Privilege(񀀥)
--------------------------------------------------------------------------------
Session/System Control Language(SCL)¿¡ °üÇÑ ÀÚ¼¼ÇÑ ³»¿ëÀº ÀÌ°÷À» Ŭ¸¯ÇÑ´Ù.
--------------------------------------------------------------------------------
±ÇÇÑÀ̶õ SQL ¹®À» ½ÇÇàÇϰųª, µ¥ÀÌÅͺ£À̽º³ª µ¥ÀÌÅͺ£À̽ºÀÇ °´Ã¼¿¡ Á¢±ÙÇÒ ¼ö ÀÖ´Â ±ÇÇÑÀ» ÀǹÌÇÑ´Ù.
ÀÌó·³ ±ÇÇÑÀº
1) DBA°¡ »ç¿ëÀÚ¿¡°Ô Á÷Á¢ ºÎ¿© ÇÒ ¼öµµ ÀÖ°í
2) ROLEÀ» »ý¼ºÇÏ¿© ·Ñ¿¡ ±ÇÇÑÀ» ºÎ¿©ÇÑ µÚ ±× ·ÑÀ» »ç¿ëÀÚ¿¡°Ô ºÎ¿©ÇÏ´Â °Íó·³ °£Á¢ÀûÀ¸·Î ºÎ¿© ÇÏ´Â ¹æ¹ýµµ ÀÖ´Ù.
±ÇÇÑ ¶Ç´Â ·ÑÀ» ºÎ¿© ¹ÞÀº »ç¿ëÀÚ´Â µ¥ÀÌÅͺ£À̽º¿¡¼ µ¥ÀÌÅÍ Á¶ÀÛÀÌ °¡´ÉÇÏ°Ô µÈ´Ù.
Áï, »ç¿ëÀÚ´Â ±ÇÇÑÀ» ¹Þ¾Æ¾ß¸¸ DB¿¡ access(Á¢±Ù), create(»ý¼º), select(°Ë»ö), insert(»ðÀÔ)µîÀÇ ÀÛ¾÷À» ÇÒ ¼ö ÀÖ´Ù.
±ÇÇÑÀº system privilege¿Í object privilege·Î ±¸ºÐµÇ¸ç, »ç¿ëÀÚ´Â DB¿¡ Á¢±ÙÇϱâ À§ÇØ ½Ã½ºÅÛ ±ÇÇÑÀÌ ÇÊ¿äÇÏ°í, µ¥ÀÌÅͺ£À̽ºÀÇ °´Ã¼¸¦ Á¶ÀÛÇϱâ À§ÇØ °´Ã¼ ±ÇÇÑÀÌ ÇÊ¿äÇÏ°Ô µÈ´Ù.
Áï, ½Ã½ºÅÛ ±ÇÇÑÀº µ¥ÀÌÅͺ£À̽º ¾ÈÀÇ ¸ðµç Å×À̺íÀ» °Ë»öÇÒ ¼ö ÀÖ´Â ±ÇÇÑÀ̸ç,
°´Ã¼ ±ÇÇÑÀº »ç¿ëÀÚ¿¡°Ô ÇϳªÀÇ Æ¯Á¤ Å×ÀÌºí¸¸À» °Ë»öÇÒ ¼ö ÀÖ°Ô ÇÏ´Â ±ÇÇÑÀÌ´Ù.
±ÇÇÑÀÇ Á¾·ù ±ÇÇÑÀÇ Á¾·ù ¼³¸í
½Ã½ºÅÛ ±ÇÇÑ(SYSTEM privilege) µ¥ÀÌÅͺ£À̽º °´Ã¼¸¦ »ý¼º, ¼öÁ¤, »èÁ¦ ±ÇÇÑ
°´Ã¼ ±ÇÇÑ(OBJECT privilege) object ³»¿ëÀ» Á¶ÀÛ(Ãß°¡, º¯°æ, »èÁ¦, °Ë»ö)ÇÒ ¼ö ÀÖ´Â ±ÇÇÑ
½Ã½ºÅÛ(system) ±ÇÇÑ
• ½Ã½ºÅÛ ±ÇÇÑÀº ƯÁ¤ DB ¿¬»ê ¶Ç´Â ÀÛ¾÷À» ¼öÇàÇϱâ À§ÇÏ¿© ÇÊ¿äÇÑ ±ÇÇÑÀÌ´Ù.
• ÀÌ·¯ÇÑ ÀÛ¾÷¿¡´Â Å×À̺í, ºä, undo segment, ÇÁ·Î½ÃÁ®ÀÇ »ý¼º, »èÁ¦, ¼öÁ¤µîÀÌ ÀÖ´Ù.
• ½Ã½ºÅÛ ±ÇÇÑÀº ÁÖ·Î DBA°¡ ºÎ¿©ÇÑ´Ù.
• system_privilege_map ºä¸¦ ÅëÇØ Àüü ½Ã½ºÅÛ ±ÇÇÑÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù.
SQL> desc system_privilege_map;
Name Null? Type
----------------------------------------- -------- ----------------------------
PRIVILEGE NOT NULL NUMBER
NAME NOT NULL VARCHAR2(40)
PROPERTY NOT NULL NUMBER
SQL> select count(*) from system_privilege_map;
COUNT(*)
----------
206
SQL>
• ´ÙÀ½Àº ½Ã½ºÅÛ ±ÇÇÑ Áß¿¡¼ ¸î°³¿¡ ´ëÇؼ ¼³¸íÇÑ´Ù.
