ocp-047-14 22 40 grant revoke role

14. OE and SCOTT are the users in the database. The ORDERS table is owned by OE. Evaluate(评价) the statements issued(发行) by the DBA in the following sequence:

CREATE ROLE r1;

GRANT SELECT, INSERT ON oe.orders TO r1;

GRANT r1 TO scott;

GRANT SELECT ON oe.orders TO scott;

REVOKE SELECT ON oe.orders FROM scott;

What would be the outcome after executing the statements?

A. SCOTT would be able to query the OE.ORDERS table.

B. SCOTT would not be able to query the OE.ORDERS table.

C. The REVOKE statement would remove the SELECT privilege from SCOTT as well as from the role R1.

D. The REVOKE statement would give an error because the SELECT privilege has been granted to the role R1.

答案: A

分析: 本题考点是权限/privilege

对象权限可以直接授予用户，也可以授予角色后将角色授予用户，结果是用户都可以使用该权限。但是用户通过角色获得的权限不可以被单独撤销，需要撤销角色来撤销权限。

B. SCOTT拥有r1角色，该角色有OE.ORDERS表的select权限，所以SCOTT仍然能正常查询该表。

C. revoke命令不会在撤销一个用户的权限时，将用户所属角色的相同权限一并撤销，撤销角色权限必须显式声明。

D. revoke命令撤销的是SCOTT用户通过GRANT SELECT ON oe.orders TO scott得到的权限，不是通过r1角色得到的权限，所以不会出错。

22. Which statement correctly grants a system privilege?

A. GRANT EXECUTE ON proc1 TO PUBLIC

授予所有用户执行过程proc1的权限,这是对象权限不是系统权限

B. GRANT CREATE VIEW ON table1 TO user1

create view是系统权限,没有在某个表上的创建视图的权限,得到create view权限和select on table对象权限就可以创建到其他用户的表的视图

C. GRANT CREATE TABLE TO user1,user2(right)

GRANT 权限名 TO 用户(角色)1,用户(角色)2

D. GRANT CREATE SESSION TO ALL

要想所有用户授权是to public不是to all

40. User OE, the owner of the ORDERS table, issues the following command:

GRANT SELECT,INSERT ON orders TO hr WITH GRANT OPTION

授予hr对表orders的SELECT,INSERT权限,并且授予hr将这些权限授予别人的权限

The user HR issues the following command:

GRANT SELECT ON oe.orders TO scott

授予scott对表oe.orders的SELECT权限

Then, OE issues the following command:

REVOKE ALL ON orders FROM hr

撤销hr对表orders的所有权限

WITH GRANT OPTION只能在赋予 object privilege 的时使用,撤销时有连带效果oe>>hr>>scott

Which statement is correct?

A. The user SCOTT loses the privilege to select rows from OE.ORDERS.(right)

B. The user SCOTT retains the privilege to select rows from OE.ORDERS.

翻译: SCOTT保留了对OE.ORDERS表的select权限

解释: 对象权限撤销时会连带撤销通过WITH GRANT OPTION传递的权限

C. The REVOKE statement generates an error because OE has to first revoke the SELECT privilege from SCOTT.

翻译: 撤销语句产生一个错误，因为OE要先撤销scott的select权限

解释: 撤销任何权限时都不会要求先撤销其他通过WITH ADMIN/GRANT OPTION获得权限的用户/角色

D. The REVOKE statement generates an error because the ALL keyword cannot be used for privileges

翻译: 撤销语句产生一个错误，因为关键词ALL不能用于权限

解释: GRANT ALL PRIVILEGES TO user/role/public [IDENTIFIED BY password] [WITH ADMIN OPTION]

      GRANT ALL PRIVILEGES ON [schema.]object TO user/role/public [WITH GRANT OPTION] [WITH HIERARCHY OPTION]