WITH ADMIN OPTION与WITH GRANT OPTION区别

最新推荐文章于 2022-07-27 20:42:19 发布
最新推荐文章于 2022-07-27 20:42:19 发布
阅读量1k 收藏 3
点赞数
分类专栏: ORACLE 文章标签: Oracle Oracle权限
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u010257584/article/details/108377108
版权
  1. WITH ADMIN OPTION:面向系统权限,表示被授予权限的用户可以将该权限再授予其他用户,即可以实现系统权限的传递功能;权限回收无级联,祸不及子孙政策

  来看下WITH ADMIN OPTION回收系统权限的无级联演示:

  • SYS连接:创建c##cy、c##nn用户,用with admin option授予create table权限给c##cy;
  • c##cy连接:创建表tb_priv_test,授予create table权限给c##nn;
  • c##nn连接:创建表tb_child_books;
  • SYS连接:回收c##cy的create table权限;
  • c##cy连接:创建表提示ORA-01031: insufficient privileges
  • c##nn连接:创建表成功。
SYS@primpdb 10:01:52> create user c##cy identified by cy123 default tablespace users temporary tablespace temp quota unlimited on users profile default;
User created.

SYS@primpdb 10:13:33> create user c##nn identified by nn123 default tablespace users temporary tablespace temp quota unlimited on users profile default;
User created.

SYS@primpdb 10:16:46> grant connect,create table to c##cy with admin option;
Grant succeeded.

SYS@primpdb 10:17:35> conn c##cy/cy123
Connected.
Session altered.

C##CY@primpdb 10:19:16> create table tb_priv_test (pid number(2) primary key,pname varchar2(50),ptype number(1));
Table created.

C##CY@primpdb 10:22:47> grant connect,create table to c##nn;
Grant succeeded.

C##CY@primpdb 10:25:20> conn c##nn/nn123;
Connected.
Session altered.

C##NN@primpdb 10:25:57>  create table tb_child_books (bid number(4) primary key,bname varchar2(50),btype number(1));
Table created.

C##NN@primpdb 10:26:01> conn / as sysdba
Connected.
Session altered.

SYS@primpdb 10:26:22> revoke create table from c##cy;
Revoke succeeded.

SYS@primpdb 10:26:42> conn c##cy/cy123
Connected.
Session altered.

C##CY@primpdb 10:26:48> create table test (tid number(1),tname varchar2(10));
create table test (tid number(1),tname varchar2(10))
*
ERROR at line 1:
ORA-01031: insufficient privileges

C##CY@primpdb 10:27:23> select table_name from user_tables;
TABLE_NAME
--------------------------------------------------------------------------------
TB_PRIV_TEST

C##CY@primpdb 10:27:42> conn c##nn/nn123;
Connected.
Session altered.

C##NN@primpdb 10:27:48> select table_name from user_tables;
TABLE_NAME
--------------------------------------------------------------------------------
TB_CHILD_BOOKS

C##NN@primpdb 10:27:52>  create table test (tid number(1),tname varchar2(10));
Table created.
  1. WITH GRANT OPTION:面向对象权限,表示允许对象权限的接受者可以将该对象权限授予其他用户,即可以实现对象权限的传递功能;权限回收级联,连坐政策

  来看下WITH GRANT OPTION回收对象权限的级联演示:

  • c##kk连接:用with grant option授予select on tb_wzgame_users权限给c##cy;
  • c##cy连接:查询c##kk.tb_wzgame_users成功,授予select on c##kk.tb_wzgame_users权限权限给c##nn;
  • c##nn连接:查询c##kk.tb_wzgame_users成功;
  • c##kk连接:回收c##cy的select on tb_wzgame_users权限;
  • c##cy连接:查询c##kk.tb_wzgame_users提示ORA-00942: table or view does not exist
  • c##nn连接:查询c##kk.tb_wzgame_users提示ORA-00942: table or view does not exist。
C##CY@primpdb 10:40:34> conn c##kk/kk123;
Connected.
Session altered.

