基于应用的需要,让普通用户有访问sys表的权限,于是就想到了select any table 的权限,可是当授权以后发现还是不能访问sys的表,经过查一系列资料,发现select any table不是真正的any table。下面做这个实验:
SQL> select * from v$version where rownum<2;
**BANNER
——————————————————————————–**
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
SQL> show user;
USER is “SYS”
SQL> create table baby(name varchar2(10),sex char(5));
Table created.
SQL> insert into baby values(‘keren’,’nv’);
1 row created.
SQL> commit;
Commit complete.
SQL> grant select any table to mdu;
Grant succeeded.
SQL> conn mdu/oracle
Connected.
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
MDU UNLIMITED TABLESPACE NO
MDU SELECT ANY TABLE NO
SQL> select * from sys.baby;
select * from sys.baby
*
ERROR at line 1:
O