Oracle7 Server Manager User's Guide Go to Product Documentation Library
Library		 Go to books for this product
Product		 Go to Contents for this book
Contents		 Go to Index
Index


Go to previous file in sequence Go to next file in sequence

Controlling Database Security

This chapter describes how to use Server Manager to manage database security. This chapter assumes that you have read Chapter 2, "Overview of the Administration Manager," and are familiar with the interface elements of the Administration Manager.

In the Security drawer, you can manage users, roles and profiles. You can also view the auditing options that are set for your system. This chapter describes the commands available in the Security drawer's folders:

The Users Folder

When you click the Users folder tab, the Users folder opens and the User object list and menu appear. The User object list contains information about the users in the database.

For more information about users, see the Oracle7 Server Concepts, the Oracle7 Server Administrator's Guide, and the Oracle7 Server SQL Reference.

The following figure illustrates the User object list.

Figure 4 - 1. User Object List

User Object List

The columns of the User object list are described below:

Username

Name of the user.

Default Tablespace

Default tablespace for the user's objects.

Temp Tablespace

Tablespace for the user's temporary segments.

Profile

Profile assigned to the user.

Logged In

Whether or not the user is currently connected to the database.

Creating a User

To create a new user, choose Create from the User menu. The Create User property sheet appears.

The Create User property sheet consists of the following pages:

The following figure illustrates the General page.

Figure 4 - 2. General Page of the Create User Property Sheet

Create User: General Page

The General page of the Create User property sheet is described below:

Username

Name of the user to be created.

Enter the name of the new user. The username can only contain characters from your database character set and can be at most 30 bytes long.

Password

Method Oracle uses to authenticate the user.

Click OS Authenticated to specify that the operating system verify the user.

Click Password to require a password for logon. Enter the password in the adjacent text entry field.

Default Tablespace

User's default tablespace.

Use the pop-up menu to choose the default tablespace for objects the user creates.

Temporary Tablespace

User's tablespace for temporary segments.

Use the pop-up menu to choose the tablespace for the user's temporary segments.

Profile

User's profile.

Use the pop-up menu to assign a profile to the user.

Create User: Quotas Page

On the Quotas page of the Create User property sheet, you can specify the tablespaces in which the user can allocate space and the maximum amount of space the user can allocate in each. The following figure illustrates the Quotas page.

Figure 4 - 3. Quotas Page of the Create User Property Sheet

The Quotas page is described below:

Quotas

Scrolling list of the tablespace quotas assigned to the user.

Add

Displays the Add Quota dialog box, which allows you to specify a quota for the user. For a description of the Add Quota dialog box, see page 4-5.

When you have specified a quota, that quota appears in the Quotas scrolling list.

Edit

Displays the Edit Quota dialog box, which allows you to alter the quota selected in the Quotas scrolling list. For a description of the Edit Quota dialog box, see page 4-6.

Remove

Removes the quota selected in the Quotas scrolling list.

Add Quota Dialog Box

Use the Add Quota dialog box to specify a user's quota on a specific tablespace. The following figure illustrates the Add Quota dialog box.

Figure 4 - 4. Add Quota Dialog Box

The Add Quota dialog box is described below:

Tablespace

Tablespace to which the quota applies.

Use the pop-up menu to specify the tablespace for the quota.

Quota Size

Maximum amount of space the user is allowed to allocate in the tablespace.

To specify an unlimited quota for the tablespace, click the Unlimited button. With an unlimited quota, the user can allocate an unbounded amount of space in the tablespace.

To specify a specific quota, click the quota size lower button and enter a quota value in the adjacent text entry field. Use the pop-up menu to specify kilobytes or megabytes.

Edit Quota Dialog Box

Use the Edit Quota dialog box to alter a user's quota on a specified tablespace. The following figure illustrates the Edit Quota dialog box.

Figure 4 - 5. Edit Quota Dialog Box

The Edit Quota dialog box is described below:

Tablespace

Name of the tablespace for which you are changing the quota.

Quota Size

New quota size.

The quota value is the maximum amount of space the user can allocate in the tablespace.

To specify an unlimited quota for the tablespace, click Unlimited. With an unlimited quota, the user can allocate an unbounded amount of space in the tablespace.

