CREATE ANY TABLE 不足以创建任何 table?
CREATE ANY TABLE not sufficient for creating any table?
我使用 SYSTEM 用户将 CREATE ANY TABLE 授予用户 TEST,但是当我尝试执行
create table other.dummy ...
我仍然得到 ORA-01031: insufficient privileges
Oracle : Grant Create table in another schema? 声称这应该有效。
我也尝试授予 CREATE ANY INDEX,因为 table 具有 PK,因此包含一个索引,但这并没有改变任何东西。
GRANT ALL PRIVILEGES 成功了,但我更喜欢有限的东西。
实际的CREATE TABLE语句是:
CREATE TABLE OTHER.DUMMY_ENTITY (
ID NUMBER GENERATED by default on null as IDENTITY PRIMARY KEY,
NAME VARCHAR2(30)
)
除了 CREATE ANY TABLE 之外我还需要授予什么权限?
当您将权限 CREATE ANY TABLE 授予特定用户时,该用户将能够在数据库中创建任何 table,只要创建此类 table与你的说法相符运行。在您的情况下,您不仅仅是在创建 table.
让我们模拟您的场景,方法是创建具有此类权限的用户,然后尝试在另一个架构中创建 table。
SQL*Plus: Release 19.0.0.0.0 - Production on Fri Nov 5 10:54:17 2021
Version 19.6.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
SQL> show user
USER is "SYS"
SQL>
SQL> create user test_grant identified by "Oracle_123" ;
User created.
SQL> grant create session, create any table to test_grant ;
Grant succeeded.
SQL> exit
现在,我正在连接 test_grant 以在架构 test
中创建一个与您一样的 table
sqlplus test_grant/"Oracle_123"
SQL*Plus: Release 19.0.0.0.0 - Production on Fri Nov 5 10:55:28 2021
Version 19.6.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
SQL> create table test.t1_privs ( c1 number generated by default on null as identity primary key , c2 varchar2(1) ) ;
create table test.t1_privs ( c1 number generated by default on null as identity primary key , c2 varchar2(1) )
*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> create table test.t2_privs ( c1 number, c2 varchar2(1) ) ;
Table created.
如您所见,我可以在其他架构中创建 table,但不是您要创建的架构。显然 create table 语句中的元素需要其他权限,所以让我们分析它们
- 标识列包含一个序列
- 主键包含一个索引。
让我们给用户那些任何特权
SQL> grant create any index, create any sequence to test_grant ;
Grant succeeded.
再试一次
sqlplus test_grant/"Oracle_123"
SQL*Plus: Release 19.0.0.0.0 - Production on Fri Nov 5 11:06:47 2021
Version 19.6.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Last Successful login time: Fri Nov 05 2021 11:03:31 +01:00
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
SQL> create table test.t1_privs ( c1 number generated by default on null as identity primary key , c2 varchar2(1) ) ;
create table test.t1_privs ( c1 number generated by default on null as identity primary key, c2 varchar2(1) )
*
ERROR at line 1:
ORA-01031: insufficient privileges
那么,发生了什么事?
当你在另一个架构中创建一个table并以列作为标识时,你不仅需要create any table和create any sequence权限,你还需要select any sequence 特权
SQL> grant select any sequence to test_grant ;
Grant succeeded.
sqlplus test_grant/"Oracle_123"
SQL*Plus: Release 19.0.0.0.0 - Production on Fri Nov 5 11:31:44 2021
Version 19.6.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Last Successful login time: Fri Nov 05 2021 11:29:36 +01:00
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
SQL> create table test.t1_privs ( c1 number generated by default on null as identity primary key, c2 varchar2(1) ) ;
Table created.
我使用 SYSTEM 用户将 CREATE ANY TABLE 授予用户 TEST,但是当我尝试执行
create table other.dummy ...
我仍然得到 ORA-01031: insufficient privileges
Oracle : Grant Create table in another schema? 声称这应该有效。
我也尝试授予 CREATE ANY INDEX,因为 table 具有 PK,因此包含一个索引,但这并没有改变任何东西。
GRANT ALL PRIVILEGES 成功了,但我更喜欢有限的东西。
实际的CREATE TABLE语句是:
CREATE TABLE OTHER.DUMMY_ENTITY (
ID NUMBER GENERATED by default on null as IDENTITY PRIMARY KEY,
NAME VARCHAR2(30)
)
除了 CREATE ANY TABLE 之外我还需要授予什么权限?
当您将权限 CREATE ANY TABLE 授予特定用户时,该用户将能够在数据库中创建任何 table,只要创建此类 table与你的说法相符运行。在您的情况下,您不仅仅是在创建 table.
让我们模拟您的场景,方法是创建具有此类权限的用户,然后尝试在另一个架构中创建 table。
SQL*Plus: Release 19.0.0.0.0 - Production on Fri Nov 5 10:54:17 2021
Version 19.6.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
SQL> show user
USER is "SYS"
SQL>
SQL> create user test_grant identified by "Oracle_123" ;
User created.
SQL> grant create session, create any table to test_grant ;
Grant succeeded.
SQL> exit
现在,我正在连接 test_grant 以在架构 test
sqlplus test_grant/"Oracle_123"
SQL*Plus: Release 19.0.0.0.0 - Production on Fri Nov 5 10:55:28 2021
Version 19.6.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
SQL> create table test.t1_privs ( c1 number generated by default on null as identity primary key , c2 varchar2(1) ) ;
create table test.t1_privs ( c1 number generated by default on null as identity primary key , c2 varchar2(1) )
*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> create table test.t2_privs ( c1 number, c2 varchar2(1) ) ;
Table created.
如您所见,我可以在其他架构中创建 table,但不是您要创建的架构。显然 create table 语句中的元素需要其他权限,所以让我们分析它们
- 标识列包含一个序列
- 主键包含一个索引。
让我们给用户那些任何特权
SQL> grant create any index, create any sequence to test_grant ;
Grant succeeded.
再试一次
sqlplus test_grant/"Oracle_123"
SQL*Plus: Release 19.0.0.0.0 - Production on Fri Nov 5 11:06:47 2021
Version 19.6.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Last Successful login time: Fri Nov 05 2021 11:03:31 +01:00
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
SQL> create table test.t1_privs ( c1 number generated by default on null as identity primary key , c2 varchar2(1) ) ;
create table test.t1_privs ( c1 number generated by default on null as identity primary key, c2 varchar2(1) )
*
ERROR at line 1:
ORA-01031: insufficient privileges
那么,发生了什么事?
当你在另一个架构中创建一个table并以列作为标识时,你不仅需要create any table和create any sequence权限,你还需要select any sequence 特权
SQL> grant select any sequence to test_grant ;
Grant succeeded.
sqlplus test_grant/"Oracle_123"
SQL*Plus: Release 19.0.0.0.0 - Production on Fri Nov 5 11:31:44 2021
Version 19.6.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Last Successful login time: Fri Nov 05 2021 11:29:36 +01:00
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.6.0.0.0
SQL> create table test.t1_privs ( c1 number generated by default on null as identity primary key, c2 varchar2(1) ) ;
Table created.