ORACLE授權用戶查詢另一個用戶下的表與視圖

 

M_ling

 

實際應用中，會遇到在某個用戶下需要查詢另一個用戶下的表數據或視圖的情況，然而在沒有授權時，會提示無權限操作的錯誤。那就需要通過授權處理后，再能進行查詢操作，下面我們來看看是怎么處理的。

 

一、系統權限說明：

1、用戶權限

CREATE SESSIOIN 連接到數據庫

CREATE TABLE    在用戶的方案中創建表

CREATE SEQUENCE 在用戶的方案中創建序列

CREATE VIEW     在用戶的方案中創視圖

CREATE PROCEDURE在用戶的方案中創建存儲過程，函數或包

 

1.1、例子：授予系統權限

DBA能夠授予用戶指定的系統權限

GRANT create session,create table,

       create sequence,create view

 TO scott;

 

二、創建用戶只用於查詢其它用戶庫的表和視圖

1、創建用戶

create user 用戶名 identified by 密碼; grant connect，select any table to 用戶名; 這樣創建的用戶就可以連接數據庫和只有對任何表有查詢權限了 grant connect to 用戶名 //只有連接權限

 

2、授權查詢表與視圖權限

2.1、a用戶下授權查詢所有表給b用戶（a用戶登錄執行下面語句）

select 'grant select on a.' || tname || ' to b;' from tab; 'GRANTSELECTONA.'||TNAME||'TOB;' ------------------------------------------------------ grant select on a.VOTE_NUM to b; grant select on a.TMP_MSG to b; grant select on a.VOTE_IP to b; grant select on a.QUESTION to b; grant select on a.QUESTION_COUNT to b; grant select on a.RECORD_DICT to b; grant select on a.BM_COLUMN to b; grant select on a.BM_COLUMN_CLASSIFY_REL to b; grant select on a.BM_INFO_CLASSIFY to b; grant select on a.BM_MODULE to b; grant select on a.BM_MODULE_AUTH to b; 或 select 'grant select on '||table_name||' to b;' from user_tables; 'GRANTSELECTON'||TABLE_NAME||'TOB;' ---------------------------------------------------- grant select on VOTE_NUM to b; grant select on TMP_MSG to b; grant select on VOTE_IP to b; grant select on QUESTION to b; grant select on QUESTION_COUNT to b; grant select on RECORD_DICT to b; grant select on BM_COLUMN to b; grant select on BM_COLUMN_CLASSIFY_REL to b; 說明：在a用戶下執行該語句，執行后會生成對所有表的賦權限語句，拷貝出來執行就可以了。

 

 

2.2、a用戶下授權查詢單個表給b用戶

grant select on a.tablename to b;

 

 

2.3、a用戶下授權查詢所有序列給b用戶

select 'grant select on ' || sequence_name || ' to b;' from dba_sequences where sequence_owner='A';

 

 

2.4、--Oracle查詢用戶視圖

select * from user_views;

 

2.5、a用戶下授權查詢視圖給test11用戶

select 'grant select on a.' || view_name || ' to test11;' from user_views; 視圖查詢如下： 'GRANTSELECTON'||VIEW_NAME||'TOTEST11;' --------------------------------------------------------- grant select on CONFIRM_RESERVATION_VIEW to test11; grant select on DEPARTMENT_RESERVATION_VIEW to test11; grant select on DEPART_CANCEL_RESERVATION_VIEW to test11; grant select on DOCTOR_CANCEL_RESERVATION_VIEW to test11; grant select on DOCTOR_RESERVATION_VIEW to test11; grant select on GRPSS to test11; grant select on HOSPITAL_ALL_SCHEDULE_VIEW to test11; grant select on HOSPITAL_DEPARTMENT_VIEW to test11; grant select on HOSPITAL_DEP_SCHEDULE_VIEW to test11; grant select on HOSPITAL_DOCTOR_VIEW to test11; grant select on HOSPITAL_DOC_SCHEDULE_VIEW to test11; 'GRANTSELECTON'||VIEW_NAME||'TOTEST11;' --------------------------------------------------------- grant select on PATIENT_COUNT_RESERVATION_VIEW to test11; grant select on PATIENT_RESERVATION_VIEW to test11; grant select on PATIENT_RESERVATION_VIEW2 to test11; grant select on PATIENT_RES_VIEW to test11; grant select on PRVIEW to test11; grant select on RES_VIEW to test11; grant select on SS to test11;

 

備注：授權更新、刪除的 語法和授權查詢類似，只是關鍵字不同而已。

 

三、撤消權限

1、授權a用戶下取消給b用戶刪除單個表的權限

revoke delete on a.tablename from b;

2、授權a用戶下取消給b用戶更新單個表的權限

revoke update on a.tablename from b;

3、擁有dba權限的用戶下取消給b用戶創建dblink的權限

revoke create database link from b;

4、擁有dba權限的用戶下取消給tes11用戶查詢任何表的權限

revoke select any table from test11;

 

四、事例：

1、在rh_test用戶下授權查詢所有表給wd用戶

select 'grant select on rhip_test.' || tname || ' to wd;' from tab;

'GRANTSELECTONRH_TEST.'||TNAME||'TOWD;'
----------------------------------------------------------------
grant select on rh_test.BIZ_CODE_REL to wd;
grant select on rh_test.BIZ_RMIM_DIC to wd;
grant select on rh_test.BIZ_RMIM_VERSION to wd;
grant select on rh_test.BIZ_RMIM_VERSION_DETAIL to wd;
grant select on rh_test.BIZ_RMIM_VERSION_SUBDETAIL to wd;
grant select on rh_test.BIZ_SYSTEM_LOGIN to wd;
grant select on rh_test.BIZ_TREE_PATH to wd;
grant select on rh_test.CLINIC_TRANSFER to wd;
grant select on rh_test.CODE_SYSTEM_DIC to wd;

'GRANTSELECTONRH_TEST.'||TNAME||'TOWD;'
----------------------------------------------------------------
grant select on rh_test.ETL_PATIENT_INDEX to wd;
grant select on rh_test.HOSPITAL_DIC to wd;
grant select on rh_test.HOSPITAL_SUBSYSTEM to wd;
grant select on rh_test.MAIL_RECORD to wd;
grant select on rh_test.MEDICAL_RECORD to wd;
grant select on rh_test.PATIENT_INDEX to wd;
grant select on rh_test.RHIP_SYSCONFIG to wd;
grant select on rh_test.SYSTEMLOGIN to wd;

將上面查出的語句執行一下即可。

 

2、a用戶下授權查詢單個表給test11用戶

select 'GRANT SELECT ON' || table_name || 'to test11;'  from user_tables
得到的結果如下:
GRANT SELECT ON WEBSERVICE_USER to test11
GRANT SELECT ON USERLESS_PATIENT to test11;
再把上面得到的結果逐一執行一遍:
GRANT SELECT ON WEBSERVICE_USER to test11
GRANT SELECT ON USERLESS_PATIENT to test11;

新建的表要想被userA訪問，也得執行grant語句:
grant select on 新建的表 to userA;

 

3、授權a用戶下授權更新單個表給b用戶

grant update on a.tablename to b;

4、授權a用戶下授權刪除單個表給b用戶

grant delete on a.tablename to b;

5、擁有dba權限的用戶下授權創建dblink給b用戶

grant create database link to b;