【SCRIPTS】兩種自動化獲得Oracle授權語句的指令碼
對於DBA來說,一切可以簡化操作的嘗試都值得鼓勵,因為在故障來臨的時候,擁有一套順手高效的指令碼可見大大的縮短故障對業務的衝擊。這裡提供兩種快速得到Oracle授權語句的指令碼,供參考。
1.第一種獲取Oracle授權語句方法
可以透過SQL從一些資料字典中查詢到授權資訊,生成授權語句。
undefine user_name
set pagesize 1000
select 'grant '||tt.granted_role||' to '||tt.grantee||';' as SQL_text
from dba_role_privs tt where tt.grantee=(upper('&&user_name'))
union all
select 'grant '||tt.privilege||' to '||tt.grantee||';'
from dba_sys_privs tt where tt.grantee=(upper('&&user_name'))
union all
select 'grant '||tt.privilege||' on '||owner||'.'||table_name||' to '||tt.grantee||';'
from dba_tab_privs tt where tt.grantee=(upper('&&user_name'))
union all
select 'alter user '||tt.user_name||' quota '||maxblocks*blocksize||' on '||ts_name||';'
from KU$_TSQUOTA_VIEW tt where tt.user_name=(upper('&&user_name'));
使用效果如下:
sys@ora10g> undefine user_name
sys@ora10g> set pagesize 1000
sys@ora10g> select 'grant '||tt.granted_role||' to '||tt.grantee||';' as SQL_text
2 from dba_role_privs tt where tt.grantee=(upper('&&user_name'))
3 union all
4 select 'grant '||tt.privilege||' to '||tt.grantee||';'
5 from dba_sys_privs tt where tt.grantee=(upper('&&user_name'))
6 union all
7 select 'grant '||tt.privilege||' on '||owner||'.'||table_name||' to '||tt.grantee||';'
8 from dba_tab_privs tt where tt.grantee=(upper('&&user_name'))
9 union all
10 select 'alter user '||tt.user_name||' quota '||maxblocks*blocksize||' on '||ts_name||';'
11 from KU$_TSQUOTA_VIEW tt where tt.user_name=(upper('&&user_name'));
Enter value for user_name: sec
old 2: from dba_role_privs tt where tt.grantee=(upper('&&user_name'))
new 2: from dba_role_privs tt where tt.grantee=(upper('sec'))
old 5: from dba_sys_privs tt where tt.grantee=(upper('&&user_name'))
new 5: from dba_sys_privs tt where tt.grantee=(upper('sec'))
old 8: from dba_tab_privs tt where tt.grantee=(upper('&&user_name'))
new 8: from dba_tab_privs tt where tt.grantee=(upper('sec'))
old 11: from KU$_TSQUOTA_VIEW tt where tt.user_name=(upper('&&user_name'))
new 11: from KU$_TSQUOTA_VIEW tt where tt.user_name=(upper('sec'))
SQL_TEXT
---------------------------------------
grant DBA to SEC;
grant UNLIMITED TABLESPACE to SEC;
grant WRITE on SYS.DIR1 to SEC;
grant READ on SYS.DIR1 to SEC;
grant READ on SYS.dir2 to SEC;
grant WRITE on SYS.dir2 to SEC;
6 rows selected.
