oracle 11g 角色口令
oracle 11g 角色口令
oracle 11g 中測試 擁有口令的角色
SYS@ sms> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
1. 建立角色 role_01無密碼 role_02 有密碼
SYS@ sms> create role role_01;
Role created.
SYS@ sms> create role role_02 identified by oracle;
Role created.
SYS@ sms> grant connect,create table to role_01;
Grant succeeded.
SYS@ sms> grant connect ,create view to role_02;
SYS@ sms> create user zhou identified by zhou1234 quota unlimited on users;
User created.
SYS@ sms> grant role_01,role_02 to zhou;
Grant succeeded.
SYS@ sms> grant role_01,role_02 to zhou;
Grant succeeded.
SYS@ sms> conn zhou/zhou1234
Connected.
ZHOU@ sms> create table t(id number);
Table created.
ZHOU@ sms> insert into t values(1);
1 row created.
ZHOU@ sms> commit;
Commit complete.
2. 此時就出現問題了,role_02 明明有 create view 而且賦予給了 zhou 這裡就沒有呢?
ZHOU@ sms> create view view_1 as select * from t;
create view view_1 as select * from t
*
ERROR at line 1:
ORA-01031: insufficient privileges
3. 檢視 tyger_ro2 的default_role 為NO 難道 role_02 角色失效???
ZHOU@ sms> col USERNAME for a20
ZHOU@ sms> col GRANTED_ROLE for a20
ZHOU@ sms> select USERNAME,GRANTED_ROLE,DEFAULT_ROLE from user_role_privs;
USERNAME GRANTED_ROLE DEF
-------------------- -------------------- ---
ZHOU ROLE_01 YES
ZHOU ROLE_02 NO
4. 再檢視當前會話的許可權,果然沒有 create view 許可權
ZHOU@ sms> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE TABLE
5. 設定 tyger_ro2 許可權生效
ZHOU@ sms> set role role_02 identified by oracle;
Role set.
6. 當前使用者具有的許可權不變
ZHOU@ sms> select USERNAME,GRANTED_ROLE,DEFAULT_ROLE from user_role_privs;
USERNAME GRANTED_ROLE DEF
-------------------- -------------------- ---
ZHOU ROLE_01 YES
ZHOU ROLE_02 NO
7.當前會話用了 create view 許可權 卻沒有了create table 許可權
ZHOU@ sms> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE VIEW
ZHOU@ sms> create view view_1 as select * from t;
View created.
ZHOU@ sms> select * from tab;
TNAME TABTYPE CLUSTERID
------------------------------ ------- ----------
T TABLE
VIEW_1 VIEW
8. 重新登入會話,許可權恢復原樣
ZHOU@ sms> conn zhou/zhou1234
Connected.
ZHOU@ sms> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE TABLE
總結:
在oracle 11g 中,帶有口令的角色賦予使用者,預設情況下是失效的,當 set role 生效後,其他角色所具有的許可權失效, 只在當前會話有效
reference :
oracle 11g 中測試 擁有口令的角色
SYS@ sms> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
1. 建立角色 role_01無密碼 role_02 有密碼
SYS@ sms> create role role_01;
Role created.
SYS@ sms> create role role_02 identified by oracle;
Role created.
SYS@ sms> grant connect,create table to role_01;
Grant succeeded.
SYS@ sms> grant connect ,create view to role_02;
SYS@ sms> create user zhou identified by zhou1234 quota unlimited on users;
User created.
SYS@ sms> grant role_01,role_02 to zhou;
Grant succeeded.
SYS@ sms> grant role_01,role_02 to zhou;
Grant succeeded.
SYS@ sms> conn zhou/zhou1234
Connected.
ZHOU@ sms> create table t(id number);
Table created.
ZHOU@ sms> insert into t values(1);
1 row created.
ZHOU@ sms> commit;
Commit complete.
2. 此時就出現問題了,role_02 明明有 create view 而且賦予給了 zhou 這裡就沒有呢?
