我想创建一个外部表,从服务器收集一些数据并以更方便的方式将其作为表返回。此外,我想用一个视图覆盖这个表,并将 SELECT 权限授予另一个用户。我在某个特权用户下创建了一个预设
PS C:\> sqlplus privileged/user@example
SQL*Plus: Release 19.0.0.0.0 - Production on Thu Feb 11 15:33:17 2021
Version 19.9.0.0.0
Copyright (c) 1982, 2020, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Release 11.2.0.4.0 - 64bit Production
SQL> create user u1 identified by u1;
User created.
SQL> create user u2 identified by u2;
User created.
SQL> grant connect to u1;
Grant succeeded.
SQL> grant connect to u2;
Grant succeeded.
SQL>
SQL> CREATE TABLE u1.status_all (
2 text VARCHAR2(1000)
3 )
4 ORGANIZATION EXTERNAL (
5 TYPE ORACLE_LOADER
6 DEFAULT DIRECTORY GG_SCRIPTS_DIR
7 ACCESS PARAMETERS (
8 records delimited by newline
9 preprocessor 'status_all.sh'
10 nobadfile
11 nodiscardfile
12 nologfile
13 disable_directory_link_check
14 fields terminated by eof
15 missing field values are null
16 )
17 LOCATION (
18 GG_SCRIPTS_DIR:'status_all.sh'
19 )
20 )
21 REJECT LIMIT UNLIMITED;
Table created.
SQL>
SQL> grant read,execute on directory GG_SCRIPTS_DIR to u1 with grant option;
Grant succeeded.
SQL>
好的,结果呢?
PS C:\> sqlplus u1/u1@example
SQL*Plus: Release 19.0.0.0.0 - Production on Thu Feb 11 15:33:52 2021
Version 19.9.0.0.0
Copyright (c) 1982, 2020, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Release 11.2.0.4.0 - 64bit Production
SQL> select * from status_all where rownum <= 5;
TEXT
--------------------------------------------------------------------------------
Oracle GoldenGate Command Interpreter for Oracle
Version 19.1.0.0.4 OGGCORE_19.1.0.0.0_PLATFORMS_191017.1054_FBO
Linux, x64, 64bit (optimized), Oracle 11g on Oct 17 2019 23:13:12
Operating system character set identified as UTF-8.
SQL>
酷,它有效!让我们在特权用户下创建一个视图:
SQL> create or replace view u1.vstatus_all as
2 select regexp_substr(t.text, '[[:alnum:]]{1,}' , 1, 3, 'i') proc_name,
3 regexp_substr(t.text, '^[[:alnum:]]{1,}', 1, 1, 'i') proc_type,
4 regexp_substr(t.text, '[[:alnum:]]{1,}' , 1, 2, 'i') proc_status,
5 regexp_substr(t.text, '[[:alnum:]:]{1,}', 1, 4, 'i') lag_at_chkpt,
6 regexp_substr(t.text, '[[:alnum:]:]{1,}', 1, 5, 'i') time_since_chkpt
7 from u1.status_all t
8 where regexp_like(t.text, '(MANAGER|EXTRACT|REPLICAT)');
View created.
从 u1 的角度来看它是什么样子的?
