database docs

8/7/2019 database docs

1/60

12/1/2010

1

Oracle Architecture

ORACLE Architecture

Database Components

Memory Structures

Processes

Oracle Instance

Shared Server ( Multi threaded Server)


2/60

12/1/2010

2

Database overviewAn oracle database consists of

Physical Components Data file

Control Files

Redo log files

Logical components Tablespace , segments , extent , block.

Schema Objects

Database file

A database consists of a set of operating

system files.

Types of information is stored in an oracle

database User Data

Actual Application Data

System Data Data that the database needs to manage itself

Overhead Data Indexes , Integrity etc.


3/60


4/60

12/1/2010

4

Control File A control file is associated with a single database.

Control file is automatically modified by ORACLE; a user

cannot edit them

They are used to maintain internal consistency and guide

recovery operations

Redo Log file

The Redo Log files are set of files external to the database that

records changes made to the database during transactions.

A Redo log contains all the committed transaction that haveoccurred against the database .

Redo logs are also called transaction logs.


5/60

12/1/2010

5

Redo Log File No activity in the database can take place without

being recorded in Redo

Logs

The redo Logs are necessary to protect against data

loss due to variouskinds of failures.

Redo Log file

An online Redo log file is one to which transactions

are written each time a transaction occurs.

Every database requires a minimum two Redo Logs

Redo logs work in circular fashion

A Log switch occurs when a log file is filled .


6/60

12/1/2010

6

Redo Log FileDatabase operates in two modes :

--NOARCHIVELOG

--ARCHIVELOG

The mode determines whether the redo logs are

overwritten or not before creating copy of filled

redo log file.

Redo Log File

NOARCHIVELOG Mode

-- Default mode

-- The transactions are overwritten each time a log

switch occurs

ARCHIVELOG Mode

-- All transaction redo logs are kept

-- A copy of current log is made before a log switch

occurs. This

ensures the database protection against all types of

failure.


7/60

12/1/2010

7

Tablespace A database is divided into logical divisions

called tablespaces.

A database may have one or more tablespaces

Each logical tablespace corresponds to one

or more physical files.

Tablespace

The typical tablespace present in an ORACLE

database are :

SYSTEM

SYSAUX

TEMPORARY

UNDO

USER

BIGFILE

INDEX


8/60

12/1/2010

8

Tablespace SYSTEM

-- where ORACLE stores all the information it needs to manage itself.

-- the system tablespace always contain the data dictionary for the

entire database objects.

SYSAUX

-- An auxiliary tablespace to the SYSTEM tablespace

-- Used by oracle components like Enterprise Manager Repository ,

log Miner etc.

Tablespace

TEMPORARY :

-- where ORACLE stores all its temporary tables.

UNDO :

-- Used for rolling back transactions.

USER :

-- Where all the information about the user is stored.

BIGFILE :

-- Consists of only one datafile

-- Single data file can be upto 8EB.


9/60

12/1/2010

9

Segments and Extents All data in a tablespace is stored in allocations of

database space called segments

A segment is a set of extents allocated for storage of

database data.

The storage parameters of segment determines

how a database object will obtain database space.

An extent is an allocation of contigious database

space , made up of logical (oracle) blocks

Segments and Extents

Types of segments can be :

Data segments

Index segments

Undo segments

Temporary segments

Bootstrap segments


10/60

12/1/2010

10

Segments and Extents

DATA and INDEXwhich holds the actual data and the indexes.

UNDO :where all undo information is stored.

TEMPORARY :Used to store intermediate results of various operations

BOOTSTRAP :Helps to initialize data dictionary cache when the database is opened by

an instance

Schema Objects

A schema can have one or more logical database

objects

-- Tables-- Indexes

-- Views

etc.


11/60

12/1/2010

11

Oracle Memory StructuresOracle uses memory to store :

-- Program code being executed

-- Information about connected session

-- Data needed during program execution

-- Information which is shared and communicated among

ORACLE processes

-- Caching information.

