||Oracle Tips by Burleson
Administration of Security
Security in Oracle has six layers:
The first layer of security is the raw
assignment and management of users, which we have already
The second layer is the high-level
system grants that give the users already built permission to
create, alter, and use database objects such as tables, indexes,
The third layer of security comprises
the object-level grants that allow users to interact with
The fourth layer is the column grant
layer that grants or restricts access to the specific columns
inside a database object. The fifth layer (new in Oracle8i)
involves the use of policies and contexts to control row-level
The sixth level of security deals with
controlling access to system resources, such as CPUs and
parallel query resources, and is accomplished through the use of
profiles (Oracle7 and Oracle8) and resource plans and groups
(new in Oracle8i).
Security in Oracle is becoming a very
complex topic, and entire books have been written concerning this
one aspect of Oracle.
User Grants and Privileges
As mentioned in the introduction to this
chapter, two types of privileges can be granted: system privileges
and object privileges.
System privileges allow a user to
perform a particular systemwide action or to perform a
particular action on a particular type of object. For example,
the privilege to create a table (CREATE TABLE) or insert rows
into any table (INSERT ANY TABLE) are system privileges.
Object privileges allow a user to
perform a particular action on a specific object, including
tables, views, sequences, procedures, functions, and packages.
For example, the privilege to insert rows into a particular
table is an object privilege. Object privilege grants always
include the name of the object for which the privilege is
See Code Depot