C##KK@primpdb 10:40:57> grant select on tb_wzgame_users to c##cy with grant option;
Grant succeeded.

C##KK@primpdb 10:41:15> conn c##cy/cy123
Connected.
Session altered.

C##CY@primpdb 10:41:23> select * from c##kk.tb_wzgame_users;

    USERID USERNAME					      TEL
---------- -------------------------------------------------- -----------
	 1 ChengYu					      136****4501

C##CY@primpdb 10:41:26> grant select on c##kk.tb_wzgame_users to c##nn;
Grant succeeded.

C##CY@primpdb 10:42:07> conn c##nn/nn123
Connected.
Session altered.

C##NN@primpdb 10:42:16>  select * from c##kk.tb_wzgame_users;
    USERID USERNAME					      TEL
---------- -------------------------------------------------- -----------
	 1 ChengYu					      136****4501

C##NN@primpdb 10:42:21> conn c##kk/kk123
Connected.
Session altered.

C##KK@primpdb 10:42:33> revoke select on tb_wzgame_users from c##cy;
Revoke succeeded.

C##KK@primpdb 10:42:52> conn c##cy/cy123
Connected.
Session altered.

C##CY@primpdb 10:43:00>  select * from c##kk.tb_wzgame_users;
 select * from c##kk.tb_wzgame_users
                    *
ERROR at line 1:
ORA-00942: table or view does not exist

C##CY@primpdb 10:43:04> conn c##nn/nn123
Connected.
Session altered.

C##NN@primpdb 10:43:20>  select * from c##kk.tb_wzgame_users;
 select * from c##kk.tb_wzgame_users
                     *
ERROR at line 1:
ORA-00942: table or view does not exist

C##NN@primpdb 10:43:23> conn c##kk/kk123
Connected.
Session altered.

C##KK@primpdb 10:43:32> select * from  tb_wzgame_users;

