Sams Teach Yourself SQL in 24 Hours
- Table of Contents
- Copyright
- About the Authors
- Acknowledgments
- Tell Us What You Think!
- Introduction
- Part I: A SQL Concepts Overview
- Hour 1. Welcome to the World of SQL
- Part II: Building Your Database
- Hour 2. Defining Data Structures
- Hour 3. Managing Database Objects
- Hour 4. The Normalization Process
- Hour 5. Manipulating Data
- Hour 6. Managing Database Transactions
- Part III: Getting Effective Results from Queries
- Hour 7. Introduction to the Database Query
- Hour 8. Using Operators to Categorize Data
- Hour 9. Summarizing Data Results from a Query
- Hour 10. Sorting and Grouping Data
- Hour 11. Restructuring the Appearance of Data
- Hour 12. Understanding Dates and Times
- Part IV: Building Sophisticated Database Queries
- Hour 13. Joining Tables in Queries
- Hour 14. Using Subqueries to Define Unknown Data
- Hour 15. Combining Multiple Queries into One
- Part V: SQL Performance Tuning
- Hour 16. Using Indexes to Improve Performance
- Hour 17. Improving Database Performance
- Part VI: Using SQL to Manage Users and Security
- Hour 18. Managing Database Users
- Hour 19. Managing Database Security
- What Is Database Security?
- How Does Security Differ from User Management?
- What Are Privileges?
- Controlling User Access
- Controlling Privileges Through Roles
- Summary
- Q&A
- Workshop
- Part VII: Summarized Data Structures
- Hour 20. Creating and Using Views and Synonyms
- Hour 21. Working with the System Catalog
- Part VIII: Applying SQL Fundamentals in Today's World
- Hour 22. Advanced SQL Topics
- Hour 23. Extending SQL to the Enterprise, the Internet, and the Intranet
- Hour 24. Extensions to Standard SQL
- Part IX: Appendixes
- Appendix A. Common SQL Commands
- Appendix B. Using MySQL for Exercises
- Appendix C. Answers to Quizzes and Exercises
- Appendix D. CREATE TABLE Statements for Book Examples
- Appendix E. INSERT Statements for Data in Book Examples
- Appendix F. Glossary
- Appendix G. Bonus Exercises
Controlling Privileges Through Roles
|
A role is an object created in the database that contains group-like privileges. Roles can reduce security maintenance by not having to grant explicit privileges directly to a user. Group privilege management is much easier to handle with roles. A role's privileges can be changed, and such a change is transparent to the user. |
If a user needs SELECT and UPDATE table privileges on a table at a specified time within an application, a role with those privileges can temporarily be assigned until the transaction is complete.
When a role is first created, it has no real value other than being a role within a database. It can be granted to users or other roles. Let's say that a schema named APP01 grants the SELECT table privilege to the RECORDS_CLERK role on the EMPLOYEE_PAY table. Any user or role granted the RECORDS_CLERK role now would have SELECT privileges on the EMPLOYEE_PAY table.
Likewise, if APP01 revoked the SELECT table privilege from the RECORDS_CLERK role on the EMPLOYEE_PAY table, any user or role granted the RECORDS_CLERK role would no longer have SELECT privileges on that table.
The CREATE ROLE Statement
A role is created with the CREATE ROLE statement.
CREATE ROLE role_name;
Granting privileges to roles is the same as granting privileges to a user. Study the following example.
CREATE ROLE RECORDS_CLERK;
Role created.
The DROP ROLE Statement
A role is dropped using the DROP_ROLE statement.
The following is an example:
The SET ROLE Statement
A role can be set for a user SQL session using the SET_ROLE statement.
The following is an example:
You can set more than one role at once:
In some implementations, such as Oracle, all roles granted to a user are automatically default roles, which means the roles will be set and available to the user as soon as the user logs in to the database.
Summary | Next Section
Account Sign In
View your cart