Oracle Memory Structures

The basic memory structures associated with ORACLE

includes :

-- The System Global Area (SGA)

-- The Program Global Areas (PGA)


12/60

12/1/2010

12

The System Global Area

A group of shared memory structures that contains data

and control information for one database instance

Multiple users connected to the same instance share the

data from instances SGA

Also referred as Shared Global Area

The System Global Area

The information stored within an SGA is divided into

several areas of memory :

The database Buffer Cache

The Redo log Buffer

The Shared Pool

Java Pool

Streams pool


13/60

12/1/2010

13

Database Buffer Cache A portion of SGA that holds database information

The buffers are shared by all ORACLE user processes

concurrently connected to the instance.

The Redo Log Buffer

The redo log buffer in the SGA holds changes made

to the database.

Redo entries from the Redo Buffer are written to the

online Redo Log

Files


14/60

12/1/2010

14

The Shared Pool

It consists of

-- Library Cache

-- Data Dictionary Cache

Shared pool

Library Cache

stores information about the most recently usedSQL and PL/SQL statements.

Use Least Recently used (LRU) algorithmConsist of two areas

shared SQL are

Shared PL/SQL area.


15/60

12/1/2010

15

Shared PoolThe Data Dictionary Cache

Contains reference information about thedatabase , its structure and its users

Contents of the data dictionary

Names of all tables and views

Names and data types of the columns in database

tables. Privileges of all Oracle users.

The Program Global Area

Contains data and control information for single process

Also referred as Process Global Area

PGA contains

-- Private SQL area

-- Session memory

-- SQL work area.


16/60

12/1/2010

16

Oracle Processes

Every time a database is strated on a database server ,

SGA is allocated and one or more Oracle processes are

started.

An ORACLE Instance

-- The combination of SGA and the ORACLE processes is called an

Oracle Database instance

-- An Oracle instance may have number of background processes; notall are always present.

Oracle Processes

System Processes

-- Mandatory Processes

-- Optional Processes

User Processes


17/60

12/1/2010

17

Oracle System Processes

Database Writer (DBWn)

Log Writer(LGWR)

System Monitor(SMON)

Process Monitor (PMON)

Checkpoint (CKPT)

Archiver (ARCH)

Recoverer (RECO)Lock (LCKn)

Server(Snn)

Database Writer

All the writing of buffers of a data files is performed by

the database writer Process.

DBWR also manages the buffer cache so that user

processes can always find free buffers

DBWR is responsible for buffer cache management

-- when a buffer in the buffer cache is modified , it is marked as

Dirty.

-- DBWR keeps buffer cache Clean by writing Dirty buffers on

the Disk


18/60

12/1/2010

18

Database writer

Database writer writes to database when

-- Checkpoints occur

-- Dirty buffers reach threshold

-- There are no free buffers

-- Time out occurs

Log Writers

The redo log buffer is written to a Redo log on disk by the

log writer process(LGWR)

LGWR is the only process that writes to the on line Redolog and reads the redo log buffers

Log Writer writes to log files when

-- A transaction commits

-- The redo log buffer is one third full

-- More than 1MB of changes recorded in the Redo Log Buffers

-- Before DBWn writes modified blocks in the database buffer Cache to the

data files

-- Every three seconds


19/60

12/1/2010

19

System Monitor The system Monitor Process performance instance

recovery at instance start up.

SMON is also responsible for cleaning up temporary

segments

It merges contiguous free extents in the data file

Process Monitor

Performs process recovery when a user process

fails.

PMON

-- Rolls back the transaction

-- Releases the locks

-- Releases other resources used by failed process


20/60

12/1/2010

20

Checkpoint (CKPT) Signals DBWR at checkpoints

Records information in control file , to identify the

place in the online redo log file from where recovery

is to begin.

Updates all of the data files header and control file

with checkpoint information.

