Oracle11g温习-第十七章:权限管理
2013年4月27日 星期六
10:50
|
1、权限(privilege): 【system privilege(系统权限):针对于database 的相关权限 object privilege (对象权限):针对于schema 的object】 |
||||
|
2、查看系统权限 |
||||
|
SYS @ prod > desc system_privilege_map; Name Null? Type ----------------------------------------------------------------- -------- -------------------------------------------- PRIVILEGE NOT NULL NUMBER NAME NOT NULL VARCHAR2(40) PROPERTY NOT NULL NUMBER SYS @ prod > select * from system_privilege_map; PRIVILEGE NAME PROPERTY ---------- ------------------------------ ---------- -3 ALTER SYSTEM 0 -4 AUDIT SYSTEM 0 -5 CREATE SESSION 0 -6 ALTER SESSION 0 -7 RESTRICTED SESSION 0 -10 CREATE TABLESPACE 0 -11 ALTER TABLESPACE 0 -12 MANAGE TABLESPACE 0 -13 DROP TABLESPACE 0 -15 UNLIMITED TABLESPACE 0 -20 CREATE USER 0 -21 BECOME USER 0 -22 ALTER USER 0 -23 DROP USER 0 -30 CREATE ROLLBACK SEGMENT 0 -31 ALTER ROLLBACK SEGMENT 0 -32 DROP ROLLBACK SEGMENT 0 -40 CREATE TABLE 0 -41 CREATE ANY TABLE 0 -42 ALTER ANY TABLE 0 -43 BACKUP ANY TABLE 0 -44 DROP ANY TABLE 0 -45 LOCK ANY TABLE 0 -46 COMMENT ANY TABLE 0 -47 SELECT ANY TABLE 0 -48 INSERT ANY TABLE 0 -49 UPDATE ANY TABLE 0 -50 DELETE ANY TABLE 0 -60 CREATE CLUSTER 0 -61 CREATE ANY CLUSTER 0 -62 ALTER ANY CLUSTER 0 -63 DROP ANY CLUSTER 0 -71 CREATE ANY INDEX 0 -72 ALTER ANY INDEX 0 -73 DROP ANY INDEX 0 -80 CREATE SYNONYM 0 -81 CREATE ANY SYNONYM 0 -82 DROP ANY SYNONYM 0 -83 SYSDBA 0 -84 SYSOPER 0 -85 CREATE PUBLIC SYNONYM 0 -86 DROP PUBLIC SYNONYM 0 -90 CREATE VIEW 0 -91 CREATE ANY VIEW 0 -92 DROP ANY VIEW 0 -105 CREATE SEQUENCE 0 -106 CREATE ANY SEQUENCE 0 -107 ALTER ANY SEQUENCE 0 -108 DROP ANY SEQUENCE 0 -109 SELECT ANY SEQUENCE 0 -115 CREATE DATABASE LINK 0 -120 CREATE PUBLIC DATABASE LINK 0 -121 DROP PUBLIC DATABASE LINK 0 -125 CREATE ROLE 0 -126 DROP ANY ROLE 0 -127 GRANT ANY ROLE 0 -128 ALTER ANY ROLE 0 -130 AUDIT ANY 0 -135 ALTER DATABASE 0 -138 FORCE TRANSACTION 0 -139 FORCE ANY TRANSACTION 0 -140 CREATE PROCEDURE 0 -141 CREATE ANY PROCEDURE 0 -142 ALTER ANY PROCEDURE 0 -143 DROP ANY PROCEDURE 0 -144 EXECUTE ANY PROCEDURE 0 -151 CREATE TRIGGER 0 -152 CREATE ANY TRIGGER 0 -153 ALTER ANY TRIGGER 0 -154 DROP ANY TRIGGER 0 -160 CREATE PROFILE 0 -161 ALTER PROFILE 0 -162 DROP PROFILE 0 -163 ALTER RESOURCE COST 0 -165 ANALYZE ANY 0 -167 GRANT ANY PRIVILEGE 0 -172 CREATE MATERIALIZED VIEW 0 -173 CREATE ANY MATERIALIZED VIEW 0 -174 ALTER ANY MATERIALIZED VIEW 0 -175 DROP ANY MATERIALIZED VIEW 0 -177 CREATE ANY DIRECTORY 0 -178 DROP ANY DIRECTORY 0 -180 CREATE TYPE 0 -181 CREATE ANY TYPE 0 -182 ALTER ANY TYPE 0 -183 DROP ANY TYPE 0 -184 EXECUTE ANY TYPE 0 -186 UNDER ANY TYPE 0 -188 CREATE LIBRARY 0 -189 CREATE ANY LIBRARY 0 -190 ALTER ANY LIBRARY 0 -191 DROP ANY LIBRARY 0 -192 EXECUTE ANY LIBRARY 0 -200 CREATE OPERATOR 0 -201 CREATE ANY OPERATOR 0 -202 ALTER ANY OPERATOR 0 -203 DROP