluster in any schema. Behaves similarly to CREATE ANY TABLE.

ALTER ANY CLUSTER

Alter clusters in any schema.

DROP ANY CLUSTER

Drop clusters in any schema.

CONTEXTS:

--

CREATE ANY CONTEXT

Create any context namespace.

DROP ANY CONTEXT

Drop any context namespace.

DATABASE:

--

ALTER DATABASE

Alter the database.

ALTER SYSTEM

Issue ALTER SYSTEM statements.

AUDIT SYSTEM

Issue AUDIT statements.

DATABASE LINKS:

--

CREATE DATABASE LINK

Create private database links in the grantee's schema.

CREATE PUBLIC DATABASE LINK

Create public database links.

DROP PUBLIC DATABASE LINK

Drop public database links.

DEBUGGING:

--

DEBUG CONNECT SESSION

Connect the current session to a debugger.

DEBUG ANY PROCEDURE

Debug all PL/SQL and Java code in any database object. Display information on all SQL statements executed by the application.

Note: Granting this privilege is equivalent to granting the DEBUG object privilege on all applicable objects in the database.

DIMENSIONS:

--

CREATE DIMENSION

Create dimensions in the grantee's schema.

CREATE ANY DIMENSION

Create dimensions in any schema.

ALTER ANY DIMENSION

Alter dimensions in any schema.

DROP ANY DIMENSION

Drop dimensions in any schema.

DIRECTORIES:

--

CREATE ANY DIRECTORY

Create directory database objects.

DROP ANY DIRECTORY

Drop directory database objects.

INDEXTYPES:

--

CREATE INDEXTYPE

Create an indextype in the grantee's schema.

CREATE ANY INDEXTYPE

Create an indextype in any schema and create a comment on an indextype in any schema.

ALTER ANY INDEXTYPE

Modify indextypes in any schema.

DROP ANY INDEXTYPE

Drop an indextype in any schema.

EXECUTE ANY INDEXTYPE

Reference an indextype in any schema.

INDEXES:

--

CREATE ANY INDEX

Create in any schema a domain index or an index on any table in any schema.

ALTER ANY INDEX

Alter indexes in any schema.

DROP ANY INDEX

Drop indexes in any schema.

JOB SCHEDULER OBJECTS:

The following privileges are needed to execute procedures in the DBMS_SCHEDULER package.

CREATE JOB

Create jobs, schedules, or programs in the grantee's schema.

CREATE ANY JOB

Create, alter, or drop jobs, schedules, or programs in any schema.

Note: This extremely powerful privilege allows the grantee to execute code as any other user. It should be granted with caution.

CREATE EXTERNAL JOB

Create in the grantee's schema an executable scheduler job that runs on the operating system.

EXECUTE ANY PROGRAM

Use any program in a job in the grantee's schema.

EXECUTE ANY CLASS

Specify any job class in a job in the grantee's schema.

MANAGE SCHEDULER

Create, alter, or drop any job class, window, or window group.

LIBRARIES:

--

CREATE LIBRARY

Create external procedure or function libraries in the grantee's schema.

CREATE ANY LIBRARY

Create external procedure or function libraries in any schema.

DROP ANY LIBRARY

Drop external procedure or function libraries in any schema.

MATERIALIZED VIEWS:

--

CREATE MATERIALIZED VIEW

Create a materialized view in the grantee's schema.

CREATE ANY MATERIALIZED VIEW

Create materialized views in any schema.

ALTER ANY MATERIALIZED VIEW

Alter materialized views in any schema.

DROP ANY MATERIALIZED VIEW

Drop materialized views in any schema.

QUERY REWRITE

This privilege has been deprecated. No privileges are needed for a user to enable rewrite for a materialized view that references tables or views in the user's own schema.

GLOBAL QUERY REWRITE

Enable rewrite using a materialized view when that materialized view references tables or views in any schema.

ON COMMIT REFRESH

Create a refresh-on-commit materialized view on any table in the database.