Managing Oracle Instance


21/60

12/1/2010

21

Parameter File Static parameter file (PFILE)

-- Default name in the format of initSID.ora

-- Text File

-- Default Location ORACLE_Home\Database

Persistent server parameter file (SPFILE)-- To create spfile first , pfile must exit

-- Default name in the format of spfileSID.ora

-- Binary file

-- Maintained by Oracle Server

-- Changes to parameter can be persistent across shutdown

and

startup

-- Default location ORACLE_HOME\Database

Changing parameter values

Syntax :

-ALTER SYSTEM SET parameter_name= value [SCOPE=

MEMORY|SPFILE|BOTH]

E.g.- ALTER SYSTEM SET undo_tablespace=undo3 SCOPE=BOTH;

To see parameters value

- SHOW PARAMETERS [parameter_name]


22/60

12/1/2010

22

Parameters in Initialization

Some common Parameters

-- BACKGROUND_DUMP_DEST

-- COMPATIBLE

-- CONTROL_FILES

-- DB_CACHE_SIZE

-- DB_NAME

-- SHARED_POOL_SIZE

-- USER_DUMP_DEST

Starting Up a Database

SYNTAX

-- STARTUP [ FORCE ] [ RESTRICT ] [PFILE=pfile_name]

[ MOUNT | NOMOUNT]

E.g.

-- STARTUP

-- STARTUP PFILE =ORACLE_HOME\database\init.ora


23/60

12/1/2010

23

Starting Up a Database

Database can be started in three stages :

-- NOMOUNT

-- MOUNT

-- OPEN

ALTER DATABASE command

Used for moving database from NOMOUNT to MOUNTor MOUNT to OPEN stage.

SYNTAX:

ALTER DATABASE ;


24/60

12/1/2010

24

Shutting down the database

SYNTAX

SHUTDOWN [ NORMAL | TRANSACTIONAL |IMMEDIATE | ABORT ] ;

Diagnostic Files

The files contains information about significant events.

Types of the files :

-- alert_SID.log Location decided by BACKGROUND_DUMP_DEST

-- Background trace files Location decided by BACKGROUND_DUMP_DEST

-- User trace files Location decided by USER_DUMP_DEST Size defined by MAX_DUMP_FILE_SIZE


25/60

12/1/2010

25

Terminating Session

Syntax

ALTER SYSTEM KILL SESSION `sid , serial#` ;

-- sid (session id) and Serial# (serial number) fromv$SESSION view are used to uniquely identify a

session

Data Dictionary and Dynamic

Performance views


26/60

12/1/2010

26

Data Dictionary

Contains read only tables and views.

Stored in the SYSTEM tablespace

Owned by the user SYS

Maintained automatically by the Oracle server

Oracle server modifies it when a DDL statement isexecuted

Available as read only to users and DBA

Data dictionary Contents

Data dictionary views are static views.

Provides information about

-- Logical and Physical database structure-- Definitions and space allocation of all objects such

as table , views,synonyms etc.

-- Integrity constraint information-- Names of Oracle users-- Privileges and roles granted to users-- Auditing information


27/60

12/1/2010

27

Data dictionary view categories Distinguish and prefixed by their scope

-- DBA

All objects in the database

-- ALL

Objects accessible by the current user

--USER

Objects owned by the current user

Data Dictionary

To get overview of the data dictionary views , query the

DICTIONARY view or

its synonym DICT

General Overview-- DICTIONARY , DICT_COLUMNS

Schema objects

-- DBA_TABLES

-- DBA_INDEXES

-- DBA_TAB_COLUMNS

-- DBA_TAB_CONSTRAINTS


28/60

12/1/2010

28

Data Dictionary

Space allocation

-- DBA_SEGMENTS

-- DBA_EXTENTS

Database structure

-- DBA_TABLESPACES-- DBA_DATA_FILES

Dynamic Performance Views

These virtual table exists in memory only when the database is running

Reflect real-time conditions of the database operation

Points to actual sources of information in memory and the control file

Also called as fixed views

Owned by SYS and begin with V_$

Accessed through public synonyms starting with V$

Listed in V$FIXED_TABLE


29/60

12/1/2010

29

Dynamic Performance Views V$CONTROLFILE

-- Names of the control file

V$DATABASE

-- Database information from the control file

V$DATAFILE

-- Data file information from the control file

V$INSTANCE

-- State of the current instance

V$PARAMETER

-- List parameters and values currently in effect

V$SESSION

-- Session information

Dynamic Performance Views

V$SGA-- Summary information of the SGA

V$SPPARAMETER

-- Contents of the SPFILE

V$TABLESPACE-- Tablespace information from the control file

V$VERSION-- Version numbers of core library components


30/60

12/1/2010

30

Managing tablespace

Tablespace

A database is divided into logical divisions called tablespace

A database may have one or more tablespaces

Each logical tablespace corresponds to one or more physical

database files


31/60

12/1/2010

31

Tablespace

The original tablespace is named as SYSTEM

The typical tablespace present in an ORACLE database are :

