您的位置:首页 > 其它

授权用户访问数据字典三种方式

2017-11-21 17:48 429 查看
在很多时候,希望给用户最小的权限,让其访问系统数据字典,检查数据库的运行状态。这种事情在乙方的工作中非常常见。下面介绍三种方法处理这个问题
0.select any table权限
这里说明select any table不能直接访问数据字典

SQL> conn / as sysdba

Connected.

SQL> create user xff_any identified by xifenfei;

 

User created.

 

SQL> grant connect,select any table to xff_any;

 

Grant succeeded.

 

SQL> conn xff_any/xifenfei

Connected.

SQL>  select count(*) from dba_users;

 select count(*) from dba_users

                      *

ERROR at line 1:

ORA-00942: table or view does not exist

 

 

SQL> select count(*) from chf.t_xff;

 

  COUNT(*)

----------

      2770

select any table默认情况下,只能访问业务的表,但是不能访问数据字典的数据。所以单纯的这个属性不能满足需求。

1.SELECT ANY DICTIONARY权限

SQL>
conn / as sysdba 

Connected.

SQL> create user xff_DICTIONARY identified by xifenfei;

 

User created.

 

SQL> grant connect to xff_DICTIONARY;

 

Grant succeeded.

 

SQL> conn xff_DICTIONARY/xifenfei

Connected.

SQL> select count(*) from dba_users;

select count(*) from dba_users

                     *

ERROR at line 1:

ORA-00942: table or view does not exist

 

 

SQL> conn / as sysdba

Connected.

SQL> grant SELECT ANY DICTIONARY to xff_DICTIONARY;

 

Grant succeeded.

 

SQL> conn xff_DICTIONARY/xifenfei

Connected.

SQL> select count(*) from dba_users;

 

  COUNT(*)

----------

        32

 

SQL> select count(*) from chf.t_xff;

select count(*) from chf.t_xff

                         *

ERROR at line 1:

ORA-00942: table or view does not exist

这里可以看出SELECT
ANY DICTIONARY权限只能访问数据字典,不能访问业务的表,访问业务的表需要另外授权

2.SELECT_CATALOG_ROLE角色

这里可以看出SELECT_CATALOG_ROLE权限只能访问数据字典,不能访问业务的表,访问业务的表需要另外授权

3.O7_DICTIONARY_ACCESSIBILITY参数

SQL>
conn / as sysdba

Connected.

SQL> create user xff_O7 identified by xifenfei;

 

User created.

 

SQL> grant connect to xff_o7;

 

Grant succeeded.

 

SQL> alter system set O7_DICTIONARY_ACCESSIBILITY=true;

alter system set O7_DICTIONARY_ACCESSIBILITY=true

                 *

ERROR at line 1:

ORA-02095: specified initialization parameter cannot be modified

 

 

SQL> alter system set O7_DICTIONARY_ACCESSIBILITY=true scope=spfile;

 

System altered.

 

SQL> shutdown immediate;

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL> startup 

ORACLE instance started.

 

Total System Global Area  368263168 bytes

Fixed Size                  1345016 bytes

Variable Size             306186760 bytes

Database Buffers           54525952 bytes

Redo Buffers                6205440 bytes

Database mounted.

Database opened.

SQL> conn xff_o7/xifenfei

Connected.

SQL> select count(*) from dba_users;

 

  COUNT(*)

----------

        34

这里通过O7_DICTIONARY_ACCESSIBILITY和SELECT
ANY TABLE权限,实现访问业务数据和数据字典
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: