ĐN: là nhóm quyền (privilege)
DBA_ROLES DS role
DBA_ROLE_PRIVS - Role gán cho user
USER_ROLE_PRIVS - Role gán cho user hiện tại
ROLE: PRIVILEGES:
CONNECT ALTER SESSION
CREATE CLUSTER
CREATE DATABASE LINK
CREATE SEQUENCE
CREATE SESSION
CREATE SYNONYM
CREATE TABLE
CREATE VIEW
RESOURCE CREATE CLUSTER
CREATE PROCEDURE
CREATE SEQUENCE
CREATE TABLE
CREATE TRIGGER
DBA ALL PRIVILEGES WITH ADMIN OPTION
(allows grants to other users or roles)
EXP_FULL_DATABASE SELECT ANY TABLE, BACKUP ANY TABLE.
INSERT, DELETE, and UPDATE on the tables
SYS.INCVID, SYS.INCFIL, and SYS.INCEXP
IMP_FULL_DATABASE BECOME USER
WRITEDOWN (trusted Oracle only)
• Select * from dba_roles; // list all role
• SELECT * FROM SESSION_ROLES; //Listing the Current Privilege Domain of Your Session
• Select * from DBA_ROLE_PRIVS; // Listing All Role Grants for User// 33 rows
• select * from USER_ROLE_PRIVS; // role đã gán cho user hiện tại
• select * from ROLE_ROLE_PRIVS
CREATE ROLE
CREATE ROLE dw_manager;
CREATE ROLE dw_manager IDENTIFIED BY warehouse;
ALTER ROLE
• Changing Role Identification:
ALTER ROLE warehouse_user NOT IDENTIFIED;
• Changing a Role Password
ALTER ROLE dw_manager IDENTIFIED BY data;
• Application Roles:
ALTER ROLE dw_manager IDENTIFIED USING hr.admin;
DROP ROLE
DROP ROLE dw_manager;
SET ROLE
• Setting Roles:
To enable the role dw_manager identified by the password warehouse for your current session, issue the following statement:
SET ROLE dw_manager IDENTIFIED BY warehouse;
• To enable all roles granted to you for the current session, issue the following statement:
SET ROLE ALL;
• To enable all roles granted to you except dw_manager, issue the following statement:
SET ROLE ALL EXCEPT dw_manager;
• To disable all roles granted to you for the current session, issue the following statement:
SET ROLE NONE;
