问题:
Q1:SELECT ANY DICTIONARY、SELECT ANY TABLE、和 SELECT_CATALOG_ROLE
可是,经过试验,只有SELECT_CATALOG_ROLE才可以让用户访问到所有的数据字典,SELECT ANY TABLE好像只是可以看除了DBA开头的VIEW
以外的其他用户的表和数据字典表,那SELECT ANY DICTIONARY能做哪些事情呢?
Q2:
SQL> SELECT * FROM DBA_ROLE_PRIVS
2 WHERE GRANTEE='SELECT_CATALOG_ROLE';
GRANTEE GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE
------------------------------ ------------------------------ ------------ ------------
SELECT_CATALOG_ROLE HS_ADMIN_ROLE NO YES
SQL> SELECT * FROM DBA_ROLE_PRIVS
2 WHERE GRANTED_ROLE='HS_ADMIN_ROLE';
GRANTEE GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE
------------------------------ ------------------------------ ------------ ------------
EXECUTE_CATALOG_ROLE HS_ADMIN_ROLE NO YES
SELECT_CATALOG_ROLE HS_ADMIN_ROLE NO YES
SYS HS_ADMIN_ROLE YES YES
但是
SQL> SELECT * FROM DBA_ROLE_PRIVS
2 WHERE GRANTEE='HS_ADMIN_ROLE';
GRANTEE GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE
------------------------------ ------------------------------ ------------ ------------
SQL> SELECT DISTINCT PRIVILEGE
2 FROM DBA_SYS_PRIVS
3 WHERE PRIVILEGE='HS_ADMIN_ROLE';
PRIVILEGE
----------------------------------------
SQL> SELECT * FROM DBA_TAB_PRIVS
2 WHERE GRANTEE='HA_ADMIN_ROLE';
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY
------------------------------ ------------------------------ ------------------------------ ------------------------------ ---------------------------------------- --------- ---------
SQL> SELECT * FROM DBA_TAB_PRIVS
2 WHERE GRANTOR='HA_ADMIN_ROLE';
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY
------------------------------ ------------------------------ ------------------------------ ------------------------------ ---------------------------------------- --------- ---------
SQL> SELECT * FROM SESSION_PRIVS
2 WHERE PRIVILEGE='HA_ADMIN_ROLE';
PRIVILEGE
----------------------------------------
SQL>
那么如何知道HS_ADMIN_ROLE拥有哪些权限呢?
Q3。SESSION级的权限(SESSION_PRIVS)和DATABASE(DBA_SYS_PRIVS)级的权限有什么不同?
我觉得DATABASE LEVEL权限挺好理解的,但是SESSION LEVEL的权限怎么用呀?
Q4。9i中,是否已经取消了O7_DICTIONARY_ACCESSIBILITY参数呀,为什么我在INIT.ORA中设置了这个参数(ORACLE 9i EE),但是没什么用处呀?
正常情况下,是不是可以这样认为:如果O7_DICTIONARY_ACCESSIBILITY=TRUE,那么如果拥有SELECT ANY TABLE就可以获取包括SYS模式中的任何表?
同理,如果拥有EXECUTE ANY PROCEDURE就可以执行包括SYS模式中的任何过程?
Q5。DICTIONARY SCHEMA 是否就是SYS SCHEMA?
Q6。我选的是d,可答案是b,问什么?我觉得B,D都应该是对的呀
Which user needs a usage quota?
a. every database user
b. user who will create tables
c. user who only reads data from an object owned by another user
d. a user who is inserting data into an object owned by another user
Q7。我选的是c,可答案是d,问什么?尤其是,我觉得C,D都对呀,呵呵
What does the EXTERNALLY option do when creating a user with the CREATE USER command?
(A) allows the user remote access
(B) allows the user network access
(C) allows the user database access without a password
(D) specifies that the user must be authenticated by the operating system
Q8。SET ROLE命令一般什么时候用呀?有什么实际的用途么?如何看到它执行的效果?
Q9。ALTER USER.......DEFAULT ROLE ... ALL...,这个命令有什么用处呢?有什么实际的用途么?如何看到它执行的效果?