2.第二種獲取Oracle授權語句方法
透過Oracle提供的dbms_metadata包,獲得更加詳細準確的建立使用者以及授權的DDL語句。
set serveroutput on size 1000000
set verify off
undefine user_name
declare
v_name varchar2(30) := upper('&user_name');
no_grant exception;
pragma exception_init( no_grant, -31608 );
begin
dbms_metadata.set_transform_param(dbms_metadata.SESSION_TRANSFORM, 'SQLTERMINATOR', TRUE);
dbms_output.enable(1000000);
dbms_output.put_line(dbms_metadata.get_ddl('USER',v_name));
begin
dbms_output.put_line(dbms_metadata.get_granted_ddl('SYSTEM_GRANT',v_name));
exception
when no_grant then dbms_output.put_line('-- No system privs granted');
end;
begin
dbms_output.put_line(dbms_metadata.get_granted_ddl('ROLE_GRANT',v_name));
exception
when no_grant then dbms_output.put_line('-- No role privs granted');
end;
begin
dbms_output.put_line(dbms_metadata.get_granted_ddl('OBJECT_GRANT',v_name));
exception
when no_grant then dbms_output.put_line('-- No object privs granted');
end;
begin
dbms_output.put_line(dbms_metadata.get_granted_ddl('TABLESPACE_QUOTA',v_name));
exception
when no_grant then dbms_output.put_line('-- No tablespace quota specified');
end;
dbms_output.put_line(dbms_metadata.get_granted_ddl('DEFAULT_ROLE', v_name ));
exception
when others then
if SQLCODE = -31603 then dbms_output.put_line('-- User does not exists');
else raise;
end if;
end;
/
使用過程如下:
sys@ora10g> set serveroutput on size 1000000
sys@ora10g> set verify off
sys@ora10g> undefine user_name
sys@ora10g> declare
2 v_name varchar2(30) := upper('&user_name');
3 no_grant exception;
4 pragma exception_init( no_grant, -31608 );
5 begin
6 dbms_metadata.set_transform_param(dbms_metadata.SESSION_TRANSFORM, 'SQLTERMINATOR', TRUE);
7 dbms_output.enable(1000000);
8 dbms_output.put_line(dbms_metadata.get_ddl('USER',v_name));
9 begin
10 dbms_output.put_line(dbms_metadata.get_granted_ddl('SYSTEM_GRANT',v_name));
11 exception
12 when no_grant then dbms_output.put_line('-- No system privs granted');
13 end;
14 begin
15 dbms_output.put_line(dbms_metadata.get_granted_ddl('ROLE_GRANT',v_name));
16 exception
17 when no_grant then dbms_output.put_line('-- No role privs granted');
18 end;
19 begin
20 dbms_output.put_line(dbms_metadata.get_granted_ddl('OBJECT_GRANT',v_name));
21 exception
22 when no_grant then dbms_output.put_line('-- No object privs granted');
23 end;
24 begin
25 dbms_output.put_line(dbms_metadata.get_granted_ddl('TABLESPACE_QUOTA',v_name));
26 exception
27 when no_grant then dbms_output.put_line('-- No tablespace quota specified');
28 end;
29 dbms_output.put_line(dbms_metadata.get_granted_ddl('DEFAULT_ROLE', v_name ));
30 exception
31 when others then
32 if SQLCODE = -31603 then dbms_output.put_line('-- User does not exists');
33 else raise;
34 end if;
35 end;
36 /
Enter value for user_name: sec
CREATE USER "SEC" IDENTIFIED BY VALUES '9EC74A4FC0A9E227'
DEFAULT TABLESPACE "TBS_SEC_D"
TEMPORARY TABLESPACE
"TEMP";
GRANT UNLIMITED TABLESPACE TO "SEC";
GRANT "DBA" TO "SEC";
GRANT READ ON DIRECTORY "DIR1" TO "SEC" WITH GRANT OPTION;
GRANT WRITE ON DIRECTORY "DIR1" TO "SEC" WITH GRANT OPTION;
GRANT WRITE ON DIRECTORY "dir2" TO "SEC" WITH GRANT OPTION;
GRANT READ ON DIRECTORY "dir2" TO "SEC" WITH GRANT OPTION;
-- No tablespace quota specified
ALTER USER "SEC" DEFAULT ROLE ALL;
PL/SQL procedure successfully completed.
3.小結
鼓勵任何形式的自動化嘗試,這是DBA真正價值的體現。歡迎大家提供更多更好的指令碼。
Good luck.
