Oracle - 如何创建只读用户

时间:2011-09-21 15:27:54

标签: oracle readonly

可以在Oracle数据库中创建只读数据库用户吗? 怎么样?

5 个答案:

答案 0 :(得分:45)

Oracle数据库中的用户只拥有您授予的权限。因此,您只需不授予任何其他权限即可创建只读用户。

创建用户时

CREATE USER ro_user
 IDENTIFIED BY ro_user
 DEFAULT TABLESPACE users
 TEMPORARY TABLESPACE temp;

用户甚至没有登录数据库的权限。你可以批准

GRANT CREATE SESSION to ro_user

然后您可以继续授予您想要的任何读取权限。例如,如果您希望RO_USER能够查询SCHEMA_NAME.TABLE_NAME,您可以执行类似

的操作
GRANT SELECT ON schema_name.table_name TO ro_user

通常,您最好创建一个角色,然后授予该角色的对象权限,以便您可以将该角色授予不同的用户。像

这样的东西

创建角色

CREATE ROLE ro_role;

在特定架构中的每个表上授予角色SELECT访问权限

BEGIN
  FOR x IN (SELECT * FROM dba_tables WHERE owner='SCHEMA_NAME')
  LOOP
    EXECUTE IMMEDIATE 'GRANT SELECT ON schema_name.' || x.table_name || 
                                  ' TO ro_role';
  END LOOP;
END;

然后将角色授予用户

GRANT ro_role TO ro_user;

答案 1 :(得分:13)

create user ro_role identified by ro_role;
grant create session, select any table, select any dictionary to ro_role;

答案 2 :(得分:1)

执行以下过程,例如用户系统。

将p_owner设置为架构所有者,将p_readonly设置为只读用户的名称。

create or replace
procedure createReadOnlyUser(p_owner in varchar2, p_readonly in varchar2) 
AUTHID CURRENT_USER is
BEGIN
    execute immediate 'create user '||p_readonly||' identified by '||p_readonly;
    execute immediate 'grant create session to '||p_readonly;
    execute immediate 'grant select any dictionary to '||p_readonly;
    execute immediate 'grant create synonym to '||p_readonly;

   FOR R IN (SELECT owner, object_name from all_objects where object_type in('TABLE', 'VIEW') and owner=p_owner) LOOP
      execute immediate 'grant select on '||p_owner||'.'||R.object_name||' to '||p_readonly;
   END LOOP;
   FOR R IN (SELECT owner, object_name from all_objects where object_type in('FUNCTION', 'PROCEDURE') and owner=p_owner) LOOP
      execute immediate 'grant execute on '||p_owner||'.'||R.object_name||' to '||p_readonly;
   END LOOP;
   FOR R IN (SELECT owner, object_name FROM all_objects WHERE object_type in('TABLE', 'VIEW') and owner=p_owner) LOOP
      EXECUTE IMMEDIATE 'create synonym '||p_readonly||'.'||R.object_name||' for '||R.owner||'."'||R.object_name||'"';
   END LOOP;
   FOR R IN (SELECT owner, object_name from all_objects where object_type in('FUNCTION', 'PROCEDURE') and owner=p_owner) LOOP
      execute immediate 'create synonym '||p_readonly||'.'||R.object_name||' for '||R.owner||'."'||R.object_name||'"';
   END LOOP;
END;

答案 3 :(得分:0)

您可以创建用户和授予权限

创建read_only标识的用户read_only; grant create session,选择任何表read_only;

答案 4 :(得分:-1)

默认数据库不是严格可行的,因为每个用户通过公共自动获得许多公共执行。