How do I narrow my search results?
After you submit your search query:
- On the Refine Search results page, select one or more categories of products or services from the left sidebar.
- Then for a category with search results, click Select to choose your product and release filters, and then click OK.
For search queries that contain multiple words, surround the query with quotes, and then resubmit your query. Example: "database cloud service"
How do I find the documentation for my product or service?
From the home page, click the technology categories for your products or services. If you do not know which category to pick, try the following features:
- Click the Find a product tab and search for your product or service.
- Click Browse All Products & Services at the bottom of the home page to view an alphabetical listing of products and services.
- Apple Safari: Version 6
- Google Chrome: Version 29 and later
- Mozilla Firefox: Version 24 and later
- Microsoft Internet Explorer: Version 9 and later
18.2.2 Privileges Needed to Use the SQL Access Advisor → the statement's original user. If that user does not have SELECT privileges to a particular table … current database user must have SELECT privileges on the tables targeted for materialized view analysis … . For those tables, these SELECT privileges cannot be obtained through a role. Additionally, you must
Revoking Privileges from a Virtual Private Catalog Owner → catalog, you have granted the vpc1 user access privileges to prod1. You have also granted this user the … right to register databases in his virtual private catalog. Now you want to revoke privileges from … vpc1. To revoke privileges from a virtual private catalog owner: Start RMAN and connect to the … @catdb; Revoke specified
Creating and Granting Privileges to a Virtual Private Catalog Owner → access privileges only to prod1 and prod2. By default, a virtual private catalog owner has no access to … the base recovery catalog. To create and grant privileges to a virtual private catalog owner: Start … SQL*Plus and connect to the recovery catalog database with administrator privileges. If the user … recovery catalog database
Revoking System Privileges and Roles → You can revoke system privileges and roles using the SQL statement REVOKE. Any user with the ADMIN
Granting and Revoking System Privileges → You can grant or revoke system privileges to users and roles. If you grant system privileges to … roles, then you can use the roles to exercise system privileges. For example, roles permit privileges … privileges to or from users and roles: GRANT and REVOKE SQL statements Oracle Enterprise Manager
Privileges for Enabling Query Rewrite → Use of a materialized view is based not on privileges the user has on that materialized view, but … on the privileges the user has on detail tables or views in the query. The system privilege GRANT … tables and views outside your schema. The privileges for using materialized views for query rewrite
Cascading Effects of Revoking Privileges → … This is discussed in the following sections: Cascading Effects When Revoking System Privileges … Cascading Effects When Revoking Object Privileges Cascading Effects When Revoking System Privileges There … successfully until the privilege is reauthorized. Cascading Effects When Revoking Object Privileges Revoking
Who Should Be Granted Privileges? → You grant privileges to users so they can accomplish tasks required for their jobs. You should … granting of unnecessary privileges can compromise security. For example, you never should grant … privilege in two ways: You can grant privileges to users explicitly. For example, you can explicitly … privileges to
Granting Administrative Privileges to Users → As with all powerful privileges, only grant administrative privileges to trusted users. However, be … umlaut in the name HÜBER ). You can grant administrative privileges to these users, but if the
Granting or Revoking Object Privileges → Each type of object has different privileges associated with it. You can specify ALL [ PRIVILEGES … ] to grant or revoke all available object privileges for an object. ALL is not a privilege; rather … , it is a shortcut, or a way of granting or revoking all object privileges with one GRANT and REVOKE … statement.
Granting System Privileges and Roles → You can use the GRANT SQL statement to grant system privileges and roles to users and roles. The … following privileges are required: To grant a system privilege, a user must be granted the system … , accts_pay TO jward; Note: Object privileges cannot be granted along with system privileges and roles in … all
System Privileges → Object Privileges Object privileges apply to all metadata objects in the repository including … projects, modules, and collections. FULL CONTROL Full control includes all the other privileges plus the … ability to grant and revoke privileges on an object. Only users with full control over an object can … Properties
Label Privileges → CHAR(2) You will apply the following labels: Label Privileges CONFIDENTIAL Read access to the cities
About ANY Privileges and the PUBLIC Role → System privileges that use the ANY keyword enable you to set privileges for an entire category of … ( JONES ). If JONES has DBA privileges, letting JSMITH run a procedure as JONES could pose a security … when the account is created. By default, it has no privileges granted to it, but it does have numerous … dictionary
Granting a User Privileges and Roles → This section contains: Granting System Privileges and Roles Granting Object Privileges Granting … Privileges on Columns It is also possible to grant roles to a user connected through a middle tier or
Revoking Privileges and Roles from a User → This section contains: Revoking System Privileges and Roles Revoking Object Privileges Cascading Effects of Revoking Privileges
Guidelines for Securing User Accounts and Privileges → Follow these guidelines to secure user accounts and privileges: Practice the principle of least … privilege. Oracle recommends the following guidelines: Grant necessary privileges only. Do not provide … database users or roles more privileges than are necessary. (If possible, grant privileges to roles … privileges
Managing Object Privileges in an Application → … You must categorize these users into role groups, and then determine the privileges that must be … granted to each role. This section contains: What Application Developers Need to Know About Object Privileges SQL Statements Permitted by Object Privileges
Table 4-5 Privileges for Object Tables → table DELETE Delete rows Similar table privileges and column privileges apply to column objects … , however, does not involve named types, so Oracle Database does not check type privileges. In addition … statements, user3 does not have explicit privileges on the underlying types, but the statement succeeds … because
SQL Statements Permitted by Object Privileges → that each user is assigned the proper roles. Table 5-3 lists the SQL statements permitted by the object privileges shown in Table 5-2.