To specify a specific quota, click the quota size button and enter a quota value in the adjacent text entry field. Use the pop-up menu to specify kilobytes or megabytes.

Create User: Privileges and Roles Page

On the Privileges and Roles page of the Create User property sheet, you can assign roles and grant individual privileges to the user. The following figure illustrates the Privileges and Roles page.

Figure 4 - 6. Privileges and Roles Page of the Create User Property Sheet

The Privileges and Roles page is described below:

Privileges and Roles

Scrolling list of the roles and privileges to be granted to the user.

Add

Displays the Add Privilege to User dialog box. See page 4-8 for a description of the Add Privilege to User dialog box.

Remove

Removes the role or privilege selected in the Privileges and Roles scrolling list.

Add Privilege to User Dialog Box

In the Add Privilege to User dialog box you can grant roles, system privileges, and object privileges to a user. You can add a privilege to a user when you create a new user, alter a user, or choose Add Privilege to User from the User menu.

The following figure illustrates the Add Privilege to User dialog box with the Role Privilege Type selected.

Figure 4 - 7. Add Privilege to User Dialog Box with the Role Privilege Type Selected

The Add Privilege to User dialog box in Figure 4-7 is described below:

Privilege Type: Role

Displays the roles you can grant to the user.

Defined Roles

Scrolling list of the roles you can grant. These are roles you have created and roles you have been granted with the Admin Option. If you have the GRANT ANY ROLE system privilege, all roles are listed.

Select the role you wish to grant to the user.

Admin Option

Allows the user to grant the role to other users or roles. If you grant a role with the Admin Option, the user can also alter or drop the role.

The following figure illustrates the Add Privilege to User dialog box with the System Privilege Type selected.

Figure 4 - 8. Add Privilege to User Dialog Box with the System Privilege Type Selected

The Add Privilege to User dialog box in Figure 4-8 is described below:

Privilege Type: System

Displays the system privileges you can grant to the user.

System Privileges

Scrolling list of the system privileges you can grant. These are the system privileges you have been granted with the Admin Option. If you have the GRANT ANY PRIVILEGE system privilege, all privileges are listed.

Select the system privilege you wish to grant to the user.

Admin Option

Allow the user to grant the system privilege to other users or roles.

The following figure illustrates the Add Privilege to User dialog box with the Object Privilege Type selected.

Figure 4 - 9. Add Privilege to User Dialog Box with the Object Privilege Type Selected

The Add Privilege to User dialog box in Figure 4-9 is described below:

Privilege Type: Object

Displays object privileges.

Object Privileges

Scrolling list of all object privileges.

You can grant an object privilege that you have been granted with the Grant Option. If you are the owner of the object, you can grant all privileges on the object.

The scrolling list includes the item ALL, which represents all object privileges you can grant on an object.

Object Name

Schema and name of the object on which you are granting privileges.

Enter the schema and object name, or click Find Object.

Find Object

Displays the Find Schema Object dialog box. See page 4-12 for a description of the Find Schema Object dialog box.

Admin Option

Allows the user to grant the object privilege to other users and roles.

Attention: In the SQL Worksheet, use the GRANT command to grant privileges on a column in a table or view. For information about the GRANT command, see the Oracle7 Server SQL Reference.

Find Schema Object Dialog Box

In the Find Schema Object dialog box you can specify an object on which to grant object privileges. The following figure illustrates the Find Schema Object dialog box.

Figure 4 - 10. Find Schema Object Dialog Box

The Find Schema Object dialog box is described below:

Filters

Types of objects on which you can grant object privileges.

Click the object types you wish to find, then click Filter to find the objects.

Schema

Scrolling list of schemas in your database.

Select a schema from the Schema scrolling list. Server Manager retrieves all the objects in that schema that match the object types you chose in the Filters.

Object

Scrolling list of objects in the selected schema that match the object types you chose in the Filters.

Select the object on which you wish to grant object privileges.

Filter

Retrieves the objects in the selected schema that match the object types you chose in the Filters.

Create User: Default Role Page

On the Default Role page of the Create User property sheet, you can specify the default roles for the user. Oracle enables the user's default roles at logon.

Only a role granted directly to the user can be specified as a default role. A role granted through another role cannot be a default role.

The following figure illustrates the Default Role page.

