用户有connect,resource,dba角色权限后回收dba权限导致无UNLIMITED TABLESPACE权限造成业务中断
2016-11-20 19:07
561 查看
如果授予用户connect,resource时,此时用户已经有了UNLIMITED TABLESPACE权限。
此时如果授予用户DBA权限,然后再回收DBA角色;此时会收回UNLIMITED TABLESPACE权限。
近期遇到过此种情况,导致业务用户无法使用表空间,造成较为严重的事故,记录一下。
测试如下;
1.创建用户并授予connect,resource、dba权限并验证
SQL> create user test identified by test;
User created.
SQL> grant connect,resource to test;
Grant succeeded.
SQL>
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TEST UNLIMITED TABLESPACE NO
SQL> grant dba to test;
Grant succeeded.
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST DBA NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TEST UNLIMITED TABLESPACE NO
2.回收dba权限并检查权限
SQL> revoke dba from test;
Revoke succeeded.
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
no rows selected
SQL> grant connect,resource to test;
Grant succeeded.
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TEST UNLIMITED TABLESPACE NO
此时如果授予用户DBA权限,然后再回收DBA角色;此时会收回UNLIMITED TABLESPACE权限。
近期遇到过此种情况,导致业务用户无法使用表空间,造成较为严重的事故,记录一下。
测试如下;
1.创建用户并授予connect,resource、dba权限并验证
SQL> create user test identified by test;
User created.
SQL> grant connect,resource to test;
Grant succeeded.
SQL>
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TEST UNLIMITED TABLESPACE NO
SQL> grant dba to test;
Grant succeeded.
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST DBA NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TEST UNLIMITED TABLESPACE NO
2.回收dba权限并检查权限
SQL> revoke dba from test;
Revoke succeeded.
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
no rows selected
SQL> grant connect,resource to test;
Grant succeeded.
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TEST UNLIMITED TABLESPACE NO
相关文章推荐
- 12C 创建用户授予connect+resource 后不在级联给予UNLIMITED TABLESPACE权限
- Oracle之 赋予resource角色自动赋予UNLIMITED TABLESPACE权限,回收同理。
- 创建新环境用户的时候 注意回收 unlimited tablespace权限(测试环境和生产环境的时候 用户的权限注意)
- 10g中resource角色的隐含权限UNLIMITED TABLESPACE
- resource角色隐式授权unlimited tablespace权限测试
- Oracle DB 关于CONNECT、RESOURCE 和DBA 角色权限
- 角色 RESOURCE、CONNECT、DBA具有的权限
- Oracle sys和system用户、sysdba 和sysoper系统权限、sysdba和dba角色的区别
- 角色connect resource的权限
- Oracle内置角色connect与resource的权限
- 默认角色CONNECT 和RESOURCE角色具有哪些权限
- Oracle sys和system用户、sysdba 和sysoper系统权限、sysdba和dba角色的区别 .
- ORA-01031 权限不足-存储过程中DBA 角色用户无法执行DDL
- Oracle sys和system用户、sysdba 和sysoper系统权限、sysdba和dba角色的区别
- Oracle查询用户权限角色(dba_sys_privs)
- 系统权限UNLIMITED TABLESPACE为何此特殊
- 导入数据到不同表空间的问题!(unlimited tablespace 权限在作怪)
- Sys和system用户、sysdba 和sysoper系统权限、dba角色
- Oracle sys和system用户、sysdba 和sysoper系统权限、sysdba和dba角色的区别
- Oracle内置角色connect与resource的权限