Q1:SELECT ANY DICTIONARY、SELECT ANY TABLE、和 SELECT_CATALOG_ROLE
可是,经过试验,只有SELECT_CATALOG_ROLE才可以让用户访问到所有的数据字典,SELECT ANY TABLE好像只是可以看除了DBA开头的VIEW
以外的其他用户的表和数据字典表,那SELECT ANY DICTIONARY能做哪些事情呢?
Q2:
SQL> SELECT * FROM DBA_ROLE_PRIVS
2 WHERE GRANTEE='SELECT_CATALOG_ROLE';
GRANTEE GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE
------------------------------ ------------------------------ ------------ ------------
SELECT_CATALOG_ROLE HS_ADMIN_ROLE NO YES
SQL> SELECT * FROM DBA_ROLE_PRIVS
2 WHERE GRANTED_ROLE='HS_ADMIN_ROLE';
GRANTEE GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE
------------------------------ ------------------------------ ------------ ------------
EXECUTE_CATALOG_ROLE HS_ADMIN_ROLE NO YES
SELECT_CATALOG_ROLE HS_ADMIN_ROLE NO YES
SYS HS_ADMIN_ROLE YES YES
但是
SQL> SELECT * FROM DBA_ROLE_PRIVS
2 WHERE GRANTEE='HS_ADMIN_ROLE';
GRANTEE GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE
------------------------------ ------------------------------ ------------ ------------
SQL> SELECT DISTINCT PRIVILEGE
2 FROM DBA_SYS_PRIVS
3 WHERE PRIVILEGE='HS_ADMIN_ROLE';
PRIVILEGE
----------------------------------------
SQL> SELECT * FROM DBA_TAB_PRIVS
2 WHERE GRANTEE='HA_ADMIN_ROLE';
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY
------------------------------ ------------------------------ ------------------------------ ------------------------------ ---------------------------------------- --------- ---------
SQL> SELECT * FROM DBA_TAB_PRIVS
2 WHERE GRANTOR='HA_ADMIN_ROLE';
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY
------------------------------ ------------------------------ ------------------------------ ------------------------------ ---------------------------------------- --------- ---------
SQL> SELECT * FROM SESSION_PRIVS
2 WHERE PRIVILEGE='HA_ADMIN_ROLE';
PRIVILEGE
----------------------------------------
SQL>
那么如何知道HS_ADMIN_ROLE拥有哪些权限呢?
Q3。SESSION级的权限(SESSION_PRIVS)和DATABASE(DBA_SYS_PRIVS)级的权限有什么不同?
我觉得DATABASE LEVEL权限挺好理解的,但是SESSION LEVEL的权限怎么用呀?
Q4。9i中,是否已经取消了O7_DICTIONARY_ACCESSIBILITY参数呀,为什么我在INIT.ORA中设置了这个参数(ORACLE 9i EE),但是没什么用处呀?
正常情况下,是不是可以这样认为:如果O7_DICTIONARY_ACCESSIBILITY=TRUE,那么如果拥有SELECT ANY TABLE就可以获取包括SYS模式中的任何表?
同理,如果拥有EXECUTE ANY PROCEDURE就可以执行包括SYS模式中的任何过程?
Q5。DICTIONARY SCHEMA 是否就是SYS SCHEMA?
Q6。我选的是d,可答案是b,问什么?我觉得B,D都应该是对的呀
Which user needs a usage quota?
a. every database user
b. user who will create tables
c. user who only reads data from an object owned by another user
d. a user who is inserting data into an object owned by another user
Q7。我选的是c,可答案是d,问什么?尤其是,我觉得C,D都对呀,呵呵
What does the EXTERNALLY option do when creating a user with the CREATE USER command?
(A) allows the user remote access
(B) allows the user network access
(C) allows the user database access without a password
(D) specifies that the user must be authenticated by the operating system
Q8。SET ROLE命令一般什么时候用呀?有什么实际的用途么?如何看到它执行的效果?
Q9。ALTER USER.......DEFAULT ROLE ... ALL...,这个命令有什么用处呢?有什么实际的用途么?如何看到它执行的效果?
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/747/viewspace-483413/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/747/viewspace-483413/
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