Figure 4 - 11. Default Role Page of the Create User Property Sheet

The Default Role page is described below:

Default Roles

Scrolling list of the roles to be granted to the new user.

Select the roles you wish to designate as the user's default roles. Unlike most other scrolling lists in Server Manager, the Default Roles scrolling list allows you to make multiple selections.

All

Selects all roles in the Default Roles scrolling list.

Click All to make all roles granted to the user default roles.

None

Selects none of the roles in the Default Roles scrolling list.

Click None to make none of the roles granted to the user default roles.

Altering a User

To alter the characteristics of a user, select the user to be altered from the User object list and choose Alter from the User menu. The Alter User property sheet appears. You can also bring up the Alter User property sheet by double-clicking on the user in the User object list.

The Alter User property sheet consists of the following pages:

The following figure illustrates the General page.

Figure 4 - 12. General Page of the Alter User Property Sheet

Alter User: General Page

The General page of the Alter User property sheet is described below:

Username

Name of the user to be altered.

Password

Method Oracle uses to authenticate the user.

Click OS Authenticated to specify that the operating system verify the user.

Click Password to require a password for logon. Enter the new password in the adjacent text entry field.

Default Tablespace

User's default tablespace.

Use the pop-up menu to choose the new default tablespace for objects the user creates.

Temporary Tablespace

User's tablespace for temporary segments.

Use the pop-up menu to choose the new tablespace for the user's temporary segments.

Profile

User's profile.

Use the pop-up menu to assign a new profile to the user.

Alter User: Quotas Page

On the Quotas page of the Alter User property sheet, you can specify the tablespaces in which the user can allocate space and the maximum amount of space the user can allocate in each. You can also modify or remove existing quotas. The following figure illustrates the Quotas page.

Figure 4 - 13. Quotas Page of the Alter User Property Sheet

The Quotas page is described below:

Quotas

Scrolling list of the quotas assigned to the user.

Add

Displays the Add Quota dialog box, which allows you to specify a quota for the user. For a description of the Add Quota dialog box, see page 4-17.

Edit

Displays the Edit Quota dialog box, which allows you to alter the quota selected in the Quotas scrolling list. For a description of the Edit Quota dialog box, see page 4-18.

Attention: To remove a quota you have assigned to a user, change the value of the quota to zero.

Add Quota Dialog Box

Use the Add Quota dialog box to specify a user's quota on a specific tablespace. The following figure illustrates the Add Quota dialog box.

Figure 4 - 14. Add Quota Dialog Box

The Add Quota dialog box is described below:

Tablespace

Tablespace to which the quota applies.

Use the pop-up menu to specify the tablespace for the quota.

Quota Size

Maximum amount of space the user is allowed to allocate in the tablespace.

To specify an unlimited quota for the tablespace, click the Unlimited button. With an unlimited quota, the user can allocate an unbounded amount of space in the tablespace.

To specify a specific quota, click the quota size lower button and enter a quota value in the adjacent text entry field. Use the pop-up menu to specify kilobytes or megabytes.

Edit Quota Dialog Box

Use the Edit Quota dialog box to alter a user's quota on a specified tablespace. The following figure illustrates the Edit Quota dialog box.

Figure 4 - 15. Edit Quota Dialog Box

The Edit Quota dialog box is described below:

Tablespace

Name of the tablespace for which you are changing the quota.

Quota Size

New quota size.

The quota value is the maximum amount of space the user can allocate in the tablespace.

To specify an unlimited quota for the tablespace, click Unlimited. With an unlimited quota, the user can allocate an unbounded amount of space in the tablespace.

To specify a specific quota, click the quota size button and enter a quota value in the adjacent text entry field. Use the pop-up menu to specify kilobytes or megabytes.

Alter User: Privileges and Roles Page

On the Privileges and Roles page of the Alter User property sheet, you can grant or revoke roles or individual privileges from the user. The following figure illustrates the Privileges and Roles page.

Figure 4 - 16. Privileges and Roles Page of the Alter User Property Sheet

The Privileges and Roles page is described below:

Privileges and Roles

Scrolling list of the roles and privileges assigned to the user.

Add

Displays the Add Privilege to User dialog box. See page 4-8 for a description of the Add Privilege to User dialog box.

Remove

Removes the role or privilege selected in the Privileges and Roles scrolling list.

