Oracle11g温习-第十七章：权限管理

2013年4月27日星期六

10:50

1、权限（privilege）：

【system privilege（系统权限）：针对于database 的相关权限

object privilege （对象权限）：针对于schema 的object】

2、查看系统权限

SYS @ prod > desc system_privilege_map;

Name Null? Type

----------------------------------------------------------------- -------- --------------------------------------------

PRIVILEGE NOT NULL NUMBER

NAME NOT NULL VARCHAR2(40)

PROPERTY NOT NULL NUMBER

SYS @ prod > select * from system_privilege_map;

PRIVILEGE NAME PROPERTY

---------- ------------------------------ ----------

-3 ALTER SYSTEM 0

-4 AUDIT SYSTEM 0

-5 CREATE SESSION 0

-6 ALTER SESSION 0

-7 RESTRICTED SESSION 0

-10 CREATE TABLESPACE 0

-11 ALTER TABLESPACE 0

-12 MANAGE TABLESPACE 0

-13 DROP TABLESPACE 0

-15 UNLIMITED TABLESPACE 0

-20 CREATE USER 0

-21 BECOME USER 0

-22 ALTER USER 0

-23 DROP USER 0

-30 CREATE ROLLBACK SEGMENT 0

-31 ALTER ROLLBACK SEGMENT 0

-32 DROP ROLLBACK SEGMENT 0

-40 CREATE TABLE 0

-41 CREATE ANY TABLE 0

-42 ALTER ANY TABLE 0

-43 BACKUP ANY TABLE 0

-44 DROP ANY TABLE 0

-45 LOCK ANY TABLE 0

-46 COMMENT ANY TABLE 0

-47 SELECT ANY TABLE 0

-48 INSERT ANY TABLE 0

-49 UPDATE ANY TABLE 0

-50 DELETE ANY TABLE 0

-60 CREATE CLUSTER 0

-61 CREATE ANY CLUSTER 0

-62 ALTER ANY CLUSTER 0

-63 DROP ANY CLUSTER 0

-71 CREATE ANY INDEX 0

-72 ALTER ANY INDEX 0

-73 DROP ANY INDEX 0

-80 CREATE SYNONYM 0

-81 CREATE ANY SYNONYM 0

-82 DROP ANY SYNONYM 0

-83 SYSDBA 0

-84 SYSOPER 0

-85 CREATE PUBLIC SYNONYM 0

-86 DROP PUBLIC SYNONYM 0

-90 CREATE VIEW 0

-91 CREATE ANY VIEW 0

-92 DROP ANY VIEW 0

-105 CREATE SEQUENCE 0

-106 CREATE ANY SEQUENCE 0

-107 ALTER ANY SEQUENCE 0

-108 DROP ANY SEQUENCE 0

-109 SELECT ANY SEQUENCE 0

-115 CREATE DATABASE LINK 0

-120 CREATE PUBLIC DATABASE LINK 0

-121 DROP PUBLIC DATABASE LINK 0

-125 CREATE ROLE 0

-126 DROP ANY ROLE 0

-127 GRANT ANY ROLE 0

-128 ALTER ANY ROLE 0

-130 AUDIT ANY 0

-135 ALTER DATABASE 0

-138 FORCE TRANSACTION 0

-139 FORCE ANY TRANSACTION 0

-140 CREATE PROCEDURE 0

-141 CREATE ANY PROCEDURE 0

-142 ALTER ANY PROCEDURE 0

-143 DROP ANY PROCEDURE 0

-144 EXECUTE ANY PROCEDURE 0

-151 CREATE TRIGGER 0

-152 CREATE ANY TRIGGER 0

-153 ALTER ANY TRIGGER 0

-154 DROP ANY TRIGGER 0

-160 CREATE PROFILE 0

-161 ALTER PROFILE 0

-162 DROP PROFILE 0

-163 ALTER RESOURCE COST 0

-165 ANALYZE ANY 0

-167 GRANT ANY PRIVILEGE 0

-172 CREATE MATERIALIZED VIEW 0

-173 CREATE ANY MATERIALIZED VIEW 0

-174 ALTER ANY MATERIALIZED VIEW 0

