1. 程式人生 > >ORACLE 11g使用者許可權管理隨筆精髓

ORACLE 11g使用者許可權管理隨筆精髓

總結工作中經常用到一些使用者管理隨筆記錄:

1、檢視資料庫裡所有使用者各自擁有的角色:

select * from (select distinct connect_by_root grantee username,granted_role
from dba_role_privs
connect by prior granted_role =grantee ) a
where exists (select 1 from dba_users b where b.username=a.username)
order by 1,2
;

2、檢視資料庫所有使用者的系統許可權:

select d.username,d.privilege from
(select a.username,b.privilege from
(select distinct connect_by_root grantee username,granted_role
from dba_role_privs
connect by prior granted_role =grantee) a,
(select grantee,privilege from dba_sys_privs) b
where a.granted_role=b.grantee
union
select grantee,privilege from dba_sys_privs) d
where exists((select 1 from dba_users c where d.username=c.username))
order by 1,2;

3、檢視資料庫所有使用者的表許可權

select d.username,d.privilege,d.owner,d.table_name from
(select a.username,b.privilege,b.owner,b.table_name from
(select distinct connect_by_root grantee username,granted_role
from dba_role_privs
connect by prior granted_role =grantee) a,
(select grantee,owner,table_name,privilege from dba_tab_privs) b
where a.granted_role=b.grantee
union
select grantee,privilege,owner,table_name from dba_tab_privs) d
where exists((select 1 from dba_users c where d.username=c.username))
order by 1,2;

4、如何檢視擁有DBA角色的使用者?

常規做法,一般是直接查詢DBA_ROLE_PRIVS檢視。查詢語句如下:
select grantee,granted_role from dba_role_privs where granted_role=’DBA’;
這會漏掉使用者,測試如下:

正確的查詢應按如下語句查詢:
select * from (select distinct connect_by_root grantee username,granted_role
from dba_role_privs
connect by prior granted_role =grantee ) a
where a.granted_role=’DBA’;

5、檢視擁有SELECT ANY TABLE許可權的使用者

對於授予角色的,看看都誰有查詢所有表的許可權
select distinct rp.grantee  from dba_role_privs rp ,dba_sys_privs sp
where rp.granted_role = sp.grantee
and sp.privilege like 'SELECT ANY TABLE%'