授予角色权限
grant privileges to role
问题是:
创建一个"UnivUser"角色,赋予这个角色select、更新、插入、删除、执行pl/sql包和序列的权限。此用户将无法执行除这些操作以外的任何操作,为了帮助您,您可以在用户的 SqlDevelopp 权限对话框中搜索。
使用这些命令为我执行、select 和删除工作:
GRANT select_catalog_role to UnivUser
GRANT execute_catalog_role to UnivUser
GRANT delete_catalog_role to UnivUser
但是对于 insert 和 update 它对我不起作用我不知道该怎么做或者我不明白这个问题。
我不知道你是否误解了问题,但我知道我不确定你是否写了整个问题。
您授予的权限与访问 SYS 拥有的对象有关,我真的不知道您是否应该这样做。
在我看来,您应该坚持 对象权限,即将您在自己的对象上指定的内容授予该角色。例如(在我的 11g XE 数据库中创建):
授予 Scott 创建角色的权限:
SQL> connect sys/pwd@xe as sysdba
Connected.
SQL> grant create role to scott;
Grant succeeded.
创建角色并授予其特定权限:
SQL> connect scott/tiger
Connected.
SQL> create role univuser identified by univuser;
Role created.
SQL> grant select, update, insert, delete on emp to univuser;
Grant succeeded.
SQL> create or replace procedure p_test is begin null; end;
2 /
Procedure created.
SQL> grant execute on p_test to univuser;
Grant succeeded.
SQL> create sequence seq_test;
Sequence created.
SQL> grant select on seq_test to univuser;
Grant succeeded.
UNIVUSER 拥有的权限列表:
SQL> select table_name, privilege from role_tab_privs where role = 'UNIVUSER';
TABLE_NAME PRIVILEGE
------------------------------ ----------------------------------------
EMP DELETE
EMP INSERT
EMP UPDATE
EMP SELECT
P_TEST EXECUTE
SEQ_TEST SELECT
6 rows selected.
现在,将该角色授予我数据库中的另一个用户:
SQL> grant univuser to mike;
Grant succeeded.
让我们看看 Mike 是否可以(或不能)对 Scott 的对象做些什么;不要忘记 SET ROLE:
SQL> connect mike/lion
Connected.
SQL> set role univuser identified by univuser;
Role set.
SQL> select count(*) from scott.emp;
COUNT(*)
----------
12
SQL> select scott.seq_test.nextval from dual;
NEXTVAL
----------
2
SQL> exec scott.p_test;
PL/SQL procedure successfully completed.
SQL>
好像还可以。
[编辑:写 SQL 写 SQL]
SQL> select 'grant select, insert, update, delete on ' || table_name || ' to univuser;'
2 from user_tables;
'GRANTSELECT,INSERT,UPDATE,DELETEON'||TABLE_NAME||'TOunivuser;'
-------------------------------------------------------------------------------
grant select, insert, update, delete on EMP to univuser;
grant select, insert, update, delete on BONUS to univuser;
grant select, insert, update, delete on SALGRADE to univuser;
grant select, insert, update, delete on DEPT to univuser;
SQL>
SQL> select 'grant execute on ' || object_name || ' to univuser;'
2 from user_objects
3 where object_type in ('PROCEDURE', 'FUNCTION', 'SEQUENCE');
'GRANTEXECUTEON'||OBJECT_NAME||'TOUNIVUSER;'
--------------------------------------------------------------------------------
grant execute on EMPTY_TABLE to univuser;
grant execute on SIEROT to univuser;
grant execute on P_RC to univuser;
grant execute on F_RC to univuser;
grant execute on MYFUNCTION to univuser;
grant execute on F_RET to univuser;
grant execute on F_REGNUM to univuser;
grant execute on F_COUNT_OF_SUNDAYS to univuser;
grant execute on P_TEST to univuser;
grant execute on F_TEST to univuser;
grant execute on MTJ_ID_SEQ to univuser;
问题是:
创建一个"UnivUser"角色,赋予这个角色select、更新、插入、删除、执行pl/sql包和序列的权限。此用户将无法执行除这些操作以外的任何操作,为了帮助您,您可以在用户的 SqlDevelopp 权限对话框中搜索。
使用这些命令为我执行、select 和删除工作:
GRANT select_catalog_role to UnivUser
GRANT execute_catalog_role to UnivUser
GRANT delete_catalog_role to UnivUser
但是对于 insert 和 update 它对我不起作用我不知道该怎么做或者我不明白这个问题。
我不知道你是否误解了问题,但我知道我不确定你是否写了整个问题。
您授予的权限与访问 SYS 拥有的对象有关,我真的不知道您是否应该这样做。
在我看来,您应该坚持 对象权限,即将您在自己的对象上指定的内容授予该角色。例如(在我的 11g XE 数据库中创建):
授予 Scott 创建角色的权限:
SQL> connect sys/pwd@xe as sysdba
Connected.
