授予角色特权

时间:2018-12-15 17:58:23

标签: oracle oracle11g grant

问题是:

创建一个“ UnivUser”角色,并赋予该角色选择,更新,插入,删除和执行pl / sql程序包和序列的特权。除了这些操作之外,该用户将无法执行任何其他操作,为了帮助您,您可以在SqlDevelopp特权对话框中搜索该用户。

使用以下命令为我执行,选择和删除工作:

GRANT select_catalog_role to UnivUser
GRANT execute_catalog_role to UnivUser
GRANT delete_catalog_role to UnivUser

但是对于insertupdate来说,它对我不起作用,我不知道该怎么做,或者我听不懂这个问题。

1 个答案:

答案 0 :(得分:0)

我不知道您是否误解了这个问题,但是我不确定您是否写了整个问题。

您授予的特权与对SYS拥有的对象的访问有关,我真的无法确定是否应该这样做。

从我的角度来看,您应该坚持对象特权,即,将您在自己的对象上指定的权限授予该角色。例如(在我的11g XE数据库中创建):

授予斯科特创建角色的特权:

SQL> connect sys/pwd@xe as sysdba
Connected.
SQL> grant create role to scott;

Grant succeeded.

创建角色并为其授予某些特权:

SQL> connect scott/tiger
Connected.
SQL> create role univuser identified by univuser;

Role created.

SQL> grant select, update, insert, delete on emp to univuser;

Grant succeeded.

SQL> create or replace procedure p_test is begin null; end;
  2  /

Procedure created.

SQL> grant execute on p_test to univuser;

Grant succeeded.

SQL> create sequence seq_test;

Sequence created.

SQL> grant select on seq_test to univuser;

Grant succeeded.

UNIVUSER的特权列表:

SQL> select table_name, privilege from role_tab_privs where role = 'UNIVUSER';

TABLE_NAME                     PRIVILEGE
------------------------------ ----------------------------------------
EMP                            DELETE
EMP                            INSERT
EMP                            UPDATE
EMP                            SELECT
P_TEST                         EXECUTE
SEQ_TEST                       SELECT

6 rows selected.

现在,将该角色授予我数据库中的另一个用户:

SQL> grant univuser to mike;

Grant succeeded.

让我们看看Mike是否可以(或不能)对Scott的对象做某事;不要忘记SET ROLE

SQL> connect mike/lion
Connected.
SQL> set role univuser identified by univuser;

Role set.

SQL> select count(*) from scott.emp;

  COUNT(*)
----------
        12

SQL> select scott.seq_test.nextval from dual;

   NEXTVAL
----------
         2

SQL> exec scott.p_test;

PL/SQL procedure successfully completed.

SQL>

似乎还可以。

[编辑:编写可编写SQL的SQL] 

SQL> select 'grant select, insert, update, delete on ' || table_name || ' to univuser;'
  2  from user_tables;

'GRANTSELECT,INSERT,UPDATE,DELETEON'||TABLE_NAME||'TOunivuser;'
-------------------------------------------------------------------------------
grant select, insert, update, delete on EMP to univuser;
grant select, insert, update, delete on BONUS to univuser;
grant select, insert, update, delete on SALGRADE to univuser;
grant select, insert, update, delete on DEPT to univuser;

SQL>

SQL> select 'grant execute on ' || object_name || ' to univuser;'
  2  from user_objects
  3  where object_type in ('PROCEDURE', 'FUNCTION', 'SEQUENCE');

'GRANTEXECUTEON'||OBJECT_NAME||'TOUNIVUSER;'
--------------------------------------------------------------------------------
grant execute on EMPTY_TABLE to univuser;
grant execute on SIEROT to univuser;
grant execute on P_RC to univuser;
grant execute on F_RC to univuser;
grant execute on MYFUNCTION to univuser;
grant execute on F_RET to univuser;
grant execute on F_REGNUM to univuser;
grant execute on F_COUNT_OF_SUNDAYS to univuser;
grant execute on P_TEST to univuser;
grant execute on F_TEST to univuser;
grant execute on MTJ_ID_SEQ to univuser;
相关问题
最新问题