5.2.1 Understanding Database Control Login Privileges → granted the roles and privileges required to access all the management functionality provided with … , you can grant login privileges to other database users. To grant management access for other … properties page, click Finish. Enterprise Manager assigns login privileges to the specified user and includes
Listing Object Privileges Granted to a User → The following query returns all object privileges (not including column-specific privileges … NO To list all the column-specific privileges that have been granted, use the following query
Associating Privileges with User Database Roles → Ensure that users have only the privileges associated with the current database role. This section … contains: Why Users Should Only Have the Privileges of the Current Database Role Using the SET ROLE Statement to Automatically Enable or Disable Roles
Who Can Grant or Revoke System Privileges? → Only two types of users can grant system privileges to other users or revoke those privileges from … privilege GRANT ANY PRIVILEGE For this reason, only grant these privileges to trusted users.
Finding Information About User Privileges and Roles → privileges and roles. See Oracle Database Reference for detailed information about these views.
3.5.4 System Privileges, Object Privileges, and Policy Privileges → Remember that Oracle Label Security privileges are different from the standard Oracle Database … system and object privileges. Table 3-4 Types of Privilege Source Privileges Definition Oracle Database … System Privileges The right to run a particular type of SQL statement Object Privileges The right
3.3.1 Authorizations Set by the Administrator → : Chapter 8, \"Administering User Labels and Privileges\" for instructions on setting the
3.3.2 Computed Session Labels → Oracle Label Security automatically computes a number of labels based on the value of the session label. These include: Table 3-2 Computed Session Labels Computed Label Definition Maximum Read Label The user's maximum level combined with any combination of compartments and groups for which the user is authorized. Maximum Write Label The user's maximum level combined with the compartments and groups
3.5.2 Special Access Privileges → A user's authorizations can be modified with any of four privileges: READ FULL COMPACCESS … privilege allows a session to change its session labels and session privileges to those of a different … privileges. This privilege cannot be granted to a trusted stored program unit.
3.5.3 Special Row Label Privileges → Once the label on a row has been set, Oracle Label Security privileges are required to modify the … label. These privileges include WRITEUP, WRITEDOWN, and WRITEACROSS. Note that the LABEL_UPDATE … enforcement option must be on for these label modification privileges to be enforced. When a user updates … a row label, the new label
3.6.1 Multiple Oracle Label Security Policies in a Single Database → protecting the table containing your desired rows. If you require privileges, then you may need privileges for all of the policies affecting your work.