Alter User: Default Role Page

On the Default Role page of the Alter User property sheet, you can change the default roles for the user.

Only a role granted directly to the user can be specified as a default role. A role granted through another role cannot be a default role.

The following figure illustrates the Default Role page.

Figure 4 - 17. Default Role Page of the Alter User Property Sheet

The Default Role page is described below:

Default Roles

Scrolling list of all of the roles granted to the user.

Select the roles you wish to designate as the user's default roles. Unlike most other scrolling lists in Server Manager, the Default Roles scrolling list allows you to make multiple selections.

Note: Roles assigned as default roles appear selected. Unselected roles are not default roles for this user and need to be activated explicitly by the user after connecting to the database.

All

Selects all roles in the Default Roles scrolling list.

Click All to make all roles granted to the user default roles.

None

Selects none of the roles in the Default Roles scrolling list.

Click None to make none of the roles granted to the user default roles.

Alter User: Objects Page

On the Objects page of the Alter User property sheet, you can view the names of the objects the user owns.

Figure 4 - 18. Objects Page of the Alter User Property Sheet

Dropping a User

If you no longer need a particular user in your database, you can drop the user. To drop a user, select the user to be dropped from the User object list and choose Drop from the User menu. The Drop User alert box appears.

The following figure illustrates the Drop User alert box.

Figure 4 - 19. Drop User Alert Box

The Drop User alert box indicates if the user still owns any objects.

If you drop a user who owns objects, Server Manager:

Adding a Privilege to or Removing a Privilege from a User

To add a privilege to a user, select the user from the User object list and choose Add Privilege to User from the User menu. The Add Privilege to User dialog box appears. See page 4-8 for a description of the Add Privilege to User dialog box.

To remove a privilege from a user, select the user from the User object list and choose Remove Privilege from User from the User menu. The Remove Privilege from User dialog box appears.

The following figure illustrates the Remove Privilege from User dialog box.

Figure 4 - 20. Remove Privilege from User Dialog Box

The Remove Privilege dialog box is described below:

Privileges and Roles

Scrolling list of the privileges and roles assigned to the user.

Select the role or privilege you wish to revoke from the user.

Disconnecting a User

To disconnect a user's sessions, select a logged in user from the User object list and choose Disconnect from the User menu. The Disconnect User alert box appears.

The following figure illustrates the Disconnect User alert box.

Figure 4 - 21. Disconnect User Alert Box

The Disconnect menu item in the User menu disconnects all sessions for the user. If you wish to disconnect a specific session, use the Sessions folder in the Instance drawer. For information about disconnecting a session from the Sessions folder, see "Disconnecting a User's Session" [*].

Attention: When you disconnect a session, the session is not actually terminated until the user tries to execute a database operation. In the User object list, the user continues to be listed as logged in until the user tries to executes a database operation.

The Profiles Folder

When you click the Profiles folder tab, the Profiles folder opens and the Profile object list and menu appear. The following figure illustrates the Profile object list.

Figure 4 - 22. Profile Object List

Profile Object List

The Profile object list displays the names of all profiles defined for your database. A profile is a set of limits on database resources. When you assign a profile to a user, that user cannot exceed the limits set in the profile.

Oracle automatically creates a default profile named DEFAULT. The DEFAULT profile initially defines unlimited resources. You can alter the DEFAULT profile to change any of its resource limits.

Any user who is not explicitly assigned a profile is subject to the limits defined in the DEFAULT profile. Also, if the profile that is explicitly assigned to a user omits a limit for a resource or specifies the value DEFAULT for a limit, then the user is subject to the limit on that resource as defined in the DEFAULT profile.

Attention: The initialization parameter RESOURCE_LIMIT must be set to TRUE to enforce the limits set in database profiles. For more information, see the Oracle7 Server Reference.

For information about profiles, see the Oracle7 Server Concepts, the Oracle7 Server Administrator's Guide, and the Oracle7 Server SQL Reference.

Creating a Profile

To create a profile, choose Create from the Profile menu. The Create Profile property sheet appears.

The Create Profile property sheet consists of the following pages:

The following figure illustrates the Session and CPU page.

Figure 4 - 23. Session and CPU Page of the Create Profile Property Sheet

Create Profile: Session and CPU Page

The Session and CPU page is described below:

Profile Name

Name of the new profile.

