ORACLE CREATE VIEW ORA-01031

创建ORACLE视图时报错ORA-01031，表明insufficient privileges

(一)现象说明

用户为新建用户test

授予角色：HR_ALL

授予HR_ALL的系统权限是：grant connect,resource to HR_ALL;

授予HR_ALL的对象权限是：无

 

用test登陆

create view test01 as select * from hr.employees；

报错ORA-01031，表明insufficient privileges

 

(二)问题分析解决

(1)在ORACLE官方文档中用此条描述：

ou must have been granted one of the following system privileges, either explicitly or through a role: The CREATE VIEW system privilege (to create a view in your schema) The CREATE ANY VIEW system privilege (to create a view in the schema of another user) You must have been explicitly granted one of the following privileges: The SELECT, INSERT, UPDATE, or DELETE object privileges on all base objects underlying the view The SELECT ANY TABLE, INSERT ANY TABLE, UPDATE ANY TABLE, or DELETE ANY TABLE system privileges

授予这些权限后错误仍然出现,表明insufficient privileges

(2)在test用户的当前session上

SELECT *    FROM SESSION_PRIVS order by 1；

------------------查询test用户的所有可用权限

SELECT GRANTOR, TABLE_NAME, PRIVILEGE
FROM USER_TAB_PRIVS
WHERE GRANTOR = 'HR';

-------------------查询HR用户有没有给test授予查询hr.exployees的权限

-------------------GRANTOR列是那个用户授予的权限

但查询无结果，所以我们确定HR用户未给我们的HR_ALL角色授予任何关于hr.exployees的权限

(3)登陆hr用户给test用户授权

SQL> conn hr/hr
Connected.
SQL> grant select on employees to test;

Grant succeeded.

 

(4)hr授权完毕，test可以使用hr.exployees建立视图

SQL> conn hr/hr
Connected.
SQL> grant select on employees to test;

Grant succeeded.

SQL> conn test/test
Connected.
SQL> create view test01 as select * from hr.employees;

View created.
 

 

(三)授权相关表

0.SESSION_PRIVS

describes the privileges that are currently available to the user.

 

1.ALL_TAB_PRIVS (对象权限)

describes the following types of grants:

• Object grants for which the current user is the object owner, grantor, or grantee

• Object grants for which an enabled role or PUBLIC is the grantee
  ------------------被授予者(grantee)获得PUBILC or enabled role的对象权限

 

2.USER_TAB_PRIVS (对象权限)

describes the object grants for which the current user is the object owner, grantor, or grantee.

Its columns are the same as those in DBA_TAB_PRIVS.

---------------当前用户授予谁对象权限及被授予什么对象权限

3.DBA_TAB_PRIVS(对象权限)

describes all object grants in the database.

查询某用户、角色授权其他用户、角色的对象权限：

select * from DBA_TAB_PRIVS where GRANTEE='HR_ALL';

 

4.DBA_ROLES (角色)

lists all roles that exist in the database.

 

5.DBA_ROLE_PRIVS(角色)

describes the roles granted to all users and roles in the database

-----GRANTEE为被授予人

6.USER_ROLE_PRIVS (角色)

describes the roles granted to the current user.

 

7.ROLE_SYS_PRIVS (角色的系统权限)

describes system privileges granted to roles. Information is provided only about roles to which the user has access.

 

8.ROLE_TAB_PRIVS (角色的表权限)

describes table privileges granted to roles. Information is provided only about roles to which the user has access.

转载于:https://blog.51cto.com/cswggod/1195366