Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,400 --> 00:00:02,870 In this lesson, we're going to take 2 00:00:02,870 --> 00:00:05,040 a look at system privileges. 3 00:00:05,040 --> 00:00:08,480 So Oracle has two classes of privileges 4 00:00:08,480 --> 00:00:11,960 that can be given to a user account, system privileges 5 00:00:11,960 --> 00:00:13,680 and object privileges. 6 00:00:13,680 --> 00:00:16,230 So system privileges are system-wide, 7 00:00:16,230 --> 00:00:20,330 so they tend to be non-object-specific and rather 8 00:00:20,330 --> 00:00:23,310 apply to an entire system. 9 00:00:23,310 --> 00:00:26,450 And whenever we give a privilege, a system privilege 10 00:00:26,450 --> 00:00:30,970 or an object privilege, we use the GRANT command. 11 00:00:30,970 --> 00:00:33,610 So these are some of the types of system privileges 12 00:00:33,610 --> 00:00:34,910 that are available to us. 13 00:00:34,910 --> 00:00:36,670 And there are many, many more but this 14 00:00:36,670 --> 00:00:40,510 can give us kind of an idea of what a system privilege is. 15 00:00:40,510 --> 00:00:42,830 So the first is CREATE SESSION. 16 00:00:42,830 --> 00:00:46,030 So in order to log into a database at all, 17 00:00:46,030 --> 00:00:49,030 a user must have the CREATE SESSION system 18 00:00:49,030 --> 00:00:52,210 privilege, the ability to create a session in a database. 19 00:00:52,210 --> 00:00:54,640 Without that, they can't even log in 20 00:00:54,640 --> 00:00:56,770 even if the password is correct. 21 00:00:56,770 --> 00:00:59,860 The account is all non-locked and OK-- 22 00:00:59,860 --> 00:01:01,570 still, the CREATE SESSION privilege 23 00:01:01,570 --> 00:01:03,480 must be granted to the user. 24 00:01:03,480 --> 00:01:05,440 ALTER DATABASE is the system privilege 25 00:01:05,440 --> 00:01:08,890 that lets the user work with the physical structure 26 00:01:08,890 --> 00:01:10,010 of the database. 27 00:01:10,010 --> 00:01:13,600 So this is going to be things like tablespaces and data 28 00:01:13,600 --> 00:01:15,880 files, and really more specifically, data 29 00:01:15,880 --> 00:01:18,250 files, the ability to resize data 30 00:01:18,250 --> 00:01:20,130 files, those types of things. 31 00:01:20,130 --> 00:01:22,750 ALTER SYSTEM will be involved in the system 32 00:01:22,750 --> 00:01:25,760 configuration of the database. 33 00:01:25,760 --> 00:01:28,450 So this is going to be a privilege that allows the user 34 00:01:28,450 --> 00:01:31,360 to change database parameters. 35 00:01:31,360 --> 00:01:35,170 So these two, ALTER DATABASE and ALTER SYSTEM, are very powerful 36 00:01:35,170 --> 00:01:38,260 and should be granted out with caution. 37 00:01:38,260 --> 00:01:41,770 The next is either CREATE TABLE or ALTER TABLE. 38 00:01:41,770 --> 00:01:44,170 So these are separate privileges. 39 00:01:44,170 --> 00:01:47,410 CREATE TABLE allows the user to create a table. 40 00:01:47,410 --> 00:01:50,620 And by doing so, they will form their schema, 41 00:01:50,620 --> 00:01:52,990 so that table will be in their schema. 42 00:01:52,990 --> 00:01:55,810 And ALTER TABLE allows them to change that table, 43 00:01:55,810 --> 00:01:58,990 so if they were to add a column, remove a column, so on and so 44 00:01:58,990 --> 00:02:03,580 forth, change data types, that is an ALTER TABLE privilege. 45 00:02:03,580 --> 00:02:07,130 Conversely, we have CREATE ANY TABLE. 46 00:02:07,130 --> 00:02:10,890 So how does CREATE ANY TABLE differ from CREATE TABLE? 47 00:02:10,890 --> 00:02:13,690 Well, CREATE ANY TABLE allows the user 48 00:02:13,690 --> 00:02:17,900 to create a table in any schema in the database. 49 00:02:17,900 --> 00:02:22,930 So if we have Sam and Joe, and Sam has CREATE ANY TABLE, 50 00:02:22,930 --> 00:02:25,840 Sam can create a table in Joe's schema, 51 00:02:25,840 --> 00:02:28,150 and he can also create one in his own. 52 00:02:28,150 --> 00:02:30,310 So this is another system privilege 53 00:02:30,310 --> 00:02:32,180 that should be used with caution, 54 00:02:32,180 --> 00:02:34,930 but sometimes is necessary in environments where people 55 00:02:34,930 --> 00:02:37,990 work together and need to be able to log in and create 56 00:02:37,990 --> 00:02:39,880 a table in a different schema. 57 00:02:39,880 --> 00:02:41,750 Next is DROP ANY TABLE. 58 00:02:41,750 --> 00:02:43,870 And that does kind of what we might think, 59 00:02:43,870 --> 00:02:45,910 based on the CREATE ANY TABLE. 60 00:02:45,910 --> 00:02:50,830 DROP ANY TABLE allows us to drop any table from any schema 61 00:02:50,830 --> 00:02:52,280 within the database. 62 00:02:52,280 --> 00:02:53,980 So again, Sam and Joe-- 63 00:02:53,980 --> 00:02:56,080 if Sam has DROP ANY TABLE, he can 64 00:02:56,080 --> 00:02:58,370 drop a table in Joe's schema. 