Apply restriction DML and DDL
Question
SELECT
D.OS_USERNAME
,D.terminal AS MACHINE
,D.OBJ_NAME
,D.ACTION_NAME
,D.timestamp
,D.Sql_Text
FROM DBA_AUDIT_TRAIL D
WHERE D.OWNER = 'HRADMIN'
AND D.ACTION_NAME LIKE '%INSERT%'
AND D.OS_USERNAME NOT IN ('MuhammadJav','zeeshankh1');
this query give me record
I want to apply limit or restriction so that only D.OS_USERNAME ('MuhammadJav','zeeshankh1','Alikh1') can run insert,update,delete,alter statements but other user can't insert,update,delete,alter the data.
1 answers
solution1
1 ACCPTED 2018-07-06 09:05:51
In Oracle, the privilege to insert, update or delete are managed on the user or role level. Those users are database users, just like your HRADMIN .
If the operating systems users like MuhammadJav, zeeshankh1, Alikh1 use the same oracle account, things become much more difficult.
DML statements like 'ALTER' or 'CREATE' are handled totally different. A user like 'HRADMIN' can do what he/she wants with the tables and other objects in it's own schema. It is possible, but very difficult to prevent this.
So, the traditional solution is to give MuhammadJav, zeeshankh1, Alikh1 their own oracle accounts and grant them the privileges you want as user HRADMIN:
GRANT INSERT,UPDATE,DELETE ON HRADMIN.your_table_name TO MUHAMMADJAV;
GRANT INSERT,UPDATE,DELETE ON HRADMIN.your_table_name TO ZEESHANKH1;
etc
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.