½Ã½ºÅÛ ±ÇÇÑ ¼³¸í CREATE SESSION DB¿¡ ¿¬°áÇÒ¼ö ÀÖ´Â ±ÇÇÑ RESTRICTED SESSION DB¸¦ startup restricted·Î ½ÃÀÛÇÒ ¼ö ÀÖ´Â ±ÇÇÑ CREATE TABLE user¼ÒÀ¯ schema ¾È¿¡¼ table ¶Ç´Â index¸¦ »ý¼ºÇÒ ¼ö ÀÖ´Â ±ÇÇÑ SELECT ANY TABLE ¾î¶² schema¿¡¼³ª ¸ðµç table, view ¶Ç´Âsnap shot¿¡ ´ëÇÑ °Ë»öÀ» ½ÇÇàÇÒ ¼ö ÀÖ´Â ±ÇÇÑ ALTER SYSTEM alter system ¸í·ÉÀ» »ç¿ëÇÏ¿© system Á¤ÀǸ¦ º¯°æÇÒ ¼ö ÀÖ´Â ±ÇÇÑ CREATE ROLE ¿À¶óŬ DATABASE ROLEÀ» »ý¼ºÇÒ ¼ö ÀÖ´Â ±ÇÇÑ INSERT ANY TABLE ¾î¶² schema¿¡¼³ª ¸ðµç table, view¿¡ µ¥ÀÌÅ͸¦ ÀÔ·ÂÇÒ ¼ö ÀÖ´Â ±ÇÇÑ DROP USER »ý¼ºÇÑ user¸¦ »èÁ¦½Ãų ¼ö ÀÖ´Â ±ÇÇÑ CREATE USER create user¸¦ ÀÌ¿ëÇÏ¿© user¸¦ »ý¼ºÇÒ ¼ö ÀÖ´Â ±ÇÇÑ ALTER USER alter user¸¦ ÀÌ¿ëÇÏ¿© »ý¼ºÇÑ userÀÇ Á¤ÀǸ¦ º¯°æÇÒ ¼ö ÀÖ´Â ±ÇÇÑ
• create table ±ÇÇÑ¿¡ create index¿Í analyze ¸í·ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ´Â ±ÇÇÑÀÌ Æ÷ÇԵǾî Àֱ⠶§¹®¿¡ index »ý¼º°ú °ü·ÃÇÑ ½Ã½ºÅÛ ±ÇÇÑÀÌ ¾ø´Ù.
--------------------------------------------------------------------------------
½Ã½ºÅÛ ±ÇÇÑ ºÎ¿©
´ÙÀ½ ¹®ÀÚ Çü½ÄÀ» ÀÌ¿ëÇÏ¿© system privilege¿Í roleÀ» ºÎ¿©ÇÑ´Ù.
¡¼Çü½Ä¡½
GRANT ½Ã½ºÅÛ±ÇÇÑ¸í ¶Ç´Â ·Ñ¸í TO »ç¿ëÀÚ¸í ¶Ç´Â ·Ñ¸í ¶Ç´Â PUBLIC
[WITH ADMIN OPTION];
• system ±ÇÇÑÀº ÁÖ·Î DBA°¡ ´Ù¸¥ user°¡ ºÎ¿©ÇÑ´Ù.
• GRANT ¹®À¸·Î ±ÇÇÑÀ» ÁöÁ¤ÇÑ´Ù.
• TO µÚ¿¡ ±ÇÇÑÀ» ¹ÞÀ» user¸¦ ÁöÁ¤ÇÑ´Ù.
• WITH ADMIN OPTIONÀº ÇØ´ç ½Ã½ºÅÛ ±ÇÇÑÀ» ´Ù¸¥ »ç¿ëÀÚ³ª ·Ñ¿¡ ÀçºÎ¿©¸¦ Çã¿ë
• PUBLICÀº ¸ðµç »ç¿ëÀÚ¿¡°Ô ±ÇÇÑÀ» ÁÖ±â À§ÇÑ °ÍÀ¸·Î ±ÇÇÑÀ» ÁÖ´Â ÂÊÀº ½ÅÁßÇØ¾ß ÇÑ´Ù. PUBLICÀ¸·Î ¼±¾ðµÈ ±ÇÇÑÀº ÀÌ ÈÄ¿¡ »õ·Î »ý¼ºµÈ »ç¿ëÀÚ¿¡°Ôµµ ÀÚµ¿À¸·Î ÇØ´ç ±ÇÇÑÀÌ ºÎ¿©µÇ±â ¶§¹®ÀÌ´Ù.
• ½Ã½ºÅÛ ±ÇÇÑÀº DB Á¤ÀǸ¦ º¯°æÇÒ ¼ö Àֱ⠶§¹®¿¡ ±ÇÇÑÀ» ¹ÞÀº ÂÊÀÇ ÅëÁ¦°¡ ¿ä±¸µÈ´Ù.
¡¼¿¹Á¦¡½
SQL> connect / as sysdba
SQL> create user kim ¢Ð »õ·Î¿î userÀÎ kimÀ» ¸¸µë
2 identified by kun114$;
User created.
