Dear Readers,
My name is Franz Devantier, creator of this blog. I am an Oracle Certified
Professional (OCP DBA 11g) Security DBA.
I will be sharing with you the basic duties of an Oracle DBA, and also
some of the undocumented, and not so well known tasks.
I will make a deal with you: If you refer me to a company that needs
database support, from a few hours per week to full time, and I am able to sign
a contract with them.
Then I will give you 10% of the monthly
contract or deal price every month. When
the contract ends, and we re-sign the contract, I will again give you 10% of
the monthly contract price. This will go
on until the company no longer employs or contracts me or my agents to look
after their databases.
I can do this, because that 10% is my
marketing budget. When we re-sign the
contract, in the future, it may depend on you giving the thumbs up again, and
that is worth 10% of the monthly contract price, to be given to you as
commission.
Contact:
Franz
Security,
Privileges, Roles, Profiles and Resource Limitations - Part
7
Privileges on Type Access and Object Access
Column-Level and Table-Level privileges for DML statements,
apply to column objects as well as row objects.
Privileges for Object Tables:
Privilege
|
Privilege
Description
|
SELECT
|
Access an object and its attributes from the table
|
UPDATE
|
Modify the attributes of the objects that make up the
rows in the table
|
INSERT
|
Create new objects in the table
|
DELETE
|
Delete rows
|
Similar table privileges and column privileges apply to
column objects. Retrieving instances
does not in itself reveal type information.
Clients do need to access named type information in order to interpret
the type instance images. When a client
requests type information, Oracle Database Server checks for the EXECUTE
privilege on the type.
CREATE OR REPLACE TYPE emp_type AS OBJECT
(eno NUMBER, ename char(31), eaddr addr_t );
/
CREATE TABLE empl OF emp_type;
SELECT VALUE(e) FROM
empl e;
SELECT eno, ename FROM emp;
For either of the two select statements, Oracle checks the
SELECT privilege of the user of the empl table.
Oracle Database checks privileges on the following events
and returns an error if the client does not have the privilege for the action:
·
Pinning an object in
the object cache using its REF value causes Oracle Database Server to check for
the SELECT privilege on the containing object table.
·
Modifying an existing
object or flushing an object from the object cache causes Oracle to check for
the UPDATE privilege on the destination object table.
·
Flushing a new object
causes Oracle Database to check for the INSERT privilege on the destination
object table.
·
Deleting an object
causes Oracle database to check for the DELETE privilege on the destination
table
·
Pinning an object of a
named type cases Oracle to check for EXECUTE privileges on the object.
If you modify the attributes of an object in a client
language, then this causes Oracle to update the entire object. The user needs UPDATE privileges on the
object table. If the user were to have
update privileges on some but all of the columns, then it will not be
enough. By this we can deduce that
Oracle does not support column-level privileges on object tables.
Franz Devantier,
Need a database health check, or a security audit?
devantierf@gmail.com
Classifieds
No comments:
Post a Comment