A privilege is a right to execute a particular type of SQL statement or to access another user's object. Some examples of privileges include:
The right to connect to the database (create a session)
The right to create a table
The right to select rows from another user's table
The right to execute another user's stored procedure
Privileges are granted to users so that these users can accomplish tasks required for their job. You should grant a privilege only to a user who absolutely requires the privilege to accomplish necessary work. Excessive granting of unnecessary privileges can lead to compromised security. Because roles allow for easier and better management of privileges, you should normally grant privileges to roles and not to specific users. There are two distinct categories of privileges - system privileges and object privileges.
a. System Privileges
A system privilege is the right to perform a particular action, or to perform a particular action on a particular type of object. For example, the privileges to create tables and to delete the rows of any table in a database are system privileges. System privileges are granted to or revoked from users and roles using the SQL commands GRANT and REVOKE.
b. Object Privileges
An object privilege is a privilege or right to perform a particular action on a specific table, view, sequence, procedure, function, or package. For example, the privilege to delete rows from a table is an object privilege. Depending on the type of object, there are different types of object privileges. Object privileges can be granted to, or revoked from; users and roles using the SQL commands GRANT and REVOKE, respectively.
No comments:
Post a Comment