Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
20 views

SQL Tutorial (Chap7)

Uploaded by

jaggu011
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
20 views

SQL Tutorial (Chap7)

Uploaded by

jaggu011
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

 Chapter 7: DCL

SQL Tutorial - Grant


Grant is part of Data Control Language (DCL) that allows us to grant privileges to other users.

We have two types of Grant privileges:

1. Granting permissions to users.


2. Granting privileges on database objects to the users.
To demonstrate DCL lets first create users.

Creating user-
SQL> CREATE USER user1 IDENTIFIED BY user1;

--User created
Note : Here IDENTIFIED BY will work as password it means for user1 password is user1
SQL> CREATE USER user2 IDENTIFIED BY user2;

--User created

Granting permissions to users:-


For every new user created in the database, we need to explicitly provide connection and
resource privileges to the user so that user can connect and create objects in the database.

Let’s grant the Connect and resource privileges to the users created:-
SQL> GRANT CONNECT, RESOURCE TO user1;

-- Grant succeeded

SQL> GRANT CONNECT, RESOURCE TO user2;

-- Grant succeeded
User1 and user2 can now connect and create database objects in the database.
Granting privileges on database objects to the
users.
Objects created in the database are always owned by a specific user. If a different user has to
access the object then necessary privileges should be given.

 Privileges – Type of privilege


 Object name – database object name like EMP.
 User name – User to whom we wanted to provide the privilege.

Example: If user2 wants to access the table created by user1 then user1 should provide the
privileges to user2 as user1 owns the object.
We can provide privileges either INDIVIDUALLY or SET OF or ALL privileges.

Individual privileges:-
SQL> conn user1/password

Let’s assume EMP TABLE IS owned BY user1. GRANT SELECT privileges TO user2.

SQL> GRANT SELECT ON emp TO user2;

-- Grant succeeded
If User2 has to access the ‘emp’ table of user1 then user2 has to use dot operator to access
table.
SQL> SELECT * FROM <strong>user1.emp;</strong>

SET OF privileges:-
SQL> GRANT SELECT, INSERT, UPDATE, DELETE ON emp TO user2;

-- Grant succeeded
ALL Privileges:-
SQL> GRANT ALL ON emp TO user2;

-- Grant succeeded

Privileges with ‘GRANT OPTION’:-


We use ‘With Grant Option’ if we want user2 to grant privileges to other users. i.e. User2 will be
having admin rights to provide privileges.
SQL> GRANT ALL ON emp TO user2 WITH GRANT OPTION;

-- Grant succeeded
Now user2 can provide grants to user3.

Connect to user2:
SQL> conn user2/password;

GRANT ‘SELECT’ privileges TO user3:

SQL> GRANT SELECT ON emp TO user3;

-- Grant succeeded

SQL Tutorial - Revoke


REVOKE command is used to revoke the privileges from the users to whom we have already
granted the privileges.

We can revoke privileges from user either INDIVIDUALLY or SET OF or ALL privileges.

Let’s revoke the privileges that user1 have granted to user2 on EMP table in previous lesson.

Revoke Individual Privileges-


SQL> conn user1/password
SQL> REVOKE SELECT ON emp FROM user2

-- Revoke succeeded
SET OF privileges:-
SQL> REVOKE INSERT, UPDATE, DELETE ON emp FROM user2

-- Revoke succeeded
ALL Privileges:-
SQL> REVOKE ALL ON emp FROM user2;

-- Revoke succeeded
Connect to user2 and check the access to the EMP table.
SQL> conn user2/password

--If user2 tries to access the table then system will throw an error.

SQL>SELECT *FROM user1.emp;

Ouput:
ORA-01031: insufficient privileges

You might also like