Oracle11g温习-第十七章：权限管理

2013年4月27日星期六

10:50

1、权限（privilege）：

【system privilege（系统权限）：针对于database 的相关权限

object privilege （对象权限）：针对于schema 的object】

2、查看系统权限

SYS @ prod > desc system_privilege_map;

Name Null? Type

----------------------------------------------------------------- -------- --------------------------------------------

PRIVILEGE NOT NULL NUMBER

NAME NOT NULL VARCHAR2(40)

PROPERTY NOT NULL NUMBER

SYS @ prod > select * from system_privilege_map;

PRIVILEGE NAME PROPERTY

---------- ------------------------------ ----------

-3 ALTER SYSTEM 0

-4 AUDIT SYSTEM 0

-5 CREATE SESSION 0

-6 ALTER SESSION 0

-7 RESTRICTED SESSION 0

-10 CREATE TABLESPACE 0

-11 ALTER TABLESPACE 0

-12 MANAGE TABLESPACE 0

-13 DROP TABLESPACE 0

-15 UNLIMITED TABLESPACE 0

-20 CREATE USER 0

-21 BECOME USER 0

-22 ALTER USER 0

-23 DROP USER 0

-30 CREATE ROLLBACK SEGMENT 0

-31 ALTER ROLLBACK SEGMENT 0

-32 DROP ROLLBACK SEGMENT 0

-40 CREATE TABLE 0

-41 CREATE ANY TABLE 0

-42 ALTER ANY TABLE 0

-43 BACKUP ANY TABLE 0

-44 DROP ANY TABLE 0

-45 LOCK ANY TABLE 0

-46 COMMENT ANY TABLE 0

-47 SELECT ANY TABLE 0

-48 INSERT ANY TABLE 0

-49 UPDATE ANY TABLE 0

-50 DELETE ANY TABLE 0

-60 CREATE CLUSTER 0

-61 CREATE ANY CLUSTER 0

-62 ALTER ANY CLUSTER 0

-63 DROP ANY CLUSTER 0

-71 CREATE ANY INDEX 0

-72 ALTER ANY INDEX 0

-73 DROP ANY INDEX 0

-80 CREATE SYNONYM 0

-81 CREATE ANY SYNONYM 0

-82 DROP ANY SYNONYM 0

-83 SYSDBA 0

-84 SYSOPER 0

-85 CREATE PUBLIC SYNONYM 0

-86 DROP PUBLIC SYNONYM 0

-90 CREATE VIEW 0

-91 CREATE ANY VIEW 0

-92 DROP ANY VIEW 0

-105 CREATE SEQUENCE 0

-106 CREATE ANY SEQUENCE 0

-107 ALTER ANY SEQUENCE 0

-108 DROP ANY SEQUENCE 0

-109 SELECT ANY SEQUENCE 0

-115 CREATE DATABASE LINK 0

-120 CREATE PUBLIC DATABASE LINK 0

-121 DROP PUBLIC DATABASE LINK 0

-125 CREATE ROLE 0

-126 DROP ANY ROLE 0

-127 GRANT ANY ROLE 0

-128 ALTER ANY ROLE 0

-130 AUDIT ANY 0

-135 ALTER DATABASE 0

-138 FORCE TRANSACTION 0

-139 FORCE ANY TRANSACTION 0

-140 CREATE PROCEDURE 0

-141 CREATE ANY PROCEDURE 0

-142 ALTER ANY PROCEDURE 0

-143 DROP ANY PROCEDURE 0

-144 EXECUTE ANY PROCEDURE 0

-151 CREATE TRIGGER 0

-152 CREATE ANY TRIGGER 0

-153 ALTER ANY TRIGGER 0

-154 DROP ANY TRIGGER 0

-160 CREATE PROFILE 0

-161 ALTER PROFILE 0

-162 DROP PROFILE 0

-163 ALTER RESOURCE COST 0

-165 ANALYZE ANY 0

-167 GRANT ANY PRIVILEGE 0

-172 CREATE MATERIALIZED VIEW 0

-173 CREATE ANY MATERIALIZED VIEW 0

-174 ALTER ANY MATERIALIZED VIEW 0

-175 DROP ANY MATERIALIZED VIEW 0

-177 CREATE ANY DIRECTORY 0

-178 DROP ANY DIRECTORY 0

-180 CREATE TYPE 0

-181 CREATE ANY TYPE 0

-182 ALTER ANY TYPE 0

-183 DROP ANY TYPE 0

-184 EXECUTE ANY TYPE 0

-186 UNDER ANY TYPE 0

-188 CREATE LIBRARY 0

-189 CREATE ANY LIBRARY 0

-190 ALTER ANY LIBRARY 0

-191 DROP ANY LIBRARY 0

-192 EXECUTE ANY LIBRARY 0

-200 CREATE OPERATOR 0

-201 CREATE ANY OPERATOR 0

-202 ALTER ANY OPERATOR 0

-203 DROP ANY OPERATOR 0

-204 EXECUTE ANY OPERATOR 0

-205 CREATE INDEXTYPE 0

