8.4 Controlling Access to Mining Models and Data
Understand how to create a Data Mining user and grant necessary privileges.
8.4.1 Creating a Data Mining User
Explains how to create a Data Mining user.
A Data Mining user is a database user account that has privileges for performing data mining activities. Example 8-6 shows how to create a database user. Example 8-7 shows how to assign data mining privileges to the user.
Example 8-6 Creating a Database User in SQL*Plus
-
Log in to SQL*Plus with system privileges.
Enter user-name: sys as sysdba Enter password: password
-
To create a user named
dmuser
, type these commands. Specify a password of your choosing.CREATE USER dmuser IDENTIFIED BY password DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP QUOTA UNLIMITED ON USERS; Commit;
The
USERS
andTEMP
tablespace are included in the pre-configured database that Oracle ships with the database media.USERS
is used mostly by demo users; it is appropriate for running the sample programs described in "The Data Mining Sample Programs".TEMP
is the temporary tablespace that is shared by most database users.Note:
Tablespaces for Data Mining users must be assigned according to standard DBA practices, depending on system load and system resources.
-
To login as
dmuser
, type the following.CONNECT dmuser Enter password:
password
Related Topics
See Also:
Oracle Database SQL Language Reference for the complete syntax of the CREATE USER
statement
8.4.1.1 Granting Privileges for Data Mining
You must have the CREATE MINING MODEL
privilege to create models in your own schema. You can perform any operation on models that you own. This includes applying the model, adding a cost matrix, renaming the model, and dropping the model.
The GRANT
statements in the following example assign a set of basic data mining privileges to the dmuser
account. Some of these privileges are not required for all mining activities, however it is prudent to grant them all as a group.
Additional system and object privileges are required for enabling or restricting specific mining activities.
Example 8-7 Privileges Required for Data Mining
GRANT CREATE MINING MODEL TO dmuser; GRANT CREATE SESSION TO dmuser; GRANT CREATE TABLE TO dmuser; GRANT CREATE VIEW TO dmuser; GRANT EXECUTE ON CTXSYS.CTX_DDL TO dmuser;
READ
or SELECT
privileges are required for data that is not in your schema. For example, the following statement grants SELECT
access to the sh.customers
table.
GRANT SELECT ON sh.customers TO dmuser;
8.4.2 System Privileges for Oracle Data Mining for SQL
A system privilege confers the right to perform a particular action in the database or to perform an action on a type of schema objects. For example, the privileges to create tablespaces and to delete the rows of any table in a database are system privileges.
You can perform specific operations on data mining models in other schemas if you have the appropriate system privileges. For example, CREATE ANY MINING MODEL
enables you to create models in other schemas. SELECT ANY MINING MODEL
enables you to apply models that reside in other schemas. You can add comments to models if you have the COMMENT ANY MINING MODEL
privilege.
To grant a system privilege, you must either have been granted the system privilege with the ADMIN OPTION
or have been granted the GRANT ANY PRIVILEGE
system privilege.
The system privileges listed in the following table control operations on data mining models.
Table 8-2 System Privileges for Oracle Data Mining for SQL
Example 8-8 Grant System Privileges for Oracle Data Mining for SQL
The following statements allow oml_user
to score data and view model details in any schema as long as SELECT
access has been granted to the data. However, oml_user
can only create models in the oml_user
schema.
GRANT CREATE MINING MODEL TO oml_user; GRANT SELECT ANY MINING MODEL TO oml_user;
The following statement revokes the privilege of scoring or viewing model details in other schemas. When this statement is run, oml_user
can only perform data mining activities in the oml_user
schema.
REVOKE SELECT ANY MINING MODEL FROM oml_user;
Related Topics
8.4.3 Object Privileges for Mining Models
An object privilege confers the right to perform a particular action on a specific schema object. For example, the privilege to delete rows from the SH.PRODUCTS
table is an example of an object privilege.
You automatically have all object privileges for schema objects in your own schema. You can grant object privilege on objects in your own schema to other users or roles.
The object privileges listed in the following table control operations on specific mining models.
Table 8-3 Object Privileges for Mining Models
Example 8-9 Grant Object Privileges on Mining Models
The following statements allow dmuser
to apply the model testmodel
to the sales
table, specifying different cost matrixes with each apply. The user dmuser
can also rename the model testmodel
. The testmodel
model and sales
table are in the sh
schema, not in the dmuser
schema.
GRANT SELECT ON MINING MODEL sh.testmodel TO dmuser; GRANT ALTER ON MINING MODEL sh.testmodel TO dmuser; GRANT SELECT ON sh.sales TO dmuser;
The following statement prevents dmuser
from renaming or changing the cost matrix of testmodel
. However, dmuser
can still apply testmodel
to the sales
table.
REVOKE ALTER ON MINING MODEL sh.testmodel FROM dmuser;