8/7/2019 database docs
1/60
12/1/2010
1
Oracle Architecture
ORACLE Architecture
Database Components
Memory Structures
Processes
Oracle Instance
Shared Server ( Multi threaded Server)
8/7/2019 database docs
2/60
12/1/2010
2
Database overviewAn oracle database consists of
Physical Components Data file
Control Files
Redo log files
Logical components Tablespace , segments , extent , block.
Schema Objects
Database file
A database consists of a set of operating
system files.
Types of information is stored in an oracle
database User Data
Actual Application Data
System Data Data that the database needs to manage itself
Overhead Data Indexes , Integrity etc.
8/7/2019 database docs
3/60
8/7/2019 database docs
4/60
12/1/2010
4
Control File A control file is associated with a single database.
Control file is automatically modified by ORACLE; a user
cannot edit them
They are used to maintain internal consistency and guide
recovery operations
Redo Log file
The Redo Log files are set of files external to the database that
records changes made to the database during transactions.
A Redo log contains all the committed transaction that haveoccurred against the database .
Redo logs are also called transaction logs.
8/7/2019 database docs
5/60
12/1/2010
5
Redo Log File No activity in the database can take place without
being recorded in Redo
Logs
The redo Logs are necessary to protect against data
loss due to variouskinds of failures.
Redo Log file
An online Redo log file is one to which transactions
are written each time a transaction occurs.
Every database requires a minimum two Redo Logs
Redo logs work in circular fashion
A Log switch occurs when a log file is filled .
8/7/2019 database docs
6/60
12/1/2010
6
Redo Log FileDatabase operates in two modes :
--NOARCHIVELOG
--ARCHIVELOG
The mode determines whether the redo logs are
overwritten or not before creating copy of filled
redo log file.
Redo Log File
NOARCHIVELOG Mode
-- Default mode
-- The transactions are overwritten each time a log
switch occurs
ARCHIVELOG Mode
-- All transaction redo logs are kept
-- A copy of current log is made before a log switch
occurs. This
ensures the database protection against all types of
failure.
8/7/2019 database docs
7/60
12/1/2010
7
Tablespace A database is divided into logical divisions
called tablespaces.
A database may have one or more tablespaces
Each logical tablespace corresponds to one
or more physical files.
Tablespace
The typical tablespace present in an ORACLE
database are :
SYSTEM
SYSAUX
TEMPORARY
UNDO
USER
BIGFILE
INDEX
8/7/2019 database docs
8/60
12/1/2010
8
Tablespace SYSTEM
-- where ORACLE stores all the information it needs to manage itself.
-- the system tablespace always contain the data dictionary for the
entire database objects.
SYSAUX
-- An auxiliary tablespace to the SYSTEM tablespace
-- Used by oracle components like Enterprise Manager Repository ,
log Miner etc.
Tablespace
TEMPORARY :
-- where ORACLE stores all its temporary tables.
UNDO :
-- Used for rolling back transactions.
USER :
-- Where all the information about the user is stored.
BIGFILE :
-- Consists of only one datafile
-- Single data file can be upto 8EB.
8/7/2019 database docs
9/60
12/1/2010
9
Segments and Extents All data in a tablespace is stored in allocations of
database space called segments
A segment is a set of extents allocated for storage of
database data.
The storage parameters of segment determines
how a database object will obtain database space.
An extent is an allocation of contigious database
space , made up of logical (oracle) blocks
Segments and Extents
Types of segments can be :
Data segments
Index segments
Undo segments
Temporary segments
Bootstrap segments
8/7/2019 database docs
10/60
12/1/2010
10
Segments and Extents
DATA and INDEXwhich holds the actual data and the indexes.
UNDO :where all undo information is stored.
TEMPORARY :Used to store intermediate results of various operations
BOOTSTRAP :Helps to initialize data dictionary cache when the database is opened by
an instance
Schema Objects
A schema can have one or more logical database
objects
-- Tables-- Indexes
-- Views
etc.
8/7/2019 database docs
11/60
12/1/2010
11
Oracle Memory StructuresOracle uses memory to store :
-- Program code being executed
-- Information about connected session
-- Data needed during program execution
-- Information which is shared and communicated among
ORACLE processes
-- Caching information.