-206 CREATE ANY INDEXTYPE 0

-207 ALTER ANY INDEXTYPE 0

-208 DROP ANY INDEXTYPE 0

-209 UNDER ANY VIEW 0

-210 QUERY REWRITE 0

-211 GLOBAL QUERY REWRITE 0

-212 EXECUTE ANY INDEXTYPE 0

-213 UNDER ANY TABLE 0

-214 CREATE DIMENSION 0

-215 CREATE ANY DIMENSION 0

-216 ALTER ANY DIMENSION 0

-217 DROP ANY DIMENSION 0

-218 MANAGE ANY QUEUE 1

-219 ENQUEUE ANY QUEUE 1

-220 DEQUEUE ANY QUEUE 1

-222 CREATE ANY CONTEXT 0

-223 DROP ANY CONTEXT 0

-224 CREATE ANY OUTLINE 0

-225 ALTER ANY OUTLINE 0

-226 DROP ANY OUTLINE 0

-227 ADMINISTER RESOURCE MANAGER 1

-228 ADMINISTER DATABASE TRIGGER 0

-233 MERGE ANY VIEW 0

-234 ON COMMIT REFRESH 0

-235 EXEMPT ACCESS POLICY 0

-236 RESUMABLE 0

-237 SELECT ANY DICTIONARY 0

-238 DEBUG CONNECT SESSION 0

-241 DEBUG ANY PROCEDURE 0

-243 FLASHBACK ANY TABLE 0

-244 GRANT ANY OBJECT PRIVILEGE 0

-245 CREATE EVALUATION CONTEXT 1

-246 CREATE ANY EVALUATION CONTEXT 1

-247 ALTER ANY EVALUATION CONTEXT 1

-248 DROP ANY EVALUATION CONTEXT 1

-249 EXECUTE ANY EVALUATION CONTEXT 1

-250 CREATE RULE SET 1

-251 CREATE ANY RULE SET 1

-252 ALTER ANY RULE SET 1

-253 DROP ANY RULE SET 1

-254 EXECUTE ANY RULE SET 1

-255 EXPORT FULL DATABASE 0

-256 IMPORT FULL DATABASE 0

-257 CREATE RULE 1

-258 CREATE ANY RULE 1

-259 ALTER ANY RULE 1

-260 DROP ANY RULE 1

-261 EXECUTE ANY RULE 1

-262 ANALYZE ANY DICTIONARY 0

-263 ADVISOR 0

-264 CREATE JOB 0

-265 CREATE ANY JOB 0

-266 EXECUTE ANY PROGRAM 0

-267 EXECUTE ANY CLASS 0

-268 MANAGE SCHEDULER 0

-269 SELECT ANY TRANSACTION 0

-270 DROP ANY SQL PROFILE 0

-271 ALTER ANY SQL PROFILE 0

-272 ADMINISTER SQL TUNING SET 0

-273 ADMINISTER ANY SQL TUNING SET 0

-274 CREATE ANY SQL PROFILE 0

-275 EXEMPT IDENTITY POLICY 0

-276 MANAGE FILE GROUP 1

-277 MANAGE ANY FILE GROUP 1

-278 READ ANY FILE GROUP 1

-279 CHANGE NOTIFICATION 0

-280 CREATE EXTERNAL JOB 0

select any table 访问dba_xxx数据字典视图

SYS @ prod > grant select any table to scott; ——授权

Grant succeeded.

SYS @ prod > conn scott/tiger

Connected.

SCOTT @ prod > desc user_sys_privs;

Name Null? Type

----------------------------------------------------------------- -------- --------------------------------------------

USERNAME VARCHAR2(30)

PRIVILEGE NOT NULL VARCHAR2(40)

ADMIN_OPTION VARCHAR2(3)

SCOTT @ prod > select * from user_sys_privs；——【查看用户拥有的系统权限】

USERNAME PRIVILEGE ADM

------------------------------ ---------------------------------------- ---

SCOTT UNLIMITED TABLESPACE NO

SCOTT SELECT ANY TABLE NO

SCOTT @ prod > select * from tom.text2;

----------

SCOTT @ prod > select * from sys.dba_users;

select * from sys.dba_users

ERROR at line 1:

ORA-00942: table or view does not exist

——默认普通用户不能去访问dba_xxx 视图，需要修改以下参数

SYS @ prod > show parameter o7

NAME TYPE VALUE

------------------------------------ ----------- ------------------------------

O7_DICTIONARY_ACCESSIBILITY boolean FALSE

SYS @ prod > alter system set O7_DICTIONARY_ACCESSIBILITY=true scope=spfile;

System altered.