-- SYSTEM

SYSTEM

SYSAUX

-- Non- SYSTEM

USER

TEMP

TOOLS

Tablespace

SYSTEM tablespace

-- Created with the database

-- Contains the data Dictionary , including stored programs-- Contains the system undo segments

-- Should not contain user data


32/60

12/1/2010

32

Tablespace

Non- SYSTEM tablespace

-- Created for flexibility in database administration

-- Created to separate undo , temporary , application data and

application index segments

-- Created according to data backup requirements

-- Control the amount of space allocated to the users objects

Tablespace

Syntax

CREATE TABLESPACE ts_name

[ DATAFILE file_name [ SIZE integer [ K|M ]]

[ MINIMUM EXTENT integer [ K|M ]][ LOGGING | NOLOGGING ]

[ extent_management_clause ]

[ extent_management_clause ]


33/60

12/1/2010

33

Tablespace

NOLOGGING

-- Affects only DML and DDL Commands , e.g. direct loads

Space management

Locally Managed

-- Default beginning with Oracle9i

-- Free extents are managed within the tablespace usingbitmaps

-- Each bit corresponds to a block or group of blocks

-- Prior to Oracle9i Release 2 , the system tablespace was not

locally managed


34/60

12/1/2010

34

Space management

Advantages of locally managed tablespaces

-- Reduced contention on data dictionary tables-- When space is allocated or deallocated , undo not

generated-- Tracks adjacent free space , so coalescing is not

required

-- The size of locally managed extents can be determinedautomatically by system

-- Avoids recursive space management operation

Space management

Syntax of extent_management_clause[ EXTENT MANAGEMENT[ DITIONARY | LOCAL[ AUTOALLOCATE | UNIFORM[ SIZE integer [ K | M] ] ] ]

Example

CREATE TABLESPACE mydataDATAFILE `c:\oradata\mydata01.dbf`SIZE 400MEXTENT MANAGEMENT LOCAL UNIFORM SIZE 128K


35/60

12/1/2010

35

Space management

extent_management_clause

-- LOCAL Default clause specifies that the tablespace is locally managed usingbitmaps

With this clause DEFAULT storage_clause , MINIMUM EXTENT orTEMPORARY clauses can not be specified

-- AUTOALLOCATE Specified that the tablespace is SYSTEM managed Users can not specify an extent size

Space management

Dictionary managed

-- Free extents are managed in the data dictionary

-- Data dictionary is updated appropriately when extents areallocated or deallocated

-- Each segment stored in the tablespace can have a different

storage clause , so more flexible than locally managed but

much less efficient

-- Coalescing is required


36/60

12/1/2010

36

Space management

Dictionary Managed example

CREATE TABLESPACE mydata

DATAFILE `c:\oradata\mydata01.dbf`

EXTENT MANAGEMENT DICTIONARY DEFAULT

STORAGE ( INITIAL 1M NEXT 1M PCTINCREASE 0)

Undo Tablespace

Used to store undo segments

Extents are locally managed

EXTENT MANAGEMENT LOCAL and DATAFILE clauses can only

bespecified

Syntax :

-- CREATE UNDO TABLESPACE ts_name [DATAFILE clause]

[ EXTENT MANAGEMENT clause]

E . G.-- CREATE UNDO TABLESPACE undo1 DATAFILE

c:\oradata\undo.dbf SIZE 20M


37/60

12/1/2010

37

Temporary Tablespace

Temporary tablespace

-- Used to hold temporary objects e.g segments used by

implicit sorts caused by an ORDER BY clause

-- It is always with standard blocksize

-- To create a locally managed temporary tablespace , use theCREATE TEMPORARY TABLESPACE statement


The extents once allocated can be only freed when the instance is

shut down

e.g

CREATE TEMPORARY TABLESPACE temp1

TEMPFILE ` c:\oradata\temp1.dbf SIZE 30M

EXTENT MANAGEMENT LOCAL

UNIFORM SIZE 2M;


38/60

12/1/2010

38


Points to remember about temporary data

files in locally managed temporary tablespace Non standard block sizes cannot be specified

Temporary files are always set to NOLOGGING mode

It cannot be made read only

Temporary files are required for read only databases

Media recovery does not recover tempfiles.