Oracle Memory Structures
The basic memory structures associated with ORACLE
includes :
-- The System Global Area (SGA)
-- The Program Global Areas (PGA)
8/7/2019 database docs
12/60
12/1/2010
12
The System Global Area
A group of shared memory structures that contains data
and control information for one database instance
Multiple users connected to the same instance share the
data from instances SGA
Also referred as Shared Global Area
The System Global Area
The information stored within an SGA is divided into
several areas of memory :
The database Buffer Cache
The Redo log Buffer
The Shared Pool
Java Pool
Streams pool
8/7/2019 database docs
13/60
12/1/2010
13
Database Buffer Cache A portion of SGA that holds database information
The buffers are shared by all ORACLE user processes
concurrently connected to the instance.
The Redo Log Buffer
The redo log buffer in the SGA holds changes made
to the database.
Redo entries from the Redo Buffer are written to the
online Redo Log
Files
8/7/2019 database docs
14/60
12/1/2010
14
The Shared Pool
It consists of
-- Library Cache
-- Data Dictionary Cache
Shared pool
Library Cache
stores information about the most recently usedSQL and PL/SQL statements.
Use Least Recently used (LRU) algorithmConsist of two areas
shared SQL are
Shared PL/SQL area.
8/7/2019 database docs
15/60
12/1/2010
15
Shared PoolThe Data Dictionary Cache
Contains reference information about thedatabase , its structure and its users
Contents of the data dictionary
Names of all tables and views
Names and data types of the columns in database
tables. Privileges of all Oracle users.
The Program Global Area
Contains data and control information for single process
Also referred as Process Global Area
PGA contains
-- Private SQL area
-- Session memory
-- SQL work area.
8/7/2019 database docs
16/60
12/1/2010
16
Oracle Processes
Every time a database is strated on a database server ,
SGA is allocated and one or more Oracle processes are
started.
An ORACLE Instance
-- The combination of SGA and the ORACLE processes is called an
Oracle Database instance
-- An Oracle instance may have number of background processes; notall are always present.
Oracle Processes
System Processes
-- Mandatory Processes
-- Optional Processes
User Processes
8/7/2019 database docs
17/60
12/1/2010
17
Oracle System Processes
Database Writer (DBWn)
Log Writer(LGWR)
System Monitor(SMON)
Process Monitor (PMON)
Checkpoint (CKPT)
Archiver (ARCH)
Recoverer (RECO)Lock (LCKn)
Server(Snn)
Database Writer
All the writing of buffers of a data files is performed by
the database writer Process.
DBWR also manages the buffer cache so that user
processes can always find free buffers
DBWR is responsible for buffer cache management
-- when a buffer in the buffer cache is modified , it is marked as
Dirty.
-- DBWR keeps buffer cache Clean by writing Dirty buffers on
the Disk
8/7/2019 database docs
18/60
12/1/2010
18
Database writer
Database writer writes to database when
-- Checkpoints occur
-- Dirty buffers reach threshold
-- There are no free buffers
-- Time out occurs
Log Writers
The redo log buffer is written to a Redo log on disk by the
log writer process(LGWR)
LGWR is the only process that writes to the on line Redolog and reads the redo log buffers
Log Writer writes to log files when
-- A transaction commits
-- The redo log buffer is one third full
-- More than 1MB of changes recorded in the Redo Log Buffers
-- Before DBWn writes modified blocks in the database buffer Cache to the
data files
-- Every three seconds
8/7/2019 database docs
19/60
12/1/2010
19
System Monitor The system Monitor Process performance instance
recovery at instance start up.
SMON is also responsible for cleaning up temporary
segments
It merges contiguous free extents in the data file
Process Monitor
Performs process recovery when a user process
fails.
PMON
-- Rolls back the transaction
-- Releases the locks
-- Releases other resources used by failed process
8/7/2019 database docs
20/60
12/1/2010
20
Checkpoint (CKPT) Signals DBWR at checkpoints
Records information in control file , to identify the
place in the online redo log file from where recovery
is to begin.
Updates all of the data files header and control file
with checkpoint information.