Alter a refresh-on-demand materialized on any table in the database to refresh-on-commit.

FLASHBACK ANY TABLE

Issue a SQL Flashback Query on any table, view, or materialized view in any schema. This privilege is not needed to execute the DBMS_FLASHBACK procedures.

OPERATORS:

--

CREATE OPERATOR

Create an operator and its bindings in the grantee's schema.

CREATE ANY OPERATOR

Create an operator and its bindings in any schema and create a comment on an operator in any schema.

ALTER ANY OPERATOR

Modify an operator in any schema.

DROP ANY OPERATOR

Drop an operator in any schema.

EXECUTE ANY OPERATOR

Reference an operator in any schema.

OUTLINES:

--

CREATE ANY OUTLINE

Create public outlines that can be used in any schema that uses outlines.

ALTER ANY OUTLINE

Modify outlines.

DROP ANY OUTLINE

Drop outlines.

PROCEDURES:

--

CREATE PROCEDURE

Create stored procedures, functions, and packages in the grantee's schema.

CREATE ANY PROCEDURE

Create stored procedures, functions, and packages in any schema.

ALTER ANY PROCEDURE

Alter stored procedures, functions, or packages in any schema.

DROP ANY PROCEDURE

Drop stored procedures, functions, or packages in any schema.

EXECUTE ANY PROCEDURE

Execute procedures or functions, either standalone or packaged.

Reference public package variables in any schema.

PROFILES:

--

CREATE PROFILE

Create profiles.

ALTER PROFILE

Alter profiles.

DROP PROFILE

Drop profiles.

ROLES:

--

CREATE ROLE

Create roles.

ALTER ANY ROLE

Alter any role in the database.

DROP ANY ROLE

Drop roles.

GRANT ANY ROLE

Grant any role in the database.

ROLLBACK SEGMENTS:

--

CREATE ROLLBACK SEGMENT

Create rollback segments.

ALTER ROLLBACK SEGMENT

Alter rollback segments.

DROP ROLLBACK SEGMENT

Drop rollback segments.

SEQUENCES:

--

CREATE SEQUENCE

Create sequences in the grantee's schema.

CREATE ANY SEQUENCE

Create sequences in any schema.

ALTER ANY SEQUENCE

Alter any sequence in the database.

DROP ANY SEQUENCE

Drop sequences in any schema.

SELECT ANY SEQUENCE

Reference sequences in any schema.

SESSIONS:

--

CREATE SESSION

Connect to the database.

ALTER RESOURCE COST

Set costs for session resources.

ALTER SESSION

Issue ALTER SESSION statements.

RESTRICTED SESSION

Logon after the instance is started using the SQL*Plus STARTUP RESTRICT statement.

SNAPSHOTS:

See MATERIALIZED VIEWS

SYNONYMS:

--

CREATE SYNONYM

Create synonyms in the grantee's schema.

CREATE ANY SYNONYM

Create private synonyms in any schema.

CREATE PUBLIC SYNONYM

Create public synonyms.

DROP ANY SYNONYM

Drop private synonyms in any schema.

DROP PUBLIC SYNONYM

Drop public synonyms.

TABLES:

Note: For external tables, the only valid privileges are CREATE ANY TABLE, ALTER ANY TABLE, DROP ANY TABLE, and SELECT ANY TABLE.

CREATE TABLE

Create tables in the grantee's schema.

CREATE ANY TABLE

Create tables in any schema. The owner of the schema containing the table must have space quota on the tablespace to contain the table.

ALTER ANY TABLE

Alter any table or view in any schema.

BACKUP ANY TABLE

Use the Export utility to incrementally export objects from the schema of other users.

DELETE ANY TABLE

Delete rows from tables, table partitions, or views in any schema.

DROP ANY TABLE

Drop or truncate tables or table partitions in any schema.

INSERT ANY TABLE

Insert rows into tables and views in any schema.

