On the move:

I'm currently moving the following to their own blogs: Unix, HTML for Blogs, Perl & Java.
The links are on the left side.

Monday, September 1, 2008

Basic Security

CREATE USER user IDENTIFIED BY password [PROFILE profile];
ALTER USER user IDENTIFIED BY password;
GRANT CREATE SESSION TO user;

ALTER USER user ACCOUNT UNLOCK;
GRANT {system-privilege | role | ALL [privilege]} TO {user | role}
[WITH ADMIN OPTION];
REVOKE {system-privilege | role | ALL [privilege]} FROM {user | role};
DROP USER user [CASCADE];

GRANT {object-privilege | ALL [privileges]} [(column,column)] ON object TO {user | role}
[WITH GRANT OPTION][WITH HIERARCHY OPTION];

CREATE ROLE role;
GRANT object-privilegeilege ON object TO role;
GRANT system-tem-priilege TO role;
GRANT role TO role [WITH ADMIN OPTION];
GRANT role TO user [WITH ADMIN OPTION];

ALTER USER user
DEFAULT ROLE {
[role1, role2]
[ALL | ALL EXCEPT role1, role2]
[NONE]
};

Select * From Session_Roles;

SET ROLE ALL;
SET ROLE ALL EXCEPT role;
SET ROLE NONE; PG 363?

REVOKE object-privilege ON object FROM role;
REVOKE ALL
WITH GRANT OPTION: is revoked along with the privilege
CASCADE CONSTRAINTS: drops user-defined referential integrity constraints on the object
FORCE: revokes the EXECUTE privilegeilege on user-defined datatype objects
DROP ROLE role;

GRANT UPDATE (column1, column2) ON object TO user;

GRANT object-privilegeilege ON object TO PUBLIC;

No comments:

Post a Comment