给用户分配权限方式:
grant role_name to user_name --给用户分配角色 grant select,update on table_name to user_name --将表的select,update权限赋予给用户 grant select any table to user_name/role_name --将系统权限分配给用户/角色
删除权限方式
REVOKE CONNECT, RESOURCE FROM user_name; --回收角色权限 REVOKE SELECT ON table_name FROM user_name; --回收表/函数/过程操作权限 REVOKE SELECT ANY TABLE FROM user_name; --回收系统权限
系统权限
1.select 查询
2.alter 修改
3.create 创建
4.drop 删除表/过程等
5.execute 执行过程等
6.update 更新表数据
7.insert 插入记录
8.delete 删除记录
9.grant 允许授权
10.under 用户拥有这个权限之后,对其它用户下的对象如果存在的话会显示 权限不足,而不会显示 表或视图不存在了
11.else 其他
检查权限
常见问题
1.只赋予create session,select any table 为什么却可以update其他表?
查看dba_tab_privs 我们发现原来这个表的update权限赋予了public
| SELECT ANY CUBE |
|
| SELECT ANY CUBE DIMENSION |
|
| SELECT ANY DICTIONARY |
|
| SELECT ANY MINING MODEL |
|
| SELECT ANY SEQUENCE |
使用任意序列的权限 |
| SELECT ANY TABLE |
使用任意表的权限 |
| SELECT ANY TRANSACTION |
|
| ALTER ANY ASSEMBLY |
|
| ALTER ANY CLUSTER |
修改任意簇的权限 |
| ALTER ANY CUBE |
|
| ALTER ANY CUBE DIMENSION |
|
| ALTER ANY DIMENSION |
|
| ALTER ANY EDITION |
|
| ALTER ANY EVALUATION CONTEXT |
|
| ALTER ANY INDEX |
修改任意索引的权限 |
| ALTER ANY INDEXTYPE |
|
| ALTER ANY LIBRARY |
|
| ALTER ANY MATERIALIZED VIEW |
|
| ALTER ANY MINING MODEL |
|
| ALTER ANY OPERATOR |
|
| ALTER ANY OUTLINE |
|
| ALTER ANY PROCEDURE |
|
| ALTER ANY ROLE |
修改任意角色的权限 |
| ALTER ANY RULE |
|
| ALTER ANY RULE SET |
|
| ALTER ANY SEQUENCE |
修改任意序列的权限 |
| ALTER ANY SQL PROFILE |
|
| ALTER ANY TABLE |
修改任意表的权限 |
| ALTER ANY TRIGGER |
修改任意触发器的权限 |
| ALTER ANY TYPE |
|
| ALTER DATABASE |
修改数据库的权限 |
| ALTER DATABASE LINK |
|
| ALTER PROFILE |
修改资源限制简表的权限 |
| ALTER PUBLIC DATABASE LINK |
|
| ALTER RESOURCE COST |
设置佳话资源开销的权限 |
| ALTER ROLLBACK SEGMENT |
修改回滚段的权限 |
| ALTER SESSION |
修改数据库会话的权限 |
| ALTER SYSTEM |
|
| ALTER TABLESPACE |
修改表空间的权限 |
| ALTER USER |
修改用户的权限 |
| CREATE ANY ASSEMBLY |
|
| CREATE ANY CLUSTER |
为任意用户创建簇的权限 |
| CREATE ANY CONTEXT |
|
| CREATE ANY CUBE |
|
| CREATE ANY CUBE BUILD PROCESS |
|
| CREATE ANY CUBE DIMENSION |
|
| CREATE ANY DIMENSION |
|
| CREATE ANY DIRECTORY |
|
| CREATE ANY EDITION |
|
| CREATE ANY EVALUATION CONTEXT |
|
| CREATE ANY INDEX |
为任意用户创建索引的权限 |
| CREATE ANY INDEXTYPE |
|
| CREATE ANY JOB |
|
| CREATE ANY LIBRARY |
|
| CREATE ANY MATERIALIZED VIEW |
|
| CREATE ANY MEASURE FOLDER |
|
| CREATE ANY MINING MODEL |
|
| CREATE ANY OPERATOR |
|
| CREATE ANY OUTLINE |
|
| CREATE ANY PROCEDURE |
为任意用户创建存储过程的权限 |
| CREATE ANY RULE |
|
| CREATE ANY RULE SET |
|
| CREATE ANY SEQUENCE |
为任意用户创建序列的权限 |
| CREATE ANY SQL PROFILE |
|
| CREATE ANY SYNONYM |
为任意用户创建同义名的权限 |
| CREATE ANY TABLE |
为任意用户创建表的权限 |
| CREATE ANY TRIGGER |
为任意用户创建触发器的权限 |
| CREATE ANY TYPE |
|
| CREATE ANY VIEW |
为任意用户创建视图的权限 |
| CREATE ASSEMBLY |
|
| CREATE CLUSTER |
为用户创建簇的权限 |
| CREATE CUBE |