Default Temporary Tablespace

Default temporary tablespace is created to

eliminate the use of System tablespace for

storing temporary data

Default temporary tablespace can be created At the time of database creation

After database creation By creating temporary tablespace and setting it to Default temporay

tablespace

E.g. ALTER DATABASE DEFAULT TEMPORARY TABLESPACE temp1;


39/60

12/1/2010

39


When Default temporay tablespace is

changed,all users assigned the Default

temporay tablespace are assigned to new

default

To find Default temporary tablesapce for the

database query

DATABASE_PROPERTIES view


Restrictions on default temporary tablespace

Can not be dropped until new default is available

Cannot be taken offline


40/60

12/1/2010

40

Taking Tablespace offline

Syntax:

ALTER TABLESPACE ts_name;

Example :

ALTER TABLESPACE user OFFLINE

ALTER TABLESPACE user ONLINE

Taking Tablespace offline

Following tablespace cannot be taken offline

- System tablespace

- Tablespaces with active undo segments

- Default temporary tablespace


41/60

12/1/2010

41

Changing Size of Tablespace

Size of the tablespace can be changed

automatically by specifying AUTOEXTEND

clause with

- CREATE DATABASE

- CREATE TABLESPACE

- ALTER TABLESPACE. ADD DATAFILE

Changing Size of Tablespace

Examples :

CREATE TABLESPACE user1 DATAFILE

C:\oradata\user1.dbf SIZE 4M AUTOEXTEND ON

NEXT 2M MAXSIZE 100M ALTER DATABASE DATAFILE C:\oradata\user1.dbf

AUTOEXTEND ON NEXT 2M;

ALTER TABLESPACE user2 ADD DATAFILEC:\oradata\user3.dbf SIZE 10M;

ALTER DATABASE DATAFILE C:\oradata\user1.dbf

RESIZE 5M;


42/60

12/1/2010

42

DROPPING TABLESPACES

SYNTAX

- DROP TABLESPACE ts_name [INCLUDING

CONTENTS[AND DATAFILES][CASCADE

CONSTRAINTS]];

Example

- DROP TABLESPACE user1 INCLUDINGCONTENTS AND DATAFILES;

DROPPING TABLESPACES

Guidelines

- Tablespace can not be dropped if it

Is a system tablespace

Contain active segments

- Tablespace that still contains data can be only

dropped by specifying INCLUDING CONTENTS

option.

- To drop files of tablespace use AND DATAFILES

clause


43/60

12/1/2010

43

TABLESPACE INFORMATION

Tablespace Information

- DBA_TABLESPACES

- V$TABLESPACE

Data file information

-DBA_DATA_FILES

- V$DATAFILE Temp file information

- DBA_TEMP_FILES

- V$TEMPFILE

UNDO SEGMENT

Purpose of Undo segments

- Transaction rollback

Used to record old values of data that were changed by a

transaction Restores these values if transaction is rolled back

- Transaction recovery

Possible because changes made to the undo segment are

also protected by the online redo log files.

- Read consistency

Does not allow other transactions to see any uncommitted

changes


44/60

12/1/2010

44

CREATING UNDO SEGMENT

By adding clause in the CREATE DATABSE

- CREATE DATABASE trydb

UNDO TABLESPACE undo1 DATAFILE

C:\oradata\undo1.dbf SIZE 30M

AUTOEXTEND ON;

By creating undo tablespace later on- CREATE UNDO TABLESPACE undo2 DATAFILE

C:\oradata\undo2.dbf SIZE 30M AUTOEXTEND

ON;

SWITCHING UNDO TABLESPACE

Multiple undo tablespace can exists, however

only one tablespace can be active at a time.

To switch between undo tablespaces

dynamically

- ALTER SYSTEM SET

UNDO_TABLESPACE= undotbs2;


45/60

12/1/2010

45

AUTOMATIC UNDO MANAGEMENT

Undo tablespace may need to be increased to

support long running queries that needs

consistent reads

UNDO_RETENTION parameter detarmines

how long to retain undo data for consistent

reads

Can be modified dynamically

- ALTER SYSTEM SET UNDO_RETENTION=600;

CREATING UNDO SEGMENT

Specifying Retention Guarantee

- CREATE UNDO TABLESPACE undo2 DATAFILE

C:\oradata\undo2.dbf SIZE 30M

AUTOEXTEND ON RETENTION GUARANTEE;


46/60

12/1/2010

46

PRIVILAGES AND ROLES

CONTROLLING USERS AND

SECURITY

Control over security

- Oracle server provide tools by which the DBA

can ensure security of the data

- Use of

User name, Password

Privileges , Roles


47/60

12/1/2010

47

DATABASE SCHEMA

A schema is a named collection of database

objects that are associated with particular

user

When a database user is created , a schema

with the same name is created for that user.

CREATING USER

Consider following when creating User

- Identify table space

- Decide quota on each tablespaces

- Assign a default and temporary tablespaces

-Decide privileges and roles


48/60

12/1/2010

48

CREATING USER

DATA DICTIONARY AUTHENTICATION

Syntax

CREATE USER username IDENTIFIED BY

[DEFAULT TABLESPACE

ts_name][TEMPORARY TABLESPACE

ts_name][QUOTA ON ts_name][PASSWORD

EXPIRE][ACCOUNT][PROFILE];

CREATING USER

DATA DICTIONARY AUTHENTICATION

Example

CREATE USER Anil IDENTIFIED BY xxyyzz

DEFAULT TABLESPACE user1

TEMPORARY TABLESPACE temp

QUOTA 10M ON user1

QUOTA 10M ON data

PASSWORD EXPIRE

ACCOUNT UNLOCK


49/60

12/1/2010

49

CREATING USER

Points to remember

- If default tablespace is not assigned then

system tablespace is assigned as the default

- If PASSWORD EXPIRE is specified then, user

will be prompted to change his password at

the first log in

CHANGING USER QUOTA

Syntax:

ALTER USER user_name

[DEFAULT TABLESPACE ts_name]

[TEMPORARY TABLESPACE

ts_name][QUOTAO

N ts_name];

E.g.

- ALTER USER Anil QUOTA 0 ON user1;


50/60

12/1/2010

50

CHANGING PASSWORD

Syntax:

- ALTER USER user_name IDENTIFIED BY

new_password;

- e.g.

- ALTER USER Anil IDENTIFIED BY anil87;

DROPPING A USER

Syntax:

- DROP USER user_name [CASCADE];

E.g

- DROP USER Anil CASCADE;

The CASCADE option drops all objects in the

schema before dropping the user.


51/60

12/1/2010

51

USER INFORMATION

Information about users can be obtained

from the following views

- DBA_USERS

- DBA_TS_QUOTAS

PRIVILEGES

Privileges

- are rights to execute particular SQL statement

Need to grant privileges

- Data confidentiality

Only relevant personnel have access to

confidential data

- Efficient system management

Users are allowed to perform limited operations

that they need.


52/60

12/1/2010

52

PRIVILEGES

Categories of privileges

- System privileges

- Object privileges

SYSTEM PRIVILEGES

System privileges allows users to perform

particular actions in the database

e.g

- Creating public synonyms, new users etc.

- Removing users , tables etc.

- Database backup

These privileges are normally granted only to

DBAs


53/60

12/1/2010

53

SYSTEM PRIVILEGESCategory Privileges

Index CREATE ANY INDEX

ALTER ANY INDEX

DROP ANY INDEX

Table CREATE TABLE

CREATE ANY TABLE

ALTER ANY TABLE

DROP ANY TABLE

SELECT ANY TABLE

UPDATE ANY TABLE

DELETE ANY TABLESession CREATE ANY SESSION

ALTER SESSION

RESTRICTED SESSION

Tablespace CREATE TABLESPACE

ALTER TABLESPACE

DROP TABLESPACE

SYSTEM PRIVILEGES

Points to remember

- CREATE privilege include dropping these

objects

- To connect database CREATE SESSION privilege

is required

- To truncate table of another schema DROP ANY

TABLE privilege is required.


