Inthisexercisewewillcreate3userscalledDEV1,DEV2andDEV3inyourowndatabase.

Oncetheusersarecreatedwewillgivethem
readonlyaccesstoALLTABLEandALLVIEWSownedbySCOTT.Thiswayalldeveloperscanreadallthetablesandviewsfromscottschema.
Letsstart.
#1.CreateDevelopers
Createuserdev1identifiedbyabc123
Createuserdev2identifiedbyabc123
Createuserdev3identifiedbyabc123
1.1GrantUNLIMITEDtablespacetoalluserscreatedabove.
GRANTUNLIMITEDTABLESPACETODev1,Dev2,Dev3
1.2GrantConnectpermissiontoDev1,Dev2,Dev3.
GrantconnecttoDev1,Dev2,Dev3
#2.CreateaROLEforalltheDevelopers.
CreateroleRole_Developers
#3.AddResourcetoRole_Developers.
GrantResourcetoRole_Developers
#4.CreateRolecalledROLE_SSV(SSVstandsforSequence,SynonymandView).
CreateRoleRole_SSV
#5.AddthepermissionstoRole_SSV.
GrantCreateSequence,CreateSynonym,CreateViewtoROLE_SSV.
#6.AddRole_SSVtoRole_Developers.
GrantRole_SSVtoRole_Developers
#7.CreateRolecalledRole_Scott.
CreateRoleRole_Scott
#8.GrantReadonlytoalltablesandviewsownedbyscotttoRole_Scott.
#8.1Todothis,answeryourselfthisquestion.HowdoyouseealltablesandviewsownedbyScott?
Hmm...RemembertherearethreedifferentkindofOracleDictionaries.Theyare:
1)DBA_*
2)USER_*
3)ALL_*

Wewilltakethehelpofdba_objectstoseethetablesorviewthatareownedbySCOTT.Thequerytodosois:

select
owner,object_name
from
dba_ojects
where
owner=SCOTT
and
object_typein('TABLE','VIEW')

Now,letsusethehelpofCONCATENATIONfeatureofOracleSQL(IhopeyouallrememberfromourSQLclasses)togenerateascriptthatwecancopy
andpaste.TheSQLwouldbe:

select
'Grantselecton'||owner||'.'||object_name||'toRole_scott'asMySQL2Execute
from
dba_objects
where
owner='SCOTT'
and
object_typein('TABLE','VIEW')

AndnowwhenweruntheaboveSQL,weshouldsomethinglikethefollowing.
MYSQL2Execute

GrantselectonSCOTT.DEPTtoRole_scott
GrantselectonSCOTT.EMPtoRole_scott
GrantselectonSCOTT.BONUStoRole_scott
GrantselectonSCOTT.SALGRADEtoRole_scott

Note:youmayseemorethan4tablesabove.Ifyouseemore,thenitisjustthatscottownsmoreobjectsthanwhatIhaveinmydatabase.
#8.2Nowcopypastetheabovegrantsinthepromptasfollows(notewecouldhaveusedtospooltoa.sqlfileandrunitlaterasascriptbutfornow,lets
justrelyoncopypasteandexecutetheaboveinSQLPlusutility).
GrantselectonSCOTT.DEPTtoRole_scott
GrantselectonSCOTT.EMPtoRole_scott
GrantselectonSCOTT.BONUStoRole_scott
GrantselectonSCOTT.SALGRADEtoRole_scott
#9.NowletsgrantROLE_SCOTT(theonewecreatedinStep#7)toROLE_DEVELOPERS(theonewecreatedinStep#2).
GrantRole_ScotttoRole_Developers
#10.Atthispoint,letsgrantROLE_DEVELOPERStoallDevuserscreatedinStep#1.
GrantRole_DeveloperstoDev1,Dev2,Dev3

#11.Thatsit.LetsverifyDev1,Dev2andDev3canreadscottstablesandviews.WhilestillconnectedasSYSorsystem,letsexecutethe
following:

conndev1/abc123
Setlinesize200
Setpagesize200
select*fromscott.emp
select*fromscott.dept
select*fromscott.bonus
select*fromsalgrade
Showuser
conndev2/abc123
Setlinesize200
Setpagesize200
select*fromscott.emp
select*fromscott.dept
select*fromscott.bonus
select*fromsalgrade
Showuser
conndev3/abc123
Setlinesize200
Setpagesize200
select*fromscott.emp
select*fromscott.dept
select*fromscott.bonus
select*fromsalgrade
Showuser

#12.AsDBA,verifythepermissionsontherolesyoucreatedinthisexercise.
connsystem/abc123
colROLEformata14
colownerformata12
coltable_nameformata15
colcolumn_nameformata12
colprivilegeformata10
setlinesize200
setpagesize200
breakonRoleskip1
breakonownerskip1
select*fromROLE_TAB_PRIVSwhererole='ROLE_SCOTT'

ROLE
OWNER

ROLE_SCOTT
SCOTT
ROLE_SCOTT
SCOTT
ROLE_SCOTT
SCOTT
ROLE_SCOTT
SCOTT

TABLE_NAME
COLUMN_NAME
PRIVILEGE
GRA

EMP
SELECT
NO
SALGRADE
SELECT
NO
DEPT
SELECT
NO
BONUS
SELECT
NO

DothesamethingfortheroleyoucreatedinStep#2andStep#4.
Nextweek,wewillbeworkingonobjectprivilegeswithwithgrantoptionsandsystemprivilegeswithwithadminoptions.Goodluck.
MoidMuhammad