|
 |
|
Oracle Concepts - Drop
Users System and Object Privileges
Oracle Tips by Burleson Consulting |
Dropping Users
To drop a user, you must have the DROP USER
system privilege. You can drop users with Server Manager or at the
command line in SQL*Plus. The command line syntax for dropping a user
is illustrated in Listing 36.
Listing 36: DROP USER Command
Here is an example:
DROP
USER edward CASCADE;
If a user owns any database objects, you can
only drop that user by including the CASCADE keyword in the DROP USER
command. The DROP USER command with the CASCADE keyword drops the user
and all objects owned by that user. If you are using Server Manager to
drop a user, you need to indicate that the associated schema objects
be included in the command to drop the user. If a user owns objects
and you fail to include CASCADE, you will receive an error message and
the user will not be dropped. If a user is currently connected to the
database, you cannot drop that user until he exits. After a user is
dropped, all information on that user and all objects owned by that
user are removed from the database.
After you have issued the command to drop a
user, you cannot perform a rollback to re-create the user and his
objects. DROP USER is a DDL command, which cannot be rolled back.
If you need the objects created by that user,
you can revoke the CREATE SESSION system privilege to prevent the user
from logging on, instead of dropping the user. You can also copy the
objects to another user by importing the objects from an export made
before the user was dropped. To avoid the problem of dropping a user
without losing your application tables, all application tables should
be owned by a separate application schema instead of an actual
database user schema.
Grants
There are two types of (grants) privileges
that can be granted:
* System privileges
* Object privileges
System privileges enable a user to perform a
particular systemwide action or to perform a particular action on a
particular type of object. For example, the privilege to create a
table (CREATE TABLE) or insert rows into any table (INSERT ANY TABLE)
are system privileges.
Object privileges enable a user to perform a
particular action on a specific object, including tables, views,
sequences, procedures, functions, and packages. For example, the
privilege to insert rows into a particular table is an object
privilege. Object privilege grants always include the name of the
object for which the privilege is granted. Object privileges extend
down to the level of individual columns in a table. These privileges
are discussed in the following sections.
System Privileges
All users require the CREATE SESSION privilege
to access the database. This privilege is automatically granted to all
users when you perform the grants using Server Manager. If you create
the user in command line mode, you must remember to explicitly grant
each user the CREATE SESSION system privilege either directly or
through a role. Listing 36 shows the syntax for the GRANT command.
Here is an example of the command used to grant CREATE SESSION and
CREATE TABLE.
GRANT
create session, create table
TO annie
WITH ADMIN OPTION;
Listing 36: The syntax for GRANT command
System privileges also include roles that have
been created.
System privileges can be granted to other
users when the grant made includes the WITH ADMIN OPTION.
There are over 80 distinct privileges. Most of
these are self-explanatory. Table 13 lists of all the system
privileges, as listed in RevealNet's Oracle Administration product
(used with their permission).
Privilege
Description
System Privilege
Allows grantee to . . .
FOR CLUSTERS:
|
Privilege |
Description |
|
CREATE CLUSTER |
Create clusters in grantee's schema.
|
|
CREATE ANY CLUSTER |
Create a cluster in any schema except SYS.
Behaves similarly to CREATE ANY TABLE. |
|
ALTER ANY CLUSTER |
Alter clusters in any schema except SYS.
|
|
DROP ANY CLUSTER |
Drop clusters in any schema except SYS.
|
FOR CONTEXTS:
|
Privilege |
Description |
|
CREATE ANY CONTEXT |
Create any context namespace. |
|
DROP ANY CONTEXT |
Drop any context namespace. |
FOR DATABASE:
|
Privilege |
Description |
|
ALTER DATABASE |
Alter the database. |
|
ALTER SYSTEM |
Issue ALTER SYSTEM statements. |
|
AUDIT SYSTEM |
Issue AUDIT sql_statements statements. |
FOR DATABASE LINKS:
|
Privilege |
Description |
|
CREATE DATABASE LINK |
Create private database links in grantee's
schema. |
|
CREATE PUBLIC DATABASE LINK |
Create public database links. |
|
DROP PUBLIC DATABASE LINK |
Drop public database links. |
FOR DIRECTORIES :
|
Privilege |
Description |
|
CREATE ANY DIRECTORY |
Create directory database objects.
|
|
DROP ANY DIRECTORY |
Drop directory database objects. |
FOR INDEXES:
|
Privilege |
Description |
|
CREATE INDEX |
Create in the grantee's schema an index on
any table in the grantee's schema or a domain index. |
|
CREATE ANY INDEX |
Create in any schema except SYS a domain
index or an index on any table in any schema except SYS. |
|
ALTER ANY INDEX |
Alter indexes in any schema except SYS.
|
|
DROP ANY INDEX |
Drop indexes in any schema except SYS.
