控制用户访问

控制用户访问

数据库安全性：系统安全性，数据安全性

系统权限：对于数据库的权限

Show user 查看当前用户

创建用户

DBA创建User

语法 Create user bz identified by oracle

Conn bz/oracle 连接用户

Grant create session to bz

Grant create table to bz

Grant unlimited tablespace to bz

Grant create view to bz

 

创建数据库连接

CREATE PUBLIC DATABASE LINK HAILIANG CONNECT TO SCOTT IDENTIFIED BY ORACLE USING ‘VDEDU’;

SELECT * FROM T1@HAILING

 

创建角色并授予权限

Create role manager;

Grant creat table,create view to manager;

Grant manager to alice;

修改User密码

DBA可以创建用户和修改密码

用户自己可以使用ALTER USER语句修改密码

ALTER USER DEMO IDENTIFIED BY EMPLOY;

对象权限

HR用户的表EMPLOYEES授予查询权限授予用户SCOTT

GRANT SELECT ON EMOPLOYEES TO SCOTT;

授予指定的列给用户和角色

GRANT UPDATE (DEPARTMENT_NAME,LOCATION_ID) ON DEPARTMENTS TO SCOTT,MANAGER

grant resource,connect to u1,u2 给与u1,u2全部权限

GRANTEE                              PRIVILEGE

------------------------------ ----------------------------------------

RESOURCE                            CREATE CLUSTER

RESOURCE                            CREATE INDEXTYPE

RESOURCE                            CREATE OPERATOR

RESOURCE                            CREATE PROCEDURE

RESOURCE                            CREATE SEQUENCE

RESOURCE                            CREATE TABLE

RESOURCE                            CREATE TRIGGER

RESOURCE                            CREATE TYPE

GRANTEE                              PRIVILEGE

------------------------------ ----------------------------------------

CONNECT                             CREATE SESSION

创建u1 u2两个用户，在u1中创建表t1，给u2用户查看u1表t1的权限

SQL> create user u1 identified by oracle;

User created.

SQL> create user u2 identified by oracle;

User created.

SQL> grant resource,connect to u1,u2

  2  ;

Grant succeeded.

SQL> conn u1/oracle

Connected.

SQL> create table t1(x number);

Table created.

SQL> insert into t1 values(1);

1 row created.

SQL> grant select on t1 to u2;

Grant succeeded.

SQL> conn u2/oracle

Connected.

SQL> select * from u1.t1;

X

----------

1

SQL>

WITH GRANT OPTION使用户同样具有分配权限的权利

GRANT SELECT,INSERT

ON DEPARTMENTS

TO DEMO

WITH GRANT OPTION

向数据库中所有用户分配权限

GRANT SELECT

ON HR.DEPARTMENTS

TO PUBLIC

创建一个u3用户，u1用户分配给u2用户使同样具有分配权限的权力，u2用户分配给u3用户查看u1表t1的权力。

SQL> conn u1/oracle

Connected.

SQL> grant select,insert on t1 to u2 with grant option;

Grant succeeded.

SQL> exit

SQL> create user u3 identified by oracle;

User created.

SQL> grant resource,connect to u3;

Grant succeeded.

SQL> conn u2/oracle

Connected.

SQL> show user

USER is "U2"

SQL> grant select on u1.t1 to u3;

Grant succeeded.

SQL> conn u3/oracle

Connected.

SQL> select * from u1.t1;

X

----------

1

SELECT * FROM ROLE_SYS_PRIVS;查看角色拥有的系统权限

SELECT * FROM ROLE_TAB_PRIVS;查看角色拥有的对象权限

SELECT * FROM USER_ROLE_PRIVS;用户拥有的角色

SELECT * FROM USER_SYS_PRIVS;用户拥有的系统权限

SELECT * FROM USER_SYS_PRIVS;用户分配的关于表对象的权限

SELECT * FROM USER_TAB_PRIVS_RECD;用户拥有的关于表对象的权限

SELECT * FROM USER_COL_PRIVS_MADE;用户分配的关于列的对象权限

SELECT * FROM USER_COL_PRIVS_RECD;用户拥有的关于列的对象权限

撤销对象权限

使用REVOKE语句撤销权限

使用WITH GRANT OPTION分配的权限一并被收回

撤销授予给scott用户DEPARTMENTS表的SELECTHE INSERT权限

REVOKE SELECT,INSERT ON DEPARTMENTS FROM SCOTT

SQL> conn u1/oracle

Connected.

SQL> revoke select,insert on t1 from u2;

Revoke succeeded.

SQL> conn u2/oracle

Connected.

SQL> select * from u1.t1

  2  ;

select * from u1.t1

                 *

ERROR at line 1:

ORA-00942: table or view does not exist

SQL> conn u3/oracle

Connected.

SQL> select * from u1.t1;

select * from u1.t1

                 *

ERROR at line 1:

ORA-00942: table or view does not exist