Edit D:\app\Administrator\product\11.2.0\dbhome_1\oc4j\j2ee\oc4j_applications\applications\em\em\online_help\tdpsg\tdpsg_privileges003.htm
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Script-Type" content="text/javascript" /> <title>Guideline for Granting Roles to Users</title> <meta name="generator" content="Oracle DARB XHTML Converter (Mode = ohj/ohw) - Version 5.1" /> <meta name="date" content="2009-06-02T18:13:3Z" /> <meta name="robots" content="noarchive" /> <meta name="doctitle" content="Guideline for Granting Roles to Users" /> <meta name="relnum" content="11g Release 2 (11.2)" /> <meta name="partnum" content="E10575-01" /> <link rel="copyright" href="./dcommon/html/cpyr.htm" title="Copyright" type="text/html" /> <link rel="stylesheet" href="./dcommon/css/blafdoc.css" title="Oracle BLAFDoc" type="text/css" /> <link rel="contents" href="toc.htm" title="Contents" type="text/html" /> <link rel="prev" href="tdpsg_privileges002.htm" title="Previous" type="text/html" /> <link rel="next" href="tdpsg_privileges004.htm" title="Next" type="text/html" /> <script src="./callback.js" type="text/javascript"></script> <noscript>Your browser does not support JavaScript. This help page requires JavaScript to render correctly.</noscript> </head> <body> <div class="zz-skip-header"><a href="#BEGIN">Skip Headers</a></div> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="100%"> <col width="86%" /> <col width="*" /> <tr valign="bottom"> <td align="left"></td> <td align="center"><a href="tdpsg_privileges002.htm"><img src="./dcommon/gifs/leftnav.gif" alt="Previous" /><br /> <span class="icon">Previous</span></a> </td> <td align="center"><a href="tdpsg_privileges004.htm"><img src="./dcommon/gifs/rightnav.gif" alt="Next" /><br /> <span class="icon">Next</span></a></td> </tr> </table> <p><a id="CIHDACHJ" name="CIHDACHJ"></a><a id="TDPSG30038" name="TDPSG30038"></a></p> <div class="sect1"><!-- infolevel="all" infotype="General" --> <h1>Guideline for Granting Roles to Users</h1> <a name="BEGIN" id="BEGIN"></a> <p>A <a id="sthref211" name="sthref211"></a>role is a named group of related privileges that you grant, as a group, to users or other roles. To learn the fundamentals of managing roles, see <a href="topicid:ADMQS072">Administering Roles</a>.</p> <p>Roles are useful for quickly and easily granting permissions to users. Although you can use Oracle Database-defined roles, you have more control and continuity if you <a id="sthref212" name="sthref212"></a>create your own roles that contain only the privileges pertaining to your requirements. Oracle may change or remove the privileges in an Oracle Database-defined role, as it has with the <a id="sthref213" name="sthref213"></a><a id="sthref214" name="sthref214"></a><code>CONNECT</code> role, which now has only the <a id="sthref215" name="sthref215"></a><code>CREATE SESSION</code> privilege. Formerly, this role had eight other privileges.</p> <p>Ensure that the <a id="sthref216" name="sthref216"></a>roles you define contain only the privileges required for the responsibility of a particular job. If your application users do not need all the privileges encompassed by an existing role, then apply a different set of roles that supply just the correct privileges. Alternatively, create and assign a more restrictive role.</p> <p>Do not grant powerful privileges, such as the <a id="sthref217" name="sthref217"></a><a id="sthref218" name="sthref218"></a><code>CREATE DBLINK</code> privilege, to regular users such as user <code>SCOTT</code>. (Particularly do not grant <span class="italic">any</span> powerful privileges to <a id="sthref219" name="sthref219"></a><a id="sthref220" name="sthref220"></a><code>SCOTT</code>, because this is a well known default user account that may be vulnerable to intruders.) Instead, grant the privilege to a database role, and then grant this role to the users who must use the privilege. And remember to only grant the minimum privileges the user needs.</p> <div class="helpinfonotealso"> <h2>Related Topics</h2> <p><a href="tdpsg_privileges001.htm#CHDGJDIA">About Privilege Management</a></p> <p><a href="tdpsg_privileges002.htm#CIHJGIAG">Guideline for Granting Privileges</a></p> <p><a href="tdpsg_privileges004.htm#CIHHGIGB">Guideline for Handling Privileges for the PUBLIC User Group</a></p> </div> </div> <!-- class="sect1" --> <!-- Start Footer --> <div class="footer"> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="100%"> <col width="86%" /> <col width="*" /> <tr> <td align="left"><span class="copyrightlogo">Copyright © 2006, 2009, Oracle and/or its affiliates. All rights reserved.</span><br /> <a href="./dcommon/html/cpyr.htm"><span class="copyrightlogo">Legal Notices</span></a></td> <td align="center"><a href="tdpsg_privileges002.htm"><img src="./dcommon/gifs/leftnav.gif" alt="Previous" /><br /> <span class="icon">Previous</span></a> </td> <td align="center"><a href="tdpsg_privileges004.htm"><img src="./dcommon/gifs/rightnav.gif" alt="Next" /><br /> <span class="icon">Next</span></a></td> </tr> </table> </div> <!-- class="footer" --> </body> </html>
Ms-Dos/Windows
Unix
Write backup
jsp File Browser version 1.2 by
www.vonloesch.de