Oracle Privileges and Roles
来源:互联网 发布:linux中chmod -r 777 编辑:程序博客网 时间:2024/04/29 03:41
Oracle Privileges
Oracle包括两大类权限,一种是系统权限,另外一种是对象权限。
System Privileges
- Create session
- Create table
- Create view
- Create procedure
- Sysdba
- Sysoper
- Tables: all, alter, debug, delete, flashback, insert, on commit refresh, query rewrite, references, select, update
- Views: debug, delete, insert, flashback, references, select, under, update
- Sequence: alter, select
- Packages, Procedures, Functions: debug, execute
- Materialized Views: delete, flashback, insert, select, update
- Directories: read, write
- Libraries: execute
- User Defined Types: debug, execute, under
- Operators: execute
- Indextypes: execute
Privileges Tables/Views
System Privileges:DBA_SYS_PRIVS
Object Privileges:DBA_TAB_PRIVS
Data Dictionary Objects Related To Object Privileges objauth$ objpriv$ dba_col_privs all_col_privs user_col_privs - all_col_privs_made user_col_privs_made - all_col_privs_recd user_col_privs_recd dba_tab_privs all_tab_privs user_tab_privs - all_tab_privs_made user_tab_privs_made - all_tab_privs_recd user_tab_privs_recd column_privileges table_privileges table_privilege_map
Data Dictionary Objects Related To Object Privileges objauth$ objpriv$ dba_col_privs all_col_privs user_col_privs - all_col_privs_made user_col_privs_made - all_col_privs_recd user_col_privs_recd dba_tab_privs all_tab_privs user_tab_privs - all_tab_privs_made user_tab_privs_made - all_tab_privs_recd user_tab_privs_recd column_privileges table_privileges table_privilege_map
Roles granted to users or roles : DBA_ROLE_PRIVS
上述三表为DBA_表,普通用户可以使用下边的三张表
SELECT * FROM USER_SYS_PRIVS;
SELECT * FROM USER_TAB_PRIVS;
SELECT * FROM USER_ROLE_PRIVS;
SELECT * FROM USER_TAB_PRIVS;
SELECT * FROM USER_ROLE_PRIVS;
List Privileges
列出其他用户授权给当前用户的表权限
SELECT * FROM USER_TAB_PRIVS_RECD;
SELECT * FROM USER_TAB_PRIVS_RECD;
查当前用户的角色
select * from user_role_privs;
查自己拥有哪些系统权限
select * from session_privs;
select * from user_role_privs;
查自己拥有哪些系统权限
select * from session_privs;
列出当前用户授权给其他用户的表权限
SELECT * FROM USER_TAB_PRIVS_MADE;
SELECT * FROM USER_TAB_PRIVS_MADE;
Grant Privileges on Tables
语法:
grant privileges on object to user;
比如:如果你想把suppliers表的查询,插入,修改,删除的权限付给用户smithj,你可以执行下边的语句
grant select, insert, update, delete on suppliers to smithj;
你也可以直接使用all关键字来赋权,表示你想把对象所有的权限付给某个用户,比如:
grant all on suppliers to smithj;
如果你想让所有用户都可以查询某张表,那你可以使用public关键字,比如:
grant select on suppliers to public;
Revoke Privileges on Tables
授权(Grant)之后,你想取消授权,那就得revoke了。
语法:
revoke privileges on object from user;
比如,你想取消anderson删除supplier表的权利,可以执行:
revoke delete on suppliers from anderson;
你想取消anderson针对supplier表的所有权利,可以执行:
revoke all on suppliers from anderson;
如果你有授权给public(所有用户),现在想撤权,可以执行:
revoke all on suppliers from public;
Grant Privileges on Functions/Procedures
针对Functions/Procedures的授权。
Functions/Procedures的权限类别
语法:
grant execute on object to user;
把Funciton Find_Value的执行权限付给用户smithj,可以执行:
grant execute on Find_Value to smithj;
把Funciton Find_Value的执行权限付给所有用户,可以执行:
grant execute on Find_Value to public;
Revoke Privileges on Functions/Procedures
针对Functions/Procedures的撤权。
语法:
revoke execute on object from user;
撤销anderson针对Find_Value Funciton的执行权限,可以执行:
revoke execute on Find_Value from anderson;
如果你赋权过所有用户,现在想撤销,可以执行:
revoke execute on Find_Value from public;
Roles