LOCK ANY TABLE

Lock tables and views in any schema.

SELECT ANY TABLE

Query tables, views, or materialized views in any schema.

FLASHBACK ANY TABLE

Issue a SQL Flashback Query on any table, view, or materialized view in any schema. This privilege is not needed to execute the DBMS_FLASHBACK procedures.

UPDATE ANY TABLE

Update rows in tables and views in any schema.

TABLESPACES:

--

CREATE TABLESPACE

Create tablespaces.

ALTER TABLESPACE

Alter tablespaces.

DROP TABLESPACE

Drop tablespaces.

MANAGE TABLESPACE

Take tablespaces offline and online and begin and end tablespace backups.

UNLIMITED TABLESPACE

Use an unlimited amount of any tablespace. This privilege overrides any specific quotas assigned. If you revoke this privilege from a user, then the user's schema objects remain but further tablespace allocation is denied unless authorized by specific tablespace quotas. You cannot grant this system privilege to roles.

TRIGGERS:

--

CREATE TRIGGER

Create a database trigger in the grantee's schema.

CREATE ANY TRIGGER

Create database triggers in any schema.

ALTER ANY TRIGGER

Enable, disable, or compile database triggers in any schema.

DROP ANY TRIGGER

Drop database triggers in any schema.

ADMINISTER DATABASE TRIGGER

Create a trigger on DATABASE. You must also have the CREATE TRIGGER or CREATE ANY TRIGGER system privilege.

TYPES:

--

CREATE TYPE

Create object types and object type bodies in the grantee's schema.

CREATE ANY TYPE

Create object types and object type bodies in any schema.

ALTER ANY TYPE

Alter object types in any schema.

DROP ANY TYPE

Drop object types and object type bodies in any schema.

EXECUTE ANY TYPE

Use and reference object types and collection types in any schema, and invoke methods of an object type in any schema if you make the grant to a specific user. If you grant EXECUTE ANY TYPE to a role, then users holding the enabled role will not be able to invoke methods of an object type in any schema.

UNDER ANY TYPE

Create subtypes under any nonfinal object types.

USERS:

--

CREATE USER

Create users. This privilege also allows the creator to:

  • Assign quotas on any tablespace.

  • Set default and temporary tablespaces.

  • Assign a profile as part of a CREATE USER statement.

ALTER USER

Alter any user. This privilege authorizes the grantee to:

  • Change another user's password or authentication method.

  • Assign quotas on any tablespace.

  • Set default and temporary tablespaces.

  • Assign a profile and default roles.

DROP USER

Drop users

VIEWS:

--

CREATE VIEW

Create views in the grantee's schema.

CREATE ANY VIEW

Create views in any schema.

DROP ANY VIEW

Drop views in any schema.

UNDER ANY VIEW

Create subviews under any object views.

FLASHBACK ANY TABLE

Issue a SQL Flashback Query on any table, view, or materialized view in any schema. This privilege is not needed to execute the DBMS_FLASHBACK procedures.

MERGE ANY VIEW

If a user has been granted the MERGE ANY VIEW privilege, then for any query issued by that user, the optimizer can use view merging to improve query performance without performing the checks that would otherwise be performed to ensure that view merging does not violate any security intentions of the view creator. See also Oracle Database Reference for information on the OPTIMIZER_SECURE_VIEW_MERGING parameter and Oracle Database Performance Tuning Guide for information on view merging.

MISCELLANEOUS:

--

ANALYZE ANY

Analyze any table, cluster, or index in any schema.

AUDIT ANY

Audit any object in any schema using AUDIT schema_objects statements.

CHANGE NOTIFICATION

Create a registration on queries and receive database change notifications in response to DML or DDL changes to the objects associated with the registered queries. Please refer to Oracle Database Application Developer's Guide - Fundamentals for more information on database change notification.

COMMENT ANY TABLE

Comment on any table, view, or column in any schema.

EXEMPT ACCESS POLICY

Bypass fine-grained access control.