SYS @ prod > startup force

SYS @ prod > conn scott/tiger

SCOTT @ prod > select table_name from dba_tables where owner='SCOTT';

TABLE_NAME

-------------------------

DEPT

EMP

BONUS

SALGRADE

EMPLOYEES

ADMIN_EXT_EMPLOYEES

EMP1

3、分配、回收系统权限

grant——with admin option 【如果用户获得权限时，设置此参数，用户可以将权限再授予别的用户】

SYS @ prod > grant select any table to scott with admin option;

Grant succeeded.

SYS @ prod > conn scott/tiger

Connected.

SCOTT @ prod > col usrname for a10

SCOTT @ prod > col privilege for a30

SCOTT @ prod > select * from user_sys_privs;

USERNAME PRIVILEGE ADMIN_OPT

--------------- ------------------------------ ---------

SCOTT UNLIMITED TABLESPACE NO

SCOTT SELECT ANY TABLE YES

SCOTT @ prod > grant select any table to tom;

Grant succeeded.

SCOTT @ prod > conn tom/tom

Connected.

TOM @ prod > select * from user_sys_privs;

USERNAME PRIVILEGE ADMIN_OPT

--------------- ------------------------------ ---------

TOM SELECT ANY TABLE NO

TOM CREATE SESSION NO

TOM UNLIMITED TABLESPACE NO

TOM @ prod > select * from scott.emp where rownum <3;

EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO

---------- ---------- --------- ---------- --------- ---------- ---------- ----------

7369 SMITH CLERK 7902 17-DEC-80 800 20

7499 ALLEN SALESMAN 7698 20-FEB-81 1600 300 30

——【revoke with admin option ，在回收权限时，不能级联】。

TOM @ prod > conn /as sysdba

Connected.

SYS @ prod > revoke select any table from scott;

Revoke succeeded.

SCOTT @ prod > conn scott/tiger

Connected.

SCOTT @ prod > select * from user_sys_privs;

USERNAME PRIVILEGE ADMIN_OPT

--------------- ------------------------------ ---------

SCOTT UNLIMITED TABLESPACE NO

SCOTT @ prod > conn tom/tom

Connected.

TOM @ prod > select * from user_sys_privs;

USERNAME PRIVILEGE ADMIN_OPT

--------------- ------------------------------ ---------

TOM SELECT ANY TABLE NO

TOM CREATE SESSION NO

TOM UNLIMITED TABLESPACE NO

——【必须一一收回】

TOM @ prod > conn /as sysdba

Connected.

SYS @ prod > revoke select any table from tom;

Revoke succeeded.

SYS @ prod > conn tom/tom

Connected.

TOM @ prod > select * from user_sys_privs;

USERNAME PRIVILEGE ADMIN_OPT

--------------- ------------------------------ ---------

TOM CREATE SESSION NO

TOM UNLIMITED TABLESPACE NO

4、对象权限

grant ---------with grant option ——【如果用户获得权限时，设置此参数，用户可以将权限再授予别的用户】

SYS @ prod > grant all on scott.emp to public; ——【all 代表所有的对象权限，public 代表所有的用户 】

SYS @ prod > conn tom/tom

Connected.

TOM @ prod > select * from user_tab_privs;

no rows selected

【在视图user_tab_privs没有记载，但是权限是授予的了，一样可以执行权限【如果是系统权限就会在user_sys_privs上显示信息】】

TOM @ prod > select ename from scott.emp;

ENAME

------------------------------

SMITH

ALLEN

WARD

JONES

MARTIN

BLAKE

CLARK

SCOTT

KING

TURNER

ADAMS

JAMES

FORD

MILLER

14 rows selected.

TOM @ prod > delete from scott.emp;

14 rows deleted.

TOM @ prod > rollback;

Rollback complete.

TOM @ prod > conn /as sysdba

Connected.

SYS @ prod > revoke all on scott.emp from public; ——【回收权限】

Revoke succeeded.

SYS @ prod > grant update on scott.emp to tom with grant option;

Grant succeeded.

SYS @ prod > create user rose identified by rose ;

User created.