ANY OPERATOR 0 -204 EXECUTE ANY OPERATOR 0 -205 CREATE INDEXTYPE 0 -206 CREATE ANY INDEXTYPE 0 -207 ALTER ANY INDEXTYPE 0 -208 DROP ANY INDEXTYPE 0 -209 UNDER ANY VIEW 0 -210 QUERY REWRITE 0 -211 GLOBAL QUERY REWRITE 0 -212 EXECUTE ANY INDEXTYPE 0 -213 UNDER ANY TABLE 0 -214 CREATE DIMENSION 0 -215 CREATE ANY DIMENSION 0 -216 ALTER ANY DIMENSION 0 -217 DROP ANY DIMENSION 0 -218 MANAGE ANY QUEUE 1 -219 ENQUEUE ANY QUEUE 1 -220 DEQUEUE ANY QUEUE 1 -222 CREATE ANY CONTEXT 0 -223 DROP ANY CONTEXT 0 -224 CREATE ANY OUTLINE 0 -225 ALTER ANY OUTLINE 0 -226 DROP ANY OUTLINE 0 -227 ADMINISTER RESOURCE MANAGER 1 -228 ADMINISTER DATABASE TRIGGER 0 -233 MERGE ANY VIEW 0 -234 ON COMMIT REFRESH 0 -235 EXEMPT ACCESS POLICY 0 -236 RESUMABLE 0 -237 SELECT ANY DICTIONARY 0 -238 DEBUG CONNECT SESSION 0 -241 DEBUG ANY PROCEDURE 0 -243 FLASHBACK ANY TABLE 0 -244 GRANT ANY OBJECT PRIVILEGE 0 -245 CREATE EVALUATION CONTEXT 1 -246 CREATE ANY EVALUATION CONTEXT 1 -247 ALTER ANY EVALUATION CONTEXT 1 -248 DROP ANY EVALUATION CONTEXT 1 -249 EXECUTE ANY EVALUATION CONTEXT 1 -250 CREATE RULE SET 1 -251 CREATE ANY RULE SET 1 -252 ALTER ANY RULE SET 1 -253 DROP ANY RULE SET 1 -254 EXECUTE ANY RULE SET 1 -255 EXPORT FULL DATABASE 0 -256 IMPORT FULL DATABASE 0 -257 CREATE RULE 1 -258 CREATE ANY RULE 1 -259 ALTER ANY RULE 1 -260 DROP ANY RULE 1 -261 EXECUTE ANY RULE 1 -262 ANALYZE ANY DICTIONARY 0 -263 ADVISOR 0 -264 CREATE JOB 0 -265 CREATE ANY JOB 0 -266 EXECUTE ANY PROGRAM 0 -267 EXECUTE ANY CLASS 0 -268 MANAGE SCHEDULER 0 -269 SELECT ANY TRANSACTION 0 -270 DROP ANY SQL PROFILE 0 -271 ALTER ANY SQL PROFILE 0 -272 ADMINISTER SQL TUNING SET 0 -273 ADMINISTER ANY SQL TUNING SET 0 -274 CREATE ANY SQL PROFILE 0 -275 EXEMPT IDENTITY POLICY 0 -276 MANAGE FILE GROUP 1 -277 MANAGE ANY FILE GROUP 1 -278 READ ANY FILE GROUP 1 -279 CHANGE NOTIFICATION 0 -280 CREATE EXTERNAL JOB 0 select any table 访问dba_xxx数据字典视图 SYS @ prod > grant select any table to scott; ——授权 Grant succeeded. SYS @ prod > conn scott/tiger Connected. SCOTT @ prod > desc user_sys_privs; Name Null? Type ----------------------------------------------------------------- -------- -------------------------------------------- USERNAME VARCHAR2(30) PRIVILEGE NOT NULL VARCHAR2(40) ADMIN_OPTION VARCHAR2(3) SCOTT @ prod > select * from user_sys_privs;——【查看用户拥有的系统权限】 USERNAME PRIVILEGE ADM ------------------------------ ---------------------------------------- --- SCOTT UNLIMITED TABLESPACE NO SCOTT SELECT ANY TABLE NO SCOTT @ prod > select * from tom.text2; ID ---------- 1 2 3 4 5 6 7 8 SCOTT @ prod > select * from sys.dba_users; select * from sys.dba_users * ERROR at line 1: ORA-00942: table or view does not exist ——默认普通用户不能去访问dba_xxx 视图,需要修改以下参数 SYS @ prod > show parameter o7 NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ O7_DICTIONARY_ACCESSIBILITY boolean FALSE SYS @ prod > alter system set O7_DICTIONARY_ACCESSIBILITY=true scope=spfile; System altered. SYS @ prod > startup force SYS @ prod > conn scott/tiger SCOTT @ prod > select table_name from dba_tables where owner='SCOTT'; TABLE_NAME ------------------------- DEPT EMP BONUS SALGRADE EMPLOYEES ADMIN_EXT_EMPLOYEES EMP1 |
