截断 table WITH ALTER 权限的问题
Issue with truncating table WITH ALTER permissions
我在此处 Permissions for truncating a table 了解到您需要向用户授予 ALTER 权限,以便他们能够截断 table。但是,我在截断 table 时仍然遇到问题,因为用户被授予了这个角色。
知道这是为什么吗?
PS。我本人作为 table 的所有者能够顺便截断。只是没有其他人拥有 ALTER 权限。
您所指的link适用于MS SQL服务器。 Leila 评论中的 link 也适用于 SQL 服务器。
对于 Oracle 用户 must have DROP ANY TABLE 系统权限。
这反过来可能不是你想要的,因为这个系统权限太具有破坏性了。
Tom Kyte has 你的问题的解决方案:
Sure, this is what stored procedures are all about.
To selectively give someone the abilitly to truncate a specific table,
or all of the tables owned by some schema, you would code:
create or replace procedure do_the_truncate as begin execute immediate
'truncate table T'; end;
or (any of the tables owned by some schema, or if that schema has the
drop any table priv ANY table)
create or replace procedure do_the_truncate( p_tname in varchar2 ) as
begin execute immediate 'truncate table ' || p_tname; end;
and then just grant execute on that procedure to any user that needs
to run that command. Since stored procedures run with the base privs
of the OWNER of the procedure, you do not need any powerful privs like
"drop any table" to truncate that table.
您可以进一步增强 do_the_truncate 存储过程以获得允许截断的表的列表,以加强系统的安全性
我在此处 Permissions for truncating a table 了解到您需要向用户授予 ALTER 权限,以便他们能够截断 table。但是,我在截断 table 时仍然遇到问题,因为用户被授予了这个角色。
知道这是为什么吗?
PS。我本人作为 table 的所有者能够顺便截断。只是没有其他人拥有 ALTER 权限。
您所指的link适用于MS SQL服务器。 Leila 评论中的 link 也适用于 SQL 服务器。
对于 Oracle 用户 must have DROP ANY TABLE 系统权限。
这反过来可能不是你想要的,因为这个系统权限太具有破坏性了。
Tom Kyte has 你的问题的解决方案:
Sure, this is what stored procedures are all about.
To selectively give someone the abilitly to truncate a specific table, or all of the tables owned by some schema, you would code:
create or replace procedure do_the_truncate as begin execute immediate 'truncate table T'; end;or (any of the tables owned by some schema, or if that schema has the drop any table priv ANY table)
create or replace procedure do_the_truncate( p_tname in varchar2 ) as begin execute immediate 'truncate table ' || p_tname; end;and then just grant execute on that procedure to any user that needs to run that command. Since stored procedures run with the base privs of the OWNER of the procedure, you do not need any powerful privs like "drop any table" to truncate that table.
您可以进一步增强 do_the_truncate 存储过程以获得允许截断的表的列表,以加强系统的安全性