目前做資料遷移，有8套不同的環境，為了保護環境，每個環境中的表，檢視等開發都不能修改，只能透過連線使用者去查詢。
每個環境中可能含有表，索引，序列，儲存過程，函式等，所以一個一個寫是不現實的，寫了下面的動態指令碼來自動生成相應的許可權，然後建立對應的同義詞。

指令碼會生成兩個sql指令碼，一個是owner使用者賦予許可權使用的，另外一個指令碼是connect使用者使用的，建立了對應的同義詞。

source_schema=$1
conn_schema=$2
sqlplus -s xxx/xx <<EOF
set feedback off
set pages 0
set linesize 150
spool owner_${source_schema}_grant.sql
select 'grant select on ${source_schema}.'||object_name||' to '||' ${conn_schema};' from all_objects where object_type in ('TABLE','TABLE PARTITION','VIEW','SEQUENCE') and owner=upper('$source_schema') group by 'grant select on ${source_schema}.'||object_name||' to '||' ${conn_schema};' ;
select 'grant execute on ${source_schema}.'||object_name||' to '||' ${conn_schema};' from all_objects where object_type in ('PROCEDURE','FUNCTION','PACKAGE') and owner=upper('$source_schema') group by 'grant execute on ${source_schema}.'||object_name||' to '||' ${conn_schema};';
spool off;
spool conn_${conn_schema}_syn.sql
select 'create synonym ${conn_schema}.'||object_name||' for '||' ${source_schema}.'||object_name||';' from all_objects where object_type in ('TABLE','TABLE PARTITION','VIEW','SEQUENCE','PROCEDURE','FUNCTION','PACKAGE') and owner=upper('$source_schema') group by 'create synonym ${conn_schema}.'||object_name||' for '||' ${source_schema}.'||object_name||';';
spool off;
EOF
exit

執行結果如下：
grant select on cnvdbo8.aaaa to cnvdbc8;
grant select on cnvdbo8.bbbb to cnvdbc8;
grant select on cnvdbo8.cccc to cnvdbc8;

grant execute on cnvdbo8.dddd to cnvdbc8;
grant execute on cnvdbo8.eeee to cnvdbc8;
grant execute on cnvdbo8.ffff to cnvdbc8;

create synonym cnvdbc8.aaaa for cnvdbo8.aaaa;
create synonym cnvdbc8.bbbb for cnvdbo8.bbbb;
create synonym cnvdbc8.cccc for cnvdbo8.cccc;

使用shell指令碼生成只讀許可權的sql指令碼

相關文章