8 Administering User Labels and Privileges → privileges. You can also use the Web interface provided by Oracle Enterprise Manager Database Control or Grid … , with SA_USER_ADMIN Managing User Privileges with SA_USER_ADMIN.SET_USER_PRIVS Setting Labels … & Privileges with SA_SESSION.SET_ACCESS_PROFILE Returning User Name with SA_SESSION.SA_USER_NAME Using Oracle Label Security Views
8.2.11 SA_USER_ADMIN.DROP_ALL_GROUPS → The DROP_ALL_GROUPS procedure drops all groups from a user's authorizations. Syntax: PROCEDURE DROP_ALL_GROUPS (policy_name IN VARCHAR2, user_name IN VARCHAR2); Table 8-11 Parameters for SA_USER_ADMIN.DROP_ALL_GROUPS Parameter Meaning policy_name Specifies the policy user_name Specifies the user name
8.3.4 SA_USER_ADMIN.DROP_USER_ACCESS → privileges from the specified user. This procedure must be issued from the command line. Syntax: PROCEDURE
8.7.1 View to Display All User Security Attributes: DBA_SA_USERS → The DBA_SA_USERS view displays the values assigned for privileges, levels, compartments, and groups
3.2.3 Session Label Example → The session label and the row label can fall anywhere within the range of the user's level, compartment, and group authorizations. In Figure 3-2, \"User Session Label\", the user's maximum level is SENSITIVE and the minimum level is UNCLASSIFIED. However, his default session label is C:FIN,OP:WR. In this example, the administrator has set the user's session label so that the user connects to the database
8.2.1 SA_USER_ADMIN.SET_LEVELS → The SET_LEVELS procedure assigns a minimum and maximum level to a user and identifies default values for the user's session label and row label. If the min_level is NULL, then it is set to the lowest defined level for the policy. If the def_level is not specified, then it is set to the max_level. If the row_level is not specified, then it is set to the def_level. Syntax: PROCEDURE SET_LEVELS (policy_name
8.2.2 SA_USER_ADMIN.SET_COMPARTMENTS → The SET_COMPARTMENTS procedure assigns compartments to a user and identifies default values for the user's session label and row label. If write_comps are NULL, then they are set to the read_comps. If the def_comps are NULL, then they are set to the read_comps. If the row_comps are NULL, then they are set to the components in def_comps that are authorized for write access. All users must have their
8.2.6 SA_USER_ADMIN.DROP_COMPARTMENTS → The DROP_COMPARTMENTS procedure drops the specified compartments from a user's authorizations. Syntax: PROCEDURE DROP_COMPARTMENTS (policy_name IN VARCHAR2, user_name IN VARCHAR2, comps IN VARCHAR2); Table 8-6 Parameters for SA_USER_ADMIN.DROP_COMPARTMENTS Parameter Meaning policy_name Specifies the policy user_name Specifies the user name comps A comma-delimited list of compartments to drop
8.2.8 SA_USER_ADMIN.ADD_GROUPS → The ADD_GROUPS procedure adds groups to a user, indicating whether the groups are authorized for write as well as read. Syntax: PROCEDURE ADD_GROUPS (policy_name IN VARCHAR2, user_name IN VARCHAR2, groups IN VARCHAR2, access_mode IN VARCHAR2 DEFAULT NULL, in_def IN VARCHAR2 DEFAULT NULL, in_row IN VARCHAR2 DEFAULT NULL); Table 8-8 Parameters for SA_USER_ADMIN.ADD_GROUPS Parameter Meaning policy_name
8.5 Setting Labels & Privileges with SA_SESSION.SET_ACCESS_PROFILE → The SET_ACCESS_PROFILE procedure sets the Oracle Label Security authorizations and privileges of … . That user assumes only the authorizations and privileges of the specified user. By contrast, the … SA_SESSION.SET_ACCESS_PROFILE Parameter Meaning policy_name The name of an existing policy user_name Name of the user whose authorizations and privileges
3.4.2 The Oracle Label Security Algorithm for Read Access → or less than the current session level. No privileges (other than FULL) allow the user to write … special Oracle Label Security privileges. See Also: \"Privileges Defined by Oracle Label Security
3.5 Using Oracle Label Security Privileges → This section introduces the Oracle Label Security database and row label privileges: Privileges … Defined by Oracle Label Security Policies Special Access Privileges Special Row Label Privileges System Privileges, Object Privileges, and Policy Privileges
8.1 Introduction to User Label and Privilege Management → To manage user labels and privileges, you must have the EXECUTE privilege for the SA_USER_ADMIN
8.2.4 SA_USER_ADMIN.ALTER_COMPARTMENTS → The ALTER_COMPARTMENTS procedure changes the write access, the default label indicator, and the row label indicator for each of the compartments in the list. Syntax: PROCEDURE ALTER_COMPARTMENTS (policy_name IN VARCHAR2, user_name IN VARCHAR2, comps IN VARCHAR2, access_mode IN VARCHAR2 DEFAULT NULL, in_def IN VARCHAR2 DEFAULT NULL, in_row IN VARCHAR2 DEFAULT NULL); Table 8-4 Parameters for SA_USER_ADMIN.ALTER_COMPARTMENTS
8.3.2 SA_USER_ADMIN.SET_DEFAULT_LABEL → The SET_DEFAULT_LABEL procedure sets the user's initial session label to the one specified. Syntax: PROCEDURE SET_DEFAULT_LABELS ( policy_name IN VARCHAR2, user_name IN VARCHAR2, def_label IN VARCHAR2); Table 8-13 Parameters for SA_USER_ADMIN.SET_DEFAULT_LABEL Parameter Meaning policy_name Specifies the policy user_name Specifies the user name def_label Specifies the label string to be used to initialize
