oracle 11g 角色口令
oracle 11g 中测试 拥有口令的角色
SYS@ sms> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
1. 创建角色 role_01无密码 role_02 有密码
SYS@ sms> create role role_01;
Role created.
SYS@ sms> create role role_02 identified by oracle;
Role created.
SYS@ sms> grant connect,create table to role_01;
Grant succeeded.
SYS@ sms> grant connect ,create view to role_02;
SYS@ sms> create user zhou identified by zhou1234 quota unlimited on users;
User created.
SYS@ sms> grant role_01,role_02 to zhou;
Grant succeeded.
SYS@ sms> grant role_01,role_02 to zhou;
Grant succeeded.
SYS@ sms> conn zhou/zhou1234
Connected.
ZHOU@ sms> create table t(id number);
Table created.
ZHOU@ sms> insert into t values(1);
1 row created.
ZHOU@ sms> commit;
Commit complete.
2. 此时就出现问题了,role_02 明明有 create view 而且赋予给了 zhou 这里就没有呢?
ZHOU@ sms> create view view_1 as select * from t;
create view view_1 as select * from t
*
ERROR at line 1:
ORA-01031: insufficient privileges
3. 查看 tyger_ro2 的default_role 为NO 难道 role_02 角色失效???
ZHOU@ sms> col USERNAME for a20
ZHOU@ sms> col GRANTED_ROLE for a20
ZHOU@ sms> select USERNAME,GRANTED_ROLE,DEFAULT_ROLE from user_role_privs;
USERNAME GRANTED_ROLE DEF
-------------------- -------------------- ---
ZHOU ROLE_01 YES
ZHOU ROLE_02 NO
4. 再查看当前会话的权限,果然没有 create view 权限
ZHOU@ sms> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE TABLE
5. 设置 tyger_ro2 权限生效
ZHOU@ sms> set role role_02 identified by oracle;
Role set.
6. 当前用户具有的权限不变
ZHOU@ sms> select USERNAME,GRANTED_ROLE,DEFAULT_ROLE from user_role_privs;
USERNAME GRANTED_ROLE DEF
-------------------- -------------------- ---
ZHOU ROLE_01 YES
ZHOU ROLE_02 NO
7.当前会话用了 create view 权限 却没有了create table 权限
ZHOU@ sms> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE VIEW
ZHOU@ sms> create view view_1 as select * from t;
View created.
ZHOU@ sms> select * from tab;
TNAME TABTYPE CLUSTERID
------------------------------ ------- ----------
T TABLE
VIEW_1 VIEW
8. 重新登录会话,权限恢复原样
ZHOU@ sms> conn zhou/zhou1234
Connected.
ZHOU@ sms> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE TABLE
总结:
在oracle 11g 中,带有口令的角色赋予用户,默认情况下是失效的,当 set role 生效后,其他角色所具有的权限失效, 只在当前会话有效
reference : http://www.2cto.com/database/201403/286744.html
oracle 11g 中测试 拥有口令的角色
SYS@ sms> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
1. 创建角色 role_01无密码 role_02 有密码
SYS@ sms> create role role_01;
Role created.
SYS@ sms> create role role_02 identified by oracle;
Role created.
SYS@ sms> grant connect,create table to role_01;
Grant succeeded.
SYS@ sms> grant connect ,create view to role_02;
SYS@ sms> create user zhou identified by zhou1234 quota unlimited on users;
User created.
SYS@ sms> grant role_01,role_02 to zhou;
Grant succeeded.
SYS@ sms> grant role_01,role_02 to zhou;
Grant succeeded.
SYS@ sms> conn zhou/zhou1234
Connected.
ZHOU@ sms> create table t(id number);
Table created.
ZHOU@ sms> insert into t values(1);
1 row created.
ZHOU@ sms> commit;
Commit complete.
2. 此时就出现问题了,role_02 明明有 create view 而且赋予给了 zhou 这里就没有呢?
ZHOU@ sms> create view view_1 as select * from t;
create view view_1 as select * from t
*
ERROR at line 1:
ORA-01031: insufficient privileges
3. 查看 tyger_ro2 的default_role 为NO 难道 role_02 角色失效???
ZHOU@ sms> col USERNAME for a20
ZHOU@ sms> col GRANTED_ROLE for a20
ZHOU@ sms> select USERNAME,GRANTED_ROLE,DEFAULT_ROLE from user_role_privs;
USERNAME GRANTED_ROLE DEF
-------------------- -------------------- ---
ZHOU ROLE_01 YES
ZHOU ROLE_02 NO
4. 再查看当前会话的权限,果然没有 create view 权限
ZHOU@ sms> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE TABLE
5. 设置 tyger_ro2 权限生效
ZHOU@ sms> set role role_02 identified by oracle;
Role set.
6. 当前用户具有的权限不变
ZHOU@ sms> select USERNAME,GRANTED_ROLE,DEFAULT_ROLE from user_role_privs;
USERNAME GRANTED_ROLE DEF
-------------------- -------------------- ---
ZHOU ROLE_01 YES
ZHOU ROLE_02 NO
7.当前会话用了 create view 权限 却没有了create table 权限
ZHOU@ sms> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE VIEW
ZHOU@ sms> create view view_1 as select * from t;
View created.
ZHOU@ sms> select * from tab;
TNAME TABTYPE CLUSTERID
------------------------------ ------- ----------
T TABLE
VIEW_1 VIEW
8. 重新登录会话,权限恢复原样
ZHOU@ sms> conn zhou/zhou1234
Connected.
ZHOU@ sms> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE TABLE
总结:
在oracle 11g 中,带有口令的角色赋予用户,默认情况下是失效的,当 set role 生效后,其他角色所具有的权限失效, 只在当前会话有效
reference : http://www.2cto.com/database/201403/286744.html
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/27036311/viewspace-1307902/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/27036311/viewspace-1307902/