Scribd
Upload
406 views

(M8S2-POWERPOINT) - Data Control Language (DCL)

This document provides an overview of data control language (DCL) in SQL. It discusses how database administrators can create users and grant them privileges. System privileges allow users to perform database actions while object privileges allow manipulation of database objects. The document outlines how DCL statements like GRANT and REVOKE are used to manage user privileges and roles. Database views are also mentioned as a way to view the privileges that users and roles have been granted.

Uploaded by

Yael Cabrales
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
406 views

(M8S2-POWERPOINT) - Data Control Language (DCL)

This document provides an overview of data control language (DCL) in SQL. It discusses how database administrators can create users and grant them privileges. System privileges allow users to perform database actions while object privileges allow manipulation of database objects. The document outlines how DCL statements like GRANT and REVOKE are used to manage user privileges and roles. Database views are also mentioned as a way to view the privileges that users and roles have been granted.

Uploaded by

Yael Cabrales
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

INFORMATION MANAGEMENT

MODULE 8: Advanced SQL and Data Control


Language (DCL)
MODULE 8 SUBTOPIC 2

DATA CONTROL LANGUAGE


(DCL)
MODULE 8

OBJECTIVES

■At the end of the chapter, the learner should be able to:
• Differentiate system privileges from object privileges
• Grant privileges on tables
• Grant roles
• Distinguish between privileges and roles
Database
administrator

Username and password


Privileges

Users
• Database security:
- System security
- Data security
• System privileges: Performing a particular action within the
database
• Object privileges: Manipulating the content of the database
objects
• Schemas: Collection of objects such as tables, views, and
sequences

Database Systems 1
•More than 100 privileges are available.
•The database administrator has high-level system privileges
for tasks such as:
• Creating new users
• Removing users
• Removing tables
• Backing up tables

Database Systems 1
• The database administrator (DBA) creates users with the CREATE USER statement.

CREATE USER user


IDENTIFIED BY password;

CREATE USER demo


IDENTIFIED BY demo;

Database Systems 1
• After a user is created, the DBA can grant specific system privileges to that user.
GRANT privilege [, privilege...]
TO user [, user| role, PUBLIC...];
• An application developer, for example, may have the following system privileges:
• CREATE SESSION
• CREATE TABLE
• CREATE SEQUENCE
• CREATE VIEW
• CREATE PROCEDURE

Database Systems 1
The DBA can grant specific system privileges to a user.

GRANT create session, create table,


create sequence, create view
TO demo;

Database Systems 1
Give a user authority to pass along system privileges:

GRANT create session, create table


TO demo
WITH ADMIN OPTION;

Database Systems 1
Users

Manager

Privileges

Allocating privileges Allocating privileges


without a role with a role

Database Systems 1
• Create a role:
CREATE ROLE manager;

• Grant privileges to a role:


GRANT create table, create view
TO manager;

• Grant a role to users:


GRANT manager TO BELL, KOCHHAR;

Database Systems 1
• The DBA creates your user account and initializes your password.
• You can change your password by using the ALTER USER statement.

ALTER USER demo


IDENTIFIED BY employ;

Database Systems 1
Object
privilege Table View Sequence

ALTER

DELETE

INDEX

INSERT

REFERENCES

SELECT

UPDATE
• Object privileges vary from object to object.
• An owner has all the privileges on the object.
• An owner can give specific privileges on that owner’s object.

GRANT object_priv [(columns)]


ON object
TO {user|role|PUBLIC}
[WITH GRANT OPTION];

Database Systems 1
• Grant query privileges on the EMPLOYEES table:
GRANT select
ON employees
TO demo;

• Grant privileges to update specific columns to users and roles:

GRANT update (department_name, location_id)


ON departments
TO demo, manager;

Database Systems 1
• Give a user authority to pass along privileges:
GRANT select, insert
ON departments
TO demo
WITH GRANT OPTION;

• Allow all users on the system to query data from Alice’s DEPARTMENTS table:

GRANT select
ON alice.departments
TO PUBLIC;

Database Systems 1
Data Dictionary View Description

ROLE_SYS_PRIVS System privileges granted to roles

ROLE_TAB_PRIVS Table privileges granted to roles

USER_ROLE_PRIVS Roles accessible by the user

USER_SYS_PRIVS System privileges granted to the user

USER_TAB_PRIVS_MADE Object privileges granted on the user’s objects

USER_TAB_PRIVS_RECD Object privileges granted to the user


USER_COL_PRIVS_MADE Object privileges granted on the columns of the user’s
objects

USER_COL_PRIVS_RECD Object privileges granted to the user on specific


columns
• You use the REVOKE statement to revoke privileges granted to other users.
• Privileges granted to others through the WITH GRANT OPTION clause are also
revoked.

REVOKE {privilege [, privilege...]|ALL}


ON object
FROM {user[, user...]|role|PUBLIC}
[CASCADE CONSTRAINTS];

Database Systems 1
Revoke the SELECT and INSERT privileges given to the demo user on the
DEPARTMENTS table.

REVOKE select, insert


ON departments
FROM demo;

Database Systems 1
In this lesson, you should have learned about statements that control
access to the database and database objects.

Statement Action

CREATE USER Creates a user (usually performed by a DBA)

GRANT Gives other users privileges to access the objects

CREATE ROLE Creates a collection of privileges (usually performed by a DBA)

ALTER USER Changes a user’s password

REVOKE Removes privileges on an object from users


END OF MODULE 8
• Taylor, A. G. (2019). SQL for dummies (9th ed.). Hoboken, NJ: For
Dummies.
• Harrington, J. (2016). Relational Database Design and Implementation
(4th Edition). Morgan Kaufmann
• Juric, N., Vrbsky, S., Nestorov, S. (2016). Database Systems: Introduction
to Databases and Data Warehouses. Prospect Press
• Kroenke, D. M., & Auer, D. J. (2016). Database Concepts. Pearson.
• Sullivan, D. (2015). NoSQL for Mere Mortals (1st ed.). Boston: Addison-
Wesley.
• Hoffer, J., Ramesh, V., Topi, H. (2013). Modern Database Management 11th
Edition, Prentice Hall.

Introduction to Programming

You might also like