|
| CREATE CUBE BUILD PROCESS |
|
| CREATE CUBE DIMENSION |
|
| CREATE DATABASE LINK |
为用户创建的权限 |
| CREATE DIMENSION |
|
| CREATE EVALUATION CONTEXT |
|
| CREATE EXTERNAL JOB |
|
| CREATE INDEXTYPE |
|
| CREATE JOB |
|
| CREATE LIBRARY |
|
| CREATE MATERIALIZED VIEW |
|
| CREATE MEASURE FOLDER |
|
| CREATE MINING MODEL |
|
| CREATE OPERATOR |
|
| CREATE PROCEDURE |
为用户创建存储过程的权限 |
| CREATE PROFILE |
创建资源限制简表的权限 |
| CREATE PUBLIC DATABASE LINK |
创建公共数据库链路的权限 |
| CREATE PUBLIC SYNONYM |
创建公共同义名的权限 |
| CREATE ROLE |
创建角色的权限 |
| CREATE ROLLBACK SEGMENT |
创建回滚段的权限 |
| CREATE RULE |
|
| CREATE RULE SET |
|
| CREATE SEQUENCE |
为用户创建序列的权限 |
| CREATE SESSION |
创建会话的权限,必须有此权限才可以登陆 |
| CREATE SYNONYM |
为用户创建同义名的权限 |
| CREATE TABLE |
为用户创建表的权限 |
| CREATE TABLESPACE |
创建表空间的权限 |
| CREATE TRIGGER |
|
| CREATE TYPE |
|
| CREATE USER |
创建用户的权限 |
| CREATE VIEW |
为用户创建视图的权限 |
| DROP ANY ASSEMBLY |
|
| DROP ANY CLUSTER |
删除任意簇的权限 |
| DROP ANY CONTEXT |
|
| DROP ANY CUBE |
|
| DROP ANY CUBE BUILD PROCESS |
|
| DROP ANY CUBE DIMENSION |
|
| DROP ANY DIMENSION |
|
| DROP ANY DIRECTORY |
|
| DROP ANY EDITION |
|
| DROP ANY EVALUATION CONTEXT |
|
| DROP ANY INDEX |
删除任意索引的权限 |
| DROP ANY INDEXTYPE |
|
| DROP ANY LIBRARY |
|
| DROP ANY MATERIALIZED VIEW |
|
| DROP ANY MEASURE FOLDER |
|
| DROP ANY MINING MODEL |
|
| DROP ANY OPERATOR |
|
| DROP ANY OUTLINE |
|
| DROP ANY PROCEDURE |
删除任意存储过程的权限 |
| DROP ANY ROLE |
删除任意角色的权限 |
| DROP ANY RULE |
|
| DROP ANY RULE SET |
|
| DROP ANY SEQUENCE |
删除任意序列的权限 |
| DROP ANY SQL PROFILE |
|
| DROP ANY SYNONYM |
删除任意同义名的权限 |
| DROP ANY TABLE |
删除任意表的权限 |
| DROP ANY TRIGGER |
删除任意触发器的权限 |
| DROP ANY TYPE |
|
| DROP ANY VIEW |
删除任意视图的权限 |
| DROP PROFILE |
删除资源限制简表的权限 |
| DROP PUBLIC DATABASE LINK |
删除公共数据链路的权限 |
| DROP PUBLIC SYNONYM |
删除公共同义名的权限 |
| DROP ROLLBACK SEGMENT |
删除回滚段的权限 |
| DROP TABLESPACE |
删除表空间的权限 |
| DROP USER |
删除用户的权限 |
| EXECUTE ANY ASSEMBLY |
|
| EXECUTE ANY CLASS |
|
| EXECUTE ANY EVALUATION CONTEXT |
|
| EXECUTE ANY INDEXTYPE |
|
| EXECUTE ANY LIBRARY |
|
| EXECUTE ANY OPERATOR |
|
| EXECUTE ANY PROCEDURE |
执行任意存储过程的权限 |
| EXECUTE ANY PROGRAM |
|
| EXECUTE ANY RULE |
|
| EXECUTE ANY RULE SET |
|
| EXECUTE ANY TYPE |
|
| EXECUTE ASSEMBLY |
|
| UPDATE ANY CUBE |
更新分组数据 |
| UPDATE ANY CUBE BUILD PROCESS |
|
| UPDATE ANY CUBE DIMENSION |
|
| UPDATE ANY TABLE |
修改任意表中行的权限 |
| INSERT ANY CUBE DIMENSION |
|
| INSERT ANY MEASURE FOLDER |
|
| INSERT ANY TABLE |
向任意表中插入行的权限 |
| DELETE ANY CUBE DIMENSION |
|
| DELETE ANY MEASURE FOLDER |
|
| DELETE ANY TABLE |
删除任意表行的权限 |
| GRANT ANY OBJECT PRIVILEGE |
|
| GRANT ANY PRIVILEGE |
授予任意系统特权的权限 |
| GRANT ANY ROLE |
授予任意角色的权限 |
| UNDER ANY TABLE |
操作无权限但已存在的表时提示权限不足 |
| UNDER ANY TYPE |
|
| UNDER ANY VIEW |
操作无权限但已存在的视图时提示权限不足 |