-175 DROP ANY MATERIALIZED VIEW 0

-177 CREATE ANY DIRECTORY 0

-178 DROP ANY DIRECTORY 0

-180 CREATE TYPE 0

-181 CREATE ANY TYPE 0

-182 ALTER ANY TYPE 0

-183 DROP ANY TYPE 0

-184 EXECUTE ANY TYPE 0

-186 UNDER ANY TYPE 0

-188 CREATE LIBRARY 0

-189 CREATE ANY LIBRARY 0

-190 ALTER ANY LIBRARY 0

-191 DROP ANY LIBRARY 0

-192 EXECUTE ANY LIBRARY 0

-200 CREATE OPERATOR 0

-201 CREATE ANY OPERATOR 0

-202 ALTER ANY OPERATOR 0

-203 DROP ANY OPERATOR 0

-204 EXECUTE ANY OPERATOR 0

-205 CREATE INDEXTYPE 0

-206 CREATE ANY INDEXTYPE 0

-207 ALTER ANY INDEXTYPE 0

-208 DROP ANY INDEXTYPE 0

-209 UNDER ANY VIEW 0

-210 QUERY REWRITE 0

-211 GLOBAL QUERY REWRITE 0

-212 EXECUTE ANY INDEXTYPE 0

-213 UNDER ANY TABLE 0

-214 CREATE DIMENSION 0

-215 CREATE ANY DIMENSION 0

-216 ALTER ANY DIMENSION 0

-217 DROP ANY DIMENSION 0

-218 MANAGE ANY QUEUE 1

-219 ENQUEUE ANY QUEUE 1

-220 DEQUEUE ANY QUEUE 1

-222 CREATE ANY CONTEXT 0

-223 DROP ANY CONTEXT 0

-224 CREATE ANY OUTLINE 0

-225 ALTER ANY OUTLINE 0

-226 DROP ANY OUTLINE 0

-227 ADMINISTER RESOURCE MANAGER 1

-228 ADMINISTER DATABASE TRIGGER 0

-233 MERGE ANY VIEW 0

-234 ON COMMIT REFRESH 0

-235 EXEMPT ACCESS POLICY 0

-236 RESUMABLE 0

-237 SELECT ANY DICTIONARY 0

-238 DEBUG CONNECT SESSION 0

-241 DEBUG ANY PROCEDURE 0

-243 FLASHBACK ANY TABLE 0

-244 GRANT ANY OBJECT PRIVILEGE 0

-245 CREATE EVALUATION CONTEXT 1

-246 CREATE ANY EVALUATION CONTEXT 1

-247 ALTER ANY EVALUATION CONTEXT 1

-248 DROP ANY EVALUATION CONTEXT 1

-249 EXECUTE ANY EVALUATION CONTEXT 1

-250 CREATE RULE SET 1

-251 CREATE ANY RULE SET 1

-252 ALTER ANY RULE SET 1

-253 DROP ANY RULE SET 1

-254 EXECUTE ANY RULE SET 1

-255 EXPORT FULL DATABASE 0

-256 IMPORT FULL DATABASE 0

-257 CREATE RULE 1

-258 CREATE ANY RULE 1

-259 ALTER ANY RULE 1

-260 DROP ANY RULE 1

-261 EXECUTE ANY RULE 1

-262 ANALYZE ANY DICTIONARY 0

-263 ADVISOR 0

-264 CREATE JOB 0

-265 CREATE ANY JOB 0

-266 EXECUTE ANY PROGRAM 0

-267 EXECUTE ANY CLASS 0

-268 MANAGE SCHEDULER 0

-269 SELECT ANY TRANSACTION 0

-270 DROP ANY SQL PROFILE 0

-271 ALTER ANY SQL PROFILE 0

-272 ADMINISTER SQL TUNING SET 0

-273 ADMINISTER ANY SQL TUNING SET 0

-274 CREATE ANY SQL PROFILE 0

-275 EXEMPT IDENTITY POLICY 0

-276 MANAGE FILE GROUP 1

-277 MANAGE ANY FILE GROUP 1

-278 READ ANY FILE GROUP 1

-279 CHANGE NOTIFICATION 0

-280 CREATE EXTERNAL JOB 0

select any table 访问dba_xxx数据字典视图

SYS @ prod > grant select any table to scott; ——授权

Grant succeeded.