ZHOU@ sms> create view view_1 as select * from t;
create view view_1 as select * from t
*
ERROR at line 1:
ORA-01031: insufficient privileges
3. 檢視 tyger_ro2 的default_role 為NO 難道 role_02 角色失效???
ZHOU@ sms> col USERNAME for a20
ZHOU@ sms> col GRANTED_ROLE for a20
ZHOU@ sms> select USERNAME,GRANTED_ROLE,DEFAULT_ROLE from user_role_privs;
USERNAME GRANTED_ROLE DEF
-------------------- -------------------- ---
ZHOU ROLE_01 YES
ZHOU ROLE_02 NO
4. 再檢視當前會話的許可權,果然沒有 create view 許可權
ZHOU@ sms> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE TABLE
5. 設定 tyger_ro2 許可權生效
ZHOU@ sms> set role role_02 identified by oracle;
Role set.
6. 當前使用者具有的許可權不變
ZHOU@ sms> select USERNAME,GRANTED_ROLE,DEFAULT_ROLE from user_role_privs;
USERNAME GRANTED_ROLE DEF
-------------------- -------------------- ---
ZHOU ROLE_01 YES
ZHOU ROLE_02 NO
7.當前會話用了 create view 許可權 卻沒有了create table 許可權
ZHOU@ sms> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE VIEW
ZHOU@ sms> create view view_1 as select * from t;
View created.
ZHOU@ sms> select * from tab;
TNAME TABTYPE CLUSTERID
------------------------------ ------- ----------
T TABLE
VIEW_1 VIEW
8. 重新登入會話,許可權恢復原樣
ZHOU@ sms> conn zhou/zhou1234
Connected.
ZHOU@ sms> select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE TABLE
總結:
在oracle 11g 中,帶有口令的角色賦予使用者,預設情況下是失效的,當 set role 生效後,其他角色所具有的許可權失效, 只在當前會話有效
reference :
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/27036311/viewspace-1307902/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Oracle 11g使用者口令過期Oracle
- ORACLE 11G Data Guard 角色轉換Oracle
- Oracle 11g ORA-28002 口令將過期Oracle
- oracle 11G新特性--SYSASM 角色--用來管理ASMOracleASM
- oracle的口令管理Oracle
- Oracle ----口令檔案Oracle
- Oracle 角色 自定義角色 RoleOracle
- 【DataGuard】Oracle 11g DataGuard 角色轉換(一)物理備庫SwitchoverOracle
- Oracle 建立口令檔案 orapwdOracle
- Oracle 10g 11g密碼策略 使用者口令 大小寫敏感 說明Oracle 10g密碼
- 11G的rsource角色與Unlimited TablespaceMIT
- oracle 4--角色Oracle
- oracle DBA 角色重建Oracle
- oracle中的角色Oracle
- oracle使用者口令管理策略Oracle
- Oracle OS 認證, 口令檔案Oracle
- Oracle中的鑑權口令認證Oracle
- 10g、11g口令檔案密碼大小寫敏感密碼
- [20171213]john破解oracle口令.txtOracle
- 檢索oracle中口令:第一種方法Oracle
- 檢索oracle中口令:第二種方法Oracle
- 為oracle資料庫建立口令檔案Oracle資料庫
- 加固Oracle安全,為監聽設定口令Oracle
- ORACLE DG之備庫角色Oracle
- ORACLE角色(通過DBA建立)Oracle
- 學習和管理oracle角色Oracle
- Oracle角色精簡總結Oracle
- 10G, 11G 下的 sysdba 及 sysasm 角色ASM
- [20171214]hashcat破解oracle口令.txtOracle
- Oracle 查詢許可權角色Oracle
- 【ORACLE】oracle 使用者(sysdba)遠端登入和口令認證Oracle
- 查詢oracle中具有預設口令的賬戶Oracle
- oracle使用者口令中帶@符號問題Oracle符號
- 破解Oracle一般使用者的口令(轉)Oracle
- Oracle dba角色和sysdba的區別Oracle
- Oracle角色許可權之Default RoleOracle
- ORACLE10G DG角色轉換Oracle
- Oracle使用者、授權、角色管理Oracle