    USERID USERNAME					      TEL
---------- -------------------------------------------------- -----------
	 1 ChengYu					      136****4501
山与先生
关注
专栏目录
with admin option 和 with grant option区别
Lin's Tech Log
10-30 872
1、with admin option 用于系统权限授权,with grant option 用于对象授权。 2、给一个用户授予系统权限带上with admin option 时,此用户可把此系统权限授予其他用户或角色,但收回这个用户的系统权限时,这个用户已经授予其他用户或角色的此系统权限不会因传播无效,如授予A系统权限create session with admin option,然后A又...
with admin option 用于系统权限授权,with grant option 用于对象授权。
weixin_42121296的博客
06-06 1448
给一个用户授予系统权限带上with admin option 时,此用户可把此系统权限授予其他用户或角色,但收回这个用户的系统权限时,这个用户已经授予其他用户或角色的此系统权限不会因传播无效,如授予A系统权限create session with admin option,然后A又把create session权限授予B,但管理员收回A的create session...
Oracle权限之with admin option与with grant option
ShenBL的博客
12-14 1468
Oracle权限之with admin option与with grant option 两者的主要区别在于取消时的级联问题 1. with admin option with admin option : 被授予该权限的用户有权将某个权限(如create any table)授予其他用户或角色,取消是不级联的。 例: grant create view to user_a with ad...
with admin option和with grant option区别
weixin_49613614的博客
10-27 538
with admin option和with grant option区别 1、with admin option 用于系统权限授权,with grant option 用于对象授权。 2、给一个用户user01授予系统权限带上with admin option 时,user01可把此系统权限授予其他用户或角色,但收回这个用户的系统权限时,这个用户已经授予其他用户或角色的此系统权限不会因传播无效,如授予user02权限create session with admin option,然后user02又把c
with grant option与with admin option区别
光耀天下
12-29 1177
with admin option 用于系统权限授权,with grant option 用于对象授权。 但给一个用户授予系统权限带上with admin option 时,此用户可把此系统权限授予其他用户或角色,但收回这个用户的系统权限时,这个用户已经授予其他用户或角色的此系统权限不会因传播无效,如授予A系统权限create session with admin option,然后A又把c
with admin option 和with grant option
cizha3055的博客
08-26 132
with admin option 用于系统权限授权,with grant option 用于对象授权。 但给一个用户授予系统权限带上with admin option 时,此用户可把此系统权限授予其他用户或角色,但收回这个用...
oracle权限with admin option和with grant option的用法
ImezZ
04-03 2173
1、with admin optionwith admin option的意思是被授予该权限的用户有权将某个权限(如create any table)授予其他用户或角色,取消是不级联的。如授予A系统权限create session with admin option,然后A又把create session权限授予B,但管理员收回A的create session权限时,B依然拥有create ses...
oracle级联赋权,Oracle 级联with admin option 和 with grant option
weixin_39838798的博客
04-07 741
· 授权通过grant语法:GRANT object_priv[(columns)][ON object] TO{user|role|public} [WITH GRANT OPTION]·回收通过revoke语法:REVOKE object_priv[(columns)][ONobject] FROM {user[,user...]|role|public} [CASCADE CONSTR...
Oracle 级联with admin option 和 with grant option 区别
03-05 8695
权限 用户权限有两类: 系统权限:所谓系统权限指的是用户能够做什么事情的权限(系统权限是对用户而言)。 对象权限:某种权限用户对其他用户的表或试图的存取权限(是针对表或试图而言的)。 官方文档:SQL Refference ---> 18 SQL Statements:DROP SEQUENCE to ROLLBACK 或搜索 "GRANT" · 查看系统都具备哪些权
CREATE USER cedar IDENTIFIED BY cedar DEFAULT TABLESPACE CEDAR_DATA TEMPORARY TABLESPACE TEMP PROFILE DEFAULT ACCOUNT UNLOCK; -- 5 Roles for cedar GRANT DBA TO cedar; GRANT RESOURCE TO cedar WITH ADMIN OPTION; GRANT AQ_ADMINISTRATOR_ROLE TO cedar; GRANT CONNECT TO cedar WITH ADMIN OPTION; GRANT AQ_USER_ROLE TO cedar; ALTER USER cedar DEFAULT ROLE ALL; -- 44 System Privileges for cedar GRANT CREATE ANY DIRECTORY TO cedar WITH ADMIN OPTION; GRANT CREATE PUBLIC SYNONYM TO cedar WITH ADMIN OPTION; GRANT EXECUTE ANY CLASS TO cedar WITH ADMIN OPTION; GRANT DROP ANY VIEW TO cedar WITH ADMIN OPTION; GRANT CREATE CLUSTER TO cedar; GRANT ALTER SYSTEM TO cedar; GRANT UPDATE ANY TABLE TO cedar; GRANT INSERT ANY TABLE TO cedar; GRANT