Caution: This is a very powerful system privilege, as it lets the grantee bypass application-driven security policies. Database administrators should use caution when granting this privilege.

FORCE ANY TRANSACTION

Force the commit or rollback of any in-doubt distributed transaction in the local database.

Induce the failure of a distributed transaction.

FORCE TRANSACTION

Force the commit or rollback of the grantee's in-doubt distributed transactions in the local database.

GRANT ANY OBJECT PRIVILEGE

Grant any object privilege that the object owner is permitted to to grant.

Revoke any object privilege that was granted by the object owner or by some other user with the GRANT ANY OBJECT PRIVILEGE privilege.

GRANT ANY PRIVILEGE

Grant any system privilege.

RESUMABLE

Enable resumable space allocation.

SELECT ANY DICTIONARY

Query any data dictionary object in the SYS schema. This privilege lets you selectively override the default FALSE setting of the O7_DICTIONARY_ACCESSIBILITY initialization parameter.

SELECT ANY TRANSACTION

Query the contents of the FLASHBACK_TRANSACTION_QUERY view.

Caution: This is a very powerful system privilege, as it lets the grantee view all data in the database, including past data. This privilege should be granted only to users who need to use the Oracle Flashback Transaction Query feature.

SYSDBA

Perform STARTUP and SHUTDOWN operations.

ALTER DATABASE: open, mount, back up, or change character set.

CREATE DATABASE.

ARCHIVELOG and RECOVERY.

CREATE SPFILE.

Includes the RESTRICTED SESSION privilege.

SYSOPER

Perform STARTUP and SHUTDOWN operations.

ALTER DATABASE: open, mount, or back up.

ARCHIVELOG and RECOVERY.

CREATE SPFILE.

Includes the RESTRICTED SESSION privilege.

CONNECT, RESOURCE, and DBA

These roles are provided for compatibility with previous versions of Oracle Database. You can determine the privileges encompassed by these roles by querying the DBA_SYS_PRIVS data dictionary view.

Note: Oracle recommends that you design your own roles for database security rather than relying on these roles. These roles may not be created automatically by future versions of Oracle Database.

See Also: Oracle Database Reference for a description of the DBA_SYS_PRIVS view

DELETE_CATALOG_ROLE EXECUTE_CATALOG_ROLE SELECT_CATALOG_ROLE

These roles are provided for accessing data dictionary views and packages.

See Also: Oracle Database Administrator's Guide for more information on these roles

EXP_FULL_DATABASE

IMP_FULL_DATABASE

These roles are provided for convenience in using the import and export utilities.

See Also: Oracle Database Utilities for more information on these roles

AQ_USER_ROLE

AQ_ADMINISTRATOR_ROLE

You need these roles to use Oracle Advanced Queuing.

See Also: Oracle Streams Advanced Queuing User's Guide and Reference for more information on these roles

SNMPAGENT

This role is used by the Enterprise Manager Intelligent Agent.

See Also: Oracle Enterprise Manager Administrator's Guide

RECOVERY_CATALOG_OWNER

You need this role to create a user who owns a recovery catalog.

See Also: Oracle Database Backup and Recovery Advanced User's Guide for more information on recovery catalogs


Table 18-2 Oracle Database Predefined Roles

Predefined Role Purpose

HS_ADMIN_ROLE

A DBA using Oracle Database heterogeneous services needs this role to access appropriate tables in the data dictionary.

See Also: Oracle Database Heterogeneous Connectivity Administrator's Guide for more information

SCHEDULER_ADMIN

This role allows the grantee to execute the procedures of the DBMS_SCHEDULER package. It includes all of the job scheduler system privileges and is included in the DBA role.