secooler
10.10.07
-- The End --
1.第一種獲取Oracle授權語句方法
可以透過SQL從一些資料字典中查詢到授權資訊,生成授權語句。
undefine user_name
set pagesize 1000
select 'grant '||tt.granted_role||' to '||tt.grantee||';' as SQL_text
from dba_role_privs tt where tt.grantee=(upper('&&user_name'))
union all
select 'grant '||tt.privilege||' to '||tt.grantee||';'
from dba_sys_privs tt where tt.grantee=(upper('&&user_name'))
union all
select 'grant '||tt.privilege||' on '||owner||'.'||table_name||' to '||tt.grantee||';'
from dba_tab_privs tt where tt.grantee=(upper('&&user_name'))
union all
select 'alter user '||tt.user_name||' quota '||maxblocks*blocksize||' on '||ts_name||';'
from KU$_TSQUOTA_VIEW tt where tt.user_name=(upper('&&user_name'));
使用效果如下:
sys@ora10g> undefine user_name
sys@ora10g> set pagesize 1000
sys@ora10g> select 'grant '||tt.granted_role||' to '||tt.grantee||';' as SQL_text
2 from dba_role_privs tt where tt.grantee=(upper('&&user_name'))
3 union all
4 select 'grant '||tt.privilege||' to '||tt.grantee||';'
5 from dba_sys_privs tt where tt.grantee=(upper('&&user_name'))
6 union all
7 select 'grant '||tt.privilege||' on '||owner||'.'||table_name||' to '||tt.grantee||';'
8 from dba_tab_privs tt where tt.grantee=(upper('&&user_name'))
9 union all
10 select 'alter user '||tt.user_name||' quota '||maxblocks*blocksize||' on '||ts_name||';'
11 from KU$_TSQUOTA_VIEW tt where tt.user_name=(upper('&&user_name'));
Enter value for user_name: sec
old 2: from dba_role_privs tt where tt.grantee=(upper('&&user_name'))
new 2: from dba_role_privs tt where tt.grantee=(upper('sec'))
old 5: from dba_sys_privs tt where tt.grantee=(upper('&&user_name'))
new 5: from dba_sys_privs tt where tt.grantee=(upper('sec'))
old 8: from dba_tab_privs tt where tt.grantee=(upper('&&user_name'))
new 8: from dba_tab_privs tt where tt.grantee=(upper('sec'))
old 11: from KU$_TSQUOTA_VIEW tt where tt.user_name=(upper('&&user_name'))
new 11: from KU$_TSQUOTA_VIEW tt where tt.user_name=(upper('sec'))
SQL_TEXT
---------------------------------------
grant DBA to SEC;
grant UNLIMITED TABLESPACE to SEC;
grant WRITE on SYS.DIR1 to SEC;
grant READ on SYS.DIR1 to SEC;
grant READ on SYS.dir2 to SEC;
grant WRITE on SYS.dir2 to SEC;
6 rows selected.
2.第二種獲取Oracle授權語句方法
透過Oracle提供的dbms_metadata包,獲得更加詳細準確的建立使用者以及授權的DDL語句。
set serveroutput on size 1000000
set verify off
undefine user_name
declare
v_name varchar2(30) := upper('&user_name');
no_grant exception;
pragma exception_init( no_grant, -31608 );
begin
dbms_metadata.set_transform_param(dbms_metadata.SESSION_TRANSFORM, 'SQLTERMINATOR', TRUE);
dbms_output.enable(1000000);
dbms_output.put_line(dbms_metadata.get_ddl('USER',v_name));
begin
dbms_output.put_line(dbms_metadata.get_granted_ddl('SYSTEM_GRANT',v_name));
exception
when no_grant then dbms_output.put_line('-- No system privs granted');
end;
begin
dbms_output.put_line(dbms_metadata.get_granted_ddl('ROLE_GRANT',v_name));
exception
when no_grant then dbms_output.put_line('-- No role privs granted');
end;
begin
dbms_output.put_line(dbms_metadata.get_granted_ddl('OBJECT_GRANT',v_name));
exception
when no_grant then dbms_output.put_line('-- No object privs granted');
end;
begin
dbms_output.put_line(dbms_metadata.get_granted_ddl('TABLESPACE_QUOTA',v_name));
exception
when no_grant then dbms_output.put_line('-- No tablespace quota specified');
end;
dbms_output.put_line(dbms_metadata.get_granted_ddl('DEFAULT_ROLE', v_name ));