Enter the name of the profile to be created.

When you complete the CPU per Session, CPU per Call, Connect Time, and Idle Time fields, a pop-menu provides the following choices:

Default Use the limit specified for this resource in the DEFAULT profile.

Unlimited The user's access to this resource is unlimited.

Value Enter a value for the limit. The text entry fields are unavailable until you choose Value from the pop-up menu.

CPU per Session

Total amount of CPU time allowed in a session.

Use the pop-up menu to choose a limit for total CPU time used in a session. The limit is expressed in hundredths of a second.

CPU per Call

Maximum amount of CPU time allowed for a call (a parse, execute, or fetch).

Use the pop-up menu to choose a limit for the CPU time used for a call. The limit is expressed in hundredths of a second.

Connect Time

Maximum elapsed time allowed for a session.

Use the pop-up menu to choose a limit for the total time for a session. The limit is expressed in minutes.

Idle Time

Maximum idle time allowed in a session.

Idle time is a continuous period of inactive time during a session. Long-running queries and other operations are not subject to this limit.

Use the pop-up menu to specify a limit for idle time in a session. The limit is expressed in minutes.

Create Profile: Database Services Page

The following figure illustrates the Database Services page of the Create Profile property sheet.

Figure 4 - 24. Database Services Page of the Create Profile Property Sheet

The Database Services page is described below:

When you complete the Sessions per User, Reads per Session, and Reads per Call, a pop-menu provides the following choices:

Default Use the limit specified for this resource in the DEFAULT profile.

Unlimited The user's access to this resource is unlimited.

Value Enter a value for the limit. The text entry fields are unavailable until you choose Value from the pop-up menu.

Sessions per User

Maximum number of concurrent sessions allowed for a user.

Use the pop-up menu to choose a limit for the number of concurrent sessions a user can have.

Reads per Session

Total number of data block reads allowed in a session.

Use the pop-up menu to choose a limit for the number of data blocks read in a session, including blocks read from memory and disk.

Reads per Call

Maximum number of data block reads allowed for a call (a parse, execute, or fetch).

Use the pop-up menu to choose a limit for the number of data blocks read for a call to process a SQL statement.

Private SGA

Maximum amount of private space a session can allocate.

Use the pop-up menu to choose a limit for the amount of private space a session can allocate in the shared pool of the System Global Area (SGA). Use the pop-up menu to specify the limit in bytes, kilobytes, or megabytes. The Private SGA limit applies only if you are using the multi-threaded server architecture.

Composite Limit

Total resource cost for a session.

The resource cost for a session is the weighted sum of the CPU time used in the session, the connect time, the number of reads made in the session, and the amount of private SGA space allocated.

Use the pop-up menu to choose a limit for the total resource cost for a session. The limit is expressed in service units.

Attention: In the SQL Worksheet, you can use the SQL command ALTER RESOURCE COST to specify the weights for the resources in the Composite Limit. For information about the ALTER RESOURCE COST command, see the Oracle7 Server SQL Reference.

Create Profile: Users Page

On the Users page of the Create Profile property sheet you can assign the profile to users. The following figure illustrates the Users page.

Figure 4 - 25. Users Page of the Create Profile Property Sheet

The Users page is described below:

Users

Scrolling list of users who have been assigned the profile.

Assign

Displays the Assign Profile dialog box. The Assign Profile dialog box is described in "Assign Profile Dialog Box" [*].

Remove

Removes the user selected in the Users scrolling list.

Assign Profile Dialog Box

The Assign Profile dialog box allows you to assign a profile to a user. The following figure illustrates the Assign Profile dialog box.

Figure 4 - 26. Assign Profile Dialog Box

The Assign Profile dialog box is described below:

Users

Scrolling list of users.

Assign

Assigns the profile to the user selected in the Users scrolling list.

Altering a Profile

To alter the resource limits for an existing profile, select the profile to be altered from the Profile object list and choose Alter from the Profile menu. The Alter Profile property sheet appears. You can also bring up the Alter Profile property sheet by double-clicking on the profile in the Profile object list.

The Alter Profile property sheet consists of the following pages:

The following figure illustrates the Session and CPU page.

Figure 4 - 27. Session and CPU Page of the Alter Profile Property Sheet

Alter Profile: Session and CPU Page

The Session and CPU page is described below:

Profile Name

Name of the new profile.