Managing Oracle Instance
8/7/2019 database docs
21/60
12/1/2010
21
Parameter File Static parameter file (PFILE)
-- Default name in the format of initSID.ora
-- Text File
-- Default Location ORACLE_Home\Database
Persistent server parameter file (SPFILE)-- To create spfile first , pfile must exit
-- Default name in the format of spfileSID.ora
-- Binary file
-- Maintained by Oracle Server
-- Changes to parameter can be persistent across shutdown
and
startup
-- Default location ORACLE_HOME\Database
Changing parameter values
Syntax :
-ALTER SYSTEM SET parameter_name= value [SCOPE=
MEMORY|SPFILE|BOTH]
E.g.- ALTER SYSTEM SET undo_tablespace=undo3 SCOPE=BOTH;
To see parameters value
- SHOW PARAMETERS [parameter_name]
8/7/2019 database docs
22/60
12/1/2010
22
Parameters in Initialization
Some common Parameters
-- BACKGROUND_DUMP_DEST
-- COMPATIBLE
-- CONTROL_FILES
-- DB_CACHE_SIZE
-- DB_NAME
-- SHARED_POOL_SIZE
-- USER_DUMP_DEST
Starting Up a Database
SYNTAX
-- STARTUP [ FORCE ] [ RESTRICT ] [PFILE=pfile_name]
[ MOUNT | NOMOUNT]
E.g.
-- STARTUP
-- STARTUP PFILE =ORACLE_HOME\database\init.ora
8/7/2019 database docs
23/60
12/1/2010
23
Starting Up a Database
Database can be started in three stages :
-- NOMOUNT
-- MOUNT
-- OPEN
ALTER DATABASE command
Used for moving database from NOMOUNT to MOUNTor MOUNT to OPEN stage.
SYNTAX:
ALTER DATABASE ;
8/7/2019 database docs
24/60
12/1/2010
24
Shutting down the database
SYNTAX
SHUTDOWN [ NORMAL | TRANSACTIONAL |IMMEDIATE | ABORT ] ;
Diagnostic Files
The files contains information about significant events.
Types of the files :
-- alert_SID.log Location decided by BACKGROUND_DUMP_DEST
-- Background trace files Location decided by BACKGROUND_DUMP_DEST
-- User trace files Location decided by USER_DUMP_DEST Size defined by MAX_DUMP_FILE_SIZE
8/7/2019 database docs
25/60
12/1/2010
25
Terminating Session
Syntax
ALTER SYSTEM KILL SESSION `sid , serial#` ;
-- sid (session id) and Serial# (serial number) fromv$SESSION view are used to uniquely identify a
session
Data Dictionary and Dynamic
Performance views
8/7/2019 database docs
26/60
12/1/2010
26
Data Dictionary
Contains read only tables and views.
Stored in the SYSTEM tablespace
Owned by the user SYS
Maintained automatically by the Oracle server
Oracle server modifies it when a DDL statement isexecuted
Available as read only to users and DBA
Data dictionary Contents
Data dictionary views are static views.
Provides information about
-- Logical and Physical database structure-- Definitions and space allocation of all objects such
as table , views,synonyms etc.
-- Integrity constraint information-- Names of Oracle users-- Privileges and roles granted to users-- Auditing information
8/7/2019 database docs
27/60
12/1/2010
27
Data dictionary view categories Distinguish and prefixed by their scope
-- DBA
All objects in the database
-- ALL
Objects accessible by the current user
--USER
Objects owned by the current user
Data Dictionary
To get overview of the data dictionary views , query the
DICTIONARY view or
its synonym DICT
General Overview-- DICTIONARY , DICT_COLUMNS
Schema objects
-- DBA_TABLES
-- DBA_INDEXES
-- DBA_TAB_COLUMNS
-- DBA_TAB_CONSTRAINTS
8/7/2019 database docs
28/60
12/1/2010
28
Data Dictionary
Space allocation
-- DBA_SEGMENTS
-- DBA_EXTENTS
Database structure
-- DBA_TABLESPACES-- DBA_DATA_FILES
Dynamic Performance Views
These virtual table exists in memory only when the database is running
Reflect real-time conditions of the database operation
Points to actual sources of information in memory and the control file
Also called as fixed views
Owned by SYS and begin with V_$
Accessed through public synonyms starting with V$
Listed in V$FIXED_TABLE
8/7/2019 database docs
29/60
12/1/2010
29
Dynamic Performance Views V$CONTROLFILE
-- Names of the control file
V$DATABASE
-- Database information from the control file
V$DATAFILE
-- Data file information from the control file
V$INSTANCE
-- State of the current instance
V$PARAMETER
-- List parameters and values currently in effect
V$SESSION
-- Session information
Dynamic Performance Views
V$SGA-- Summary information of the SGA
V$SPPARAMETER
-- Contents of the SPFILE
V$TABLESPACE-- Tablespace information from the control file
V$VERSION-- Version numbers of core library components
8/7/2019 database docs
30/60
12/1/2010
30