||||
|
3、分配、回收系统权限 |
||||
|
grant——with admin option 【如果用户获得权限时,设置此参数,用户可以将权限再授予别的用户】 SYS @ prod > grant select any table to scott with admin option; Grant succeeded. SYS @ prod > conn scott/tiger Connected. SCOTT @ prod > col usrname for a10 SCOTT @ prod > col privilege for a30 SCOTT @ prod > select * from user_sys_privs; USERNAME PRIVILEGE ADMIN_OPT --------------- ------------------------------ --------- SCOTT UNLIMITED TABLESPACE NO SCOTT SELECT ANY TABLE YES SCOTT @ prod > grant select any table to tom; Grant succeeded. SCOTT @ prod > conn tom/tom Connected. TOM @ prod > select * from user_sys_privs; USERNAME PRIVILEGE ADMIN_OPT --------------- ------------------------------ --------- TOM SELECT ANY TABLE NO TOM CREATE SESSION NO TOM UNLIMITED TABLESPACE NO TOM @ prod > select * from scott.emp where rownum <3; EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO ---------- ---------- --------- ---------- --------- ---------- ---------- ---------- 7369 SMITH CLERK 7902 17-DEC-80 800 20 7499 ALLEN SALESMAN 7698 20-FEB-81 1600 300 30 ——【revoke with admin option ,在回收权限时,不能级联】。 TOM @ prod > conn /as sysdba Connected. SYS @ prod > revoke select any table from scott; Revoke succeeded. SCOTT @ prod > conn scott/tiger Connected. SCOTT @ prod > select * from user_sys_privs; USERNAME PRIVILEGE ADMIN_OPT --------------- ------------------------------ --------- SCOTT UNLIMITED TABLESPACE NO SCOTT @ prod > conn tom/tom Connected. TOM @ prod > select * from user_sys_privs; USERNAME PRIVILEGE ADMIN_OPT --------------- ------------------------------ --------- TOM SELECT ANY TABLE NO TOM CREATE SESSION NO TOM UNLIMITED TABLESPACE NO ——【必须一一收回】 TOM @ prod > conn /as sysdba Connected. SYS @ prod > revoke select any table from tom; Revoke succeeded. SYS @ prod > conn tom/tom Connected. TOM @ prod > select * from user_sys_privs; USERNAME PRIVILEGE ADMIN_OPT --------------- ------------------------------ --------- TOM CREATE SESSION NO TOM UNLIMITED TABLESPACE NO |
||||
|
4、对象权限 |
||||
|
grant ---------with grant option ——【如果用户获得权限时,设置此参数,用户可以将权限再授予别的用户】 SYS @ prod > grant all on scott.emp to public; ——【all 代表所有的对象权限,public 代表所有的用户 】 SYS @ prod > conn tom/tom Connected. TOM @ prod > select * from user_tab_privs; no rows selected 【在视图user_tab_privs没有记载,但是权限是授予的了,一样可以执行权限【如果是系统权限就会在user_sys_privs上显示信息】】 TOM @ prod > select ename from scott.emp; ENAME ------------------------------ SMITH ALLEN WARD JONES MARTIN BLAKE CLARK SCOTT KING TURNER ADAMS JAMES FORD MILLER 14 rows selected. TOM @ prod > delete