SQL> GRANT CREATE table, CREATE view TO jijoe; ¢Ð jijoe¿¡°Ô ±ÇÇÑÀ» ºÎ¿©ÇÔ
Grant succeeded.
SQL> connect jijoe/password
Connected.
SQL> select * from USER_sys_privs; ¢Ð ADMIN ±ÇÇÑÀ» ¹Þ¾Ò´ÂÁö È®ÀÎÇÏ´Â ºä
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
JIJOE CREATE VIEW NO
JIJOE CREATE TABLE NO
JIJOE CREATE SESSION NO
JIJOE UNLIMITED TABLESPACE NO
¢Ð ADM Çʵ尡 NOÀ̸é ADMIN ±ÇÇ×ÀÌ ºÎ¿© µÇÁö ¾Ê¾ÒÀ½À» ³ªÅ¸³¿
SQL> GRANT CREATE table, CREATE view TO kim; ¢Ð ADMIN ±ÇÇÑÀÌ ¾ø´Â »óÅ¿¡¼ kim¿¡°Ô ±ÇÇÑÀ» ÁÖ·Á°í ÇÔ
GRANT CREATE table, CREATE view TO kim
*
ERROR at line 1:
ORA-01031: insufficient privileges ¢Ð ±ÇÇÑÀÌ ¾ø´Ù°í ¾Ë·Á ÁÜ
SQL> conn system/password as sysdba
Connected.
SQL> grant create table, create view TO jijoe
2 WITH ADMIN OPTION; ¢Ð ADMIN ¿É¼ÇÀ¸·Î table,view¸¦ ¸¸µé ¼ö ÀÖ´Â ±ÇÇÑÀ» jijoe¿¡°Ô ÁÜ
Grant succeeded.
SQL> conn jijoe/password
Connected.
SQL> select * from user_sys_privs; ¢Ð ADMIN ±ÇÇÑÀ» ¹Þ¾Ò´ÂÁö È®ÀÎÇÏ´Â ºä
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
JIJOE CREATE VIEW YES
JIJOE CREATE TABLE YES
JIJOE CREATE SESSION NO
JIJOE UNLIMITED TABLESPACE NO
¢Ð ADM Çʵ尡 YESÀ̸é ADMIN ±ÇÇÑÀÌ ºÎ¿© µÇ¾úÀ½À» ³ªÅ¸³¿
SQL> GRANT CREATE table, CREATE view TO kim;
¢Ð ADMIN ±ÇÇÑÀ» ºÎ¿© ¹ÞÀº jijoe°¡ »ç¿ëÀÚ kim¿¡°Ô ±ÇÇÑÀ» ºÎ¿©ÇÒ ¼ö ÀÖÀ½
Grant succeeded.
SQL>
´ÙÀ½ ¿¹Á¦´Â DBA°¡ ¸ðµç user¿¡°Ô »õ·Î¿î user »ý¼º ±ÇÇÑÀ» ¿¹ÀÌ´Ù.(Àý´ë ±ÇÀåÇÏÁö ¾ÊÀ½)
¡¼¿¹Á¦¡½
SQL> connect system/password as sysdba
Connected.
SQL> CREATE USER kim2 identified by kim2##;
User created.
SQL> GRANT create session TO kim2;
Grant succeeded.
SQL> GRANT create USER TO PUBLIC;
Grant succeeded.
SQL> connect kim2/kim2##;
Connected.
SQL> SELECT * FROM USER_SYS_PRIVS;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
KIM2 CREATE SESSION NO
PUBLIC CREATE USER NO
SQL> create user kim3 IDENTIFIED BY kim3###;
User created.
SQL> conn kim3/kim3###;
ERROR:
ORA-01045: user KIM3 lacks CREATE SESSION privilege; logon denied
Warning: You are no longer connected to ORACLE.
SQL> conn system/password as sysdba
SQL> GRANT connect TO kim3;
Grant succeeded.
SQL> conn kim3/kim3###;
Connected.
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
PUBLIC CREATE USER NO
SQL>
PUBLICÀ» »ç¿ëÇÏ¿© CREATE USER¶ó´Â ½Ã½ºÅÛ ±ÇÇÑÀ» ÁÖ¾úÀ» ¶§ ¸ðµç userµéÀÌ ±× ±ÇÇÑÀ» ºÎ¿© ¹Þ°Ô µÈ´Ù. µû¶ó¼ ¾î¶°ÇÑ user·Î Á¢¼ÓÇصµ »õ·Î¿î user¸¦ »ý¼ºÇÒ ¼ö ÀÖ°Ô µÈ´Ù.
±×·¯³ª, kim2°¡ CREATE USER ±ÇÇÑÀº ºÎ¿© ¹ÞÁö ¾Ê¾ÒÀ½À» ¾Ë ¼ö ÀÖ´Ù.
