503009

BO MT H THNG THNG TIN

Bi thc hnh s 2 (p2)

QUYN v ROLE
Tm tt ni dung:

I.

Quyn (privilege)

Role

Data Dictionary

QUYN v ROLE
A. L thuyt
1. Quyn (privilege)

2. Role

B. Thc hnh:
1. To ROLE
2. Lnh GRANT
3. Lnh REVOKE
4. Enable v disable mt ROLE
a) Mt user c th c nhiu role. Tuy nhin khng phi session no cng cn s
dng tt c cc role . Oracle cho php bn thn user enable/disable cc role
m mnh c cp qun l s cn thit ca cc role trong session hin ti.
Mc nh khi bt u 1 session mi, user s c h thng enable tt c cc
role mc nh (default role). Sau user c th dng lnh SET ROLE
enable/disable cc role theo mnh theo c php sau:
B mn H Thng Thng Tin | Khoa KH&KT My Tnh 1

503009

BO MT H THNG THNG TIN

V d:
SET ROLE myrole, lavender;

Cu lnh trn s enable 2 role c ch nh v disable tt c cc role cn li

ca user.
enable tt c cc role dng lnh:
SET ROLE ALL;

disable tt c cc role dng lnh:

SET ROLE NONE;

enable tt c cc role ngoi tr role lavender ta dng lnh:

SET ROLE ALL EXCEPT lavender;

b) bo v mt role vi mc ch khng cho php cc user ty

enable/disable mt role, ngi to user c th thit lp password cho role
ngay khi to role:
CREATE ROLE newrole IDENTIFIED BY

protected;

Ta cng c th thay i vic thit lp password cho role:

ALTER ROLE newrole IDENTIFIED BY changed;
ALTER ROLE newrole NOT IDENTIFIED;

B mn H Thng Thng Tin | Khoa KH&KT My Tnh 2

503009

BO MT H THNG THNG TIN

c) bit hin ti role no ang c enable ta truy xut view

SESSION_ROLES:
SELECT * FROM SESSION_ROLES;

d) quy nh nhng role no l role mc nh ta dng lnh ALTER USER:

ALTER USER salapati DEFAULT ROLE myrole, lavender;
ALTER USER salapati DEFAULT ROLE ALL;
ALTER USER salapati DEFAULT ROLE ALL EXCEPT myrole;
ALTER USER salapati DEFAULT ROLE NONE;

5. Xa ROLE
DROP ROLE myrole;
Role dropped.

II.

T IN D LIU (DATA DICTIONARY)

A. L thuyt
1. Tng quan
-

Mi CSDL Oracle u c mt t in d liu. T in d liu c to ra khi

CSDL c to.

T in d liu trong Oracle l mt tp cc bng v view c s dng nh

mt tham kho dng ch c (read-only) v bn thn CSDL .

T in d liu nm trn tablespace SYSTEM, thuc schema ca user SYS,

bao gm 2 loi:

Cc bng c bn (Base table):

L cc bng lu tr thng tin ca t in d liu. D liu c lu trong
cc bng ny di dng m ha.

Cc view dnh cho ngi dng truy xut (User-accessible View):

B mn H Thng Thng Tin | Khoa KH&KT My Tnh 3

503009

BO MT H THNG THNG TIN

Tng hp v hin th thng tin c lu trong cc bng c bn dng

ngi bnh thng c th c hiu. Ty vo quyn ca mi user m user
c th truy xut view no v truy xut nhng d liu no ca view .
-

Mt t in d liu s lu tr tt c cc thng tin v cu trc lun l v cu

trc vt l ca CSDL:

nh ngha ca tt c cc i tng schema trong CSDL.

Cc quy nh, gii hn v s dng ti nguyn ca cc user,v.v

Danh sch cc user. Cc quyn, role c cp cho cc user.

Cc rng buc ton vn ca d liu

Thng tin audit

Cc thng tin CSDL tng qut khc.

Oracle t ng cp nht t in d liu phn nh chnh xc trng thi thc

t ca CSDL.

2. Cc tip u ng trong tn view

-

Trong nhiu trng hp, mt tp gm 3 view cha nhng thng tin tng t
nh v tn ca chng ch khc nhau cc tip u ng: user, all, dba.

USER: hin th nhng g thuc schema ca user .

ALL: hin th nhng g m user c th truy xut.

DBA: hin th tt c thng tin thuc schema ca mi user (view dnh cho
nhng ngi qun tr).

Cc column trong cc view thuc 1 b ba view hu nh l ging nhau, ngoi

tr mt s ngoi l.

3. Cc view thng s dng

DBA_USERS: cung cp thng tin ca cc user trong CSDL.
DBA_TS_QUOTAS: cung cp thng tin quota ca cc user.
DBA_PROFILES: cung cp thng tin v cc profile.
DBA_SYS_PRIVS: hin th nhng user c cp cc quyn h thng.
DBA_ROLES: hin th tt c cc role c trong CSDL.
B mn H Thng Thng Tin | Khoa KH&KT My Tnh 4

503009

BO MT H THNG THNG TIN

DBA_COL_PRIVS: hin th thng tin v vic gn quyn h thng mc ct.

DBA_ROLE_PRIVS: hin th tt c cc user v role ca h.
DBA_TAB_PRIVS: hin th cc user v quyn trn cc bng ca h.
ROLE_ROLE_PRIVS: hin th thng tin v cc role c cp cho cc role.
ROLE_SYS_PRIVS: hin th cc quyn h thng c cp cho cc role.
ROLE_TAB_PRIVS: hin th cc quyn trn cc bng c cp cho cc role.
SESSION_PRIVS: hin th cc quyn hin ti c enable cho user.
SESSION_ROLES: hin th cc role hin ti ang c enable cho user.

III.

BI TP
1. To cc users John, Joe, Fred, Lynn, Amy, and Beth:
a. Password ln lt l tn username vit hoa.
b. m bo cc user ny c th to bt k i tng trong tablespace vi quota 10M
2. Cho bng Attendance
(
ID INT PRIMARY KEY,
Name NVARCHAR2
)
Lm cc bc sau:
a. To cc role sau: DataEntry, Supervisor, v Management.
b. Gn John, Joe, v Lynn vo role DataEntry, gn Fred vo role Supervisor, v gn
Amy v Beth vo role Management.
c. Cho role DataEntry cc quyn SELECT, INSERT, v UPDATE trn bng
Attendance.
d. Cho role Supervisor cc quyn SELECT v DELETE trn bng Attendance.
e. Cho role Management quyn SELECT trn bng Attendance.
f. Ln lt kim tra kt qu phn quyn cp cho cc role
B mn H Thng Thng Tin | Khoa KH&KT My Tnh 5

503009

BO MT H THNG THNG TIN

3. To mt user mi tn NameManager vi password l pc123. Gn quyn update cho

user ny trn ct Name ca bng Attendance.
4. Thc hin cc yu cu sau i vi cc view c lit k phn II (T in d liu):
a. Tm quyn m trong tn ca quyn c ch CONTEXT
b. Lit k tt c user c quyn SELECT ANY TABLE
5. Thc hin cc bc sau:
a. Gn password cho role DataEntry bi 1 l mgt
b. Cho php user John quyn cp quyn cho cc user khc
c. Gn tt c cc quyn m John c cho Beth. Beth c quyn INSERT v UPDATE
trn bng Attendance khng?

B mn H Thng Thng Tin | Khoa KH&KT My Tnh 6