14. OE and SCOTT are the users in the database. The ORDERS table is owned
by OE. Evaluate the statements issued by the DBA in the following sequence:
CREATE ROLE r1.
GRANT SELECT, INSERT ON oe.orders TO r1.
GRANT r1 TO scott.
GRANT SELECT ON oe.orders TO scott.
REVOKE SELECT ON oe.orders FROM scott.
What would be the outcome after executing the statements?
A. SCOTT would be able to query the OE.ORDERS table.
B. SCOTT would not be able to query the OE.ORDERS table.
C. The REVOKE statement would remove the SELECT privilege from SCOTT as well
as from the role R1.
D. The REVOKE statement would give an error because the SELECT privilege has
been granted to the role R1.
Answer: A
Outcome:结果
角色赋予的权限是不级联的
另: 通过角色得到的DDL 权限在DDL 操作中是可用的, 通过角色得到的DML 权限在DDL 操
作中不可用, this may explain why you grant select on table to role. And then you grant
role to ueer.But when you create procedure included the statement ”select count(*)
- from table ”, it get error.
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/11312660/viewspace-718772/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/11312660/viewspace-718772/