Java Reference
In-Depth Information
Chapter 24:
User Management and Database Security
In This Chapter
This chapter discusses how to create and manage users and groups. It goes on to define a database
schema and shows how to create and manage these schemas. It further explains the concepts of user
privileges and the assignment of permissions to the schema objects. The grouping of privileges into
roles extend benefits such as ease of administration.
Groups, Users, and Roles
A user is a person who has been assigned certain privileges or permissions to perform certain tasks on
the database. A logical collection of these users is a group. Most database management systems
provide the capability of defining users and groups of users with different access privileges and
operational roles. Typically, there is always a database administrator with full access privileges, as well
as a number of other users who can access individual databases within the database management
system.
Many systems support the concept of
groups
, which allow the administrator to order certain users
logically. Database management systems allow you to manage these groups and the users within them
via the Structured Query Language (SQL). Database users are completely separate from the operating
system users, at least in concept. In practice, it might be convenient to maintain a correspondence, but
this is not required.
Cross-
Reference
See
Part II
for discussions of SQL.
Groups have certain permissions assigned to them. Users that belong to the group inherit the
permissions of that group. A database
role
defines what operations a user or users in a group can
perform on the database, such as "Create Databases," "Backup Databases," and so on. A role is not
the same as a group. Role definitions are specific to a particular DBMS, so look at the documentation
provided with your specific database for these roles.
Working with Groups
A database management system uses the concepts of groups and users to assign certain privileges to
perform tasks. We create groups, then users, and finally we assign roles or privileges to the users.
Creating a group
The first task is to create a group within which you can put users. You must be a database super user or
administrator to use this command, which creates a group with no users:
CREATE GROUP group_name
Alternatively, you can create a group and assign users to it in one command; first, create users. If you
try to run the following command without creating users, you will get an error message.
CREATE GROUP group_name WITH USER user1, user2
The general syntax for
CREATE GROUP
is as follows:
CREATE GROUP
name
[ WITH
[ SYSID
gid
]
[ USER
username
[, ...] ] ]
Dropping a group
