oracle中角色中权限剥离
角色的确是一种很方便的权限集合组织方式,在很多系统中也是广泛应用。但是在Oracle中,使用角色权限role privilege是要外小心的,特别是进行数据库开发过程中。因为Oracle存储过程等结构对角色权限有剔除效应。 【实验】 //建立实验角色r_cat_role SQL crea
角色的确是一种很方便的权限集合组织方式,在很多系统中也是广泛应用。但是在Oracle中,使用角色权限role privilege是要格外小心的,特别是进行数据库开发过程中。因为Oracle存储过程等结构对角色权限有剔除效应。
【实验】
//建立实验角色r_cat_role
SQL> create role r_cat_role ;
Role created
//授予系统权限select any dictionary给实验角色,select any dictionary权限可以访问到Oracle的大部分元数据视图。
SQL> grant select any dictionaryto r_cat_role;
Grant succeeded
//创建用户
SQL> create user mytest identified by mytest;
User created
SQL> grant create session to mytest;
Grant succeeded
SQL> grant r_cat_role to mytest;
Grant succeeded
SQL> grant create procedure to mytest;
Grant succeeded
SQL> conn mytest/mytest@ora11g;
Connected to Oracle Database11gEnterpriseEdition Release11.2.0.1.0
Connected as mytest
SQL> select count(*) fromdba_objects;
COUNT(*)
----------
72282
dba_objects视图是元数据字典的一个组成部分。mytest用户在接受角色权限r_cat_role之后,具有了在SQL中直接使用的权限。下面我们构造存储过程如下:
SQL> create or replace procedure P_TEST_NC
2 is
3 n_res number;
4 begin
5 select count(*)
6 into n_res
7 from dba_objects;
8
9 dbms_output.put_line(to_char(n_res));
10 end P_TEST_NC;
11 /
Warning: Procedure created with compilation errors
SQL> select * from user_errors;
NAME TYPE SEQUENCE LINE POSITION TEXT ATTRIBUTE
---------- ------------ ---------- ---------- ---------- ---------------------------------------- ---------
P_TEST_NC PROCEDURE 1 7 8 PL/SQL: ORA-00942:表或视图不存在 ERROR
P_TEST_NC PROCEDURE 2 5 3 PL/SQL: SQL Statement ignored ERROR
编译报错,看起来不可思议。明明mytest用户具有dba_objects视图的访问权限,而且在SQL语句直接可以使用。我们说,就是因为访问dba_objects的权限是通过角色授予的。存储过程等Oracle代码结构具有一个特性,就是可以将用户的三层权限(role、system和object)中的role权限剥离掉。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What to do if the oracle can't be opened
Apr 11, 2025 pm 10:06 PM
Solutions to Oracle cannot be opened include: 1. Start the database service; 2. Start the listener; 3. Check port conflicts; 4. Set environment variables correctly; 5. Make sure the firewall or antivirus software does not block the connection; 6. Check whether the server is closed; 7. Use RMAN to recover corrupt files; 8. Check whether the TNS service name is correct; 9. Check network connection; 10. Reinstall Oracle software.
How to solve the problem of closing oracle cursor
Apr 11, 2025 pm 10:18 PM
The method to solve the Oracle cursor closure problem includes: explicitly closing the cursor using the CLOSE statement. Declare the cursor in the FOR UPDATE clause so that it automatically closes after the scope is ended. Declare the cursor in the USING clause so that it automatically closes when the associated PL/SQL variable is closed. Use exception handling to ensure that the cursor is closed in any exception situation. Use the connection pool to automatically close the cursor. Disable automatic submission and delay cursor closing.
How to delete all data from oracle
Apr 11, 2025 pm 08:36 PM
Deleting all data in Oracle requires the following steps: 1. Establish a connection; 2. Disable foreign key constraints; 3. Delete table data; 4. Submit transactions; 5. Enable foreign key constraints (optional). Be sure to back up the database before execution to prevent data loss.
How to paginate oracle database
Apr 11, 2025 pm 08:42 PM
Oracle database paging uses ROWNUM pseudo-columns or FETCH statements to implement: ROWNUM pseudo-columns are used to filter results by row numbers and are suitable for complex queries. The FETCH statement is used to get the specified number of first rows and is suitable for simple queries.
How to create cursors in oracle loop
Apr 12, 2025 am 06:18 AM
In Oracle, the FOR LOOP loop can create cursors dynamically. The steps are: 1. Define the cursor type; 2. Create the loop; 3. Create the cursor dynamically; 4. Execute the cursor; 5. Close the cursor. Example: A cursor can be created cycle-by-circuit to display the names and salaries of the top 10 employees.
How to stop oracle database
Apr 12, 2025 am 06:12 AM
To stop an Oracle database, perform the following steps: 1. Connect to the database; 2. Shutdown immediately; 3. Shutdown abort completely.
How to create oracle dynamic sql
Apr 12, 2025 am 06:06 AM
SQL statements can be created and executed based on runtime input by using Oracle's dynamic SQL. The steps include: preparing an empty string variable to store dynamically generated SQL statements. Use the EXECUTE IMMEDIATE or PREPARE statement to compile and execute dynamic SQL statements. Use bind variable to pass user input or other dynamic values to dynamic SQL. Use EXECUTE IMMEDIATE or EXECUTE to execute dynamic SQL statements.
What steps are required to configure CentOS in HDFS
Apr 14, 2025 pm 06:42 PM
Building a Hadoop Distributed File System (HDFS) on a CentOS system requires multiple steps. This article provides a brief configuration guide. 1. Prepare to install JDK in the early stage: Install JavaDevelopmentKit (JDK) on all nodes, and the version must be compatible with Hadoop. The installation package can be downloaded from the Oracle official website. Environment variable configuration: Edit /etc/profile file, set Java and Hadoop environment variables, so that the system can find the installation path of JDK and Hadoop. 2. Security configuration: SSH password-free login to generate SSH key: Use the ssh-keygen command on each node