SYS @ prod > conn scott/tiger

Connected.

SCOTT @ prod > desc user_sys_privs;

Name Null? Type

----------------------------------------------------------------- -------- --------------------------------------------

USERNAME VARCHAR2(30)

PRIVILEGE NOT NULL VARCHAR2(40)

ADMIN_OPTION VARCHAR2(3)

SCOTT @ prod > select * from user_sys_privs；——【查看用户拥有的系统权限】

USERNAME PRIVILEGE ADM

------------------------------ ---------------------------------------- ---

SCOTT UNLIMITED TABLESPACE NO

SCOTT SELECT ANY TABLE NO

SCOTT @ prod > select * from tom.text2;

----------

SCOTT @ prod > select * from sys.dba_users;

select * from sys.dba_users

ERROR at line 1:

ORA-00942: table or view does not exist

——默认普通用户不能去访问dba_xxx 视图，需要修改以下参数

SYS @ prod > show parameter o7

NAME TYPE VALUE

------------------------------------ ----------- ------------------------------

O7_DICTIONARY_ACCESSIBILITY boolean FALSE

SYS @ prod > alter system set O7_DICTIONARY_ACCESSIBILITY=true scope=spfile;

System altered.

SYS @ prod > startup force

SYS @ prod > conn scott/tiger

SCOTT @ prod > select table_name from dba_tables where owner='SCOTT';

TABLE_NAME

-------------------------

DEPT

EMP

BONUS

SALGRADE

EMPLOYEES

ADMIN_EXT_EMPLOYEES

EMP1

3、分配、回收系统权限

grant——with admin option 【如果用户获得权限时，设置此参数，用户可以将权限再授予别的用户】

SYS @ prod > grant select any table to scott with admin option;

Grant succeeded.

SYS @ prod > conn scott/tiger

Connected.

SCOTT @ prod > col usrname for a10

SCOTT @ prod > col privilege for a30

SCOTT @ prod > select * from user_sys_privs;

USERNAME PRIVILEGE ADMIN_OPT

--------------- ------------------------------ ---------

SCOTT UNLIMITED TABLESPACE NO

SCOTT SELECT ANY TABLE YES

SCOTT @ prod > grant select any table to tom;

Grant succeeded.

SCOTT @ prod > conn tom/tom

Connected.

TOM @ prod > select * from user_sys_privs;

USERNAME PRIVILEGE ADMIN_OPT

--------------- ------------------------------ ---------

TOM SELECT ANY TABLE NO

TOM CREATE SESSION NO

TOM UNLIMITED TABLESPACE NO

TOM @ prod > select * from scott.emp where rownum <3;

EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO

---------- ---------- --------- ---------- --------- ---------- ---------- ----------

7369 SMITH CLERK 7902 17-DEC-80 800 20

7499 ALLEN SALESMAN 7698 20-FEB-81 1600 300 30

——【revoke with admin option ，在回收权限时，不能级联】。

TOM @ prod > conn /as sysdba

Connected.

SYS @ prod > revoke select any table from scott;

Revoke succeeded.

SCOTT @ prod > conn scott/tiger

Connected.

