zoukankan      html  css  js  c++  java
  • Oracle课程档案,第十天

    用户管理

    Authentication: 身份验证


    AAA:
    Authentication: 身份验证

    Authorization: 权限管理

    Audition: 审计

    grant:授权

    unset:撤销(消除)

    SQL>echo $ORACLE_SID ORCL 查询数据库的名字为ORCL

    SQL>vnset ORACLE_SID 删除数据库名字为ORCL

    SQL>export ORACLE_SID=ORCL 重新添加变量数据库的名字为ORCL

    管理员的身份验证:
    本地连接:
    本地连接,预先设置ORACLE_SID,操作系统用户是dba群组的成员

    id
    uid=1001(oracle) gid=1000(oinstall) groups=1000(oinstall),1031(dba),1032(oper)
    $ sqlplus / as sysdba
    SQL> show user
    USER is "SYS"
    $ su -
    # usermod -G oper oracle 或 -G:附加群组 -g:主群组 -d:删除 -a:添加
    # gpasswd -d oracle dba
    # exit
    $ sqlplus / as sysdba
    报错,权限不够

    只要是dba群组中的成员,就可以不需要知道sys的口令,直接以sqlplus / as sysdba登录
    并且身份为sys。

    恢复:
    # gpasswd -a oracle dba


    远程客户端连接:
    $ sqlplus sys/password@orcl as sysdba
    $ ls $ORACLE_HOME/dbs/orapworcl
    $ orapwd


    操作系统中创建用户:
    $ su -
    Password:
    [root@node1 ~]# useradd osuser
    [root@node1 ~]# passwd osuser
    $ sqlplus / as sysdba
    外部用户使用固定的前缀:
    SQL> show parameter os_auth
    SQL> create user ops$osuser identified externally;
    SQL> grant create session to ops$osuser;
    不要su - osuser,环境变量保留:
    $ su osuser
    Password:
    [osuser@node1 admin]$ sqlplus /
    SQL> show user
    USER is "OPS$OSUSER"


    或者用命令创建:
    SQL> create user user01 identified by password;
    SQL> grant create session to user01; grant:授权

    测试:
    $ sqlplus user01/password


    authorization:(权限管理)

    预先创建测试表
    SQL> create table t1(x int);
    SQL> create user user01 identified by password;
    SQL> grant create session to user01;★
    SQL> grant select any table to user01;★

    user01测试:
    $ sqlplus user01/password
    SQL> select count(*) from hr.employees(hr.departments scott.emp);
    SQL> delete from scott.emp; 失败!
    SQL> select * from sys.t1; 失败!


    select any table n-1模式 注:(any不包括sys)★★
    sys再次授权:
    SQL> grant select any dictionary to user01;
    user01测试:
    SQL> select * from sys.t1; 成功
    select any table(n-1)+select any dictionary(1)
    sys授权:
    SQL> grant create table to user01;
    user01测试:
    SQL> create table t1(x int);
    sys授权:
    SQL> grant unlimited tablespace to user01;
    user01测试:
    SQL> insert into t1 values (1);


    对象权限:关键字为“on”


    sys授权:
    SQL> grant select on hr.employees to user01;
    user01测试:
    SQL> select count(*) from hr.employees;
    SQL> delete from hr.employees; 失败
    SQL> select count(*) from hr.departments; 失败
    sys授权:
    SQL> grant index on hr.employees to user01;
    SQL> grant unlimited tablespace to user01;
    user01测试:
    SQL> create index emp_sal_idx on hr.employees(salary);
    SQL> select index_name from user_indexes where table_name='EMPLOYEES';

    create any table 系统级别的选项,能在任何一个模式下创建表 create table 系统级别的选项,权限也为系统的
    alter any table 系统级别的权限,能修改任何一张表(any不包括sys) alter table 对象权限
    drop any table 系统级别的权限 ,能删除任何一张表 drop table 没有权限

    权限的级联删除:
    系统权限:
    sys准备工作:
    SQL> drop user user01 cascade;
    SQL> drop user user02 cascade;
    SQL> create user user01 identified by password;
    SQL> create user user02 identified by password;
    SQL> grant create session to user01;
    SQL> grant create session to user02;
    sys授权:
    SQL> grant select any table to user01 with admin option;
    user01测试成功并授权给user02:
    SQL> select count(*) from hr.employees;
    SQL> grant select any table to user02 with admin option;
    user02测试成功:
    SQL> select count(*) from hr.employees;
    sys收回权限:
    SQL> revoke select any table from user01;
    user01操作失败:
    SQL> select count(*) from hr.employees;
    user02测试成功:
    SQL> select count(*) from hr.employees;
    对象权限:
    SQL> grant select on hr.employees to user01 with grant option;


    dba+sysdba=sys

    revoke:收回(收回权限)


    预定义的角色:
    SQL> select role from dba_roles;
    创建角色:
    SQL> create role hr_mgr;
    SQL> create role hr_clerk;
    SQL> grant select any table to hr_mgr;
    SQL> grant select on hr.employees to hr_clerk;
    SQL> grant hr_mgr to user01;
    SQL> grant hr_clerk to user02;
    user01/user02测试:
    角色生效必须重新登录


    audit(审计)

    开启开关参数:
    SQL> show parameter audit_trail

    设置审计选项:
    每次设置新的审计选项,测试用户需要重新连接
    sys准备工作:
    SQL> drop user user01 cascade;
    SQL> create user user01 identified by password;
    SQL> grant create session, create table, create any table to user01;

  • 相关阅读:
    python
    python
    python
    python
    python
    python-接口自动化 token 的处理
    如何顺利度过试用期?
    印象深刻-bug汇总
    go 实现1000以内的数字,输入35 输出三十五
    jenkins 汉化
  • 原文地址:https://www.cnblogs.com/awdsjk/p/7327215.html
Copyright © 2011-2022 走看看