--------------------------------------------------------------------------------
DBA_sys_PRIVS ·ÑÀ̳ª »ç¿ëÀÚ¿¡°Ô ºÎ¿©µÈ ¸ðµç ½Ã½ºÅÛ ±ÇÇÑÀ» Á¶È¸
session_PRIVS Session LevelÀÇ ½Ã½ºÅÛ ±ÇÇÑÀ» È®ÀÎ
SYSTEM_PRIVILEGE_MAP Àüü ½Ã½ºÅÛ ±ÇÇÑÀ» È®ÀÎ
--------------------------------------------------------------------------------
½Ã½ºÅÛ ±ÇÇÑ È¸¼ö
REVOKE ¸í·ÉÀ» »ç¿ëÇÏ¿© ºÎ¿©µÈ ½Ã½ºÅÛ ±ÇÇÑÀ» ȸ¼öÇÏ´Â ¹®ÀåÀÇ Çü½ÄÀº ´ÙÀ½°ú °°´Ù.
¡¼Çü½Ä¡½
REVOKE ½Ã½ºÅÛ±ÇÇѸí, ·Ñ¸í FROM »ç¿ëÀÚ¸í, ·Ñ¸í, PUBLIC
¡¼¿¹Á¦¡½
SQL> connect kim3/kim3###
Connected.
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
PUBLIC CREATE USER NO
SQL> connect kim2/kim2##
Connected.
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
KIM2 CREATE SESSION NO
PUBLIC CREATE USER NO
SQL> conn system/password as sysdba
Connected.
SQL> REVOKE CREATE user FROM PUBLIC;
Revoke succeeded.
SQL> conn kim2/kim2##
Connected.
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
KIM2 CREATE SESSION NO
SQL> conn kim3/kim3###
Connected.
SQL> select * from user_sys_privs;
no rows selected
SQL>
--------------------------------------------------------------------------------
SQL> conn jijoe/password
Connected.
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
JIJOE CREATE VIEW YES
JIJOE CREATE TABLE YES
JIJOE CREATE SESSION NO
JIJOE UNLIMITED TABLESPACE NO
SQL> conn system/password as sysdba
Connected.
SQL> REVOKE CREATE TABLE,CREATE VIEW FROM jijoe;
Revoke succeeded.
SQL> conn jijoe/password
Connected.
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
JIJOE CREATE SESSION NO
JIJOE UNLIMITED TABLESPACE NO
SQL>
• ¸¸¾à ¿©·¯°³ÀÇ ±ÇÇÑÀ» ºÎ¿©Çß´Ù¸é, REVOKE·Î ¼±ÅÃÀûÀ¸·Î ȸ¼öÇÒ ¼ö ÀÖ´Ù.
• Role¿¡ ¿©·¯ ±ÇÇÑÀ» ºÎ¿© Çß´Ù¸é, REVOKE ROLEÀ» ¼öÇàÇÒ ¶§, ƯÁ¤ ±ÇÇѸ¸ µû·Î ȸ¼ö ÇÒ ¼ö ¾ø´Ù.
• ½Ã½ºÅÛ ±ÇÇÑÀ» ȸ¼öÇϸé ÀϺΠÁ¾¼ÓµÈ °´Ã¼¿¡ ¿µÇâÀ» ÁÙ ¼ö ÀÖ´Ù. ¿¹¸¦ µé¾î, A°¡ B·ÎºÎÅÍ table select ±ÇÇÑÀ» ºÎ¿© ¹ÞÀº »óÅ¿¡¼, A°¡ BÀÇ tableÀ» selectÇؼ view¸¦ »ý¼ºÇÏ¿´´Âµ¥, B°¡ AÀÇ ±ÇÇÑÀ» ȸ¼öÇϸé, A´Â ´õÀÌ»ó ±× view¸¦ »ç¿ëÇÒ ¼ö ¾ø°Ô µÈ´Ù.
• WITH ADMIN OPTIONÀÇ »ç¿ë ¿©ºÎ¿Í »ó°ü¾øÀÌ ½Ã½ºÅÛ ±ÇÇÑÀÌ È¸¼ö µÉ ¶§´Â Á¦3ÀÚÀÇ ±ÇÇѵµ ÇÔ²² ȸ¼öµÇÁö ¾Ê´Â´Ù. ¿¹¸¦ µé¾î, A°¡ ±ÇÇÑÀ» ȸ¼öÇÒ ¶§ BÀÇ ±ÇÇѸ¸ ȸ¼öÇÏÁö CÀÇ ±ÇÇÑÀº ȸ¼öÇÏÁö´Â ¾Ê´Â´Ù. C´Â ¿©ÀüÈ÷ ±× ±ÇÇÑÀ» °®°í ÀÖ°Ô µÈ´Ù.
°´Ã¼(object) ±ÇÇÑ
• Object privilege¶õ ƯÁ¤ÇÑ table view, sequence, procedure, function, packageµî¿¡ ´ëÇÑ Æ¯Á¤ÇÑ ÀÛ¾÷À» ¼öÇàÇÏ´Â ±ÇÇÑÀÌ´Ù. ¿¹¸¦ µé¾î, »ç¿ëÀÚ kimÀÇ PERSONNEL tableÀ» SELECT ÇÒ ¼ö ÀÖµµ·Ï Çϰųª SYSTEM userÀÇ TEST procedure¸¦ ½ÇÇàÇÒ ¼ö ÀÖ´Â ±ÇÇÑó·³ ƯÁ¤ object¿¡ ´ëÇÑ ±ÇÇÑÀ» ¶æÇÑ´Ù.
