給用戶分配權限方式:
grant role_name to user_name --給用戶分配角色 grant select,update on table_name to user_name --將表的select,update權限賦予給用戶 grant select any table to user_name/role_name --將系統權限分配給用戶/角色
刪除權限方式
REVOKE CONNECT, RESOURCE FROM user_name; --回收角色權限 REVOKE SELECT ON table_name FROM user_name; --回收表/函數/過程操作權限 REVOKE SELECT ANY TABLE FROM user_name; --回收系統權限
系統權限
1.select 查詢
2.alter 修改
3.create 創建
4.drop 刪除表/過程等
5.execute 執行過程等
6.update 更新表數據
7.insert 插入記錄
8.delete 刪除記錄
9.grant 允許授權
10.under 用戶擁有這個權限之后,對其它用戶下的對象如果存在的話會顯示 權限不足,而不會顯示 表或視圖不存在了
11.else 其他
檢查權限
常見問題
1.只賦予create session,select any table 為什么卻可以update其他表?
查看dba_tab_privs 我們發現原來這個表的update權限賦予了public
| SELECT ANY CUBE |
|
| SELECT ANY CUBE DIMENSION |
|
| SELECT ANY DICTIONARY |
|
| SELECT ANY MINING MODEL |
|
| SELECT ANY SEQUENCE |
使用任意序列的權限 |
| SELECT ANY TABLE |
使用任意表的權限 |
| SELECT ANY TRANSACTION |
|
| ALTER ANY ASSEMBLY |
|
| ALTER ANY CLUSTER |
修改任意簇的權限 |
| ALTER ANY CUBE |
|
| ALTER ANY CUBE DIMENSION |
|
| ALTER ANY DIMENSION |
|
| ALTER ANY EDITION |
|
| ALTER ANY EVALUATION CONTEXT |
|
| ALTER ANY INDEX |
修改任意索引的權限 |
| ALTER ANY INDEXTYPE |
|
| ALTER ANY LIBRARY |
|
| ALTER ANY MATERIALIZED VIEW |
|
| ALTER ANY MINING MODEL |
|
| ALTER ANY OPERATOR |
|
| ALTER ANY OUTLINE |
|
| ALTER ANY PROCEDURE |
|
| ALTER ANY ROLE |
修改任意角色的權限 |
| ALTER ANY RULE |
|
| ALTER ANY RULE SET |
|
| ALTER ANY SEQUENCE |
修改任意序列的權限 |
| ALTER ANY SQL PROFILE |
|
| ALTER ANY TABLE |
修改任意表的權限 |
| ALTER ANY TRIGGER |
修改任意觸發器的權限 |
| ALTER ANY TYPE |
|
| ALTER DATABASE |
修改數據庫的權限 |
| ALTER DATABASE LINK |
|
| ALTER PROFILE |
修改資源限制簡表的權限 |
| ALTER PUBLIC DATABASE LINK |
|
| ALTER RESOURCE COST |
設置佳話資源開銷的權限 |
| ALTER ROLLBACK SEGMENT |
修改回滾段的權限 |
| ALTER SESSION |
修改數據庫會話的權限 |
| ALTER SYSTEM |
|
| ALTER TABLESPACE |
修改表空間的權限 |
| ALTER USER |
修改用戶的權限 |
| CREATE ANY ASSEMBLY |
|
| CREATE ANY CLUSTER |
為任意用戶創建簇的權限 |
| CREATE ANY CONTEXT |
|
| CREATE ANY CUBE |
|
| CREATE ANY CUBE BUILD PROCESS |
|
| CREATE ANY CUBE DIMENSION |
|
| CREATE ANY DIMENSION |
|
| CREATE ANY DIRECTORY |
|
| CREATE ANY EDITION |
|
| CREATE ANY EVALUATION CONTEXT |
|
| CREATE ANY INDEX |
為任意用戶創建索引的權限 |
| CREATE ANY INDEXTYPE |
|
| CREATE ANY JOB |
|
| CREATE ANY LIBRARY |
|
| CREATE ANY MATERIALIZED VIEW |
|
| CREATE ANY MEASURE FOLDER |
|
| CREATE ANY MINING MODEL |
|
| CREATE ANY OPERATOR |
|
| CREATE ANY OUTLINE |
|
| CREATE ANY PROCEDURE |
為任意用戶創建存儲過程的權限 |
| CREATE ANY RULE |
|
| CREATE ANY RULE SET |
|
| CREATE ANY SEQUENCE |
為任意用戶創建序列的權限 |
| CREATE ANY SQL PROFILE |
|
| CREATE ANY SYNONYM |
為任意用戶創建同義名的權限 |
| CREATE ANY TABLE |
為任意用戶創建表的權限 |
| CREATE ANY TRIGGER |
為任意用戶創建觸發器的權限 |
| CREATE ANY TYPE |
|
| CREATE ANY VIEW |
為任意用戶創建視圖的權限 |
| CREATE ASSEMBLY |
|
| CREATE CLUSTER |
為用戶創建簇的權限 |
| CREATE CUBE |