SYS @ prod > grant create session to rose;

Grant succeeded.

SYS @ prod > conn tom/tom

Connected.

GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY

---------- --------------- --------------- --------------- --------------- --------------- ---------------

TOM SCOTT EMP1 SCOTT UPDATE YES NO

TOM @ prod > grant update on scott.emp to rose;

Grant succeeded.

TOM @ prod > conn rose/rose

Connected.

ROSE @ prod > select * from user_tab_privs;

GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY

---------- --------------- --------------- --------------- --------------- --------------- ---------------

ROSE SCOTT EMP1 TOM UPDATE NO NO

——【revoke with grant option ，在回收权限时，级联。】

ROSE @ prod > conn /as sysdba

Connected.

SYS @ prod > revoke update on scott.emp from rose;

revoke update on scott.emp from rose

ERROR at line 1:

ORA-01927: cannot REVOKE privileges you did not grant

----只能从直接授予者回收权限

SYS @ prod > revoke update on scott.emp from tom;

Revoke succeeded.

SYS @ prod > conn tom/tom

Connected.

TOM @ prod > select * from user_tab_privs;

GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRA HIE

-------------------- ---------- ---------- ---------- ---------------------------------------- --- ---

TOM SCOTT EMP SCOTT SELECT NO NO

——针对列授予对象权限

SYS @ prod >grant update(sal) on scott.emp to tom;

Grant succeeded.

SYS @ prod > conn tom/tom

Connected.

TOM @ prod > update scott.emp set comm=100 where empno=7788; ——对该列无权限修改

update scott.emp set comm=100 where empno=7788

ERROR at line 1:

ORA-01031: insufficient privileges

TOM @ prod > update scott.emp set sal=10000 where empno=7788;

1 row updated.

TOM @ prod > rollback;

Rollback complete.

TOM @ prod > select GRANTEE,OWNER,TABLE_NAME,COLUMN_NAME,PRIVILEGE from user_col_privs;

GRANTEE OWNER TABLE_NAME COLUMN_NAME PRIVILEGE

---------- --------------- --------------- --------------- ---------------

TOM SCOTT EMP SAL UPDATE

与权限相关的视图

SESSION_PRIVS 【用户当前会话拥有的系统权限】

USER_ROLE_PRIVS 【用户被授予的角色】

ROLE_SYS_PRIVS 【用户当前拥有的角色的系统权限】

USER_SYS_PRIVS 【直接授予用户的系统权限】

USER_TAB_PRIVS 【授予用户的对象权限包含了当前用户给其他用户的对象权限和其他用户给当前用户的对象权限】

ROLE_TAB_PRIVS 【授予角色的表的权限】

USER_TAB_PRIVS_RECD 【其他用户给当前用户的对象权限】

USER_TAB_PRIVS_MADE 【当前用户给其他用户的对象权限】

USER_COL_PRIVS_MADE 【在用户对象列一级上被分配的对象权限】

USER_COL_PRIVS_RECD 【在指定列上分配给用户的对象权限】

【显示用户授出的列权限【user_col_privs_made】

SYS @ prod >select GRANTEE,PRIVILEGE,TABLE_NAME||'.'||COLUMN_NAME tab_column from user_col_privs;

GRANTEE PRIVILEGE TAB_COLUMN

---------- --------------- --------------------

TOM UPDATE EMP.SAL

【显示用户所具有的列权限】

SYS @ prod > select PRIVILEGE,TABLE_NAME||'.'||COLUMN_NAME tab_column,GRANTOR from user_col_privs;

PRIVILEGE TAB_COLUMN GRANTOR

--------------- -------------------- ---------------

UPDATE EMP.SAL SCOTT

【显示用户所授出的对象权限】

SYS @ prod > select grantee ,privilege ,table_name from user_tab_privs_made;

GRANTEE PRIVILEGE TABLE_NAME

------------------------------ ---------------------------------------- ----------

HR DELETE DEPT

HR SELECT DEPT

HR UPDATE DEPT

OE SELECT EMP

【显示用户所具有的对象权限（收到）】

SYS @ prod >select privilege,table_name,grantor from all_tab_privs_recd where grantee='HR';

PRIVILEGE TABLE_NAME GRANTOR

---------------------------------------- ---------- ------------------------------

