Authorization is permission given to a user, program, or process to access an object or set of objects. The type of data access granted to a user can be read-only, or read and write. Privileges specify the type of Data Manipulation Language (DML) operations like SELECT, INSERT, UPDATE, DELETE, etc., which the user can perform upon data.
The two methods by which the access control is done are by using privileges and roles. A privilege is permission to access a named object in a prescribed manner; for example, permission to query a table. Privileges are granted to users at the discretion of other users. Privileges can be granted to enable a particular user to connect to the database (create a session); select rows from someone else's table; or execute someone else's stored procedure. A role is a mechanism that can be used to provide authorization. A single person or a group of people can be granted a role or a group of roles. By defining different types of roles, administrators can manage access privileges much more easily.
No comments:
Post a Comment