Oracle10g 预定义主要角色 |
发布时间: 2012/9/20 17:17:07 |
SQL> select * from v$version; BANNER CORE 10.2.0.1.0 Production SQL> set pages 50 ROLE PASSWORD 20 rows selected. SQL> 1. CONNECT 1-3是为了同Oracle老版本中的概念相兼容而提供的,不能只依赖于这些ROLE 1.CONNECT 角色, 是授予最终用户的典型权利,最基本的 SQL> select * from dba_sys_privs where grantee = 'CONNECT'; --系统权限 GRANTEE PRIVILEGE ADM SQL> select * from dba_tab_privs where grantee = 'CONNECT'; --对象权限 no rows selected SQL> select * from dba_role_privs where grantee = 'CONNECT'; --角色权限 no rows selected SQL> 2.RESOURCE 角色, 是授予开发人员的 SQL> select * from dba_sys_privs where grantee = 'RESOURCE'; GRANTEE PRIVILEGE ADM 8 rows selected. SQL> select * from dba_tab_privs where grantee = 'RESOURCE'; no rows selected SQL> select * from dba_role_privs where grantee = 'RESOURCE'; no rows selected SQL> 3.DBA 角色, 拥有系统所有系统级权限 SQL> select count(*) from dba_sys_privs where grantee = 'DBA'; COUNT(*) SQL> select count(*) from dba_tab_privs where grantee = 'DBA'; COUNT(*) SQL> select * from dba_role_privs where grantee = 'DBA'; GRANTEE GRANTED_ROLE ADM DEF 8 rows selected. SQL> 4.IMP_FULL_DATABASE 角色 SQL> select count(*) from dba_sys_privs where grantee = 'IMP_FULL_DATABASE'; COUNT(*) SQL> select count(*) from dba_tab_privs where grantee = 'IMP_FULL_DATABASE'; COUNT(*) SQL> select * from dba_role_privs where grantee = 'IMP_FULL_DATABASE'; GRANTEE GRANTED_ROLE ADM DEF SQL> 5.EXP_FULL_DATABASE 角色 SQL> select * from dba_sys_privs where grantee = 'EXP_FULL_DATABASE'; GRANTEE PRIVILEGE ADM 8 rows selected. SQL> select count(*) from dba_tab_privs where grantee = 'EXP_FULL_DATABASE'; COUNT(*) SQL> select * from dba_role_privs where grantee = 'EXP_FULL_DATABASE'; GRANTEE GRANTED_ROLE ADM DEF SQL> 6.DELETE_CATALOG_ROLE 角色 这个角色是Oracle8新增加的,如果授予用户这个角色,用户就可以从表sys.aud$和FGA_LOG$中删除记录,sys.aud$和FGA_LOG$表中记录着审计后的记录,使用这个角色可以简化审计踪迹管理。 SQL> select * from dba_sys_privs where grantee = 'DELETE_CATALOG_ROLE'; no rows selected SQL> select owner, table_name, privilege, grantable from dba_tab_privs where grantee = 'DELETE_CATALOG_ROLE'; OWNER TABLE_NAME PRIVILEGE GRA SQL> select * from dba_role_privs where grantee = 'DELETE_CATALOG_ROLE'; no rows selected SQL> 7.SELECT_CATALOG_ROLE 角色, 具有从数据字典查询的权利 SQL> select * from dba_sys_privs where grantee = 'SELECT_CATALOG_ROLE'; no rows selected SQL> select count(*) from dba_tab_privs where grantee = 'SELECT_CATALOG_ROLE'; COUNT(*) SQL> select * from dba_role_privs where grantee = 'SELECT_CATALOG_ROLE'; GRANTEE GRANTED_ROLE ADM DEF --进一步看看HS_ADMIN_ROLE角色 SQL> select * from dba_sys_privs where grantee = 'HS_ADMIN_ROLE'; no rows selected SQL> select owner, table_name, privilege, grantable from dba_tab_privs where grantee = 'HS_ADMIN_ROLE'; OWNER TABLE_NAME PRIVILEGE GRA 15 rows selected. SQL> select * from dba_role_privs where grantee = 'HS_ADMIN_ROLE'; no rows selected SQL> 8.EXECUTE_CATALOG_ROLE 角色, 具有从数据字典中执行部分过程和函数的权利 SQL> select * from dba_sys_privs where grantee = 'EXECUTE_CATALOG_ROLE'; no rows selected SQL> select count(*) from dba_tab_privs where grantee = 'EXECUTE_CATALOG_ROLE'; COUNT(*) SQL> select * from dba_role_privs where grantee = 'EXECUTE_CATALOG_ROLE'; GRANTEE GRANTED_ROLE ADM DEF SQL> --End--
本文出自:亿恩科技【www.enkj.com】 |