Managing tablespace
Tablespace
A database is divided into logical divisions called tablespace
A database may have one or more tablespaces
Each logical tablespace corresponds to one or more physical
database files
8/7/2019 database docs
31/60
12/1/2010
31
Tablespace
The original tablespace is named as SYSTEM
The typical tablespace present in an ORACLE database are :
-- SYSTEM
SYSTEM
SYSAUX
-- Non- SYSTEM
USER
TEMP
TOOLS
Tablespace
SYSTEM tablespace
-- Created with the database
-- Contains the data Dictionary , including stored programs-- Contains the system undo segments
-- Should not contain user data
8/7/2019 database docs
32/60
12/1/2010
32
Tablespace
Non- SYSTEM tablespace
-- Created for flexibility in database administration
-- Created to separate undo , temporary , application data and
application index segments
-- Created according to data backup requirements
-- Control the amount of space allocated to the users objects
Tablespace
Syntax
CREATE TABLESPACE ts_name
[ DATAFILE file_name [ SIZE integer [ K|M ]]
[ MINIMUM EXTENT integer [ K|M ]][ LOGGING | NOLOGGING ]
[ extent_management_clause ]
[ extent_management_clause ]
8/7/2019 database docs
33/60
12/1/2010
33
Tablespace
NOLOGGING
-- Affects only DML and DDL Commands , e.g. direct loads
Space management
Locally Managed
-- Default beginning with Oracle9i
-- Free extents are managed within the tablespace usingbitmaps
-- Each bit corresponds to a block or group of blocks
-- Prior to Oracle9i Release 2 , the system tablespace was not
locally managed
8/7/2019 database docs
34/60
12/1/2010
34
Space management
Advantages of locally managed tablespaces
-- Reduced contention on data dictionary tables-- When space is allocated or deallocated , undo not
generated-- Tracks adjacent free space , so coalescing is not
required
-- The size of locally managed extents can be determinedautomatically by system
-- Avoids recursive space management operation
Space management
Syntax of extent_management_clause[ EXTENT MANAGEMENT[ DITIONARY | LOCAL[ AUTOALLOCATE | UNIFORM[ SIZE integer [ K | M] ] ] ]
Example
CREATE TABLESPACE mydataDATAFILE `c:\oradata\mydata01.dbf`SIZE 400MEXTENT MANAGEMENT LOCAL UNIFORM SIZE 128K
8/7/2019 database docs
35/60
12/1/2010
35
Space management
extent_management_clause
-- LOCAL Default clause specifies that the tablespace is locally managed usingbitmaps
With this clause DEFAULT storage_clause , MINIMUM EXTENT orTEMPORARY clauses can not be specified
-- AUTOALLOCATE Specified that the tablespace is SYSTEM managed Users can not specify an extent size
Space management
Dictionary managed
-- Free extents are managed in the data dictionary
-- Data dictionary is updated appropriately when extents areallocated or deallocated
-- Each segment stored in the tablespace can have a different
storage clause , so more flexible than locally managed but
much less efficient
-- Coalescing is required
8/7/2019 database docs
36/60
12/1/2010
36
Space management
Dictionary Managed example
CREATE TABLESPACE mydata
DATAFILE `c:\oradata\mydata01.dbf`
EXTENT MANAGEMENT DICTIONARY DEFAULT
STORAGE ( INITIAL 1M NEXT 1M PCTINCREASE 0)
Undo Tablespace
Used to store undo segments
Extents are locally managed
EXTENT MANAGEMENT LOCAL and DATAFILE clauses can only
bespecified
Syntax :
-- CREATE UNDO TABLESPACE ts_name [DATAFILE clause]
[ EXTENT MANAGEMENT clause]
E . G.-- CREATE UNDO TABLESPACE undo1 DATAFILE
c:\oradata\undo.dbf SIZE 20M
8/7/2019 database docs
37/60
12/1/2010
37
Temporary Tablespace
Temporary tablespace
-- Used to hold temporary objects e.g segments used by
implicit sorts caused by an ORDER BY clause
-- It is always with standard blocksize
-- To create a locally managed temporary tablespace , use theCREATE TEMPORARY TABLESPACE statement
Temporary Tablespace
The extents once allocated can be only freed when the instance is
shut down
e.g
CREATE TEMPORARY TABLESPACE temp1
TEMPFILE ` c:\oradata\temp1.dbf SIZE 30M
EXTENT MANAGEMENT LOCAL
UNIFORM SIZE 2M;
8/7/2019 database docs
38/60
12/1/2010
38
Temporary Tablespace
Points to remember about temporary data
files in locally managed temporary tablespace Non standard block sizes cannot be specified
Temporary files are always set to NOLOGGING mode
It cannot be made read only
Temporary files are required for read only databases
Media recovery does not recover tempfiles.