LOCK ANY TABLE TO cedar; GRANT CREATE EXTERNAL JOB TO cedar WITH ADMIN OPTION; GRANT EXECUTE ANY PROGRAM TO cedar WITH ADMIN OPTION; GRANT CREATE JOB TO cedar WITH ADMIN OPTION; GRANT DROP ANY DIRECTORY TO cedar WITH ADMIN OPTION; GRANT ALTER ANY TRIGGER TO cedar; GRANT CREATE DATABASE LINK TO cedar; GRANT DROP ANY TABLE TO cedar WITH ADMIN OPTION; GRANT CREATE TABLE TO cedar WITH ADMIN OPTION; GRANT QUERY REWRITE TO cedar; GRANT ANALYZE ANY TO cedar; GRANT DROP ANY TRIGGER TO cedar; GRANT EXECUTE ANY PROCEDURE TO cedar; GRANT SELECT ANY TABLE TO cedar WITH ADMIN OPTION; GRANT ALTER ANY TABLE TO cedar; GRANT UNLIMITED TABLESPACE TO cedar WITH ADMIN OPTION; GRANT CREATE SESSION TO cedar; GRANT CREATE ANY TRIGGER TO cedar; GRANT DROP ANY PROCEDURE TO cedar WITH ADMIN OPTION; GRANT ALTER ANY PROCEDURE TO cedar; GRANT DROP PUBLIC SYNONYM TO cedar WITH ADMIN OPTION; GRANT DROP ANY SYNONYM TO cedar WITH ADMIN OPTION; GRANT MANAGE SCHEDULER TO cedar WITH ADMIN OPTION; GRANT CREATE ANY PROCEDURE TO cedar; GRANT CREATE PROCEDURE TO cedar WITH ADMIN OPTION; GRANT CREATE SEQUENCE TO cedar; GRANT CREATE VIEW TO cedar WITH ADMIN OPTION; GRANT CREATE SYNONYM TO cedar; GRANT DROP ANY INDEX TO cedar; GRANT DELETE ANY TABLE TO cedar; GRANT CREATE ANY TABLE TO cedar; GRANT CREATE ANY JOB TO cedar WITH ADMIN OPTION; GRANT SELECT ANY DICTIONARY TO cedar WITH ADMIN OPTION; GRANT CREATE ROLE TO cedar; GRANT CREATE ANY SYNONYM TO cedar WITH ADMIN OPTION; GRANT ALTER SESSION TO cedar WITH ADMIN OPTION; GRANT EXECUTE ON sys.dbms_aq TO cedar; GRANT EXECUTE ON sys.dbms_aqadm TO cedar; GRANT EXECUTE ON sys.dbms_network_acl_admin TO cedar; GRANT ALL ON sys.DBMS_LOCK TO cedar; 这个SQL在oracle 能用吗
最新发布
06-08
此外,该用户还被授予了一些特殊的权限,如 EXECUTE ON sys.dbms_aq、EXECUTE ON sys.dbms_aqadm、EXECUTE ON sys.dbms_network_acl_admin 等。这些权限和角色的授予将使得该用户具有较高的系统权限,需要谨慎使用。
with admin option 与with grant option
java_laoming的博客
06-06 178
1、with admin option 用于系统权限授权,只能在赋予 system privilege 的时使用 ,撤消带有admin option 的system privileges 时,连带的权限将保留。给一个用户授予系统权限带上with admin option 时,此用户可把此系统权限授予其他用户或角色,但收回这个用户的系统权限时,这个用户已经授予其他用户或角色的此系统权限不会因传播无...
with admin option & with grant option
conglingqian8195的博客
03-11 145
with admin option授权者授予某个用户“系统权限”,同时也允许被授权者将这个权限授予其他用户 可以为角色赋予“系统权限” with grant option授权者授予某个用户“对象权限”,同时也允许被授权者将这...
with admin option和with grant option赋予权限时的区别
qq_38504626的博客
06-05 998
相同点:    两种方法在赋予权限后,被赋权的用户均可以将自己所获得权限赋予其他用户;不同点:with admin optionwith admin option 在赋予权限后,取消用户授权时不级联;举个栗子:管理员为user1赋予create session权限grant create session to user1 with admin option; user1为user2赋予create...
WITH GRANT OPTION 和 WITH ADMIN OPTION 子句对被授予的权限的影响
youmeyoume2165的博客
07-27 401
WITH GRANT OPTION 和 WITH ADMIN OPTION 子句对被授予的权限的影响
with admin option、with grant option区别
Mr. David 专栏
11-03 971
<br />1、with admin option 用于系统权限授权,with grant option 用于对象授权。 <br /><br />2、给一个用户授予系统权限带上with admin option 时,此用户可把此系统权限授予其他用户或角色,但收回这个用户的系统权限时,这个用户已经授予其他用户或角色的此系统权限不会因传播无效,如授予A系统权限create session with admin option,然后A又把create session权限授予B,但管理员收回A的create sess
grant with admin/grant option
06-06
"Grant with admin/grant option" 是一种 SQL 语句,用于授予用户在数据库中管理特定对象的权限。其中 "admin" 表示管理员权限,"grant option" 表示被授权用户可以将该权限授予给其他用户。更具体地说,这条语句...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值