如何在 Oracle 中列出所有具有 SELECT ANY TABLE 权限的用户?
How to list all users with SELECT ANY TABLE permission in Oracle?
我想编写 PL/SQL 脚本来打印出所有已被授予对 Oracle 数据库中的 Select 任何 Table 权限的用户,但我仍然不知道从哪里开始
SELECT ANY TABLE 是系统权限。因此,要回答您的问题,您需要查询静态数据字典视图 DBA_SYS_PRIVS。
您需要是 DBA 或高级用户才能查询此视图。
select grantee
from dba_sys_privs
where privilege = 'SELECT ANY TABLE';
要扩展 APC 的答案,您通常需要递归地深入研究 dba_role_privs 以找到有权(直接或间接)访问权限的用户的完整列表。
还有similar questions that go into more detail, and people have written exhaustive scripts to do this with table and column privileges。但这是一个懒惰的版本:
with rc (grantee, privilege, roles) as (
select grantee, privilege, null as roles
from dba_sys_privs sp
where sp.privilege = 'SELECT ANY TABLE'
union all
select rp.grantee, rc.privilege, case when rc.roles is not null then rc.roles || '>' end || rp.granted_role as roles
from dba_role_privs rp
join rc on rp.granted_role = rc.grantee
and nvl(rc.roles,'x') not like '%>' || rp.granted_role || '%' -- avoid cycles
)
select * from rc
order by 1;
我想编写 PL/SQL 脚本来打印出所有已被授予对 Oracle 数据库中的 Select 任何 Table 权限的用户,但我仍然不知道从哪里开始
SELECT ANY TABLE 是系统权限。因此,要回答您的问题,您需要查询静态数据字典视图 DBA_SYS_PRIVS。 您需要是 DBA 或高级用户才能查询此视图。
select grantee
from dba_sys_privs
where privilege = 'SELECT ANY TABLE';
要扩展 APC 的答案,您通常需要递归地深入研究 dba_role_privs 以找到有权(直接或间接)访问权限的用户的完整列表。
还有similar questions that go into more detail, and people have written exhaustive scripts to do this with table and column privileges。但这是一个懒惰的版本:
with rc (grantee, privilege, roles) as (
select grantee, privilege, null as roles
from dba_sys_privs sp
where sp.privilege = 'SELECT ANY TABLE'
union all
select rp.grantee, rc.privilege, case when rc.roles is not null then rc.roles || '>' end || rp.granted_role as roles
from dba_role_privs rp
join rc on rp.granted_role = rc.grantee
and nvl(rc.roles,'x') not like '%>' || rp.granted_role || '%' -- avoid cycles
)
select * from rc
order by 1;