When you complete the CPU per Session, CPU per Call, Connect Time, and Idle Time fields, a pop-menu provides the following choices:

Default Use the limit specified for this resource in the DEFAULT profile.

Unlimited The user's access to this resource is unlimited.

Value Enter a value for the limit. The text entry fields are unavailable until you choose Value from the pop-up menu.

CPU per Session

Total amount of CPU time allowed in a session.

Use the pop-up menu to choose a limit for total CPU time used in a session. The limit is expressed in hundredths of a second.

CPU per Call

Maximum amount of CPU time allowed for a call (a parse, execute, or fetch).

Use the pop-up menu to choose a limit for the CPU time used for a call. The limit is expressed in hundredths of a second.

Connect Time

Maximum elapsed time allowed for a session.

Use the pop-up menu to choose a limit for the total time for a session. The limit is expressed in minutes.

Idle Time

Maximum idle time allowed in a session.

Idle time is a continuous period of inactive time during a session. Long-running queries and other operations are not subject to this limit.

Use the pop-up menu to specify a limit for idle time in a session. The limit is expressed in minutes.

Alter Profile: Database Services Page

The following figure illustrates the Database Services page of the Alter Profile property sheet.

Figure 4 - 28. Database Services Page of the Alter Profile Property Sheet

The Database Services page is described below:

When you complete the Sessions per User, Reads per Session, and Reads per Call, a pop-menu provides the following choices:

Default Use the limit specified for this resource in the DEFAULT profile.

Unlimited The user's access to this resource is unlimited.

Value Enter a value for the limit. The text entry fields are unavailable until you choose Value from the pop-up menu.

Sessions per User

Maximum number of concurrent sessions allowed for a user.

Use the pop-up menu to choose a limit for the number of concurrent sessions a user can have.

Reads per Session

Total number of data block reads allowed in a session.

Use the pop-up menu to choose a limit for the number of data blocks read in a session, including blocks read from memory and disk.

Reads per Call

Maximum number of data block reads allowed for a call (a parse, execute, or fetch).

Use the pop-up menu to choose a limit for the number of data blocks read for a call to process a SQL statement.

Private SGA

Maximum amount of private space a session can allocate.

Use the pop-up menu to choose a limit for the amount of private space a session can allocate in the shared pool of the System Global Area (SGA). Use the pop-up menu to specify the limit in bytes, kilobytes, or megabytes. The Private SGA limit applies only if you are using the multi-threaded server architecture.

Composite Limit

Total resource cost for a session.

The resource cost for a session is the weighted sum of the CPU time used in the session, the connect time, the number of reads made in the session, and the amount of private SGA space allocated.

Use the pop-up menu to choose a limit for the total resource cost for a session. The limit is expressed in service units.

Attention: In the SQL Worksheet, you can use the SQL command ALTER RESOURCE COST to specify the weights for the resources in the Composite Limit. For information about the ALTER RESOURCE COST command, see the Oracle7 Server SQL Reference.

Alter Profile: Users Page

On the Users page of the Alter Profile property sheet you can view the users who are assigned the profile. The following figure illustrates the Users page.

Figure 4 - 29. Users Page of the Alter Profile Property Sheet

Dropping a Profile

If a profile is no longer needed, you can drop it. To drop a profile, select the profile to be dropped from the Profile object list and choose Drop from the Profile menu. The Drop Profile alert box appears.

The following figure illustrates the Drop Profile alert box.

Figure 4 - 30. Drop Profile Alert Box

The Drop Profile alert box indicates if the profile you wish to drop is assigned to any users. If you drop a profile that is assigned to users, Server Manager assigns the DEFAULT profile to them.

Attention: You cannot drop the DEFAULT profile.

The Roles Folder

When you click the Roles folder tab, the Roles folder opens and the Role object list and menu appear. The Role object list displays the roles defined in your database.

Roles are named groups of privileges granted to users or other roles. For information about managing roles, see the Oracle7 Server Concepts, the Oracle7 Server Administrator's Guide, and the Oracle7 Server SQL Reference.

The following figure illustrates the Role object list.

Figure 4 - 31. Role Object List

Role Object List

The columns of the Role object list are described below:

Role

Name of the role.

Password

Whether or not the role requires a password to be enabled.

