权限分配
常用的授权方式
常见的预定义角色包括CONNECT(连接角色)、RESOURCE(资源角色)、DBA(管理员)三种。
# 创建新用户
CREATE USER username IDENTIFIED BY password DEFAULT TABLESPACE tablespace_name;
# 给普通用户授权
GRANT CONNECT,RESOURCE TO username;
# 给管理员用户授权
GRANT CONNECT,RESOURCE,DBA TO username;
# 收回角色权限
REVOKE DBA FROM username;
普通用户的授权方式只允许对自己方案下的对象进行增删改查及导出导入操作,管理员授权方式则可以操作所有用户对象。
创建只读用户
1、创建只读用户(reader)并设置密码
CREATE USER reader IDENTIFIED BY 123456;
2、赋予系统权限
# 创建连接会话权限
GRANT CREATE SESSION TO reader;
# 创建同义词权限(如不使用同义词则不需要授权)
GRANT CREATE SYNONYM TO reader;
3、赋予查询表权限
# 单表授权
GRANT SELECT ON a_czsj_441826.编办人员信息表 TO reader;
# 多表批量授权
SELECT 'GRANT SELECT ON '||owner||'.'||object_name||' TO reader;'
FROM DBA_OBJECTS
WHERE OWNER = 'A_CZSJ_441826' and OBJECT_TYPE = 'TABLE';
4、创建同义词
# 创建单表同义词
CREATE SYNONYM reader.编办人信息 FOR a_czsj_441826.编办人员信息表;
# 多表批量创建同义词
SELECT 'CREATE SYNONYM reader.'||OBJECT_NAME||' FOR '||OWNER||'.'||OBJECT_NAME||';'
FROM DBA_OBJECTS
WHERE OWNER = 'A_CZSJ_441826' AND OBJECT_TYPE = 'TABLE';
# 创建公共同义词(所有用户都可以访问)
CREATE PUBLIC SYNONYM 公共表说明 FOR a_czsj_441800_2021.表说明;
GRANT SELECT ON 公共表说明 TO PUBLIC;
在reader用户下查询表数据的两种方式:
# 普通查询方式
SELECT * FROM a_czsj_441826.编办人员信息表;
# 同义词查询方式
SELECT * FROM 编办人信息;
用户禁用删除
# 禁用
ALTER USER reader ACCOUNT LOCK;
# 启用
ALTER USER reader ACCOUNT UNLOCK;
# 删除用户
DROP USER reader;
# 删除同义词
DROP [PUBLIC] SYNONYM 公共表说明;
权限查询
权限表查询
查询用户:
SELECT * FROM dba_users;
SELECT * FROM all_users;
SELECT * FROM user_users;
系统权限:
SELECT * FROM dba_sys_privs;
SELECT * FROM user_sys_privs;
对象权限:
SELECT * FROM dba_tab_privs;
SELECT * FROM all_tab_privs;
SELECT * FROM user_tab_privs;
角色:
# 查询所有角色
SELECT * FROM dba_roles;
# 查询用户角色
SELECT * FROM dba_role_privs;
SELECT * FROM user_role_privs;
# 查询角色权限
SELECT * FROM role_sys_privs;
SELECT * FROM role_tab_privs;
查询用户权限
查询某个用户的角色:
SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE = 'A_CZSJ_441826';
查询某个用户的系统权限:
SELECT * FROM DBA_SYS_PRIVS
WHERE GRANTEE = 'A_CZSJ_441826'
UNION ALL
SELECT * FROM DBA_SYS_PRIVS
WHERE GRANTEE IN (SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE = 'A_CZSJ_441826');
查询某个用户的对象权限:
SELECT * FROM DBA_TAB_PRIVS
WHERE GRANTEE = 'A_CZSJ_441826'
UNION ALL
SELECT * FROM DBA_TAB_PRIVS
WHERE GRANTEE IN (SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE = 'A_CZSJ_441826');
本文内容不用于商业目的,如涉及知识产权问题,请权利人联系51Testing小编(021-64471599-8017),我们将立即处理