3.2.1 The Session Label → Each Oracle Label Security user has a set of authorizations that include: A maximum and minimum level A set of authorized compartments A set of authorized groups For each compartment and group, a specification of read-only access, or read/write access The administrator also specifies the user's initial session label when setting up these authorizations for the user. The session label is the particular
3.3 Understanding User Authorizations → There are two types of user authorizations: Authorizations Set by the Administrator Computed Session Labels
3.4.1 Introducing Read/Write Access → Although data labels are stored in a column within data records, information about user authorizations is stored in relational tables. When a user logs on, the tables are used to dynamically generate user labels for use during the session. 184.108.40.206 Difference Between Read and Write Operations Two fundamental types of access mediation on Data Manipulation language (DML) operations exist, within protected
8.2.10 SA_USER_ADMIN.DROP_GROUPS → The DROP_GROUPS procedure drops the specified groups from a user's authorizations. Syntax: PROCEDURE DROP_GROUPS (policy_name IN VARCHAR2, user_name IN VARCHAR2, groups IN VARCHAR2); Table 8-10 Parameters for SA_USER_ADMIN.DROP_GROUPS Parameter Meaning policy_name Specifies the policy user_name Specifies the user name groups A comma-delimited list of groups to drop
3.4 Evaluating Labels for Access Mediation → When a table is protected by an Oracle Label Security policy, the user's label components are compared to the row's label components to determine whether the user can access the data. In this way, Oracle Label Security evaluates whether the user is authorized to perform the requested operation on the data in the row. This section explains the rules and options by which user access is mediated. It
3.5.7 Access Mediation and Policy Enforcement Options → An administrator can choose from among a set of policy enforcement options when applying an Oracle Label Security policy to individual tables. These options enable enforcement to be tailored differently for each database table. In addition to the access controls based on the labels, a SQL predicate can also be associated with each table. The predicate can further define which rows in the table are
8.2.5 SA_USER_ADMIN.ADD_COMPARTMENTS → 8.2.5 SA_USER_ADMIN. ADD_COMPARTMENTS This procedure adds compartments to a user's authorizations, indicating whether the compartments are authorized for write as well as read. Syntax: PROCEDURE ADD_COMPARTMENTS (policy_name IN VARCHAR2, user_name IN VARCHAR2, comps IN VARCHAR2, access_model IN VARCHAR2 DEFAULT NULL, in_def IN VARCHAR2 DEFAULT NULL, in_row IN VARCHAR2 DEFAULT NULL); Table 8-5 Parameters
8.2.9 SA_USER_ADMIN.ALTER_GROUPS → The ALTER_GROUPS procedure changes the write access, the default label indicator, and the row label indicator for each of the groups in the list. Syntax: PROCEDURE ALTER_GROUPS (policy_name IN VARCHAR2, user_name IN VARCHAR2, groups IN VARCHAR2, access_mode IN VARCHAR2 DEFAULT NULL, in_def IN VARCHAR2 DEFAULT NULL, in_row IN VARCHAR2 DEFAULT NULL); Table 8-9 Parameters for SA_USER_ADMIN.ALTER_GROUPS
8.3.1 SA_USER_ADMIN.SET_USER_LABELS → … See Also: \"Managing Program Unit Privileges with SET_PROG_PRIVS\"
8.4 Managing User Privileges with SA_USER_ADMIN.SET_USER_PRIVS → The SET_USER_PRIVS procedure sets policy-specific privileges for users. These privileges do not … . The new set of privileges replaces any existing privileges. A NULL value for the privileges … parameter removes the user's privileges for the policy. To assign policy privileges
3 Understanding Access Controls and Privileges → label and the user's label. This chapter examines the access controls and privileges that determine … Evaluating Labels for Access Mediation Using Oracle Label Security Privileges Working with Multiple Oracle Label Security Policies
3.2 Understanding Session Label and Row Label → This section introduces the basic user labels. The Session Label The Row Label Session Label Example
3.4.3 The Oracle Label Security Algorithm for Write Access → In the context of Oracle Label Security, WRITE_CONTROL enforcement determines the ability to insert, update, or delete data in a row. WRITE_CONTROL enables you to control data access with ever finer granularity. Granularity increases when compartments are added to levels. It increases again when groups are added to compartments. Access control becomes even more fine grained when you can manage the
8.2.7 SA_USER_ADMIN.DROP_ALL_COMPARTMENTS → The DROP_ALL_COMPARTMENTS procedure drops all compartments from a user's authorizations. Syntax: PROCEDURE DROP_ALL_COMPARTMENTS (policy_name IN VARCHAR2, user_name IN VARCHAR2); Table 8-7 Parameters for SA_USER_ADMIN.DROP_ALL_COMPARTMENTS Parameter Meaning policy_name Specifies the policy user_name Specifies the user name