• °´Ã¼¿¡ ´ëÇØ ±ÇÇÑ ºÎ¿© ¹× ȸ¼ö ¹æ¹ýÀº SYSTEM ±ÇÇÑ°ú À¯»çÇϸç, ´Ù¸¸ ´ë»ó °´Ã¼¸¦ ¸í½ÃÇÑ´Ù´Â Á¡ÀÌ ´Ù¸£´Ù.
• °´Ã¼¿¡ ´ëÇÑ ¼ÒÀ¯ÀÚ´Â °´Ã¼¿¡ ´ëÇÑ ¸ðµç ±ÇÇÑÀ» °¡Áø´Ù.
• °´Ã¼ ±ÇÇÑÀ» ºÎ¿©Çϱâ À§Çؼ´Â °´Ã¼ÀÇ ¼ÒÀ¯ÀÚÀ̰ųª, WITH ADMIN OPTIONÀ¸·Î ±ÇÇÑÀ» ºÎ¿© ¹Þ¾Æ¾ß ÇÑ´Ù.
• °´Ã¼ ¼ÒÀ¯ÀÚ´Â °´Ã¼¿¡ ´ëÇÑ Æ¯Á¤ÇÑ ±ÇÇÑÀ» Á¦°øÇÒ ¼ö ÀÖ´Ù.
°´Ã¼ ±ÇÇÑÀÇ Á¾·ù¿Í ¹üÀ§ TABLE ±ÇÇÑ VIEW ±ÇÇÑ SEQUENCE ±ÇÇÑ PROCEDURE ±ÇÇÑ SNAPSHOT ±ÇÇÑ
INSERT 0 0
UPDATE 0 0
DELETE 0 0
ALTER 0 0 0 0
INDEX 0 0
SELECT 0 0 0 0
EXECUTE 0
REFERENCES 0
´ÙÀ½Àº °¢°¢ÀÇ ±ÇÇÑÀÌ ÇàÇÒ ¼ö ÀÖ´Â ±â´ÉÀÌ´Ù.
alter ±ÇÇÑÀ» ¹ÞÀº »ç¿ëÀÚ°¡ º¯°æÇÒ ¼ö ÀÖµµ·Ï Çã¿ë
audit ±ÇÇÑÀ» ¹ÞÀº »ç¿ëÀÚ°¡ °¨»ç¸¦ ÇÒ ¼ö ÀÖµµ·Ï Çã¿ë
comment ±ÇÇÑÀ» ¹ÞÀº »ç¿ëÀÚ°¡ ÁÖ¼®À» ´Þ ¼ö ÀÖµµ·Ï Çã¿ë
delete ±ÇÇÑÀ» ¹ÞÀº »ç¿ëÀÚ°¡ »èÁ¦ÇÒ ¼ö ÀÖµµ·Ï Çã¿ë
grant ±ÇÇÑÀ» ¹ÞÀº »ç¿ëÀÚ°¡ ºÎ¿©ÇÒ ¼ö ÀÖµµ·Ï Çã¿ë
index ±ÇÇÑÀ» ¹ÞÀº »ç¿ëÀÚ°¡ table¿¡ ´ëÇØ À妽º¸¦ »ý¼ºÇÒ ¼ö ÀÖµµ·Ï Çã¿ë
insert ±ÇÇÑÀ» ¹ÞÀº »ç¿ëÀÚ°¡ »ðÀÔÇÒ ¼ö ÀÖµµ·Ï Çã¿ë
lock ±ÇÇÑÀ» ¹ÞÀº »ç¿ëÀÚ°¡ lockingÇÒ ¼ö ÀÖµµ·Ï Çã¿ë
rename ±ÇÇÑÀ» ¹ÞÀº »ç¿ëÀÚ°¡ À̸§À» º¯°æÇÒ ¼ö ÀÖµµ·Ï Çã¿ë
select ±ÇÇÑÀ» ¹ÞÀº »ç¿ëÀÚ°¡ Á¶È¸ÇÒ ¼ö ÀÖµµ·Ï Çã¿ë
update ±ÇÇÑÀ» ¹ÞÀº »ç¿ëÀÚ°¡ °»½ÅÇÒ ¼ö ÀÖµµ·Ï Çã¿ë
references ±ÇÇÑÀ» ¹ÞÀº »ç¿ëÀÚ°¡ ÀڷḦ ÂüÁ¶ÇÒ ¼ö ÀÖµµ·Ï Çã¿ë
execute ±ÇÇÑÀ» ¹ÞÀº »ç¿ëÀÚ°¡ procedure,function,package¿¡ ´ëÇØ ½ÇÇàÇÒ ¼ö ÀÖµµ·Ï Çã¿ë
--------------------------------------------------------------------------------
°´Ã¼ ±ÇÇÑ ºÎ¿©(GRANT)
¡¼Çü½Ä¡½
GRANT °´Ã¼±ÇÇÑ, ALL[Ä÷³¸í,...]
ON ´ë»ó°´Ã¼
TO »ç¿ëÀÚ¸í, ·Ñ¸í, PUBLIC
WITH GRANT OPTION;
• ±ÇÇÑÀ» ºÎ¿©ÇÏ·Á¸é, °´Ã¼°¡ ÀÚ½ÅÀÇ schema¿¡ Àְųª WITH GRANT OPTION±ÇÇÑÀ» °®°í ÀÖ¾î¾ß ÇÑ´Ù.
• °´Ã¼ÀÇ ¼ÒÀ¯ÀÚ´Â DB³»ÀÇ ¾î¶² »ç¿ëÀÚ³ª role¿¡°Ôµµ ÇØ´ç °´Ã¼¿¡ ´ëÇÑ ¾î¶² °ÍÀÌ¶óµµ ºÎ¿©ÇÒ ¼ö ÀÖ´Ù.
• SYSTEM ±ÇÇÑ°ú ¸¶Âù°¡Áö·Î °´Ã¼ ±ÇÇÑÀÇ GRANTµµ ONÀýÀ» »ç¿ëÇÏ¿© ´ë»ó°´Ã¼¸¦ ¸í½ÃÇÑ´Ù´Â Á¡¸¸ ´Ù¸£´Ù.
• GRANTÀý µÚ¿¡´Â ±ÇÇÑÀ» ÀÏÀÏÀÌ ³ª¿ÇÏ´Â ´ë½Å¿¡ ALLÀ̶ó´Â keyword¸¦ »ç¿ëÇÏ¿© ON µÚ¿¡ ³ª¿À´Â °´Ã¼¿¡ ´ëÇؼ ¸ðµç °´Ã¼±ÇÇÑÀ» ´Ù ºÎ¿©ÇÒ ¼ö ÀÖ´Ù.
• GRANT½Ã °´Ã¼±ÇÇÑÀ» table Àüü°¡ ¾Æ´Ñ ƯÁ¤ Ä÷³¿¡ ´ëÇØ ÁöÁ¤ÀÌ °¡´ÉÇÏ´Ù.
¿¹¸¦ µé¾î, »ç¿ëÀÚ KIMÀÇ AA table¿¡ ´ëÇØ INSERT ±ÇÇÑÀ» ÁÙ¶§ PNAME°ú PNO¿¡ ´ëÇؼ¸¸ INSERT ±ÇÇÑÀ» ºÎ¿©ÇÒ ¼ö ÀÖ´Ù. ±×·¯³ª,ÀÌ´Â INSERT,UPDATE,REFERENCES±ÇÇÑ¿¡ ´ëÇؼ¸¸ °¡´ÉÇÏ´Ù.
• ´Ù¸¥ »ç¿ëÀÚ¿¡ ´ëÇØ ±ÇÇÑÀ» ºÎ¿©ÇÏ·Á¸é, schema.°´Ã¼¸í Çü½ÄÀ» »ç¿ëÇÑ´Ù.
¡¼¿¹Á¦¡½
SQL> connect system/password as sysdba
SQL> create user kim identified by gun;
SQL> grant connect,resource to kim;
SQL> create user kim2 identified by gun2;
SQL> grant connect,resource to kim2;
SQL> conn kim/gun
SQL> create table aa(pno number(3),pname varchar2(10));
SQL> insert into aa values(111,'COREA');
SQL> insert into aa values(222,'CHINA');
SQL> select * from aa;
PNO PNAME
---------- ----------
111 COREA
222 CHINA
SQL> select * from user_tab_privs;
no rows selected
SQL> select * from user_tab_privs_recd;
no rows selected
SQL> grant select ON aa TO kim2; ¢Ð aa °´Ã¼¿¡ ´ëÇÑ ±ÇÇÑÀ» kim2¿¡°Ô ºÎ¿©ÇÔ
Grant succeeded.
SQL> conn kim2/gun2;
SQL> select * from user_tab_privs; ¢Ð »ç¿ëÀÚ¿¡°Ô ÁÖ¾îÁø °´Ã¼±ÇÇÑ Á¶È¸
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRA HIE
------- ------- ----------- -------- ----------- --- ---
KIM2 KIM AA KIM SELECT NO NO
SQL> select * from user_tab_privs_recd; ¢Ð ºÎ¿©¹ÞÀº °´Ã¼ ±ÇÇÑ Á¤º¸¸¦ Á¶È¸
OWNER TABLE_NAME GRANTOR PRIVILEGE GRA HIE
---------- ------------ --------- ----------- --- ---
KIM AA KIM SELECT NO NO
SQL> select * from kim.aa; ¢Ð kim.aa °´Ã¼¸¦ kim2°¡ Á¶È¸ÇÒ ¼ö ÀÖÀ½
PNO PNAME
---------- ----------
111 COREA
222 CHINA
--------------------------------------------------------------------------------
SQL> conn kim/gun
Connected.
SQL>
SQL> grant insert(pno,pname),select ON aa
2 TO kim2; ¢Ð kim.aa°´Ã¼¿¡ kim2»ç¿ëÀÚ¿¡°Ô insert¿Í select ±ÇÇÑÀ» ºÎ¿©ÇÔ
Grant succeeded.
SQL> conn kim2/gun2
Connected.
SQL> select * from kim.aa;
PNO PNAME
---------- ----------
111 COREA
222 CHINA
SQL> insert into kim.aa values(333,'JAPAN'); ¢Ð kim2°¡ kim.aa °´Ã¼¿¡ insert¸¦ ½ÇÇàÇÔ
1 row created.
SQL> select * from kim.aa;
PNO PNAME
---------- ----------
111 COREA
222 CHINA
333 JAPAN
SQL> conn kim/gun
Connected.
SQL> select * from aa;
PNO PNAME
---------- ----------
111 COREA
222 CHINA
333 JAPAN
SQL> conn kim2/gun2;
Connected.
SQL> select * from user_tab_privs;
GRANTEE OWNER TABLE GRANT PRIVILEGE GRA HIE
-------- ----- ----- ----- ---------- --- ---
KIM2 KIM AA KIM SELECT NO NO
SQL> select * from user_tab_privs_recd;
OWNER TABLE GRANT PRIVILEGE GRA HIE
----- ----- ----- ---------- --- ---
KIM AA KIM SELECT NO NO
SQL>
--------------------------------------------------------------------------------
°´Ã¼ ±ÇÇÑ È¸¼ö(REVOKE)
¡¼Çü½Ä¡½
REVOKE °´Ã¼±ÇÇѸí
ON °´Ã¼¸í
FROM »ç¿ëÀÚ¸í, ·Ñ¸í, PUBLIC
[CASCADE CONSTRAINTS;
• REVOKE ¸í·ÉÀ» »ç¿ëÇÏ¿© °´Ã¼±ÇÇÑÀ» ȸ¼öÇÑ´Ù.
• ±ÇÇÑ ºÎ¿©ÀÚ´Â ÀÚ½ÅÀÌ ±ÇÇÑÀ» ºÎ¿©Çß´ø »ç¿ëÀÚ¿¡°Ô¸¸ ±ÇÇÑÀ» ȸ¼öÇÒ ¼ö ÀÖ´Ù.
• PUBLICÀ¸·Î ºÎ¿©µÈ °´Ã¼±ÇÇÑÀº SYSTEM ±ÇÇÑ°ú ´Þ¸® °¢°¢ ȸ¼öÇÒ ¼öµµ ÀÖ´Ù.
• CASCADE CONSTRAINTS ¿É¼ÇÀº REFERENCES±ÇÇÑÀ» ȸ¼öÇÒ ¶§ »ç¿ëÇÑ´Ù.
¿©±â¼ references±ÇÇÑÀ̶õ ¾î´À table¿¡ ´ëÇؼ foreign key¸¦ »ý¼ºÇÒ ¼ö ÀÖ´Â ±ÇÇÑÀ» ÀǹÌÇÑ´Ù. ¸¸¾à ÀÌ ±ÇÇÑÀ» ´Ù¸¥ »ç¿ëÀÚ¿¡°Ô ÁÖ¾ú´Ù°¡ ´Ù½Ã ȸ¼öÇÏ¸é ±× ±ÇÇÑÀ» ÀÌ¿ëÇØ ¸¸µç foreign key¿¡ ¹®Á¦°¡ ¹ß»ýÇÒ ¼ö ÀÖ´Ù. ±×·¡¼ references±ÇÇÑÀ» ȸ¼öÇØ ¿À¸é¼ ±× ±ÇÇÑ°ú °ü·ÃµÈÂüÁ¶¹«°á¼ºÁ¦¾àÀ» ÇÔ²² »èÁ¦Çϱâ À§ÇÏ¿© CASCADE CONSTRAINTS ¿É¼ÇÀ» »ç¿ëÇÑ´Ù.
¡¼¿¹Á¦¡½
SQL> conn kim/gun
Connected.
SQL> select * from user_tab_privs; ¢Ð kim»ç¿ëÀÚ°¡ ºÎ¿©ÇÑ °´Ã¼ ³»¿ëÀ» È®ÀÎÇÔ
GRANTEE OWNER TABLE GRANT PRIVILEGE GRA HIE
-------- ----- ----- ----- ---------- --- ---
KIM2 KIM AA KIM SELECT NO NO
SQL> select * from user_tab_privs_recd; ¢Ð kimÀÌ ¹ÞÀº °´Ã¼¸¦ È®ÀÎÇÔ
no rows selected
SQL> REVOKE select ON aa
2 FROM kim2; ¢Ð kim2¿¡°Ô ºÎ¿©µÈ aa°´Ã¼ÀÇ select ±ÇÇÑÀ» ȸ¼öÇÔ
Revoke succeeded.
SQL> select * from user_tab_privs; ¢Ð kimÀÌ ¾î¶² °´Ã¼µµ ±ÇÇѺο©ÇÑ °ÍÀÌ ¾øÀ½(¾ÆÁ÷µµ insert(pno,pname) °´Ã¼ ±ÇÇÑÀº ³²¾Æ ÀÖÀ½)
no rows selected
SQL> conn kim2/gun2
Connected.
SQL> insert into kim.aa values(444,'Honkong'); ¢Ð kimÀÌ kim2¿¡°Ô aa°´Ã¼¿¡ insert±ÇÇÑÀº ºÎ¿©µÇ¾î ÀÖÀ½
1 row created.
SQL> select * from kim.aa; ¢Ð kimÀÌ kim2·ÎºÎÅÍ aa°´Ã¼ÀÇ select ±ÇÇÑÀÌ È¸¼öµÈ »óÅÂÀÓ
select * from kim.aa
*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> conn kim/gun
Connected.