from scott.emp; 14 rows deleted. TOM @ prod > rollback; Rollback complete. TOM @ prod > conn /as sysdba Connected. SYS @ prod > revoke all on scott.emp from public; ——【回收权限】 Revoke succeeded. SYS @ prod > grant update on scott.emp to tom with grant option; Grant succeeded. SYS @ prod > create user rose identified by rose ; User created. SYS @ prod > grant create session to rose; Grant succeeded. SYS @ prod > conn tom/tom Connected. GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY ---------- --------------- --------------- --------------- --------------- --------------- --------------- TOM SCOTT EMP1 SCOTT UPDATE YES NO TOM @ prod > grant update on scott.emp to rose; Grant succeeded. TOM @ prod > conn rose/rose Connected. ROSE @ prod > select * from user_tab_privs; GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY ---------- --------------- --------------- --------------- --------------- --------------- --------------- ROSE SCOTT EMP1 TOM UPDATE NO NO ——【revoke with grant option ,在回收权限时,级联。】 ROSE @ prod > conn /as sysdba Connected. SYS @ prod > revoke update on scott.emp from rose; revoke update on scott.emp from rose * ERROR at line 1: ORA-01927: cannot REVOKE privileges you did not grant ----只能从直接授予者回收权限 SYS @ prod > revoke update on scott.emp from tom; Revoke succeeded. SYS @ prod > conn tom/tom Connected. TOM @ prod > select * from user_tab_privs; GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRA HIE -------------------- ---------- ---------- ---------- ---------------------------------------- --- --- TOM SCOTT EMP SCOTT SELECT NO NO ——针对列授予对象权限 SYS @ prod >grant update(sal) on scott.emp to tom; Grant succeeded. SYS @ prod > conn tom/tom Connected. TOM @ prod > update scott.emp set comm=100 where empno=7788; ——对该列无权限修改 update scott.emp set comm=100 where empno=7788 * ERROR at line 1: ORA-01031: insufficient privileges TOM @ prod > update scott.emp set sal=10000 where empno=7788; 1 row updated. TOM @ prod > rollback; Rollback complete. TOM @ prod > select GRANTEE,OWNER,TABLE_NAME,COLUMN_NAME,PRIVILEGE from user_col_privs; GRANTEE OWNER TABLE_NAME COLUMN_NAME PRIVILEGE ---------- --------------- --------------- --------------- --------------- TOM SCOTT EMP SAL UPDATE |
||||
|
与权限相关的视图 |
||||
|
SESSION_PRIVS 【用户当前会话拥有的系统权限】 USER_ROLE_PRIVS 【用户被授予的角色】 ROLE_SYS_PRIVS 【用户当前拥有的角色的系统权限】 USER_SYS_PRIVS 【直接授予用户的系统权限】 USER_TAB_PRIVS 【授予用户的对象权限 包含了当前用户给其他用户的对象权限和其他用户给当前用户的对象权限】 ROLE_TAB_PRIVS 【授予角色的表的权限】 USER_TAB_PRIVS_RECD 【其他用户给当前用户的对象权限】 USER_TAB_PRIVS_MADE 【当前用户给其他用户的对象权限】 USER_COL_PRIVS_MADE 【在用户对象列一级上被分配的对象权限】 USER_COL_PRIVS_RECD 【在指定列上分配给用户的对象权限】 【显示用户授出的列权限【user_col_privs_made】
【显示用户所具有的列权限】
【显示用户所授出的对象权限】
【显示用户所具有的对象权限(收到)】
|
Oracle11g温习-第十七章:权限管理的更多相关文章
- Oracle11g温习-第十一章:管理undo
2013年4月27日 星期六 10:40 1.undo tablespace 功能 undo tablespace 功能:用来存放从datafiles 读出的数据块旧的镜像 [ ...
