oracle角色(role)和許可權(privilege)
阿新 • • 發佈:2018-12-01
0 建立測試使用者
create user soctt identified by 11;
grant dba to scott;
create user one identified by 11;
1 角色role
-- 查詢所有角色, connect/resource/dba比較常見
select * from dba_roles; -- 不存在user_roles和all_roles
-- grantee-role: dba
select * from user_role_privs;
select * from dba_role_privs where grantee = 'SCOTT';
-- 此時還沒有role
select * from dba_role_privs where grantee = 'ONE';
2 許可權privilege
- system_privilege和table_privilege
-- [create | alter | drop ..] any [table |view | index | trigger | procedure..]
-- [select | update | detele] and table
select * from system_privilege_map order by name; -- 系統許可權共208個
-- create alter select update delete execute ...
select * from table_privilege_map; -- 物件許可權共26個
-- 角色的系統許可權和物件許可權
select * from role_sys_privileges;
select * from role_tab_privileges;
- 授予、回收系統許可權(user_sys_privs)
-- 下面使用scott管理one的許可權
-- 報錯:user ONE lacks CREATE SESSION privilege; logon denied
sqlplus one/22 -- 沒有建立會話的許可權
grant create session to one; -- sqlplus可登入
revoke create session from one;
-- 報錯:許可權不足
create table t1 ...
grant create table to one;
-- 報錯:對錶空間'SYSTEM'無許可權
create table t1 ...
-- select/update/delete都正常
grant UNLIMITED TABLESPACE to one; -- create table t1 ...正常
-- 許可權:create session, create table, unlimited tablespace
select * from user_sys_privs;
select * from dba_sys_privs where grantee = 'ONE';
select * from dba_sys_privs where grantee = 'DBA' order by privilege;
- 授予、回收物件許可權(user_tab_privs)
grant select, update on scott.t1 to one;
revoke update from scott.t1 from one;
-- one可在scott.t1執行select/update
select * from scott.t1; -- one
-- {grantee, owner, table_name, grantor, privilege}
select * from user_tab_privs; -- scott
-- grantor/grantee分別是授予/被授予許可權的使用者
select * from dba_tab_privs where grantor = 'SCOTT';
select * from all_tab_privs where grantee = 'ONE';