See Also: Oracle Database Administrator's Guide for more information on the DBMS_SCHEDULER package


Table 18-3 Object Privileges Available for Particular Objects

Object Privilege Table View Sequence Procedure, Function, Package (Note 1) Material-ized View Directory Library User- defined Type Operator Indextype

ALTER (Note 2)

X

--

X

--

--

--

--

--

--

--

DELETE

X

X

--

--

X

(Note 3)

--

--

--

--

--

EXECUTE

--

--

--

X

(Note 2)

--

--

X

(Note 2)

X

(Note 2)

X

(Note 2)

X

(Note 2)

DEBUG

X

X

--

X

--

--

--

X

--

--

FLASHBACK

X

X

--

--

X

--

--

--

--

--

INDEX

X

--

--

--

--

--

--

--

--

--

INSERT

X

X

--

--

X

(Note 3)

--

--

--

--

--

ON COMMIT REFRESH

X

--

--

--

--

--

--

--

--

--

QUERY REWRITE

X

--

--

--

--

--

--

--

--

--

READ

--

--

--

--

--

X

--

--

--

--

REFERENCES

X

X

--

--

--

--

--

--

--

--

SELECT

X

X

X

--

X

--

--

--

--

--

UNDER

--

X

--

--

--

--

--

X

--

--

UPDATE

X

X

--

--

X (Note 3)

--

--

--

--

--

WRITE

--

--

--

--

--

X

--

--

--

--


Note 1: Oracle Database treats a Java class, source, or resource as if it were a procedure for purposes of granting object privileges.

Note 2: Job scheduler objects are created using the DBMS_SCHEDULER package. After these objects are created, you can grant the EXECUTE object privilege on job scheduler classes and programs. You can grant ALTER privilege on job scheduler jobs, programs, and schedules.

Note 3: The DELETE, INSERT, and UPDATE privileges can be granted only to updatable materialized views.

Table 18-4 Object Privileges and the Operations They Authorize

Object Privilege Operations Authorized

TABLE PRIVILEGES

The following table privileges authorize operations on a table. Any one of following object privileges allows the grantee to lock the table in any lock mode with the LOCK TABLE statement.

Note: For external tables, the only valid object privileges are ALTER and SELECT.

ALTER

Change the table definition with the ALTER TABLE statement.

DELETE

Remove rows from the table with the DELETE statement.

Note: You must grant the SELECT privilege on the table along with the DELETE privilege if the table is on a remote database.

DEBUG

Access, through a debugger:

  • PL/SQL code in the body of any triggers defined on the table

  • Information on SQL statements that reference the table directly

INDEX

Create an index on the table with the CREATE INDEX statement.

INSERT

Add new rows to the table with the INSERT statement.

REFERENCES

Create a constraint that refers to the table. You cannot grant this privilege to a role.

SELECT

Query the table with the SELECT statement.

UPDATE

Change data in the table with the UPDATE statement.

Note: You must grant the SELECT privilege on the table along with the UPDATE privilege if the table is on a remote database.

VIEW PRIVILEGES

The following view privileges authorize operations on a view. Any one of the following object privileges allows the grantee to lock the view in any lock mode with the LOCK TABLE statement.

To grant a privilege on a view, you must have that privilege with the GRANT OPTION on all of the base tables of the view.

DEBUG

Access, through a debugger:

  • PL/SQL code in the body of any triggers defined on the view

  • Information on SQL statements that reference the view directly

DELETE

Remove rows from the view with the DELETE statement.

INSERT

Add new rows to the view with the INSERT statement.

REFERENCES

Define foreign key constraints on the view.

SELECT

Query the view with the SELECT statement.

UNDER

Create a subview under this view. You can grant this object privilege only if you have the UNDER ANY VIEW privilege WITH GRANT OPTION on the immediate superview of this view.

UPDATE

Change data in the view with the UPDATE statement.

SEQUENCE PRIVILEGES

The following sequence privileges authorize operations on a sequence.

ALTER

Change the sequence definition with the ALTER SEQUENCE statement.

SELECT

Examine and increment values of the sequence with the CURRVAL and NEXTVAL pseudocolumns.

