(INFORMATION MANAGEMENT)

EXERCISE

8
DCL Queries

Juan Carlo Q. Castillo Name of Professor

March 7 2020 March 7 2020

This study source was downloaded by 100000829421545 from CourseHero.com on 03-31-2022 02:09:53 GMT -05:00

https://www.coursehero.com/file/56756897/CCS0014-Lab-Exercise-8docx/
 I. OBJECTIVES

At the end of this exercise, students must be able to:

a) Granting other users privileges to your table
b) Modifying another user’s table through the privileges granted to you
c) Creating a synonym

II. BACKGROUND INFORMATION

Creating users:
• The database administrator (DBA) creates users with the CREATE USER statement.

CREATE USER user

IDENTIFIED BY password;

CREATE USER demo

IDENTIFIED BY demo;

After a user is created, the DBA can grant specific system privileges to that user
An application developer, for example, may have the following system privileges:
- CREATE SESSION
- CREATE TABLE
- CREATE SEQUENCE
- CREATE VIEW
- CREATE PROCEDURE

The DBA can grant specific system privileges to a user.

GRANT create session, create table,

create sequence, create view
TO demo;

Give a user authority to pass along system privileges:

GRANT create session, create table

TO demo
WITH ADMIN OPTION;

Create a role:
CREATE ROLE manager;
Grant privileges to a role:

This study source was downloaded by 100000829421545 from CourseHero.com on 03-31-2022 02:09:53 GMT -05:00

https://www.coursehero.com/file/56756897/CCS0014-Lab-Exercise-8docx/
 Grant a role to users:
GRANT create table, create view
TO manager;

Grant a role to users:

GRANT manager TO BELL, KOCHHAR;

The DBA creates your user account and initializes your password.
You can change your password by using the ALTER USER statement.

ALTER USER demo

IDENTIFIED BY employ;

Object privileges vary from object to object.

An owner has all the privileges on the object.
An owner can give specific privileges on that owner’s object.

GRANT object_priv [(columns)]

ON object
TO {user|role|PUBLIC}
[WITH GRANT OPTION];

Revoking Object Privileges

You use the REVOKE statement to revoke privileges granted to other users.
Privileges granted to others through the WITH GRANT OPTION clause are also revoked.

REVOKE {privilege [, privilege...]|ALL}

ON object
FROM {user[, user...]|role|PUBLIC}
[CASCADE CONSTRAINTS];

III. EXPERIMENTAL PROCEDURE

INSTRUCTIONS:

Scenario
Team up with other students for this exercise about controlling access to database objects.

Task

This study source was downloaded by 100000829421545 from CourseHero.com on 03-31-2022 02:09:53 GMT -05:00

https://www.coursehero.com/file/56756897/CCS0014-Lab-Exercise-8docx/
 Write the appropriate SQL statement for the following queries. The result of the queries
will be checked from your computer.

1. What privilege should a user be given to log on to the Oracle server? Is this a system privilege or
an object privilege?

The CREATE SESSION system privilege

2. What privilege should a user be given to create tables?

The CREATE TABLE privilege

3. If you create a table, who can pass along privileges to other users on your table?

You can, or anyone you have given those privileges to, by using WITH GRANT OPTION

4. You are the DBA. You are creating many users who require the same system privileges. What
should you use to make your job easier?

Create a role containing the system privileges and grant the role to the users.

5. What command do you use to change your password?

The ALTER USER statement

6. User1 is the owner of the EMP table and grants the DELETE privilege to User2 by using the
WITH GRANT OPTION clause. User2 then grants the DELETE privilege on EMP to User3.
User1 now finds that User3 has the privilege and revokes it from User2. Which user can now
delete from the EMP table?

Only User21

7. You want to grant SCOTT the privilege to update data in the DEPARTMENTS table. You also
want to enable SCOTT to grant this privilege to other users. What command do you use?

GRANT UPDATE ON departments TO scott WITH GRANT OPTION;

8. Grant another user query privilege on your table. Then, verify whether that user can use the
privilege. Note: For this exercise, team up with another group. For example, if you are user
ora21, team up with another user ora22.
a. Grant another user privilege to view records in your REGIONS table. Include an option
for this user to further grant this privilege to other users.