SCOTT @ prod > select * from user_sys_privs;

USERNAME PRIVILEGE ADMIN_OPT

--------------- ------------------------------ ---------

SCOTT UNLIMITED TABLESPACE NO

SCOTT @ prod > conn tom/tom

Connected.

TOM @ prod > select * from user_sys_privs;

USERNAME PRIVILEGE ADMIN_OPT

--------------- ------------------------------ ---------

TOM SELECT ANY TABLE NO

TOM CREATE SESSION NO

TOM UNLIMITED TABLESPACE NO

——【必须一一收回】

TOM @ prod > conn /as sysdba

Connected.

SYS @ prod > revoke select any table from tom;

Revoke succeeded.

SYS @ prod > conn tom/tom

Connected.

TOM @ prod > select * from user_sys_privs;

USERNAME PRIVILEGE ADMIN_OPT

--------------- ------------------------------ ---------

TOM CREATE SESSION NO

TOM UNLIMITED TABLESPACE NO

4、对象权限

grant ---------with grant option ——【如果用户获得权限时，设置此参数，用户可以将权限再授予别的用户】

SYS @ prod > grant all on scott.emp to public; ——【all 代表所有的对象权限，public 代表所有的用户 】

SYS @ prod > conn tom/tom

Connected.

TOM @ prod > select * from user_tab_privs;

no rows selected

【在视图user_tab_privs没有记载，但是权限是授予的了，一样可以执行权限【如果是系统权限就会在user_sys_privs上显示信息】】

TOM @ prod > select ename from scott.emp;

ENAME

------------------------------

SMITH

ALLEN

WARD

JONES

MARTIN

BLAKE

CLARK

SCOTT

KING

TURNER

ADAMS

JAMES

FORD

MILLER

14 rows selected.

TOM @ prod > delete from scott.emp;

14 rows deleted.

TOM @ prod > rollback;

Rollback complete.

TOM @ prod > conn /as sysdba

Connected.

SYS @ prod > revoke all on scott.emp from public; ——【回收权限】

Revoke succeeded.

SYS @ prod > grant update on scott.emp to tom with grant option;

Grant succeeded.

SYS @ prod > create user rose identified by rose ;

User created.

SYS @ prod > grant create session to rose;

Grant succeeded.

SYS @ prod > conn tom/tom

Connected.

GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY

---------- --------------- --------------- --------------- --------------- --------------- ---------------

TOM SCOTT EMP1 SCOTT UPDATE YES NO

TOM @ prod > grant update on scott.emp to rose;

Grant succeeded.

TOM @ prod > conn rose/rose

Connected.

ROSE @ prod > select * from user_tab_privs;

GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY

---------- --------------- --------------- --------------- --------------- --------------- ---------------

ROSE SCOTT EMP1 TOM UPDATE NO NO

——【revoke with grant option ，在回收权限时，级联。】

ROSE @ prod > conn /as sysdba

Connected.

SYS @ prod > revoke update on scott.emp from rose;

revoke update on scott.emp from rose

ERROR at line 1:

ORA-01927: cannot REVOKE privileges you did not grant

----只能从直接授予者回收权限

SYS @ prod > revoke update on scott.emp from tom;

Revoke succeeded.

SYS @ prod > conn tom/tom

Connected.

TOM @ prod > select * from user_tab_privs;

GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRA HIE

-------------------- ---------- ---------- ---------- ---------------------------------------- --- ---

TOM SCOTT EMP SCOTT SELECT NO NO

——针对列授予对象权限

SYS @ prod >grant update(sal) on scott.emp to tom;

Grant succeeded.

SYS @ prod > conn tom/tom

Connected.

TOM @ prod > update scott.emp set comm=100 where empno=7788; ——对该列无权限修改

update scott.emp set comm=100 where empno=7788

ERROR at line 1:

ORA-01031: insufficient privileges

TOM @ prod > update scott.emp set sal=10000 where empno=7788;

1 row updated.