EXECUTE DBMS_STATS SYS

DELETE DEPT SCOTT

SELECT DEPT SCOTT

UPDATE DEPT SCOTT

Oracle11g温习-第十七章：权限管理的更多相关文章

Oracle11g温习-第十一章：管理undo
2013年4月27日星期六 10:40 1.undo tablespace 功能 undo tablespace 功能:用来存放从datafiles 读出的数据块旧的镜像 [ ...
第一章权限管理DEMO简介
源代码GitHub:https://github.com/ZhaoRd/Zrd_0001_AuthorityManagement 1.系列介绍工作已有五年之久,一直有想通过博客写点自己知道的,在博客 ...
Oracle11g温习-第三章：instance实例管理
2013年4月27日星期六 10:30 1.instance 功能: 用于管理和访问database. 2.init parameter files :管理实例相关启动参数.位置:$ORACLE ...
Oracle11g温习-第四章：手工建库
1.create database plan 1.库类型: OLTP : 在线事务处理系统 OLAP : 在线应用处理系统 DSS : 数据决策系统 2.数据库名字及字符集 3. ...
第十七章程序管理与SELinux初探--进程、进程管理(ps、top)
一个程序被加载到内存当中运行,在内存内的那个数据就被称为进程(process).进程是操作系统上非常重要的概念,所有系统上面跑的数据都会以进程的类型存在.系统进程有哪些状态?不同状态会如何影响系统的运 ...
第7章权限管理（3）_文件系统属性和sudo权限
3. 文件系统属性chattr权限 (1)chattr命令命令格式: #chattr [+-=][选项] 文件或目录名 +.-.= 分别表示增加权限.删除权限和赋于某种权限选项 i:主要用来防止对 ...
第7章权限管理（2）_文件特殊权限(SUID、SGID、SBIT)
2. 文件特殊权限(主要用来临时提升命令执行者或其组身份) 2.1 SetUID (1)SetUID的功能 ①只有可以执行的二进制程序才能设定SUID权限.用来临时提升执行程序(或某条命令)的用户身份 ...
第7章权限管理（1）_ACL权限
1. ACL权限 1.1 ACL权限简介与开启 (1)ACL权限简介 ①ACL是Access Control List的缩写,主要目的是在提供传统的owner,group,others的read,wr ...
Oracle11g温习-第七章：redo日志
2013年4月27日星期六 10:33 1.redo (重做) log 的功能: 用于数据恢复 2.redo log 特征: [特征]: 1) 记录数据块的变化(DML.D ...

随机推荐

【C#】可空类型 NullAble<T>
在实际编写代码时候 , 会遇到很多场景, 需要将值置成空, 比如发货日期, 有可能是没有. 在没有可空类型之前, 程序都是用魔值, 即为一个minValue或者常量, 来代表这个值为空, 也有用一 ...
Kylin工作原理、体系架构
核心思想:预计算. 对多维分析可能用到的度量进行预计算,将计算好的结果保存成Cube,并存在HBase中,供查询时直接访问将高复杂度的聚合运算.多表连接……操作转换成对预计算结果的查询.决定了Kyl ...
【转载】常用 Java 静态代码分析工具的分析与比较
摘自:http://www.oschina.net/question/129540_23043常用 Java 静态代码分析工具的分析与比较简介: 本文首先介绍了静态代码分析的基本概念及主要技术,随后 ...
CCF计算机网络会议日期
SenSys: November 5-8 2017, Deadline: April 3, 2017 CoNEXT: December 12-15 2017, Deadline: June 12, 2 ...
Gym 100247A The Power of the Dark Side
https://vjudge.net/problem/Gym-100247A 题意: 每个绝地武士有三个能力值a,b,c,两个武士决斗时谁有两个值大于对方谁就是胜者(a和a比,b和b比,c和c比,所有 ...
sprinf sprintf_s 的用法
函数功能: 将数据格式化输出到字符串函数原型: int sprintf( char *buffer, const char *format [,argument] ... ) 注意这里的buffer ...
Webpack+React项目入门——入门及配置Webpack
一.入门Webpack 参考文章:<入门Webpack,看这篇就够了> 耐心看完这篇非常有帮助二.React+Webpack环境配置参考文章:<webpack+react项目初体 ...
Vue运行报错--eslint
Errors:? 1? http://eslint.org/docs/rules/no-trailing-spacesYou may use special comments to disable s ...
【三】php 数组
数组 1.数字索引数组:array('a','b','c'); 2.访问数组内容 $arr[下标] 3.新增数组元素 $arr[下标]=内容 4.使用循环访问数组 //针对数字索引 $arr=arr ...
python web py安装与简单使用
web.py是一个轻量级的python web框架,简单而且功能强大.相对flask和Django,web.py更适合初学者来学习和了解web开发的基础知识. 安装: pip install we ...

Oracle11g温习-第十七章：权限管理

Oracle11g温习-第十七章：权限管理的更多相关文章

随机推荐

热门专题