Default Temporary Tablespace
Default temporary tablespace is created to
eliminate the use of System tablespace for
storing temporary data
Default temporary tablespace can be created At the time of database creation
After database creation By creating temporary tablespace and setting it to Default temporay
tablespace
E.g. ALTER DATABASE DEFAULT TEMPORARY TABLESPACE temp1;
8/7/2019 database docs
39/60
12/1/2010
39
Default Temporary Tablespace
When Default temporay tablespace is
changed,all users assigned the Default
temporay tablespace are assigned to new
default
To find Default temporary tablesapce for the
database query
DATABASE_PROPERTIES view
Default Temporary Tablespace
Restrictions on default temporary tablespace
Can not be dropped until new default is available
Cannot be taken offline
8/7/2019 database docs
40/60
12/1/2010
40
Taking Tablespace offline
Syntax:
ALTER TABLESPACE ts_name;
Example :
ALTER TABLESPACE user OFFLINE
ALTER TABLESPACE user ONLINE
Taking Tablespace offline
Following tablespace cannot be taken offline
- System tablespace
- Tablespaces with active undo segments
- Default temporary tablespace
8/7/2019 database docs
41/60
12/1/2010
41
Changing Size of Tablespace
Size of the tablespace can be changed
automatically by specifying AUTOEXTEND
clause with
- CREATE DATABASE
- CREATE TABLESPACE
- ALTER TABLESPACE. ADD DATAFILE
Changing Size of Tablespace
Examples :
CREATE TABLESPACE user1 DATAFILE
C:\oradata\user1.dbf SIZE 4M AUTOEXTEND ON
NEXT 2M MAXSIZE 100M ALTER DATABASE DATAFILE C:\oradata\user1.dbf
AUTOEXTEND ON NEXT 2M;
ALTER TABLESPACE user2 ADD DATAFILEC:\oradata\user3.dbf SIZE 10M;
ALTER DATABASE DATAFILE C:\oradata\user1.dbf
RESIZE 5M;
8/7/2019 database docs
42/60
12/1/2010
42
DROPPING TABLESPACES
SYNTAX
- DROP TABLESPACE ts_name [INCLUDING
CONTENTS[AND DATAFILES][CASCADE
CONSTRAINTS]];
Example
- DROP TABLESPACE user1 INCLUDINGCONTENTS AND DATAFILES;
DROPPING TABLESPACES
Guidelines
- Tablespace can not be dropped if it
Is a system tablespace
Contain active segments
- Tablespace that still contains data can be only
dropped by specifying INCLUDING CONTENTS
option.
- To drop files of tablespace use AND DATAFILES
clause
8/7/2019 database docs
43/60
12/1/2010
43
TABLESPACE INFORMATION
Tablespace Information
- DBA_TABLESPACES
- V$TABLESPACE
Data file information
-DBA_DATA_FILES
- V$DATAFILE Temp file information
- DBA_TEMP_FILES
- V$TEMPFILE
UNDO SEGMENT
Purpose of Undo segments
- Transaction rollback
Used to record old values of data that were changed by a
transaction Restores these values if transaction is rolled back
- Transaction recovery
Possible because changes made to the undo segment are
also protected by the online redo log files.
- Read consistency
Does not allow other transactions to see any uncommitted
changes
8/7/2019 database docs
44/60
12/1/2010
44
CREATING UNDO SEGMENT
By adding clause in the CREATE DATABSE
- CREATE DATABASE trydb
UNDO TABLESPACE undo1 DATAFILE
C:\oradata\undo1.dbf SIZE 30M
AUTOEXTEND ON;
By creating undo tablespace later on- CREATE UNDO TABLESPACE undo2 DATAFILE
C:\oradata\undo2.dbf SIZE 30M AUTOEXTEND
ON;
SWITCHING UNDO TABLESPACE
Multiple undo tablespace can exists, however
only one tablespace can be active at a time.