TOM @ prod > rollback;

Rollback complete.

TOM @ prod > select GRANTEE,OWNER,TABLE_NAME,COLUMN_NAME,PRIVILEGE from user_col_privs;

GRANTEE OWNER TABLE_NAME COLUMN_NAME PRIVILEGE

---------- --------------- --------------- --------------- ---------------

TOM SCOTT EMP SAL UPDATE

与权限相关的视图

SESSION_PRIVS 【用户当前会话拥有的系统权限】

USER_ROLE_PRIVS 【用户被授予的角色】

ROLE_SYS_PRIVS 【用户当前拥有的角色的系统权限】

USER_SYS_PRIVS 【直接授予用户的系统权限】

USER_TAB_PRIVS 【授予用户的对象权限包含了当前用户给其他用户的对象权限和其他用户给当前用户的对象权限】

ROLE_TAB_PRIVS 【授予角色的表的权限】

USER_TAB_PRIVS_RECD 【其他用户给当前用户的对象权限】

USER_TAB_PRIVS_MADE 【当前用户给其他用户的对象权限】

USER_COL_PRIVS_MADE 【在用户对象列一级上被分配的对象权限】

USER_COL_PRIVS_RECD 【在指定列上分配给用户的对象权限】

【显示用户授出的列权限【user_col_privs_made】

SYS @ prod >select GRANTEE,PRIVILEGE,TABLE_NAME||'.'||COLUMN_NAME tab_column from user_col_privs;

GRANTEE PRIVILEGE TAB_COLUMN

---------- --------------- --------------------

TOM UPDATE EMP.SAL

【显示用户所具有的列权限】

SYS @ prod > select PRIVILEGE,TABLE_NAME||'.'||COLUMN_NAME tab_column,GRANTOR from user_col_privs;

PRIVILEGE TAB_COLUMN GRANTOR

--------------- -------------------- ---------------

UPDATE EMP.SAL SCOTT

【显示用户所授出的对象权限】

SYS @ prod > select grantee ,privilege ,table_name from user_tab_privs_made;

GRANTEE PRIVILEGE TABLE_NAME

------------------------------ ---------------------------------------- ----------

HR DELETE DEPT

HR SELECT DEPT

HR UPDATE DEPT

OE SELECT EMP

【显示用户所具有的对象权限（收到）】

SYS @ prod >select privilege,table_name,grantor from all_tab_privs_recd where grantee='HR';

PRIVILEGE TABLE_NAME GRANTOR

---------------------------------------- ---------- ------------------------------

EXECUTE DBMS_STATS SYS

DELETE DEPT SCOTT

SELECT DEPT SCOTT

UPDATE DEPT SCOTT

Oracle11g温习-第十七章：权限管理的更多相关文章

Oracle11g温习-第十一章：管理undo
2013年4月27日星期六 10:40 1.undo tablespace 功能 undo tablespace 功能:用来存放从datafiles 读出的数据块旧的镜像 [ ...
第一章权限管理DEMO简介
源代码GitHub:https://github.com/ZhaoRd/Zrd_0001_AuthorityManagement 1.系列介绍工作已有五年之久,一直有想通过博客写点自己知道的,在博客 ...
Oracle11g温习-第三章：instance实例管理
2013年4月27日星期六 10:30 1.instance 功能: 用于管理和访问database. 2.init parameter files :管理实例相关启动参数.位置:$ORACLE ...
Oracle11g温习-第四章：手工建库
1.create database plan 1.库类型: OLTP : 在线事务处理系统 OLAP : 在线应用处理系统 DSS : 数据决策系统 2.数据库名字及字符集 3. ...
第十七章程序管理与SELinux初探--进程、进程管理(ps、top)
一个程序被加载到内存当中运行,在内存内的那个数据就被称为进程(process).进程是操作系统上非常重要的概念,所有系统上面跑的数据都会以进程的类型存在.系统进程有哪些状态?不同状态会如何影响系统的运 ...
第7章权限管理（3）_文件系统属性和sudo权限
3. 文件系统属性chattr权限 (1)chattr命令命令格式: #chattr [+-=][选项] 文件或目录名 +.-.= 分别表示增加权限.删除权限和赋于某种权限选项 i:主要用来防止对 ...
第7章权限管理（2）_文件特殊权限(SUID、SGID、SBIT)
2. 文件特殊权限(主要用来临时提升命令执行者或其组身份) 2.1 SetUID (1)SetUID的功能 ①只有可以执行的二进制程序才能设定SUID权限.用来临时提升执行程序(或某条命令)的用户身份 ...
第7章权限管理（1）_ACL权限
1. ACL权限 1.1 ACL权限简介与开启 (1)ACL权限简介 ①ACL是Access Control List的缩写,主要目的是在提供传统的owner,group,others的read,wr ...
Oracle11g温习-第七章：redo日志
2013年4月27日星期六 10:33 1.redo (重做) log 的功能: 用于数据恢复 2.redo log 特征: [特征]: 1) 记录数据块的变化(DML.D ...

