79701

About User Privileges and Roles

User privileges provide a basie level of database security. Thcy arc designed to control user access to data and to limit the kinds of SQL statements that users can exccutc. Whcn crcating a user, you grant privilcges to cnablc the user to connect to the database, to run querics and make updates. to create schcma objeets, and morę.

The main typcs of user privileges are as follows:

■System privileges—A system privilegc gives a user the ability to perform a particular action, or to perform an action on any schema objeets of a particular typc. For cxamplc. the system privilcge CREATE TABLE permits a user to create tables in the schema associated with that user, and the system privilege CREATE USER permits a user to create database users.

■Object prmleges—An object privilege gives a user the ability to perform a particular action on a specific schema object. Different object privileges are available for different types of schema objeets. The privilege to select rows from the EMPLOYEES table or to dclctc rows from the DEPARTMENTS tablc arc examples of object privileges.

Managing privileges is madę easier by using roles, which are named groups of related privileges. You create roles, grant system and object privileges to the roles, and then grant roles to users. You can also grant roles to other roles. Unlike schema objeets, roles are not contained in any schema.

Tablc 7-1 lists three widely used roles that are prcdefined in Oracle Database. You can grant these roles when you create a user or at any time thcrcaftcr.