exception
when others then
if SQLCODE = -31603 then dbms_output.put_line('-- User does not exists');
else raise;
end if;
end;
/
使用過程如下:
sys@ora10g> set serveroutput on size 1000000
sys@ora10g> set verify off
sys@ora10g> undefine user_name
sys@ora10g> declare
2 v_name varchar2(30) := upper('&user_name');
3 no_grant exception;
4 pragma exception_init( no_grant, -31608 );
5 begin
6 dbms_metadata.set_transform_param(dbms_metadata.SESSION_TRANSFORM, 'SQLTERMINATOR', TRUE);
7 dbms_output.enable(1000000);
8 dbms_output.put_line(dbms_metadata.get_ddl('USER',v_name));
9 begin
10 dbms_output.put_line(dbms_metadata.get_granted_ddl('SYSTEM_GRANT',v_name));
11 exception
12 when no_grant then dbms_output.put_line('-- No system privs granted');
13 end;
14 begin
15 dbms_output.put_line(dbms_metadata.get_granted_ddl('ROLE_GRANT',v_name));
16 exception
17 when no_grant then dbms_output.put_line('-- No role privs granted');
18 end;
19 begin
20 dbms_output.put_line(dbms_metadata.get_granted_ddl('OBJECT_GRANT',v_name));
21 exception
22 when no_grant then dbms_output.put_line('-- No object privs granted');
23 end;
24 begin
25 dbms_output.put_line(dbms_metadata.get_granted_ddl('TABLESPACE_QUOTA',v_name));
26 exception
27 when no_grant then dbms_output.put_line('-- No tablespace quota specified');
28 end;
29 dbms_output.put_line(dbms_metadata.get_granted_ddl('DEFAULT_ROLE', v_name ));
30 exception
31 when others then
32 if SQLCODE = -31603 then dbms_output.put_line('-- User does not exists');
33 else raise;
34 end if;
35 end;
36 /
Enter value for user_name: sec
CREATE USER "SEC" IDENTIFIED BY VALUES '9EC74A4FC0A9E227'
DEFAULT TABLESPACE "TBS_SEC_D"
TEMPORARY TABLESPACE
"TEMP";
GRANT UNLIMITED TABLESPACE TO "SEC";
GRANT "DBA" TO "SEC";
GRANT READ ON DIRECTORY "DIR1" TO "SEC" WITH GRANT OPTION;
GRANT WRITE ON DIRECTORY "DIR1" TO "SEC" WITH GRANT OPTION;
GRANT WRITE ON DIRECTORY "dir2" TO "SEC" WITH GRANT OPTION;
GRANT READ ON DIRECTORY "dir2" TO "SEC" WITH GRANT OPTION;
-- No tablespace quota specified
ALTER USER "SEC" DEFAULT ROLE ALL;
PL/SQL procedure successfully completed.
3.小結
鼓勵任何形式的自動化嘗試,這是DBA真正價值的體現。歡迎大家提供更多更好的指令碼。
Good luck.
secooler
10.10.07
-- The End --
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/519536/viewspace-470371/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- oracle grant 授權語句Oracle
- 指令碼:獲得現有語句的執行計劃指令碼
- 授權指令碼指令碼
- 搬運工,oracle獲得ddl語句Oracle
- oracle 巡檢指令碼(自動化)Oracle指令碼
- ORACLE DBA常用語句和指令碼Oracle指令碼
- oracle自定義過程來獲得完整的sql語句OracleSQL
- 【恩墨學院】恩墨學院獲得Oracle WDP全國授權Oracle
- MySql增加使用者、授權、修改密碼等語句MySql密碼
- iOS —— 兩套自動打包指令碼iOS指令碼
- specjvm自動化指令碼JVM指令碼
- docker指令碼自動化Docker指令碼
- 自動化RMAN指令碼指令碼
- Sqlserver自動查詢缺失索引及拼出建立索引的語句的指令碼SQLServer索引指令碼
- 資料庫批次授權指令碼資料庫指令碼
- Shell 指令碼語句指令碼
- puppet自動認證授權
- Dockerfile---指令碼自動化Docker指令碼
- vue自動化部署指令碼Vue指令碼
- 兩種使用程式碼獲得SAP CRM product sales status的辦法
- MySQL 語句大全:建立、授權、查詢、修改等MySql
- Oracle 獲取ddl語句Oracle
- windows下oracle自動啟動指令碼WindowsOracle指令碼
- 列出oracle dbtime得sql語句OracleSQL
- qq郵箱授權碼如何獲取 QQ郵箱授權碼怎麼弄
- oracle自動冷備份指令碼Oracle指令碼
- ORACLE自動備份shell指令碼Oracle指令碼
- oracle報表自動FTP指令碼OracleFTP指令碼
- mydumper自動化安裝指令碼指令碼
- JMeter 介面自動化測試(手工轉自動化指令碼)JMeter指令碼
- 獲得Azure訂閱LoadBalancer的指令碼指令碼
- Oracle自動備份指令碼的實現Oracle指令碼
- 一個自動生成oracle job的指令碼Oracle指令碼
- suse下oracle的自動備份指令碼Oracle指令碼
- oracle授權Oracle
- dataguard switchover的自動化指令碼實現指令碼
- 創夢天地獲得夢工場授權 打造自研遊戲《夢工場大冒險》遊戲
- 自動化指令碼安裝mysql shell指令碼範例指令碼MySql