To switch between undo tablespaces
dynamically
- ALTER SYSTEM SET
UNDO_TABLESPACE= undotbs2;
8/7/2019 database docs
45/60
12/1/2010
45
AUTOMATIC UNDO MANAGEMENT
Undo tablespace may need to be increased to
support long running queries that needs
consistent reads
UNDO_RETENTION parameter detarmines
how long to retain undo data for consistent
reads
Can be modified dynamically
- ALTER SYSTEM SET UNDO_RETENTION=600;
CREATING UNDO SEGMENT
Specifying Retention Guarantee
- CREATE UNDO TABLESPACE undo2 DATAFILE
C:\oradata\undo2.dbf SIZE 30M
AUTOEXTEND ON RETENTION GUARANTEE;
8/7/2019 database docs
46/60
12/1/2010
46
PRIVILAGES AND ROLES
CONTROLLING USERS AND
SECURITY
Control over security
- Oracle server provide tools by which the DBA
can ensure security of the data
- Use of
User name, Password
Privileges , Roles
8/7/2019 database docs
47/60
12/1/2010
47
DATABASE SCHEMA
A schema is a named collection of database
objects that are associated with particular
user
When a database user is created , a schema
with the same name is created for that user.
CREATING USER
Consider following when creating User
- Identify table space
- Decide quota on each tablespaces
- Assign a default and temporary tablespaces
-Decide privileges and roles
8/7/2019 database docs
48/60
12/1/2010
48
CREATING USER
DATA DICTIONARY AUTHENTICATION
Syntax
CREATE USER username IDENTIFIED BY
[DEFAULT TABLESPACE
ts_name][TEMPORARY TABLESPACE
ts_name][QUOTA ON ts_name][PASSWORD
EXPIRE][ACCOUNT][PROFILE];
CREATING USER
DATA DICTIONARY AUTHENTICATION
Example
CREATE USER Anil IDENTIFIED BY xxyyzz
DEFAULT TABLESPACE user1
TEMPORARY TABLESPACE temp
QUOTA 10M ON user1
QUOTA 10M ON data
PASSWORD EXPIRE
ACCOUNT UNLOCK
8/7/2019 database docs
49/60
12/1/2010
49
CREATING USER
Points to remember
- If default tablespace is not assigned then
system tablespace is assigned as the default
- If PASSWORD EXPIRE is specified then, user
will be prompted to change his password at
the first log in
CHANGING USER QUOTA
Syntax:
ALTER USER user_name
[DEFAULT TABLESPACE ts_name]
[TEMPORARY TABLESPACE
ts_name][QUOTAO
N ts_name];
E.g.
- ALTER USER Anil QUOTA 0 ON user1;
8/7/2019 database docs
50/60
12/1/2010
50
CHANGING PASSWORD
Syntax:
- ALTER USER user_name IDENTIFIED BY
new_password;
- e.g.
- ALTER USER Anil IDENTIFIED BY anil87;
DROPPING A USER
Syntax:
- DROP USER user_name [CASCADE];
E.g
- DROP USER Anil CASCADE;
The CASCADE option drops all objects in the
schema before dropping the user.
8/7/2019 database docs
51/60
12/1/2010
51
USER INFORMATION
Information about users can be obtained
from the following views
- DBA_USERS
- DBA_TS_QUOTAS
PRIVILEGES
Privileges
- are rights to execute particular SQL statement
Need to grant privileges
- Data confidentiality
Only relevant personnel have access to
confidential data
- Efficient system management
Users are allowed to perform limited operations
that they need.
8/7/2019 database docs
52/60
12/1/2010
52
PRIVILEGES
Categories of privileges
- System privileges
- Object privileges
SYSTEM PRIVILEGES
System privileges allows users to perform
particular actions in the database
e.g
- Creating public synonyms, new users etc.
- Removing users , tables etc.
- Database backup
These privileges are normally granted only to
DBAs
8/7/2019 database docs
53/60
12/1/2010
53
SYSTEM PRIVILEGESCategory Privileges
Index CREATE ANY INDEX
ALTER ANY INDEX
DROP ANY INDEX
Table CREATE TABLE
CREATE ANY TABLE
ALTER ANY TABLE
DROP ANY TABLE
SELECT ANY TABLE
UPDATE ANY TABLE
DELETE ANY TABLESession CREATE ANY SESSION
ALTER SESSION
RESTRICTED SESSION
Tablespace CREATE TABLESPACE
ALTER TABLESPACE
DROP TABLESPACE
SYSTEM PRIVILEGES
Points to remember
- CREATE privilege include dropping these
objects
- To connect database CREATE SESSION privilege
is required
- To truncate table of another schema DROP ANY
TABLE privilege is required.