54/60

12/1/2010

54

GRANT-SYSTEM PRIVILEGES

Syntax :

GRANT privilege1[, privilege2,.]

TO USER [WITH ADMIN OPTION];

E.g.

GRANT create session , create table TO Anil; WITH ADMIN OPTION

-Enables the grantee to further grant the privilege or

role to other users or roles.

REVOKING SYSTEM PRIVILEGE

Syntax:

- REVOKE FROM

;

E.g.

- REVOKE CREATE TABLE FROM Anil;

Users with ADMIN OPTION for system

privileges can revoke system privileges

There are no cascading effect when system

privilege is revoked.


55/60

12/1/2010

55

OBJECT PRIVILEGES

Enables users to access and manipulate a

specific object

Each object has a particular set of grantable

privileges

- Table SELECT,INSERT,UPDATE,DELETE,INDEX

REFERENCES ,ALTER

- View SELECT,INSERT,UPDATE,DELETE,REFERENCE

- Sequence SELECT , ALTER

- Sub-program EXECUTE

OBJECT PRIVILEGES

Owner has all privilege on objects available in

his schema

Owner can give privileges on objects owned

by him to other users or roles

Syntax:

GRANT ON object_name

TO [WITH GRANT

OPTION];


56/60

12/1/2010

56

OBJECT PRIVILEGES

WITH GRANT OPTION

- Allows grantee to grant objects privileges to

other users or roles

- Not valid when granting an object privilege to

a role

Example :- Grant select ON emp TO Amit WITH GRANT

OPTION;

- GRANT update (job,deptno) ON emp TO

REVOKE OBJECT PRIVILEGES

Revoke command is used to remove privileges

assigned to different users

Cascading effects can be observed when

revoking a system privilege

Syntax:

REVOKE ON

object_name FROM

;

Example:


57/60

12/1/2010

57

PRIVILEGES INFORMATION

DBA_SYS_PRIVS

- Lists system privileges granted to users and roles

DBA_TAB_PRIVS- Lists all grants on all objects in the database

DBA_COL_PRIVS

- Lists column privileges

SESSION_PRIVS- Lists the privileges that are currently available to the user

ALL_TAB_PRIVS_MADE- Lists the grants made on the objects owned by the current user

ROLE

Role is a named group of related privileges

that can be granted to users

Role provides easy and controlled privilege

management

Role can consists of both system and object

privileges

It can granted to any database user or role


58/60

12/1/2010

58

CREATE ROLE

Syntax:

- CREATE ROLE role_name;

e.g

- CREATE ROLE engineer;

- GRANT create session , create table, create

view, TO engineer;- GRANT engineer TO Amol, Anamika WITH

ADMIN OPTION;

PREDEFINED ROLE

CONNECT

- Privileges to connect to the database and create variousobjects as cluster , database

link,sequence,synonym,table,view RESUORCE

- Privileges to create programmatic objects such as procedure,

functions,packages,triggers,types.

DBA- All system privileges with ADMIN option

SELECT_CATALOG_ROLE-

-


59/60

12/1/2010

59

ASSIGNING ROLES

Syntax:

GRANT role1,role2,

TO [WITH ADMIN OPTION]

E.g.

- GRANT engineer TO scott WITH ADMIN

OPTION;

REVOKING ROLES

Syntax:

REVOKE role1,[,role2]

FROM ;

Example:

- REVOKE engineer FROM scott;

Any user with ADMIN option for a role can

revoke the role from any other database user

or role.


60/60

12/1/2010

REMOVING ROLE

DROP ROLE command

- Removes it from all users and roles it was

granted

- Removes it from database

ADMIN OPTION or DROP ANY ROLE

privileges are required Syntax:

- DROP ROLE role;

ROLE INFORMATION

DBA_ROLES

- Lists the roles defined in the database

DBA_ROLE_PRIVS

- Lists all the roles granted to users and roles

ROLE_ROLE_PRIVS

- Lists roles granted to the roles

DBA_SYS_PRIVS

database docs

Documents