65 00:02:58,370 --> 00:03:00,730 Again, should be used with caution. 66 00:03:00,730 --> 00:03:04,210 Note here that there is not a DROP TABLE privilege. 67 00:03:04,210 --> 00:03:07,270 There is no such thing as a DROP TABLE system privilege. 68 00:03:07,270 --> 00:03:11,320 The ability to drop a table comes along with the ability 69 00:03:11,320 --> 00:03:12,920 to create a table. 70 00:03:12,920 --> 00:03:15,340 So if you can create a table in your schema, 71 00:03:15,340 --> 00:03:16,930 you can also drop it. 72 00:03:16,930 --> 00:03:19,720 The last example is SELECT ANY TABLE. 73 00:03:19,720 --> 00:03:22,630 So with SELECT ANY TABLE, that allows the user 74 00:03:22,630 --> 00:03:26,860 to select data from any table in any schema. 75 00:03:26,860 --> 00:03:30,920 Again, that should be used with a certain amount of caution. 76 00:03:30,920 --> 00:03:36,070 So let's get set up here to take a look at system privileges. 77 00:03:36,070 --> 00:03:43,680 What I'm going to do is create a connection for my Kara user. 78 00:03:43,680 --> 00:03:48,380 Username kara, give them the password Oracle. 79 00:03:48,380 --> 00:03:53,970 Save the password, database name orcl. 80 00:03:53,970 --> 00:03:55,950 And then we click Test. 81 00:03:55,950 --> 00:03:58,440 Notice the error that we get here. 82 00:03:58,440 --> 00:04:01,870 User Kara lacks CREATE SESSION privilege. 83 00:04:01,870 --> 00:04:05,400 So the user Kara was created but lacks the CREATE SESSION 84 00:04:05,400 --> 00:04:09,250 privilege, and so Kara cannot connect to the database. 85 00:04:09,250 --> 00:04:10,620 So for an example here, I'm going 86 00:04:10,620 --> 00:04:12,900 to bring up the command line. 87 00:04:12,900 --> 00:04:16,200 And we can certainly do this in SQL Developer as well, but just 88 00:04:16,200 --> 00:04:19,620 to give you a little look at using SQL Plus, 89 00:04:19,620 --> 00:04:23,170 let's connect into the database as a privileged user. 90 00:04:23,170 --> 00:04:27,870 And we'll use SQL Plus to grant the necessary system privileges 91 00:04:27,870 --> 00:04:28,530 to Kara. 92 00:04:28,530 --> 00:04:34,740 So we say grant create session to the user. 93 00:04:34,740 --> 00:04:38,800 Let me come back here and test, and now Kara 94 00:04:38,800 --> 00:04:40,630 has CREATE SESSION. 95 00:04:40,630 --> 00:04:44,330 We'll save, connect. 96 00:04:44,330 --> 00:04:47,100 Kara is logged into the database. 97 00:04:47,100 --> 00:04:49,430 So let's see if Kara can create a simple table. 98 00:04:53,910 --> 00:04:57,430 So we get an error that says, insufficient privileges. 99 00:04:57,430 --> 00:04:57,930 Why? 100 00:04:57,930 --> 00:05:02,400 Because Kara lacks the CREATE TABLE system privilege. 101 00:05:02,400 --> 00:05:06,300 So again, back at our administrator command line, 102 00:05:06,300 --> 00:05:09,540 grant create table to Kara. 103 00:05:13,470 --> 00:05:17,190 Execute again, and she can create a table. 104 00:05:17,190 --> 00:05:19,650 What about inserting into the table? 105 00:05:19,650 --> 00:05:22,320 Does she needs some kind of system privilege 106 00:05:22,320 --> 00:05:24,460 to insert data into that table? 107 00:05:24,460 --> 00:05:25,170 Let's find out. 108 00:05:29,300 --> 00:05:32,450 Even though Kara doesn't need any privileges 109 00:05:32,450 --> 00:05:37,040 on the particular table, such as an insert privilege, 110 00:05:37,040 --> 00:05:38,960 notice that we have a reference here 111 00:05:38,960 --> 00:05:42,480 about no privileges on tablespace users. 112 00:05:42,480 --> 00:05:47,240 So the users tablespace is Kara's default tablespace. 113 00:05:47,240 --> 00:05:49,130 And even though that's been assigned, 114 00:05:49,130 --> 00:05:50,960 she has no privileges on it. 115 00:05:50,960 --> 00:05:53,750 In other words, she has no ability 116 00:05:53,750 --> 00:05:58,910 to log in and allocate space in the tablespace called users. 117 00:05:58,910 --> 00:06:01,040 Notice that we can create the table, 118 00:06:01,040 --> 00:06:03,290 but once space needs to be allocated, 119 00:06:03,290 --> 00:06:05,570 we need to have that privilege. 120 00:06:05,570 --> 00:06:08,210 Now, there are a number of ways that we can do this. 121 00:06:08,210 --> 00:06:11,660 We can set up quotas for her on that tablespace, 122 00:06:11,660 --> 00:06:14,790 but we can also use a system privilege. 123 00:06:14,790 --> 00:06:22,030 We say grant unlimited tablespace to Kara. 124 00:06:22,030 --> 00:06:27,280 This allows Kara to use the data in any tablespace. 125 00:06:27,280 --> 00:06:31,180 So she could create a table in another table space 126 00:06:31,180 --> 00:06:34,670 and be able to allocate space within that. 127 00:06:34,670 --> 00:06:38,590 Clear this, and the row is inserted. 10235