This chapter presents methods for managing privileges to objects in the system. The objectives important to this chapter are:
As the last chapter explained, a user must be granted a specific privilege that allows them to log on to an Oracle database. This chapter expands on that concept. A user may be given privileges that relate to the database system in general, or privileges that relate to specific objects in the database.
The text explains that users may be granted any of over a hundred system privileges. Some examples from the text:
Different types of objects in a database have different types of permissions that can be granted to them. Most of the ones listed in the text apply to tables and views. A user may be granted permission to ALTER, DELETE, INDEX, INSERT, SELECT, and UPDATE a table. ALTER and INDEX do not apply to views, but the other privileges do.
When granting one or more system privileges, you may use
a command whose syntax follows this pattern:
When removing privileges, the GRANT... TO syntax is replaced by REVOKE... FROM.
Granting object privileges is just a bit more complicated. The
syntax is similar, but allows you to grant privileges to specific columns
in a table (or view) and to objects in specific schemas. To allow your
users to grant their rights to other users, use WITH GRANT OPTION. (Assume
that a user with system privileges may act as an admin, but a user with
only object privileges may not.) The syntax to grant a privilege may follow
The text notes that if you grant an object privilege to a user, who then grants it to others, you can remove it from all of them by revoking the privilege from the original grantee. This is true of object privileges, but not true of system privileges.
The text discusses three types of auditing that can be enabled on the Oracle database.
Each type of audit can be modified to perform particular ways:
The text lists database views that are associated with each type of auditing: