Page 85 - DCAP402_DCAO204_DATABASE MANAGEMENT SYSTEM_MANAGING DATABASE
P. 85
Database Management Systems/Managing Database
Notes
You can explicitly authorize all relevant PL/SQL Developer functionality to specific Oracle
users and roles. In a development database you will allow all developers all functionality, in a
test database you will typically not allow a user to alter objects, and in a production database
you would typically disable all functions for most users that could alter the database or take up
too much resources and would affect performance.
By granting PL/SQL Developer privileges to roles you can customize authorization for specific
groups of people. You can make use of existing roles that implicitly map to a user group (such
as DBA and RESOURCE) or you can create roles specifically for PL/SQL Developer user groups.
To prevent all PL/SQL Developer users from accessing a specific database, you can simply not
grant the System.Logon privilege to any user or role.
5.3 DCL Commands
Data control language (DCL) refers to the subgroup of SQL statements that controls access to
database objects and data.
This sub-category of SQL statements is of particular interest to database administrators managing
database user groups, and user IDs. DCL statements are used at the database level to control who
can execute SQL statements, restrict what SQL statements users can execute, and to assign
authorities to users so that they can execute a pre-defined set of SQL statements. Although user
access to the database can also be administered at the operating system level or by using security
plugins, DCL statements provide the most direct method for granting and revoking user
privileges and authorities. Database administrators grant or revoke user privileges when a new
user is added, a user is removed, a user’s privileges are to be restricted or relaxed due to a change
in security policy, or when special situations warrant a user being granted new privileges to
execute a SQL statement.
78 LOVELY PROFESSIONAL UNIVERSITY
