Explore the essentials of PL/SQL security, focusing on roles, user privileges, and the use of grants for database access. This quiz helps you assess your understanding of database security and permission management concepts in PL/SQL environments.
Which type of privilege allows a user to create a new table in their schema?
Explanation: The CREATE privilege enables a user to create new objects such as tables in their schema. SELECT is used only to read data from tables but cannot create them. DROP privilege allows a user to remove an object, not create it. UPDATE is used to modify existing data within a table, not to create structures.
Which SQL statement properly grants permission to a user named JANE to update the EMPLOYEES table?
Explanation: The correct command is GRANT UPDATE ON EMPLOYEES TO JANE; which gives the specified privilege on the given table. The other options have incorrect syntax or word order, making them invalid or meaningless in SQL. The word order and keywords are essential for the statement to execute successfully.
Why are roles used in PL/SQL security management for multiple users?
Explanation: Roles allow administrators to assign a set of privileges to a group and then to users, simplifying management. They do not directly affect query speed, password encryption, or prohibit table creation. Their primary function is to streamline privilege assignment and maintenance.
If a privilege is no longer needed, which SQL statement removes an UPDATE privilege from the SALES table for user JOE?
Explanation: The REVOKE UPDATE ON SALES FROM JOE; statement removes the specified privilege from the user. The other options use incorrect SQL syntax and are not recognized SQL commands. The official SQL keyword for taking back privileges is REVOKE.
Which of the following is a system privilege in PL/SQL security?
Explanation: CREATE USER is a system privilege because it allows the creation of new users in the database. The rest are object privileges as they pertain to operations on specific database objects. System privileges generally allow users to perform administrative tasks.
What privilege should be granted to allow a user to retrieve data from another user’s table?
Explanation: The SELECT privilege allows a user to retrieve or read data from a table. ALTER is used to modify the structure, TRUNCATE removes data, and INSERT is for adding new records. Only SELECT is related to data retrieval.
What does the WITH GRANT OPTION clause enable when granting privileges?
Explanation: WITH GRANT OPTION enables the user to pass on their received privileges to other users. It does not prevent revocation, restrict the privilege to read-only, or deal with passwords. This option is important in maintaining flexible privilege delegation.
When a new user is created, what default privileges do they typically possess?
Explanation: A new user is often given the CREATE SESSION privilege so they can log in, but not perform further actions. Full table access and the DBA role are never granted by default for security reasons. Granting no privileges would prevent even basic login, which is not practical.
What is an advantage of using roles over directly granting privileges to individual users?
Explanation: Roles aggregate privileges, so assigning a role to multiple users is more efficient than granting each privilege individually. Roles do not limit users to one privilege or involve only administrative access. They actually enable privilege inheritance through role assignment.
Which data dictionary view can be queried to see which privileges have been granted to the current user?
Explanation: USER_TAB_PRIVS displays table privileges granted to the current user. ALL_OBJECTS lists accessible objects, DBA_TABLES gives table information for all users, and V$SESSION relates to session data, not privileges. Only USER_TAB_PRIVS focuses on user privileges.