GRANT select
ON regions
TO WITH GRANT OPTION;

b. Have the user query your REGIONS table.

SELECT * FROM <team1_oraxx>.regions;

This study source was downloaded by 100000829421545 from CourseHero.com on 03-31-2022 02:09:53 GMT -05:00

https://www.coursehero.com/file/56756897/CCS0014-Lab-Exercise-8docx/
 c. Have the user pass on the query privilege to a third user (for example, ora23).

GRANT select
ON <team1_oraxx>.regions
TO <team3_oraxx>;

d. Take back the privilege from the user who performs step b.

REVOKE select
ON regions
FROM <team2_oraxx>;

Note: Each team can run exercises 9 and 10 independently.

9. Grant another user query and data manipulation privileges on your COUNTRIES table. Make
sure that the user cannot pass on these privileges to other users.

GRANT select, update, insert

ON COUNTRIES
TO <team2_oraxx>;

10. Take back the privileges on the COUNTRIES table granted to another user.

REVOKE select, update, insert ON COUNTRIES FROM <team2_oraxx>;

Note: For exercises 11 through 17, team up with another group.

11. Grant another user access to your DEPARTMENTS table. Have the user grant you query access
to his or her DEPARTMENTS table.

TEAM 1
GRANT select
ON departments
TO <team1_oraxx>;

TEAM 2
GRANT select
ON departments
TO <team2_oraxx>;

12. Query all the rows in your DEPARTMENTS table.

SELECT * FROM departments;

This study source was downloaded by 100000829421545 from CourseHero.com on 03-31-2022 02:09:53 GMT -05:00

https://www.coursehero.com/file/56756897/CCS0014-Lab-Exercise-8docx/
 13. Add a new row to your DEPARTMENTS table. Team 1 should add Education as department
number 500. Team 2 should add Human Resources as department number 510. Query the other
team’s table.

Team 1 executes this INSERT statement.

INSERT INTO departments(department_id, department_name)

VALUES (500, 'Education');
COMMIT;

Team 2 executes this INSERT statement.

INSERT INTO departments(department_id, department_name)

VALUES (510, 'Human Resources');
COMMIT;

14. Create a synonym for the other team’s DEPARTMENTS table.

CREATE SYNONYM team2

FOR <team2_oraxx>.DEPARTMENTS;

CREATE SYNONYM team1

FOR <team1_oraxx>.DEPARTMENTS;

15. Query all the rows in the other team’s DEPARTMENTS table by using your synonym.

Team 1 SELECT statement results:

SELECT * FROM team2;

Team 2 SELECT statement results:

SELECT * FROM team1;

16. Revoke the SELECT privilege from the other team.

REVOKE select ON departments FROM <team2_oraxx>;

REVOKE select ON departments FROM <team1 _oraxx>;

17. Remove the row you inserted into the DEPARTMENTS table in step 13 and save the changes.

DELETE FROM departments WHERE department_id = 500; COMMIT;

DELETE FROM departments WHERE department_id = 510; COMMIT;

This study source was downloaded by 100000829421545 from CourseHero.com on 03-31-2022 02:09:53 GMT -05:00

https://www.coursehero.com/file/56756897/CCS0014-Lab-Exercise-8docx/
 IV. ASSESSMENT

Department Information Technology

Subject Code CCS0014
Description Information Management
Term/Academic Year 1 / SY20182019

Topic DCL Queries

Lab Activity No 8
Lab Activity DCL Queries
CLO 4

Note: The following rubrics/metrics will be used to grade students’ output in the lab
exercise.

Criteria Descriptions Points

GROUPWORK Creating privilege for the users 50
Creating privileges
GROUPWORK SQL statements that uses subqueries inside 50
Revoking privileges the statement
Total 100

This study source was downloaded by 100000829421545 from CourseHero.com on 03-31-2022 02:09:53 GMT -05:00

https://www.coursehero.com/file/56756897/CCS0014-Lab-Exercise-8docx/
Powered by TCPDF (www.tcpdf.org)