- 第一章 权限管理DEMO简介
源代码GitHub:https://github.com/ZhaoRd/Zrd_0001_AuthorityManagement 1.系列介绍 工作已有五年之久,一直有想通过博客写点自己知道的,在博客 ...
- Oracle11g温习-第三章:instance实例管理
2013年4月27日 星期六 10:30 1.instance 功能: 用于管理和访问database. 2.init parameter files :管理实例相关启动参数.位置:$ORACLE ...
- Oracle11g温习-第四章:手工建库
1.create database plan 1.库类型: OLTP : 在线事务处理系统 OLAP : 在线应用处理系统 DSS : 数据决策系统 2.数据库名字及字符集 3. ...
- 第十七章 程序管理与SELinux初探--进程、进程管理(ps、top)
一个程序被加载到内存当中运行,在内存内的那个数据就被称为进程(process).进程是操作系统上非常重要的概念,所有系统上面跑的数据都会以进程的类型存在.系统进程有哪些状态?不同状态会如何影响系统的运 ...
- 第7章 权限管理(3)_文件系统属性和sudo权限
3. 文件系统属性chattr权限 (1)chattr命令 命令格式: #chattr [+-=][选项] 文件或目录名 +.-.= 分别表示增加权限.删除权限和赋于某种权限 选项 i:主要用来防止对 ...
- 第7章 权限管理(2)_文件特殊权限(SUID、SGID、SBIT)
2. 文件特殊权限(主要用来临时提升命令执行者或其组身份) 2.1 SetUID (1)SetUID的功能 ①只有可以执行的二进制程序才能设定SUID权限.用来临时提升执行程序(或某条命令)的用户身份 ...
- 第7章 权限管理(1)_ACL权限
1. ACL权限 1.1 ACL权限简介与开启 (1)ACL权限简介 ①ACL是Access Control List的缩写,主要目的是在提供传统的owner,group,others的read,wr ...
- Oracle11g温习-第七章:redo日志
2013年4月27日 星期六 10:33 1.redo (重做) log 的功能: 用于数据恢复 2.redo log 特征: [特征]: 1) 记录数据块的变化(DML.D ...
随机推荐
- Google advertiser api开发概述
对象.方法和服务 AdWords API 主要供 AdWords 的高级用户使用.如果您是 AdWords 新手,或需要复习 AdWords 基本概念,请查看 AdWords 基础知识页面. 对象层级 ...
- Paper Reviews and Presentations
Copied from Advanced Computer Networks, Johns Hopkins University. Paper Reviews and Presentations Ea ...
- HDU 5976 Detachment(拆分)
HDU 5976 Detachment(拆分) 00 MS (Java/Others) Memory Limit: 65536/65536 K (Java/Others) Problem D ...
- 【AT1219】历史研究
Problem Description \(IOI\)国历史研究的第一人--\(JOI\)教授,最近获得了一份被认为是古代\(IOI\)国的住民写下的日记.\(JOI\)教授为了通过这份日记来研究古代 ...
- P2016 战略游戏
传送门 思路: 前置知识——普通树D: ▲普通的树形 DP : 设 f [ i ][ 0 ] 表示这个点不取,则它的所有子节点都要取:f [ i ][ 1 ] 表示这个点取,则它的子节点取与不取对之前 ...
- springboot学习之授权Spring Security
SpringSecurity核心功能:认证.授权.攻击防护(防止伪造身份) 涉及的依赖如下: <dependency> <groupId>org.springframework ...
- 获取 ip ( 第三方接口 )
搜狐IP地址查询接口(默认GBK):http://pv.sohu.com/cityjson 搜狐IP地址查询接口(可设置编码):http://pv.sohu.com/cityjson?ie=utf-8 ...
- CSS3一些常用动画
/* animation */ .a-bounce,.a-flip,.a-flash,.a-shake,.a-swing,.a-wobble,.a-ring{-webkit-animation:1s ...
- AD10中创建材料清单(BOM表)
材料清单可以用来作为元件的采购清单,同时也可以用于查看PCB中的元件封装信息是否正确. 操作: Reports----->Bill of Materials
- vux的x-input的源码分析
<template> <div class="vux-x-input weui-cell" :class="{'weui-cell_warn': sho ...