Creating a Role

To create a new role, choose Create from the Role menu. The Create Role property sheet appears.

The Create Role property sheet consists of the following pages:

The following figure illustrates the General page.

Figure 4 - 32. General Page of the Create Role Property Sheet

Create Role: General Page

The General page is described below:

Role Name

Name of the role to be created.

Enter the name of the new role.

Password

Method used to enable the role.

Click No Password to indicate that a user granted the role may enable it without specifying a password.

Click OS Authenticated to require the operating system or an external security utility to verify the role.

Click Password to require a password in order to enable the role. Enter the password in the adjacent text entry field.

Create Role: Definition Page

On the Definition page of the Create Role property sheet you can assign roles and grant individual privileges to the role. The following figure illustrates the Definition page.

Figure 4 - 33. Definition Page of the Create Role Property Sheet

The Definition page is described below:

Privileges and Roles

Scrolling list of the roles and privileges to be assigned to the new role.

Add

Displays the Add Privilege to Role dialog box. See "Add Privilege to Role Dialog Box" [*] for a description of the Add Privilege to Role dialog box.

Remove

Removes the role or privilege selected in the Privileges and Roles scrolling list.

Add Privilege to Role Dialog Box

In the Add Privilege to Role dialog box you can grant roles, system privileges, and object privileges to a role. You can add a privilege to a role when you create a new role, alter a role, or choose Add Privilege to Role from the Role menu.

The following figure illustrates the Add Privilege to Role dialog box with the Role Privilege Type selected.

Figure 4 - 34. Add Privilege to Role Dialog Box with the Role Privilege Type Selected

The Add Privilege to Role dialog box in Figure 4 - 34 is described below:

Privilege Type: Role

Displays the roles you can grant to the role you are creating or altering.

Defined Roles

Scrolling list of the roles you can grant. These are roles you have created and roles you have been granted with the Admin Option. If you have the GRANT ANY ROLE system privilege, all roles are listed.

Select the role you wish to grant to the role you are creating or altering.

Admin Option

Allow a grantee to grant the role to other users or roles.

The following figure illustrates the Add Privilege to Role dialog box with the System Privilege Type selected.

Figure 4 - 35. Add Privilege to Role Dialog Box with the System Privilege Type Selected

The Add Privilege to Role dialog box in Figure 4 - 35 is described below:

Privilege Type: System

Displays the system privileges you can grant to the role.

System Privileges

Scrolling list of the system privileges you can grant. These are the system privileges you have been granted with the Admin Option. If you have the GRANT ANY PRIVILEGE system privilege, all privileges are listed.

Select the system privilege you wish to grant to the role.

Admin Option

Allow users assigned this role to grant the system privilege to other users or roles.

The following figure illustrates the Add Privilege to Role dialog box with the Object Privilege Type selected.

Figure 4 - 36. Add Privilege to Role Dialog Box with the Object Privilege Type Selected

The Add Privilege to Role dialog box in Figure 4 - 36 is described below:

Privilege Type: Object

Displays object privileges.

Object Privileges

Scrolling list of all object privileges.

You can grant an object privilege that you have been granted with the Grant Option. If you are the owner of the object, you can grant all privileges on the object.

The scrolling list includes the item ALL, which represents all object privileges you can grant for an object.

Object Name

Schema and name of the object on which you are granting privileges.

Enter the schema and object name, or click Find Object.

Find Object

Displays the Find Schema Object dialog box. See "Find Schema Object Dialog Box" [*] for a description of the Find Schema Object dialog box.

Find Schema Object Dialog Box

In the Find Schema Object dialog box you can specify an object on which to grant object privileges. The following figure illustrates the Find Schema Object dialog box.

Figure 4 - 37. Find Schema Object Dialog Box

The Find Schema Object dialog box is described below:

Filters

Types of objects on which you can grant object privileges.

Click the object types you wish to find, then click Filter to find the objects.

Schema

Scrolling list of schemas in your database.

Select a schema from the Schema scrolling list. Server Manager retrieves all the objects in that schema that match the object types you chose in the Filters.

Object

Scrolling list of objects in the selected schema that match the object types you chose in the Filters.

Select the object on which you wish to grant object privileges.

Filter

Retrieves the objects in the selected schema that match the object types you chose in the Filters.

