使用者有connect,resource,dba角色許可權後回收dba許可權導致無UNLIMITED TABLESPACE許可權造成業務中斷
如果授予使用者connect,resource時,此時使用者已經有了UNLIMITED TABLESPACE許可權。
此時如果授予使用者DBA許可權,然後再回收DBA角色;此時會收回UNLIMITED TABLESPACE許可權。
近期遇到過此種情況,導致業務使用者無法使用表空間,造成較為嚴重的事故,記錄一下。
測試如下;
1.建立使用者並授予connect,resource、dba許可權並驗證
SQL> create user test identified by test;
User created.
SQL> grant connect,resource to test;
Grant succeeded.
SQL>
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TEST UNLIMITED TABLESPACE NO
SQL> grant dba to test;
Grant succeeded.
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST DBA NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TEST UNLIMITED TABLESPACE NO
2.回收dba許可權並檢查許可權
SQL> revoke dba from test;
Revoke succeeded.
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
no rows selected
SQL> grant connect,resource to test;
Grant succeeded.
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TEST UNLIMITED TABLESPACE NO
此時如果授予使用者DBA許可權,然後再回收DBA角色;此時會收回UNLIMITED TABLESPACE許可權。
近期遇到過此種情況,導致業務使用者無法使用表空間,造成較為嚴重的事故,記錄一下。
測試如下;
1.建立使用者並授予connect,resource、dba許可權並驗證
SQL> create user test identified by test;
User created.
SQL> grant connect,resource to test;
Grant succeeded.
SQL>
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TEST UNLIMITED TABLESPACE NO
SQL> grant dba to test;
Grant succeeded.
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST DBA NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TEST UNLIMITED TABLESPACE NO
2.回收dba許可權並檢查許可權
SQL> revoke dba from test;
Revoke succeeded.
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
no rows selected
SQL> grant connect,resource to test;
Grant succeeded.
SQL> select * from dba_role_privs where grantee='TEST';
GRANTEE GRANTED_ROLE ADM DEF
------------------------------ ------------------------------ --- ---
TEST RESOURCE NO YES
TEST CONNECT NO YES
SQL> select * from dba_sys_privs where grantee='TEST';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TEST UNLIMITED TABLESPACE NO
相關文章
- unlimited tablespace許可權的授予和回收MIT
- oracle unlimited tablespace 許可權的用途OracleMIT
- Oracle的物件許可權、角色許可權、系統許可權Oracle物件
- unlimited tablespace許可權和quota 配額MIT
- 【許可權管理】Oracle中檢視、回收使用者許可權Oracle
- Unlimited Tablespace 許可權 及 “延遲段”特性MIT
- Oracle內建角色connect與resource的許可權Oracle
- 擁有GRANT ANY OBJECT PRIVILEGE許可權時的許可權回收Object
- 表空間配額和UNLIMITED TABLESPACE許可權MIT
- 詳解Oracle的unlimited tablespace系統許可權OracleMIT
- 許可權之選單許可權
- 如何用 Vue 實現前端許可權控制(路由許可權 + 檢視許可權 + 請求許可權)Vue前端路由
- linux 檔案許可權 s 許可權和 t 許可權解析Linux
- Oracle 使用者、物件許可權、系統許可權Oracle物件
- 許可權授予、回收命令
- 物件許可權的回收物件
- 檢視角色裡包含的系統許可權、物件許可權和角色物件
- 系統許可權UNLIMITED TABLESPACE為什麼如此特殊?MIT
- Oracle使用者角色許可權管理Oracle
- Oracle使用者、許可權、角色管理Oracle
- Linux-許可權管理(ACL許可權)Linux
- Oracle 查詢許可權角色Oracle
- AIX 的許可許可權(轉)AI
- 查詢沒有許可權但資料字典中顯示有許可權
- Android系統許可權和root許可權Android
- 使用者許可權繼承另一使用者的許可權繼承
- mysql許可權MySql
- MySQL 許可權MySql
- ORACLE許可權Oracle
- 使用者角色許可權管理架構架構
- [學習]ORACLE使用者、角色、許可權Oracle
- Oracle使用者、許可權、角色管理【轉】Oracle
- 記一次 Laravel日誌許可權許可權問題(定時器導致)Laravel定時器
- 角色許可權(Role)和系統許可權(System)的幾個澄清實驗
- Laravel 日誌有時候有許可權有時候沒有許可權?Laravel
- Linux 許可權管理之目錄許可權限制Linux
- 【LIUNX】目錄或檔案許可權,許可權授予
- Guest許可權突破——許可權提升方法總結(轉)