SQL> select * from aa; ¢Ð kim2°¡ kimÀÇ aa°´Ã¼¿¡ insert °´Ã¼ ±ÇÇÑÀÌ ºÎ¿©µÈ »óÅÂÀÓÀ» ¾Ë ¼ö ÀÖÀ½
PNO PNAME
---------- ----------
111 COREA
222 CHINA
333 JAPAN
444 Honkong
SQL> select * from user_col_privs; ¢Ð °´Ã¼ÀÇ Ä÷³ ±ÇÇÑÀ» È®ÀÎÇÔ
GRANTEE OWNER TABLE COLUMN_NAME GRANT PRIVILEGE GRA
-------- ----- ----- ------------------------------ ----- ---------- ---
KIM2 KIM AA PNAME KIM INSERT NO
KIM2 KIM AA PNO KIM INSERT NO
SQL> conn kim2/gun2
Connected.
SQL> select * from user_col_privs;
GRANTEE OWNER TABLE COLUMN_NAME GRANT PRIVILEGE GRA
-------- ----- ----- ------------------------------ ----- ---------- ---
KIM2 KIM AA PNAME KIM INSERT NO
KIM2 KIM AA PNO KIM INSERT NO
SQL>
--------------------------------------------------------------------------------
°´Ã¼ ±ÇÇÑ Á¶È¸
µ¥ÀÌÅͺ£À̽º ³»ÀÇ ¸ðµç °³Ã¼ ±ÇÇÑÀ» º¸¿©ÁÖ´Â DBA_TAB_PRIVS¿Í Ä÷³¿¡ ÁöÁ¤µÈ ¸ðµç °³Ã¼ ±ÇÇÑÀº DBA_COL_PRIVS¿¡ Ç¥½ÃµÈ´Ù.
¸ðµç »ç¿ëÀÚ¸¦ À§ÇÑ °´Ã¼ ±ÇÇÑ ºä data dictionary view ¼³¸í ALL_TAB_PRIVS »ç¿ëÀÚ ¶Ç´Â publicÀ¸·Î ºÎ¿©µÈ °´Ã¼ ±ÇÇÑ ºä ALL_TAB_PRIVS_MADE °¢ »ç¿ëÀÚ ±ÇÇÑ°ú »ç¿ëÀÚ ¼ÒÀ¯ÀÇ °´Ã¼ ±ÇÇÑ ºä ALL_TAB_PRIVS_RECD »ç¿ëÀÚ ¶Ç´Â publicÀ¸·Î ÁÖ¾îÁø °´Ã¼¿¡ ´ëÇÑ °´Ã¼ ±ÇÇÑ ºä TABLE_PRIVILEGES °´Ã¼ ±ÇÇÑ ¼ÒÀ¯ÀÚ, ºÎ¿©ÀÚ, ÇǺο©ÀÚÀ̰ųª publicÀ¸·Î ºÎ¿©µÈ °´Ã¼ ±ÇÇÑ ºä ALL_COL_PRIVS »ç¿ëÀÚ ¶Ç´Â publicÀ¸·Î ºÎ¿©µÈ Ä÷³ °´Ã¼ ±ÇÇÑ ºä ALL_COL_PRIVS_MADE °¢ »ç¿ëÀÚ ±ÇÇÑ°ú »ç¿ëÀÚ ¼ÒÀ¯ÀÇ Ä÷³ °´Ã¼ ±ÇÇÑ ºä ALL_COL_PRIVS_RECD »ç¿ëÀÚ ¶Ç´Â publicÀ¸·Î ÁÖ¾îÁø °´Ã¼¿¡ ´ëÇÑ Ä÷³ °´Ã¼ ±ÇÇÑ ºä COLUMN_PRIVILEGES °´Ã¼ ±ÇÇÑ ¼ÒÀ¯ÀÚ, ºÎ¿©ÀÚ, ÇǺο©ÀÚÀ̰ųª publicÀ¸·Î ºÎ¿©µÈ Ä÷³ °´Ã¼ ±ÇÇÑ ºä
ÀÏ¹Ý »ç¿ëÀÚ °´Ã¼ ±ÇÇÑ ºä data dictionary view ¼³¸í USER_TAB_PRIVS °´Ã¼ ±ÇÇÑ ¼ÒÀ¯ÀÚ, ºÎ¿©ÀÚ, ÇǺο©ÀÚÀÇ °´Ã¼ ±ÇÇÑ ºä USER_TAB_PRIVS_MADE »ç¿ëÀÚ°¡ ¼ÒÀ¯ÀÚÀÎ °´Ã¼ ±ÇÇÑ ºä USER_TAB_PRIVS_RECD °´Ã¼ ±ÇÇÑ ÇǺο©ÀÚ¸¦ À§ÇÑ ºä USER_COL_PRIVS °´Ã¼ ±ÇÇÑ ¼ÒÀ¯ÀÚ, ºÎ¿©ÀÚ,ÇǺο©ÀÚÀÇ Ä÷³¿¡ ±ÇÇÑ ºä USER_COL_PRIVS_MADE »ç¿ëÀÚ°¡ ¼ÒÀ¯ÇÑ Ä÷³¿¡ ±ÇÇÑ ºä USER_COL_PRIVS_RECD °´Ã¼ ±ÇÇÑ ÇǺο©ÀÚ¸¦ À§ÇÑ Ä÷³ÀÇ ºä
|