3.9 Ensure database integrity ------------------------- - Managing constraints. Q: What is a query that gives a DBA the primary/foreign key relationships of tables within the database. A: >>> Begin of script rem ???????Check this script ????????? column For_owner format a10 column For_table format a10 column Pri_owner format a10 column Pri_table format a10 column For_col format a15 column Pri_col format a15 rem select A.Owner For_owner, A.Table_name For_table, C.Column_name For_col, B.Owner Pri_owner, B.Table_name Pri_table, D.column_name Pri_col from DBA_CONSTRAINTS A, DBA_CONSTRAINTS B, DBA_CONS_COLUMNS C, DBA_CONS_COLUMNS D where A.R_constraint_name = B.constraint_name and A.Constraint_type = 'R' and B.Constraint_type = 'P' and A.R_owner = B.owner and A.Constraint_name = C.Constraint_name and B.Constraint_name = D.Constraint_name and A.Owner = C.Owner and A.Table_name = C.Table_name and B.Owner = D.Owner and B.Table_name = D.Table_name; >>> End of script - Data dictionary view for constraints. 3.9 Overview of database privileges -------------------------------- - System privileges and object privileges. !!! Important note: If user A has CREATE ANY object privilege (i.e. CREATE ANY TABLE) and creates an object in user B schema (for example, CREATE TABLE B.T (C char(1);) then the owner of object being created is user B rather then A (in out example user the owner of table T is B despite of this table was created by user A). This rules are extended on all types of objects !!! End of important note - Grant and revoke privileges. - Managing roles. There is a very CONFUSING thing in Oracle 7.0, 7.1, ... Three pre-defined roles exist: CONNECT RESOURCE DBA. These roles were designed for compatibility with Oracle v6. Several privileges are assigned to them. But there is one EXCEPTION: Statements: grant RESOURCE to ; and grant DBA to ; implicitly execute the statement: grant UNLIMITED TABLESPACE to ; Similarly, the statements: revoke RESOURCE to ; and revoke DBA to ; implicitly execute revoke UNLIMITED TABLESPACE to ; If a user has UNLIMITED TABLESPACE privilege he can write to any tablespace IGNORING ANY QUOTAS. Granting CONNECT role does not causes any extra privileges!