----

-----------TCL

A C I D

---commit

---rollback

自動提交

exit disconnect conn DDL DCL

自動回滾

X shut mmediate 斷電斷網

-------------------------------------------------------------------------------

DCL

GRANT 授權

REVOKE 回收許可權

GRANT 許可權|角色 TO 使用者|角色

REVOKE 許可權|據色 FROM 使用者|角色

許可權---privilege

使用者

屬性

USERNAME NOT NULL VARCHAR2(30)

USER_ID NOT NULL NUMBER

PASSWORD VARCHAR2(30)

ACCOUNT_STATUS NOT NULL VARCHAR2(32)

LOCK_DATE DATE

EXPIRY_DATE DATE

DEFAULT_TABLESPACE NOT NULL VARCHAR2(30)

TEMPORARY_TABLESPACE NOT NULL VARCHAR2(30)

CREATED NOT NULL DATE

--OPEN

---LOCKED

-EXPIRED

--locked & expired

SQL> create user user2 identified by user2 account lock;---LOCK

SQL> create user user2 identified by user2 ;-----------------OPEN

SQL> create user user3 identified by user3 password expire; ---EXPIRE

SQL> create user user4 identified by user4 password expire account lock; --EXPIRE LOCK

修改屬性

解鎖|上鎖

ALTER USER XXX ACCOUNT UNLOCK；

密碼過期

ALTER USER XXX PASSWORD EXPIRE;

密碼忘記

ALTER USER XX IDENTIFIED BY XXXX；

檢視資料庫裡有哪些許可權？

dba_sys_privs --檢視使用者直接有什麼許可權

dba_roles --檢視資料庫有什麼角色

session_privs --檢視自己有什麼許可權

dba_role_privs --檢視使用者有什麼角色

as sysdba

SQL> desc dba_sys_privs

Name

-----------------

GRANTEE 許可權給了誰，誰有什麼許可權

PRIVILEGE 有什麼許可權

ADMIN_OPTION 是否允許級聯

角色裡面套角色

user12-----role1----resource---8 -----10

----connect----1

select privilege from dba_sys_privs where grantee='USER12';---0

select grateed_role from dba_role_privs where grantee='USER12'---1--role1

select privilege from dba_sys_privs where grantee='ROLE1';---0

r1--r2----priv

-role---r3---pr

--x

dba_sys_privs

dba_role_privs

grant create session to new1 identified by new1;

drop role r1;

drop role r2;

create role r1;

create role r2;

grant create table to r1;

grant create view to r2;

grant r1 to r2;

grant r2 to new1;

dba---new1

new1---sesi

NEW1-----create seession

--ROLE2 ---create view

---r1 --create table

--xx

SQL> conn new1/new1

Connected.

SQL> select * from session_privs;

PRIVILEGE

----------------------------------------

CREATE SESSION

CREATE TABLE

CREATE VIEW

許可權的級聯

SQL> create user u1 identified by u1;

SQL> create user u2 identified by u2;

WITH ？

SYS--------U1-----U2

許可權分類

系統許可權 dba_sys_privs------------DDL create alter drop

物件許可權 dba_tab_privs---------------DML DQL select update delete insert

GRANT 許可權 ON 物件 TO 使用者

0

SQL> desc dba_tab_privs

Name Null? Type

----------------------- -------- ----------------

GRANTEE U1

OWNER U2

TABLE_NAME T1

GRANTOR U2

PRIVILEGE SELECT

GRANTABLE YES

CONN U3/U3

GRANT SELECT ON U2.T1 TO U1;

許可權的級聯問題

物件許可權 with grant option , 物件可以級聯回收

系統許可權 with admin option ，系統不可以級聯回收

----

-----------TCL

A C I D

---commit

---rollback

自動提交

exit disconnect conn DDL DCL

自動回滾

X shut mmediate 斷電斷網

-------------------------------------------------------------------------------

DCL

GRANT 授權

REVOKE 回收許可權

GRANT 許可權|角色 TO 使用者|角色

REVOKE 許可權|據色 FROM 使用者|角色

許可權---privilege

使用者

屬性

USERNAME NOT NULL VARCHAR2(30)

USER_ID NOT NULL NUMBER

PASSWORD VARCHAR2(30)

ACCOUNT_STATUS NOT NULL VARCHAR2(32)

LOCK_DATE DATE

EXPIRY_DATE DATE

DEFAULT_TABLESPACE NOT NULL VARCHAR2(30)

TEMPORARY_TABLESPACE NOT NULL VARCHAR2(30)

CREATED NOT NULL DATE

--OPEN

---LOCKED

-EXPIRED

--locked & expired

SQL> create user user2 identified by user2 account lock;---LOCK

SQL> create user user2 identified by user2 ;-----------------OPEN

SQL> create user user3 identified by user3 password expire; ---EXPIRE

SQL> create user user4 identified by user4 password expire account lock; --EXPIRE LOCK

修改屬性

解鎖|上鎖

ALTER USER XXX ACCOUNT UNLOCK；

密碼過期

ALTER USER XXX PASSWORD EXPIRE;

密碼忘記

ALTER USER XX IDENTIFIED BY XXXX；

檢視資料庫裡有哪些許可權？

dba_sys_privs --檢視使用者直接有什麼許可權

dba_roles --檢視資料庫有什麼角色

session_privs --檢視自己有什麼許可權

dba_role_privs --檢視使用者有什麼角色

as sysdba

SQL> desc dba_sys_privs

Name

-----------------

GRANTEE 許可權給了誰，誰有什麼許可權

PRIVILEGE 有什麼許可權

ADMIN_OPTION 是否允許級聯

角色裡面套角色

user12-----role1----resource---8 -----10

----connect----1

select privilege from dba_sys_privs where grantee='USER12';---0

select grateed_role from dba_role_privs where grantee='USER12'---1--role1

select privilege from dba_sys_privs where grantee='ROLE1';---0

r1--r2----priv

-role---r3---pr

--x

dba_sys_privs

dba_role_privs

grant create session to new1 identified by new1;

drop role r1;

drop role r2;

create role r1;

create role r2;

grant create table to r1;

grant create view to r2;

grant r1 to r2;

grant r2 to new1;

dba---new1

new1---sesi

NEW1-----create seession

--ROLE2 ---create view

---r1 --create table

--xx

SQL> conn new1/new1

Connected.

SQL> select * from session_privs;

PRIVILEGE

----------------------------------------

CREATE SESSION

CREATE TABLE

CREATE VIEW

許可權的級聯

SQL> create user u1 identified by u1;

SQL> create user u2 identified by u2;

WITH ？

SYS--------U1-----U2

許可權分類

系統許可權 dba_sys_privs------------DDL create alter drop

物件許可權 dba_tab_privs---------------DML DQL select update delete insert

GRANT 許可權 ON 物件 TO 使用者

0

SQL> desc dba_tab_privs

Name Null? Type

----------------------- -------- ----------------

GRANTEE U1

OWNER U2

TABLE_NAME T1

GRANTOR U2

PRIVILEGE SELECT

GRANTABLE YES

CONN U3/U3

GRANT SELECT ON U2.T1 TO U1;

許可權的級聯問題

物件許可權 with grant option , 物件可以級聯回收

系統許可權 with admin option ，系統不可以級聯回收

許可權的級聯問題

相關文章