Добавил:
Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
Скачиваний:
23
Добавлен:
16.04.2013
Размер:
2.15 Mб
Скачать

Disabling SQL*Plus, SQL, and PL/SQL Commands

Numeric_Value

SQL*Plus ignores this column. It is recommended that you

 

enter NULL in this column. Other products may store

 

numeric values in this column.

Char_Value

Must contain the character string “DISABLED” to disable a

 

SQL, SQL*Plus, or PL/SQL command. If you are disabling a

 

role, it must contain the name of the role you wish to disable.

 

You cannot use a wildcard.

Date_Value

SQL*Plus ignores this column. It is recommended that you

 

enter NULL in this column. Other products may store DATE

 

values in this column.

Long_Value

SQL*Plus ignores this column. It is recommended that you

 

enter NULL in this column. Other products may store LONG

 

values in this column.

PUP Table Administration

The DBA username SYSTEM owns and has all privileges on the PUP table. Other Oracle usernames should have only SELECT access to this table, which allows a view of restrictions of that username and those restrictions assigned to PUBLIC. The command file PUPBLD.SQL, when run, grants SELECT access on the PUP table to PUBLIC.

Disabling SQL*Plus, SQL, and PL/SQL Commands

To disable a SQL or SQL*Plus command for a given user, insert a row containing the user’s username in the Userid column, the command name in the Attribute column, and DISABLED in the Char_Value column.

The Scope, Numeric_Value, and Date_Value columns should contain NULL. For example:

PRODUCT

USERID

ATTRIBUTE

SCOPE

NUMBERIC

CHAR

DATE

 

 

 

 

VALUE

VALUE

VALUE

-------

------

---------

-----

--------

------

-----

SQL*Plus

HR

HOST

 

 

DISABLED

 

SQL*Plus

%

INSERT

 

 

DISABLED

 

SQL*Plus

%

UPDATE

 

 

DISABLED

 

SQL*Plus

%

DELETE

 

 

DISABLED

 

To re-enable commands, delete the row containing the restriction.

B-4 iSQL*Plus User’s Guide and Reference

Disabling SQL*Plus, SQL, and PL/SQL Commands

You can disable the following SQL*Plus commands:

COPY

SET (see note below)

EXECUTE

START

RUN

 

Note: Disabling the SQL*Plus SET command will also disable the SQL SET ROLE and SET TRANSACTION commands. Disabling the SQL*Plus START command will also disable the SQL*Plus @ and @@ commands.

You can also disable the following SQL commands:

ALTER

LOCK

ANALYZE

NOAUDIT

AUDIT

RENAME

CONNECT

REVOKE

CREATE

SELECT

DELETE

SET ROLE

DROP

SET TRANSACTION

GRANT

TRUNCATE

INSERT

UPDATE

You can also disable the following PL/SQL commands:

BEGIN

DECLARE

Note: Disabling BEGIN and DECLARE does not prevent the use of the SQL*Plus EXECUTE command. EXECUTE must be disabled separately.

Security B-5

Тут вы можете оставить комментарий к выбранному абзацу или сообщить об ошибке.

Оставленные комментарии видны всем.

Соседние файлы в папке Oracle 9.0.1