PROCEDURE, FUNCTION, PACKAGE PRIVILEGES

The following procedure, function, and package privileges authorize operations on procedures, functions, and packages. These privileges also apply to Java sources, classes, and resources, which Oracle Database treats as though they were procedures for purposes of granting object privileges.

DEBUG

Access, through a debugger, all public and nonpublic variables, methods, and types defined on the object.

Place a breakpoint or stop at a line or instruction boundary within the procedure, function, or package. This privilege grants access to the declarations in the method or package specification and body.

EXECUTE

Execute the procedure or function directly, or access any program object declared in the specification of a package, or compile the object implicitly during a call to a currently invalid or uncompiled function or procedure. This privilege does not allow the grantee to explicitly compile using ALTER PROCEDURE or ALTER FUNCTION. For explicit compilation you need the appropriate ALTER system privilege.

Access, through a debugger, public variables, types, and methods defined on the procedure, function, or package. This privilege grants access to the declarations in the method or package specification only.

Note: Users do not need this privilege to execute a procedure, function, or package indirectly.

See Also: Oracle Database Concepts and Oracle Database Application Developer's Guide - Fundamentals

MATERIALIZED VIEW PRIVILEGES

The following materialized view privileges authorize operations on a materialized view.

ON COMMIT REFRESH

Create a refresh-on-commit materialized view on the specified table.

QUERY REWRITE

Create a materialized view for query rewrite using the specified table.

SELECT

Query the materialized view with the SELECT statement.

SYNONYM PRIVILEGES

Synonym privileges are the same as the privileges for the base object. Granting a privilege on a synonym is equivalent to granting the privilege on the base object. Similarly, granting a privilege on a base object is equivalent to granting the privilege on all synonyms for the object. If you grant to a user a privilege on a synonym, then the user can use either the synonym name or the base object name in the SQL statement that exercises the privilege.

DIRECTORY PRIVILEGES

The following directory privileges provide secured access to the files stored in the operating system directory to which the directory object serves as a pointer. The directory object contains the full path name of the operating system directory where the files reside. Because the files are actually stored outside the database, Oracle Database server processes also need to have appropriate file permissions on the file system server. Granting object privileges on the directory database object to individual database users, rather than on the operating system, allows the database to enforce security during file operations.

READ

Read files in the directory.

WRITE

Write files in the directory. This privilege is useful only in connection with external tables. It allows the grantee to determine whether the external table agent can write a log file or a bad file to the directory.

Restriction: This privilege does not allow the grantee to write to a BFILE.

LIBRARY PRIVILEGE

The following library privilege authorizes operations on a library.

EXECUTE

Use and reference the specified object and invoke its methods.

OBJECT TYPE PRIVILEGES

The following object type privileges authorize operations on a database object type.

DEBUG

Access, through a debugger, all public and nonpublic variables, methods, and types defined on the object type.

Place a breakpoint or stop at a line or instruction boundary within the type body.

EXECUTE

Use and reference the specified object and invoke its methods.

Access, through a debugger, public variables, types, and methods defined on the object type.

UNDER

Create a subtype under this type. You can grant this object privilege only if you have the UNDER ANY TYPE privilege WITH GRANT OPTION on the immediate supertype of this type.

INDEXTYPE PRIVILEGE

The following indextype privilege authorizes operations on indextypes.

EXECUTE

Reference an indextype.

OPERATOR PRIVILEGE

The following operator privilege authorizes operations on user-defined operators.

EXECUTE

Reference an operator.


Examples

Granting a System Privilege to a User: Example To grant the CREATE SESSION system privilege to the sample user hr, allowing hr to log on to Oracle Database, issue the following statement:

GRANT CREATE SESSION 
   TO hr;

Granting System Privileges to a Role: Example The following statement grants appropriate system privileges to a data warehouse manager role, which was created in the "Creating a Role: Example":

GRANT
     CREATE ANY MATERIALIZED VIEW
   , ALTER ANY MATERIALIZED VIEW
   , DROP ANY MATERIALIZED VIEW
   , QUERY REWRITE
   , GLOBAL QUERY REWRITE
   TO dw_manager
   WITH ADMIN OPTION;

The dw_manager privilege domain now contains the system privileges related to materialized views.

