用戶:CRJDATA,ZZ
場景:用戶CRJDATA有用戶ZZ指定表的查詢權限。
1.給他一些權限,包括連接權限,因為他要創建同義詞,還需要給他同義詞
grant connect to CRJDATA;
grant create synonym to CRJDATA;
grant create session to CRJDATA;
grant create sequence to CRJDATA;
2.因為需要把ZZ的所有表的查詢權限給CRJDATA。所以需要所有表的grant select on table_name to CRJDATA語句,不可能一句一句去寫,因此用select 吧所有的grant語句查出來直接執行
select 'grant select on '||owner||'.'||object_name||' to CRJDATA;'
from dba_objects
where owner in ('ZZ')
and object_type='TABLE';
把所有結果復制出來,在UserB 下執行一遍
grant select on ZZ.Table1 to CRJDATA;
grant select on ZZ.Table2 to CRJDATA;
grant select on ZZ.Table3 to CRJDATA;
(也可以賦予序列,視圖的查詢權限)
grant select any sequence to CRJDATA;
3.需要給UserB用戶下所有表創建同義詞,但是考慮到之前已經創建過一些表的同義詞,因此把所有創建同義詞的語句select出來在UserA用戶下執行。
SELECT 'create or replace SYNONYM CRJDATA. ' || object_name|| ' FOR ' || owner || '.' || object_name|| ';'
from dba_objects
where owner in ('ZZ')
and object_type='TABLE';
把所有結果復制出來登錄UserA用戶執行
create or replace SYNONYM CRJDATA. T_KDXF_ACCOUNT FOR ZZ.Table1 ;
create or replace SYNONYM CRJDATA. T_KDXF_ACCOUNT FOR ZZ.Table2 ;
create or replace SYNONYM CRJDATA. T_KDXF_ACCOUNT FOR ZZ.Table3 ;
4.全面使用grant命令
--首先是CPR賬號 --授權表上的讀寫權限 select 'grant all on '||owner||'.'||table_name||' to hisuser;' from dba_tables where owner = 'CPR'; --授權視圖上的讀寫權限 select 'grant all on '||owner||'.'||view_name||' to hisuser;' from dba_views where owner = 'CPR'; --授權函數和存儲過程的讀寫權限 select 'grant execute on '||owner||'.'||name||' to hisuser;' from dba_source where owner = 'CPR' and type in ('PROCEDURE','FUNCTION','PACKAGE','PACKAGE BODY','TYPE BODY','TRIGGER','TYPE') ; --授權序列的讀寫權限 select 'grant all on '||sequence_owner||'.'||sequence_name||' to hisuser;' from dba_sequences where sequence_owner = 'CPR' ; --創建同義詞 select 'create or replace public synonym '||synonym_name||' for '||table_owner||'.'||table_name||' ;' from dba_synonyms where table_owner='CPR' ; select 'create or replace public synonym '||view_name||' for '||owner||'.'||view_name||' ;' from dba_views where owner = 'CPR' and (owner NOT LIKE '%$%' OR view_name NOT LIKE '%$%') ; --然后是system賬號 --授權表上的讀寫權限 select 'grant all on '||owner||'.'||table_name||' to hisuser;' from dba_tables where owner = 'SYSTEM' and table_name NOT LIKE '%$%'; --授權視圖上的讀寫權限 select 'grant all on '||owner||'.'||view_name||' to hisuser;' from dba_views where owner = 'SYS'; --授權函數和存儲過程的讀寫權限 select DISTINCT 'grant execute on '||owner||'.'||name||' to hisuser;' from dba_source where owner = 'SYS' and type in ('PROCEDURE','FUNCTION','PACKAGE','PACKAGE BODY','TYPE BODY','TRIGGER','TYPE') AND name NOT LIKE '%$%' --授權序列的讀寫權限 select 'grant all on '||sequence_owner||'.'||sequence_name||' to hisuser;' from dba_sequences where sequence_owner = 'SYSTEM' AND sequence_name NOT LIKE '%$%'; --創建同義詞 select 'create or replace public synonym '||synonym_name||' for '||table_owner||'.'||table_name||' ;' from dba_synonyms where table_owner='SYS' and synonym_name NOT LIKE '%$%'; select 'create or replace public synonym '||view_name||' for '||owner||'.'||view_name||' ;' from dba_views where owner = 'SYS' and (owner NOT LIKE '%$%' OR view_name NOT LIKE '%$%') ;