|
FOR LIBRARIES:
|
Privilege |
Description |
|
CREATE LIBRARY |
Create external procedure/function
libraries in grantee's schema. |
|
CREATE ANY LIBRARY |
Create external procedure/function
libraries in any schema except SYS. |
|
DROP LIBRARY |
Drop external procedure/function libraries
in the grantee's schema. |
|
DROP ANY LIBRARY |
Drop external procedure/function libraries
in any schema except SYS. |
FOR PROCEDURES :
|
Privilege |
Description |
|
CREATE PROCEDURE |
Create stored procedures, functions, and
packages in grantee's schema |
|
CREATE ANY PROCEDURE |
Create stored procedures, functions, and
packages in any schema except SYS. |
|
ALTER ANY PROCEDURE |
Alter stored procedures, functions, or
packages in any schema except SYS |
|
DROP ANY PROCEDURE |
Drop stored procedures, functions, or
packages in any schema except SYS |
|
EXECUTE ANY PROCEDURE |
Execute procedures or functions
(standalone or packaged) Reference public package variables in any
schema except SYS |
FOR PROFILES:
|
Privilege |
Description |
|
CREATE PROFILE |
Create profiles |
|
ALTER PROFILE |
Alter profiles |
|
DROP PROFILE |
Drop profiles |
FOR ROLES:
|
Privilege |
Description |
|
CREATE ROLE |
Create roles |
|
ALTER ANY ROLE |
Alter any role in the database |
|
DROP ANY ROLE |
Drop roles |
|
GRANT ANY ROLE |
Grant any role in the database |
FOR ROLLBACK SEGMENTS:
|
Privilege |
Description |
|
CREATE ROLLBACK SEGMENT |
Create rollback segments |
|
ALTER ROLLBACK SEGMENT |
Alter rollback segments |
|
DROP ROLLBACK SEGMENT |
Drop rollback segments |
FOR SEQUENCES:
|
Privilege |
Description |
|
CREATE SEQUENCE |
Create sequences in grantee's schema
|
|
CREATE ANY SEQUENCE |
Create sequences in any schema except SYS
|
|
ALTER ANY SEQUENCE |
Alter any sequence in the database
|
|
DROP ANY SEQUENCE |
Drop sequences in any schema except SYS
|
|
SELECT ANY SEQUENCE |
Reference sequences in any schema except
SYS |
FOR SESSIONS:
|
Privilege |
Description |
|
CREATE SESSION |
Connect to the database |
|
ALTER RESOURCE COST |
Set costs for session resources |
|
ALTER SESSION |
Issue ALTER SESSION statements |
|
RESTRICTED SESSION |
Logon after the instance is started using
the SQL*Plus STARTUP RESTRICT statement |
FOR SNAPSHOTS:
|
Privilege |
Description |
|
CREATE SNAPSHOT |
Create snapshots in grantee's schema
|
|
CREATE ANY SNAPSHOT |
Create snapshots in any schema except SYS
|
|
ALTER ANY SNAPSHOT |
Alter any snapshot in the database
|
|
DROP ANY SNAPSHOT |
Drop snapshots in any schema except SYS
|
FOR SYNONYMS:
|
Privilege |
Description |
|
CREATE SYNONYM |
Create synonyms in grantee's schema
|
|
CREATE ANY SYNONYM |
Create private synonyms in any schema
except SYS |
|
CREATE PUBLIC SYNONYM |
Create public synonyms |
|
DROP ANY SYNONYM |
Drop private synonyms in any schema except
SYS |
|
DROP PUBLIC SYNONYM |
Drop public synonyms |
FOR TABLES:
|
Privilege |
Description |
|
CREATE ANY TABLE |
Create tables in any schema except SYS.
The owner of the schema containing the table must have space quota
on the tablespace to contain the table. |
|
ALTER ANY TABLE |
Alter any table or view in the schema
|
|
BACKUP ANY TABLE |
Use the Export utility to incrementally
export objects from the schema of other users |
|
DELETE ANY TABLE |
Delete rows from tables, table partitions,
or views in any schema except SYS |
|
DROP ANY TABLE |
Drop or truncate tables or table
partitions in any schema except SYS |
|
INSERT ANY TABLE |
Insert rows into tables and views in any
schema except SYS |
|
LOCK ANY TABLE |
Lock tables and views in any schema except
SYS |
|
UPDATE ANY TABLE |
Update rows in tables and views in any
schema except SYS |
|
SELECT ANY TABLE |
Query tables, views, or snapshots in any
schema except SYS |
FOR TABLESPACES:
|
Privilege |
Description |
|
CREATE TABLESPACE |
Create tablespaces |
|
ALTER TABLESPACE |
Alter tablespaces |
|
DROP TABLESPACE |
Drop tablespaces |
|
MANAGE TABLESPACE |
Take tablespaces offline and online and
begin and end tablespace backups |
This is an excerpt from
the eBook "Oracle
DBA made Simple".
For more details on Oracle
database administration, see the "Easy
Oracle Jumpstart" by Robert Freeman and Steve Karam. It?s
only $19.95 when you buy it directly from the publisher
here.
|
and include the URL for the page.