Granting a Role with the Admin Option: Example To grant the dw_manager role with the ADMIN OPTION to the sample user sh, issue the following statement:

GRANT dw_manager 
   TO sh 
   WITH ADMIN OPTION;

User sh can now perform the following operations with the dw_manager role:

  • Enable the role and exercise any privileges in the privilege domain of the role, including the CREATE MATERIALIZED VIEW system privilege

  • Grant and revoke the role to and from other users

  • Drop the role

Granting Object Privileges to a Role: Example The following example grants the SELECT object privileges to a data warehouse user role, which was created in the "Creating a Role: Example":

GRANT SELECT ON sh.sales TO warehouse_user;

Granting a Role to a Role: Example The following statement grants the warehouse_user role to the dw_manager role. Both roles were created in the "Creating a Role: Example":

GRANT warehouse_user TO dw_manager;

The dw_manager role now contains all of the privileges in the domain of the warehouse_user role.

Granting an Object Privilege on a Directory: Example To grant READ on directory bfile_dir to user hr, with the GRANT OPTION, issue the following statement:

GRANT READ ON DIRECTORY bfile_dir TO hr
   WITH GRANT OPTION;

Granting Object Privileges on a Table to a User: Example To grant all privileges on the table oe.bonuses, which was created in "Merging into a Table: Example", to the user hr with the GRANT OPTION, issue the following statement:

GRANT ALL ON bonuses TO hr 
   WITH GRANT OPTION;

The user hr can subsequently perform the following operations:

  • Exercise any privilege on the bonuses table

  • Grant any privilege on the bonuses table to another user or role

Granting Object Privileges on a View: Example To grant SELECT and UPDATE privileges on the view emp_view, which was created in "Creating a View: Example", to all users, issue the following statement:

GRANT SELECT, UPDATE 
   ON emp_view TO PUBLIC;

All users can subsequently query and update the view of employee details.

Granting Object Privileges to a Sequence in Another Schema: Example To grant SELECT privilege on the customers_seq sequence in the schema oe to the user hr, issue the following statement:

GRANT SELECT 
   ON oe.customers_seq TO hr;

The user hr can subsequently generate the next value of the sequence with the following statement:

SELECT oe.customers_seq.NEXTVAL 
   FROM DUAL;

Granting Multiple Object Privileges on Individual Columns: Example To grant to user oe the REFERENCES privilege on the employee_id column and the UPDATE privilege on the employee_id, salary, and commission_pct columns of the employees table in the schema hr, issue the following statement:

GRANT REFERENCES (employee_id), 
      UPDATE (employee_id, salary, commission_pct) 
   ON hr.employees
   TO oe;

The user oe can subsequently update values of the employee_id, salary, and commission_pct columns. User oe can also define referential integrity constraints that refer to the employee_id column. However, because the GRANT statement lists only these columns, oe cannot perform operations on any of the other columns of the employees table.

For example, oe can create a table with a constraint:

CREATE TABLE dependent 
   (dependno   NUMBER, 
    dependname VARCHAR2(10), 
    employee   NUMBER 
   CONSTRAINT in_emp REFERENCES hr.employees(employee_id) );

The constraint in_emp ensures that all dependents in the dependent table correspond to an employee in the employees table in the schema hr.

반응형
저작자표시

'Database > ORACLE' 카테고리의 다른 글

rman Tool  (0) 2010.02.01
WS1-2-ch18. Data Pump (expdp/impdp) overview  (0) 2010.02.01
`BIN$+......==$0` 알수 없는 테이블..  (0) 2010.01.14
sqlplus 환경 설정  (0) 2010.01.08
Partition Table  (0) 2009.12.29

+ Recent posts

티스토리툴바