|
| CREATE CUBE BUILD PROCESS |
|
| CREATE CUBE DIMENSION |
|
| CREATE DATABASE LINK |
為用戶創建的權限 |
| CREATE DIMENSION |
|
| CREATE EVALUATION CONTEXT |
|
| CREATE EXTERNAL JOB |
|
| CREATE INDEXTYPE |
|
| CREATE JOB |
|
| CREATE LIBRARY |
|
| CREATE MATERIALIZED VIEW |
|
| CREATE MEASURE FOLDER |
|
| CREATE MINING MODEL |
|
| CREATE OPERATOR |
|
| CREATE PROCEDURE |
為用戶創建存儲過程的權限 |
| CREATE PROFILE |
創建資源限制簡表的權限 |
| CREATE PUBLIC DATABASE LINK |
創建公共數據庫鏈路的權限 |
| CREATE PUBLIC SYNONYM |
創建公共同義名的權限 |
| CREATE ROLE |
創建角色的權限 |
| CREATE ROLLBACK SEGMENT |
創建回滾段的權限 |
| CREATE RULE |
|
| CREATE RULE SET |
|
| CREATE SEQUENCE |
為用戶創建序列的權限 |
| CREATE SESSION |
創建會話的權限,必須有此權限才可以登陸 |
| CREATE SYNONYM |
為用戶創建同義名的權限 |
| CREATE TABLE |
為用戶創建表的權限 |
| CREATE TABLESPACE |
創建表空間的權限 |
| CREATE TRIGGER |
|
| CREATE TYPE |
|
| CREATE USER |
創建用戶的權限 |
| CREATE VIEW |
為用戶創建視圖的權限 |
| DROP ANY ASSEMBLY |
|
| DROP ANY CLUSTER |
刪除任意簇的權限 |
| DROP ANY CONTEXT |
|
| DROP ANY CUBE |
|
| DROP ANY CUBE BUILD PROCESS |
|
| DROP ANY CUBE DIMENSION |
|
| DROP ANY DIMENSION |
|
| DROP ANY DIRECTORY |
|
| DROP ANY EDITION |
|
| DROP ANY EVALUATION CONTEXT |
|
| DROP ANY INDEX |
刪除任意索引的權限 |
| DROP ANY INDEXTYPE |
|
| DROP ANY LIBRARY |
|
| DROP ANY MATERIALIZED VIEW |
|
| DROP ANY MEASURE FOLDER |
|
| DROP ANY MINING MODEL |
|
| DROP ANY OPERATOR |
|
| DROP ANY OUTLINE |
|
| DROP ANY PROCEDURE |
刪除任意存儲過程的權限 |
| DROP ANY ROLE |
刪除任意角色的權限 |
| DROP ANY RULE |
|
| DROP ANY RULE SET |
|
| DROP ANY SEQUENCE |
刪除任意序列的權限 |
| DROP ANY SQL PROFILE |
|
| DROP ANY SYNONYM |
刪除任意同義名的權限 |
| DROP ANY TABLE |
刪除任意表的權限 |
| DROP ANY TRIGGER |
刪除任意觸發器的權限 |
| DROP ANY TYPE |
|
| DROP ANY VIEW |
刪除任意視圖的權限 |
| DROP PROFILE |
刪除資源限制簡表的權限 |
| DROP PUBLIC DATABASE LINK |
刪除公共數據鏈路的權限 |
| DROP PUBLIC SYNONYM |
刪除公共同義名的權限 |
| DROP ROLLBACK SEGMENT |
刪除回滾段的權限 |
| DROP TABLESPACE |
刪除表空間的權限 |
| DROP USER |
刪除用戶的權限 |
| EXECUTE ANY ASSEMBLY |
|
| EXECUTE ANY CLASS |
|
| EXECUTE ANY EVALUATION CONTEXT |
|
| EXECUTE ANY INDEXTYPE |
|
| EXECUTE ANY LIBRARY |
|
| EXECUTE ANY OPERATOR |
|
| EXECUTE ANY PROCEDURE |
執行任意存儲過程的權限 |
| EXECUTE ANY PROGRAM |
|
| EXECUTE ANY RULE |
|
| EXECUTE ANY RULE SET |
|
| EXECUTE ANY TYPE |
|
| EXECUTE ASSEMBLY |
|
| UPDATE ANY CUBE |
更新分組數據 |
| UPDATE ANY CUBE BUILD PROCESS |
|
| UPDATE ANY CUBE DIMENSION |
|
| UPDATE ANY TABLE |
修改任意表中行的權限 |
| INSERT ANY CUBE DIMENSION |
|
| INSERT ANY MEASURE FOLDER |
|
| INSERT ANY TABLE |
向任意表中插入行的權限 |
| DELETE ANY CUBE DIMENSION |
|
| DELETE ANY MEASURE FOLDER |
|
| DELETE ANY TABLE |
刪除任意表行的權限 |
| GRANT ANY OBJECT PRIVILEGE |
|
| GRANT ANY PRIVILEGE |
授予任意系統特權的權限 |
| GRANT ANY ROLE |
授予任意角色的權限 |
| UNDER ANY TABLE |
操作無權限但已存在的表時提示權限不足 |
| UNDER ANY TYPE |
|
| UNDER ANY VIEW |
操作無權限但已存在的視圖時提示權限不足 |