8/7/2019 database docs
54/60
12/1/2010
54
GRANT-SYSTEM PRIVILEGES
Syntax :
GRANT privilege1[, privilege2,.]
TO USER [WITH ADMIN OPTION];
E.g.
GRANT create session , create table TO Anil; WITH ADMIN OPTION
-Enables the grantee to further grant the privilege or
role to other users or roles.
REVOKING SYSTEM PRIVILEGE
Syntax:
- REVOKE FROM
;
E.g.
- REVOKE CREATE TABLE FROM Anil;
Users with ADMIN OPTION for system
privileges can revoke system privileges
There are no cascading effect when system
privilege is revoked.
8/7/2019 database docs
55/60
12/1/2010
55
OBJECT PRIVILEGES
Enables users to access and manipulate a
specific object
Each object has a particular set of grantable
privileges
- Table SELECT,INSERT,UPDATE,DELETE,INDEX
REFERENCES ,ALTER
- View SELECT,INSERT,UPDATE,DELETE,REFERENCE
- Sequence SELECT , ALTER
- Sub-program EXECUTE
OBJECT PRIVILEGES
Owner has all privilege on objects available in
his schema
Owner can give privileges on objects owned
by him to other users or roles
Syntax:
GRANT ON object_name
TO [WITH GRANT
OPTION];
8/7/2019 database docs
56/60
12/1/2010
56
OBJECT PRIVILEGES
WITH GRANT OPTION
- Allows grantee to grant objects privileges to
other users or roles
- Not valid when granting an object privilege to
a role
Example :- Grant select ON emp TO Amit WITH GRANT
OPTION;
- GRANT update (job,deptno) ON emp TO
REVOKE OBJECT PRIVILEGES
Revoke command is used to remove privileges
assigned to different users
Cascading effects can be observed when
revoking a system privilege
Syntax:
REVOKE ON
object_name FROM
;
Example:
8/7/2019 database docs
57/60
12/1/2010
57
PRIVILEGES INFORMATION
DBA_SYS_PRIVS
- Lists system privileges granted to users and roles
DBA_TAB_PRIVS- Lists all grants on all objects in the database
DBA_COL_PRIVS
- Lists column privileges
SESSION_PRIVS- Lists the privileges that are currently available to the user
ALL_TAB_PRIVS_MADE- Lists the grants made on the objects owned by the current user
ROLE
Role is a named group of related privileges
that can be granted to users
Role provides easy and controlled privilege
management
Role can consists of both system and object
privileges
It can granted to any database user or role
8/7/2019 database docs
58/60
12/1/2010
58
CREATE ROLE
Syntax:
- CREATE ROLE role_name;
e.g
- CREATE ROLE engineer;
- GRANT create session , create table, create
view, TO engineer;- GRANT engineer TO Amol, Anamika WITH
ADMIN OPTION;
PREDEFINED ROLE
CONNECT
- Privileges to connect to the database and create variousobjects as cluster , database
link,sequence,synonym,table,view RESUORCE
- Privileges to create programmatic objects such as procedure,
functions,packages,triggers,types.
DBA- All system privileges with ADMIN option
SELECT_CATALOG_ROLE-
-
8/7/2019 database docs
59/60
12/1/2010
59
ASSIGNING ROLES
Syntax:
GRANT role1,role2,
TO [WITH ADMIN OPTION]
E.g.
- GRANT engineer TO scott WITH ADMIN
OPTION;
REVOKING ROLES
Syntax:
REVOKE role1,[,role2]
FROM ;
Example:
- REVOKE engineer FROM scott;
Any user with ADMIN option for a role can
revoke the role from any other database user
or role.
8/7/2019 database docs
60/60
12/1/2010
REMOVING ROLE
DROP ROLE command
- Removes it from all users and roles it was
granted
- Removes it from database
ADMIN OPTION or DROP ANY ROLE
privileges are required Syntax:
- DROP ROLE role;
ROLE INFORMATION
DBA_ROLES
- Lists the roles defined in the database
DBA_ROLE_PRIVS
- Lists all the roles granted to users and roles
ROLE_ROLE_PRIVS
- Lists roles granted to the roles
DBA_SYS_PRIVS