OCP-1Z0-052-V8.02-155题

155. The user HR owns the EMP table. The user HR grants privileges to the user SCOTT by using this

command:

SQL> GRANT SELECT,INSERT,UPDATE ON emp TO scott WITH GRANT OPTION;

The user SCOTT executes this command to grant privileges to the user JIM:

SQL> GRANT SELECT,INSERT,UPDATE ON hr.emp TO jim;

Now, the user HR decides to revoke privileges from JIM using this command:

SQL> REVOKE SELECT,INSERT,UPDATE ON emp FROM jim;

Which statement is true after HR issues the REVOKE command?

A.The command fails because SCOTT still has privileges.

B.The command succeeds and privileges are revoked from JIM.

C.The command fails because HR cannot revoke the privileges from JIM.

D.The command succeeds and only HR has the privilege to perform the SELECT, INSERT, and UPDATE

operations on the EMP table.

Answer: C  

 

现象重现：

 

hr将DML操作emp表的权限给scott，并且scott有传递权限，scott将此权限传递给jim，此时hr想将jim的权限收回，出错，

因为hr没有授予过权限给jim，此时jim可以DML操作EMP表，当hr将scott的权限收回时，jim不能再查询等操作。

1、hr将DML操作emp表的权限给scott，并且scott有传递权限。

hr@TEST0910> grant select,insert,update on employees to scott with grant option;

 

Grant succeeded.

 

hr@TEST0910> conn /as sysdba

Connected.

sys@TEST0910> create user jim identified by jim;

 

User created.

2、scott将此权限传递给jim。

sys@TEST0910> conn scott/tiger

Connected.

scott@TEST0910> grant select,insert,update on hr.employees to jim;

 

Grant succeeded.

 

3、hr想将jim的权限收回，出错。

scott@TEST0910> conn hr/hr

Connected.

hr@TEST0910> revoke select,insert,update on employees from jim;

revoke select,insert,update on employees from jim

*

ERROR at line 1:

ORA-01927: cannot REVOKE privileges you did not grant

 

4、DBA将连接数据库权限给jim，jim登陆，可以访问hr的表。

hr@TEST0910> conn jim/jim

ERROR:

ORA-01045: user JIM lacks CREATE SESSION privilege; logon denied

 

 

Warning: You are no longer connected to ORACLE.

hr@TEST0910> conn /as sysdba

Connected.

sys@TEST0910> grant create session to jim;

 

Grant succeeded.

 

sys@TEST0910> conn jim/jim

Connected.

jim@TEST0910> select * from hr.employees;

 

EMPLOYEE_ID FIRST_NAME           LAST_NAME                 EMAIL

----------- -------------------- ------------------------- -------------------------

PHONE_NUMBER         HIRE_DATE JOB_ID         SALARY COMMISSION_PCT MANAGER_ID DEPARTMENT_ID

-------------------- --------- ---------- ---------- -------------- ---------- -------------

        198 Donald               OConnell                  DOCONNEL

650.507.9833         21-JUN-07 SH_CLERK         2600    

 

5、当hr把DML操作emp表操作的权限从scott收回后，jim无法访问hr的表了。

jim@TEST0910> conn hr/hr

Connected.

hr@TEST0910> revoke select,insert,update on employees from scott;

 

Revoke succeeded.

 

hr@TEST0910> conn jim/jim

Connected.

jim@TEST0910> select * from hr.employees;

select * from hr.employees

                 *

ERROR at line 1:

ORA-00942: table or view does not exist