Altering a Role

To alter the privileges granted to a role, select the role to be altered from the Role object list and choose Alter from the Role menu. The Alter Role property sheet appears. You can also bring up the Alter Role property sheet by double-clicking on the role in the Role object list.

The Alter Role property sheet consists of the following pages:

The following illustrates the General page.

Figure 4 - 38. General Page of the Alter Role Property Sheet

Alter Role: General Page

The General page is described below:

Role Name

Name of the role you wish to alter.

Password

Method used to enable the role.

Click No Password to indicate that a user granted the role may enable it without specifying a password.

Click OS Authenticated to require the operating system or an external security utility to verify the role.

Click Password to require a password in order to enable the role. Enter the password in the adjacent text entry field.

Alter Role: Definition Page

On the Definition page of the Alter Role property sheet you can grant or revoke roles or privileges from the role. The following figure illustrates the Definition page.

Figure 4 - 39. Definition Page of the Alter Role Property Sheet

The Definition page is described below:

Privileges and Roles

Scrolling list of the roles and privileges assigned to the role being altered.

Add

Displays the Add Privilege to Role dialog box. See "Add Privilege to Role Dialog Box" [*] for a description of the Add Privilege to Role dialog box.

Remove

Removes the role or privilege selected in the Privileges and Roles scrolling list.

Dropping a Role

If a particular role is no longer needed, you can drop it. To drop a role, select the role to be dropped from the Role object list and choose Drop from the Role menu. The Drop Role alert box appears.

The following figure illustrates the Drop Role alert box.

Figure 4 - 40. Drop Role Alert Box

Granting a Role

To grant a role to a user or role, select the role to be granted from the Role object list and choose Grant Role from the Role menu. The Grant Role dialog box appears.

The following figure illustrates the Grant Role dialog box.

Figure 4 - 41. Grant Role Dialog Box

The Grant Role dialog box is described below:

Users and Roles

Scrolling list of users and roles.

Admin Option

Allow the grantee to grant the role to other users or roles. If you grant a role with the Admin Option, the user can also alter or drop the role.

Grant

Grants the role to the user or role selected in the Users and Roles scrolling list.

Revoking a Role

To revoke a role from a user or role, select the role to be revoked from the Role object list and choose Revoke Role from the Role menu. The Revoke Role dialog box appears.

The following figure illustrates the Revoke Role dialog box.

Figure 4 - 42. Revoke Role Dialog Box

The Revoke Role dialog box is described below:

Users and Roles

Scrolling list of users and roles that have been granted the role.

Revoke

Revokes the role from the user or role selected in the Users and Roles scrolling list.

Adding a Privilege to or Removing a Privilege from a Role

To add a privilege to a role, select the role from the Role object list and choose Add Privilege to Role from the Role menu. The Add Privilege to Role dialog box appears. For a description of the Add Privilege to Role dialog box, see "Add Privilege to Role Dialog Box" [*].

To remove a privilege from a role, select the role from the Role object list and choose Remove Privilege from Role from the Role menu. The Remove Privilege from Role dialog box appears.

The following figure illustrates the Remove Privilege from Role dialog box.

Figure 4 - 43. Remove Privilege from Role Dialog Box

The Remove Privilege from Role dialog box is described below:

Privileges and Roles

Scrolling list of privileges and roles assigned to the role.

Select the role or privilege you wish to revoke from the role.

The Audit Folder

When you click the Audit folder tab, the Audit folder opens and the Audit object list and menu appear. The Audit object list contains information about the actions being audited in your database.

For information about auditing, see the Oracle7 Server Concepts, the Oracle7 Server Administrator's Guide, and the Oracle7 Server SQL Reference.

The following figure illustrates the Audit object list.

Figure 4 - 44. Audit Object List

Audit Object List

The columns of the Audit object list are described below:

Audit Type

Type of auditing: Statement, Privilege, or Object.

Schema/User

The user being audited. If no user is listed, then all users are being audited.

Audit Target

The statement, privilege, or object being audited.


Go to previous file in sequence Go to next file in sequence
Prev Next		 Oracle
Copyright © 1996 Oracle Corporation.
All Rights Reserved.		 Go to Product Documentation Library
Library		 Go to books for this product
Product		 Go to Contents for this book
Contents		 Go to Index
Index