SQL> select * from u1.vstatus_all;
PROC_NAME
--------------------------------------------------------------------------------
PROC_TYPE
--------------------------------------------------------------------------------
PROC_STATUS
--------------------------------------------------------------------------------
LAG_AT_CHKPT
--------------------------------------------------------------------------------
TIME_SINCE_CHKPT
--------------------------------------------------------------------------------
MANAGER
RUNNING
PROC_NAME
--------------------------------------------------------------------------------
PROC_TYPE
--------------------------------------------------------------------------------
PROC_STATUS
--------------------------------------------------------------------------------
LAG_AT_CHKPT
--------------------------------------------------------------------------------
TIME_SINCE_CHKPT
--------------------------------------------------------------------------------
PROC_NAME
--------------------------------------------------------------------------------
PROC_TYPE
--------------------------------------------------------------------------------
PROC_STATUS
--------------------------------------------------------------------------------
LAG_AT_CHKPT
--------------------------------------------------------------------------------
TIME_SINCE_CHKPT
--------------------------------------------------------------------------------
EADS1
EXTRACT
RUNNING
PROC_NAME
--------------------------------------------------------------------------------
PROC_TYPE
--------------------------------------------------------------------------------
PROC_STATUS
--------------------------------------------------------------------------------
LAG_AT_CHKPT
--------------------------------------------------------------------------------
TIME_SINCE_CHKPT
--------------------------------------------------------------------------------
00:00:00
00:00:00
PROC_NAME
--------------------------------------------------------------------------------
PROC_TYPE
--------------------------------------------------------------------------------
PROC_STATUS
--------------------------------------------------------------------------------
LAG_AT_CHKPT
--------------------------------------------------------------------------------
TIME_SINCE_CHKPT
--------------------------------------------------------------------------------
PADS1BB1
EXTRACT
RUNNING
PROC_NAME
--------------------------------------------------------------------------------
PROC_TYPE
--------------------------------------------------------------------------------
PROC_STATUS
--------------------------------------------------------------------------------
LAG_AT_CHKPT
--------------------------------------------------------------------------------
TIME_SINCE_CHKPT
--------------------------------------------------------------------------------
00:00:00
00:00:08
PROC_NAME
--------------------------------------------------------------------------------
PROC_TYPE
--------------------------------------------------------------------------------
PROC_STATUS
--------------------------------------------------------------------------------
LAG_AT_CHKPT
--------------------------------------------------------------------------------
TIME_SINCE_CHKPT
--------------------------------------------------------------------------------
RABD1DS1
REPLICAT
RUNNING
PROC_NAME
--------------------------------------------------------------------------------
PROC_TYPE
--------------------------------------------------------------------------------
PROC_STATUS
--------------------------------------------------------------------------------
LAG_AT_CHKPT
--------------------------------------------------------------------------------
TIME_SINCE_CHKPT
--------------------------------------------------------------------------------
00:00:00
00:00:04
PROC_NAME
--------------------------------------------------------------------------------
PROC_TYPE
--------------------------------------------------------------------------------
PROC_STATUS
--------------------------------------------------------------------------------
LAG_AT_CHKPT
--------------------------------------------------------------------------------
TIME_SINCE_CHKPT
--------------------------------------------------------------------------------
RZ011DS1
REPLICAT
RUNNING
PROC_NAME
--------------------------------------------------------------------------------
PROC_TYPE
--------------------------------------------------------------------------------
PROC_STATUS
--------------------------------------------------------------------------------
LAG_AT_CHKPT
--------------------------------------------------------------------------------
TIME_SINCE_CHKPT
--------------------------------------------------------------------------------
00:00:00
00:00:00
是的,它有效!是时候将所有权限授予 u2(在特权用户下):
SQL> grant select on u1.vstatus_all to u2;
Grant succeeded.
让我们检查一下:
PS C:\> sqlplus u2/u2@example
SQL*Plus: Release 19.0.0.0.0 - Production on Thu Feb 11 15:41:13 2021
Version 19.9.0.0.0
Copyright (c) 1982, 2020, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Release 11.2.0.4.0 - 64bit Production
SQL> select * from u1.vstatus_all;
select * from u1.vstatus_all
*
ERROR at line 1:
ORA-29913: error in executing ODCIEXTTABLEOPEN callout
ORA-29400: data cartridge error
ORA-04043: object "U1"."STATUS_ALL" does not exist
SQL>
它为什么需要 STATUS_ALL 访问权限?我创建了一个视图来对 u2 隐藏此表。只有在对目录和基础表给予授权后,我才设法让它工作:
SQL> grant select on u1.status_all to u2;
Grant succeeded.
SQL> grant read,execute on directory GG_SCRIPTS_DIR to u2;
Grant succeeded.
SQL>
有了这样的授权,u2 可以轻松创建所需的表,而无需任何视图授权。 u1 或 u2 是否缺少其他资助?
答案 0 :(得分:1)
经过一些谷歌搜索后,我发现 this article 说明了完全相同的情况。它还导致 Metalink 上的 Doc ID 1530608.1 解释了这种行为:
<块引用>问题出现是因为外部表的访问驱动程序需要在内部对用户没有权限的外部表进行 DESCRIBE。