SQL> grant create role to scott;
Grant succeeded.
创建角色并授予其特定权限:
SQL> connect scott/tiger
Connected.
SQL> create role univuser identified by univuser;
Role created.
SQL> grant select, update, insert, delete on emp to univuser;
Grant succeeded.
SQL> create or replace procedure p_test is begin null; end;
2 /
Procedure created.
SQL> grant execute on p_test to univuser;
Grant succeeded.
SQL> create sequence seq_test;
Sequence created.
SQL> grant select on seq_test to univuser;
Grant succeeded.
UNIVUSER 拥有的权限列表:
SQL> select table_name, privilege from role_tab_privs where role = 'UNIVUSER';
TABLE_NAME PRIVILEGE
------------------------------ ----------------------------------------
EMP DELETE
EMP INSERT
EMP UPDATE
EMP SELECT
P_TEST EXECUTE
SEQ_TEST SELECT
6 rows selected.
现在,将该角色授予我数据库中的另一个用户:
SQL> grant univuser to mike;
Grant succeeded.
让我们看看 Mike 是否可以(或不能)对 Scott 的对象做些什么;不要忘记 SET ROLE:
SQL> connect mike/lion
Connected.
SQL> set role univuser identified by univuser;
Role set.
SQL> select count(*) from scott.emp;
COUNT(*)
----------
12
SQL> select scott.seq_test.nextval from dual;
NEXTVAL
----------
2
SQL> exec scott.p_test;
PL/SQL procedure successfully completed.
SQL>
好像还可以。
[编辑:写 SQL 写 SQL]
SQL> select 'grant select, insert, update, delete on ' || table_name || ' to univuser;'
2 from user_tables;
'GRANTSELECT,INSERT,UPDATE,DELETEON'||TABLE_NAME||'TOunivuser;'
-------------------------------------------------------------------------------
grant select, insert, update, delete on EMP to univuser;
grant select, insert, update, delete on BONUS to univuser;
grant select, insert, update, delete on SALGRADE to univuser;
grant select, insert, update, delete on DEPT to univuser;
SQL>
SQL> select 'grant execute on ' || object_name || ' to univuser;'
2 from user_objects
3 where object_type in ('PROCEDURE', 'FUNCTION', 'SEQUENCE');
'GRANTEXECUTEON'||OBJECT_NAME||'TOUNIVUSER;'
--------------------------------------------------------------------------------
grant execute on EMPTY_TABLE to univuser;
grant execute on SIEROT to univuser;
grant execute on P_RC to univuser;
grant execute on F_RC to univuser;
grant execute on MYFUNCTION to univuser;
grant execute on F_RET to univuser;
grant execute on F_REGNUM to univuser;
grant execute on F_COUNT_OF_SUNDAYS to univuser;
grant execute on P_TEST to univuser;
grant execute on F_TEST to univuser;
grant execute on MTJ_ID_SEQ to univuser;