Oracle教程之Oracle管理权限（三）--Oracle对象权限的管理

1、授予对象权限是指访问其他用户方案对象的权限。GRANT object_priv｜ALL [(columns)]ON objectTO {user|role|PUBLIC}[WITH GRANT OPTION];ALL：所有对象权限PUBLIC：授给所有的用户WITH GRANT OPTION：允许用户再次给其它用户授权。——针对列授予对象权限11:24:05 SQL> grant update(sal) on scott.emp to tom;Grant succeeded.11:29:39 SQL> conn tom/tomConnected.11:29:51 SQL> update scott.emp set comm=100 where empno=7788; ——对该列无权限修改update scott.emp set comm=100 where empno=7788*ERROR at line 1:ORA-01031: insufficient privilegesSQL> update scott.emp set sal=10000 where empno=7788;1 row updated.SQL> rollback;Rollback complete.SQL> select GRANTEE,OWNER,TABLE_NAME,COLUMN_NAME,PRIVILEGE from user_col_privs;GRANTEE OWNER TABLE_NAME COLUMN_NAME PRIVILEGE---------- --------------- --------------- --------------- ---------------TOM SCOTT EMP SAL UPDATE2、显示对象权限1）显示对象权限04:39:24 SQL> select grantor ,owner ||'.'||table_name object,privilege04:39:34 2 from dba_tab_privs04:39:41 3 where grantee='HR';GRANTOR OBJECT PRIVILEGE---------- --------------- ----------SYS SYS.DBMS_STATS EXECUTESCOTT SCOTT.DEPT UPDATESCOTT SCOTT.DEPT SELECTSCOTT SCOTT.DEPT DELETE2)显示列权限04:42:15 SQL> col owner for a1004:42:58 SQL> col table_column for a1504:43:08 SQL> col privileg for a1004:43:14 SQL> select owner ,table_name||'.'||column_name table_column, privilege from dba_col_privs04:44:00 2 where grantee='HR';OWNER TABLE_COLUMN PRIVILEGE---------- --------------- ----------------------------------------SCOTT EMP.SAL UPDATE3)显示用户授出的列权限04:47:57 SQL> l1 select grantee,privilege,table_name||'.'||column_name2 tab_column3* from user_col_privs_made；4）显示用户所具有的列权限select privilege,table_name||'.'||column_name tab_column,04:49:38 2 grantor04:49:43 3 from all_col_privs_recd04:49:53 4 where grantee='HR';no rows selected5)显示用户所授出的对象权限04:42:47 SQL> col table_name for a10for a1004:51:19 SQL> select grantee ,privilege ,table_name04:51:34 2 from user_tab_privs_made;GRANTEE PRIVILEGE TABLE_NAME------------------------------ ---------------------------------------- ----------HR DELETE DEPTHR SELECT DEPTHR UPDATE DEPTOE SELECT EMP6）显示用户所具有的对象权限04:52:45 SQL> select privilege,table_name,grantor04:52:58 2 from all_tab_privs_recd04:53:10 3 where grantee='HR';PRIVILEGE TABLE_NAME GRANTOR---------------------------------------- ---------- ------------------------------EXECUTE DBMS_STATS SYSDELETE DEPT SCOTTSELECT DEPT SCOTTUPDATE DEPT SCOTT3、收回对象权限grant ---------with grant option ——（如果用户获得权限时，设置此参数，用户可以将权限再授予别的用户）SQL> grant all on scott.emp to public; ——all 代表所有的对象权限，public 代表所有的用户SQL> conn tom/tomConnected.SQL> select * from user_tab_privs;no rows selected——在视图user_tab_privs没有记载，但是权限是授予的了，一样可以执行权限【如果是系统权限就会在user_sys_privs上显示信息】SQL> select ename from scott.emp;ENAME------------------------------SMITHALLENWARDJONESMARTINBLAKECLARKSCOTTKINGTURNERADAMSJAMESFORDMILLER14 rows selected.SQL> delete from scott.emp;14 rows deleted.SQL> rollback;Rollback complete.SQL> conn /as sysdbaConnected.SQL> revoke all on scott.emp from public;——回收权限Revoke succeeded.SQL> grant update on scott.emp to tom with grant option;Grant succeeded.SQL> create user rose identified by rose ;User created.SQL> grant create session to rose;Grant succeeded.SQL> conn tom/tomConnected.GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY---------- --------------- --------------- --------------- --------------- --------------- ---------------TOM SCOTT EMP1 SCOTT UPDATE YES NOSQL> grant update on scott.emp to rose;Grant succeeded.SQL> conn rose/roseConnected.SQL> select * from user_tab_privs;GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY---------- --------------- --------------- --------------- --------------- --------------- ---------------ROSE SCOTT EMP1 TOM UPDATE NO NO——revoke with grant option ，在回收权限时，级联。SQL> conn /as sysdbaConnected.SQL> revoke update on scott.emp from rose;revoke update on scott.emp from rose*ERROR at line 1:ORA-01927: cannot REVOKE privileges you did not grant----只能从直接授予者回收权限SQL> revoke update on scott.emp from tom;Revoke succeeded.SQL> conn tom/tomConnected.11:21:25 SQL> select * from user_tab_privs;GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRA HIE-------------------- ---------- ---------- ---------- ---------------------------------------- --- ---TOM SCOTT EMP SCOTT SELECT NO NO

更多更全的oracle视频教程请访问：http://crm2.qq.com/page/portalpage/wpa.php?uin=800060152&f=1&ty=1&aty=0&a=&from=6