随机推荐

解决win7的outlook打不开的问题
outlook打不开,一直显示正在处理解决方法: 1. 按住Ctrl,双击打开组件,会提示是否进入安全模式, 进入安全模式 2. 单击Outlook中的文件-选项-加载项- 左下角的“COM加载项“ ...
良好的GUI设计指南
一.设计指南摘自:<需求分析与系统设计(第3版)> 7.1.2. 1. 用户控制用户事件(菜单动作.鼠标点击.屏幕光标移动等)打开GUI窗口或调用程序:程序执行需要反馈到用户. 2. ...
transient关键字详解
作用 1,一旦变量被transient修饰,变量将不再是对象持久化的一部分,该变量内容在序列化后无法获得访问. 2,transient关键字只能修饰变量,而不能修饰方法和类.注意,本地变量是不能被tr ...
Qt中中文字符一劳永逸的解决方法
QT中中文字符问题,有没有一劳永逸的解决方法? 目前遇到有以下问题 1.字符串中有中文时,编译提示"常量中含有换行符" 2.在控制台窗口输出中文时无法正常显示,中文全部显示为? 目 ...
XMind 8 Update 7 Pro 激活码
XMind Update Pro 邮箱:x@iroader 序列号: XAka34A2rVRYJ4XBIU35UZMUEEF64CMMIYZCK2FZZUQNODEKUHGJLFMSLIQMQUCUB ...
L2-021 点赞狂魔
会set的基础用法就可以A了,虽然是L2题,但是不难,代码如下,很好理解,set在这里不解释了自己去网上查一下就明白了: #include<stdio.h> #include<str ...
[osg][osgEarth][原]基于OE自定义自由飞行漫游器（初级版）
由于受够了OE的漫游器,想搞个可以在全球飞行的漫游器,所以就做了一个: 请无视我的起名规则······ 类头文件:EarthWalkManipulator.h #pragma once //南水之源 ...
telnet作用和命令使用方法详解
什么是Telnet? 对于Telnet的认识,不同的人持有不同的观点,可以把Telnet当成一种通信协议,但是对于入侵者而言,Telnet只是一种远程登录的工具.一旦入侵者与远程主机建立了Telnet ...
shell和shell脚本基本知识
详情可见: https://www.cnblogs.com/yinheyi/p/6648242.html 这张图,可以帮助我们理解这个词语! 最底下是计算机硬件,然后硬件被系统核心包住,在系统核心外层 ...
centos 7 安装TensorFlow
查看linux版本 uname -a 查看磁盘大小准备好python 2.7 查看python版本 import sysprint sys.version print sys.version_in ...

Oracle11g温习-第十七章：权限管理

Oracle11g温习-第十七章：权限管理的更多相关文章

随机推荐

热门专题