DCL: Users, Roles & Privileges

DCL (Data Control Language) is a sub-language of SQL used to control privileges in a database.

It is used for administrative purpose like:

  • Create /Remove User
  • Grant /Revoke privileges on objects.

Some Useful Syntax

Syntax to create a user:
CREATE USER <USERNAME>
IDENTIFIED BY <PASSWORD>;

Syntax to delete an existing user:
DROP USER <USERNAME> [CASCADE];
Cascade keyword is used to delete non-empty users.

Syntax to change password:
ALTER USER <USERNAME>
IDENTIFIED BY <PASSWORD>;

Syntax to lock/unlock a user:
ALTER USER <USERNAME>
ACCOUNT LOCK|UNLOCK;

Privileges

Privileges are various rights to manipulate object in a database that can be assigned to a user. Privileges are of two types:

  • System Privileges
  • Object Privileges

System Privileges are those privileges that are assigned to a user.

Object Privileges are those privileges that are are assigned to an object.

System privileges can be granted or revoked only by the superuser, whereas object privileges can be granted or revoked by the superuser as well as the user who owns the object.

The frequently used system privileges are:

  • CREATE SESSION
  • CREATE TABLE
  • CREATE VIEW
  • CREATE SYNONYM
  • CREATE SEQUENCE
  • CREATE INDEX
  • CREATE TYPE
  • CREATE PROCEDURE

Note: CREATE SESSION privilege is the primary privilege which is responsible to activate a user by creating session id.

Frequently used object privileges are:

  • SELECT
  • INSERT
  • UPDATE
  • DELETE
  • EXECUTE

Grant and Revoke Privileges

Any privileges can be assigned or removed from a user. The commands used to do so are:

  • GRANT
  • REVOKE
Syntax to grant system privileges:
GRANT <SP1>, <SP2> ... N|<ROLE>
TO <USERNAME>;

Syntax to revoke system privileges:
REVOKE <SP1>, <SP2> ... N|<ROLE>
FROM <USERNAME>;

Syntax to grant object privileges:
GRANT <OP1>, <OP2> ... N
ON <OBJECT_NAME>
TO <USERNAME>;

Syntax to revoke object privileges:
REVOKE <OP1>, <OP2> ... N
ON <OBJECT_NAME>
FROM <USERNAME>;
Examples:
GRANT CREATE_SESSION, CREATE_TABLE, CREATE_VIEW TO SYSUSER; REVOKE CREATE SESSION FROM SYSUSER; GRANT SELECT, INSERT ON EMP TO SYSUSER; REVOKE INSERT ON EMP FROM SYSUSER;

Role

Multiple system privileges are grouped together to create a role. Roles can only be created in super user and can only contains system privileges.

Examples:
CREATE ROLE MYROLE;

GRANT CREATE SESSION, CREATE TABLE
TO MYROLE;

GRANT MYROLE TO SYSUSER;

Drop statement is used to delete a role.

DROP ROLE MYROLE;
POPULAR ARTICLES

Creating Conditional Beans in Spring

The concept of condition beans enables Spring to restrict the creation of any bean depending on the evaluation of a condition. These beans get created only when a preset condition is evaluated as true

View Article

Accepting Request Param and Path Variable in Spring Controller

Spring MVC provides various ways through which a client browser can pass data to the Controller. In this article we will discuss about accepting Request Parameters and Path Variables in Spring Contr..

View Article

Generate Namespace & Schema Information using JAXB

Most xml documents used in enterprise applications makes use of namespace to avoid element name conflicts. This article talks about generating these namespace and schema information when marshaling...

View Article

Switching Database Profile using Spring Profiles

We are most likely to have separate db configuration for different environment like development and production environment. Spring profiles provide a convenient way to switch db profiles at runtime.

View Article

SQL and its Sub-Languages

SQL (Structured Query Language) is a language understood by most modern databases. It is an ANSI (American National Standard Institute) standard language which is used to manipulate databases.

View Article

Introducing JUnit Rule

Junit Rules allows developers to add additional functionalities that can applied to all test methods in a test class. It is similar to the concept of custom test runners but with reduced restrictions.

View Article

Addressing Ambiguity in Spring Autowiring

Spring autowiring is powerful concept, but we should be very cautious while using it. We may end up in creating ambiguity while autowiring beans, which will cause autowiring to fail.

View Article

Creating and Using Synonym in Oracle Database

Synonyms are database objects used to provide duplicate names to existing objects in the database. It is just an alternate name used to hide the original name of the object.

View Article

Creating and Using Sequence in Oracle Database

A sequence is used to auto-generate numbers in ascending or descending order which can serve as a primary key or a part of it (in case of composite key).

View Article

Creating and Manipulating Constraints in Oracle Database

Constraints are used to impose certain rules on columns to avoid invalid data entry into the table. If any of the constraint is violated the operation fails.

View Article

Integrating Log4J with Perf4J for Performance Logging

Perf4j is an open source logging framework used primarily for monitoring performance statistics in java applications. Log4j has the ability to integrate with perf4j to capture performance data.

View Article

Tagging in GIT

Tagging allows us to mark a specific point in the commit history or snapshot. A tag is typically used to mark a project release. This article shows how to create tags in Git.

View Article