角色(Role)是一系列权限的集合,通过权限可以大大简化权限的授予和回收工作。通常创建一个用户之后,我们授予用户两个角色就足够使用了,这两个角色是CONNECT和RESOURCE。SQL> select * from DBA_SYS_PRIVS where grantee = 'CONNECT';
GRANTEE PRIVILEGE ADMIN_OPTION
------------------------------ ---------------------------------------- ------------
CONNECT CREATE SESSION NO
GRANTEE PRIVILEGE ADMIN_OPTION
------------------------------ ---------------------------------------- ------------
CONNECT CREATE SESSION NO
SQL> select * from DBA_SYS_PRIVS where grantee = 'RESOURCE';
GRANTEE PRIVILEGE ADMIN_OPTION
------------------------------ ---------------------------------------- ------------
RESOURCE CREATE TRIGGER NO
RESOURCE CREATE SEQUENCE NO
RESOURCE CREATE TYPE NO
RESOURCE CREATE PROCEDURE NO
RESOURCE CREATE CLUSTER NO
RESOURCE CREATE OPERATOR NO
RESOURCE CREATE INDEXTYPE NO
RESOURCE CREATE TABLE NO
8 rows selected
SQL>
创建一个可以访问数据库的用户,大体步骤:
SQL> create user tianpan identified by welcome
2 default tablespace users
3 temporary tablespace temp;
User created
SQL> select * from dba_sys_privs where grantee = 'TIANPAN';
GRANTEE PRIVILEGE ADMIN_OPTION
------------------------------ ---------------------------------------- ------------
SQL> grant connect,resource to tianpan;
Grant succeeded
SQL> select * from dba_sys_privs where grantee = 'TIANPAN';
GRANTEE PRIVILEGE ADMIN_OPTION
------------------------------ ---------------------------------------- ------------
TIANPAN UNLIMITED TABLESPACE NO
SQL> conn tianpan/welcome
Connected to Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
Connected as tianpan
SQL> create table test_priv (name varchar2(10));
Table created
SQL> create user tianpan identified by welcome
2 default tablespace users
3 temporary tablespace temp;
User created
SQL> select * from dba_sys_privs where grantee = 'TIANPAN';
GRANTEE PRIVILEGE ADMIN_OPTION
------------------------------ ---------------------------------------- ------------
SQL> grant connect,resource to tianpan;
Grant succeeded
SQL> select * from dba_sys_privs where grantee = 'TIANPAN';
GRANTEE PRIVILEGE ADMIN_OPTION
------------------------------ ---------------------------------------- ------------
TIANPAN UNLIMITED TABLESPACE NO
SQL> conn tianpan/welcome
Connected to Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
Connected as tianpan
SQL> create table test_priv (name varchar2(10));
Table created
转载请注明出处:http://blog.csdn.net/pan_tian/article/details/11763889
- Oracle Privileges and Roles
- Users, roles and privileges in Oracle
- DSS Modules and Roles
- ALL about SYSDBA and SYSOPER Privileges in Oracle [ID 50507.1]
- Oracle Roles (转载)
- Oracle manage roles
- Oracle的Roles管理
- Windows 2008 Roles and Features
- oracle system privileges
- LSA Functions - Privileges and Impersonation
- Object Design: Roles, Responsibilities, and Collaborations
- List of approver codes and roles analysis
- Tomcat9 users and roles, Remote deploy
- oracle ORA-01031: insufficient privileges
- oracle登陆提示insufficient privileges
- 【ORACLE】ORA-01031 insufficient privileges
- catalog object import and export privileges
- oracle dbguard 配置监听 insufficient privileges
- C#和.NET基础知识——学习笔记(四)
- Qt5.1.1 for android 环境配置
- android下基本json串的生成与解析
- 线程执行器
- java按字节截取中英文混合字符串
- Oracle Privileges and Roles
- sqlplus时不能用Backspace来删除字符的解决
- Color Picker ASP.NET AJAX Extender Control
- Usage of Array in Perl
- iOS开发中那些高效常用的宏
- 程序员的职场潜意识Top10
- Android WebView-应用内嵌入浏览器
- 理解java数组
- Hadoop Hello World