eygle.com   eygle.com
eygle.com  
 

« 重建控制文件恢复丢失表空间一例 | Blog首页 | 那些花儿 »

SYSOPER身份用户的权限限制

作者:eygle |【转载时请以超链接形式标明文章和作者信息及本声明
链接:
站内相关文章|Related Articles
缺省的SYSOPER可以起停数据库,但是不能查询数据字典。


$ sqlplus "/ as sysdba"

SQL*Plus: Release 10.1.0.2.0 - Production on Fri Mar 25 17:20:49 2005

Copyright (c) 1982, 2004, Oracle.  All rights reserved.


Connected to:
Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options

SYS AS SYSDBA on 25-MAR-05 >CREATE USER operator IDENTIFIED BY operator;

User created.

授予dba,sysoper角色。

SYS AS SYSDBA on 25-MAR-05 >grant dba,sysoper to operator;

Grant succeeded.

以普通用户方式登录可以查询,因为具有DBA角色:


SYS AS SYSDBA on 25-MAR-05 >connect operator/operator
Connected.
OPERATOR  on 25-MAR-05 >show user
USER is "OPERATOR"
OPERATOR  on 25-MAR-05 >select count(*) from dba_users;

  COUNT(*)
----------
        12

以SYSOPER身份登录,实际上用户身份切换为PUBLIC,不能查询数据字典:


OPERATOR  on 25-MAR-05 >connect operator/operator as sysoper;
Connected.
PUBLIC AS SYSOPER on 25-MAR-05 >select count(*) from dba_users;
select count(*) from dba_users
                     *
ERROR at line 1:
ORA-00942: table or view does not exist


PUBLIC AS SYSOPER on 25-MAR-05 >show user
USER is "PUBLIC"

但是此时有权启动数据库:


PUBLIC AS SYSOPER on 25-MAR-05 >shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
PUBLIC AS SYSOPER on 25-MAR-05 >startup 
ORACLE instance started.
Database mounted.
Database opened.

可以单独授予SELECT ANY DICTIONARY,SELECT ANY TABLE权限给PUBLIC角色,这样sysoper身份登录用户同时就获得查询字典及表权限。


PUBLIC AS SYSOPER on 25-MAR-05 >connect / as sysdba
Connected.
SYS AS SYSDBA on 25-MAR-05 >grant SELECT ANY DICTIONARY,SELECT ANY TABLE to public;

Grant succeeded.

SYS AS SYSDBA on 25-MAR-05 >connect operator/operator
Connected.
OPERATOR  on 25-MAR-05 >connect operator/operator as sysoper
Connected.
PUBLIC AS SYSOPER on 25-MAR-05 >select count(*) from dba_users;

  COUNT(*)
----------
        12


历史上的今天...
      >> 2007-03-25文章:
             eygle的菜谱:金钩玉条
      >> 2006-03-25文章:
             LOB对象与临时段
------
这篇 【SYSOPER身份用户的权限限制】来自 eygle.com | CSDN网摘| del.icio.us|Google订阅 | 鲜果订阅 | 抓虾订阅

By eygle on 2005-03-25 17:55 | Comments (0) | Posted to FAQ | Edit |

相关文章 随机文章
电话以及宽带,新家的选择
Windows Live Messenger正式版发布
完成网站迁移
Google与DBA
我的DBA飞走了
搜索本站:

留言 (0)

发表留言:



Remember Me?
(输入验证码后方可评论,谢谢支持)


CopyRight © 2004~2010 eygle.com, All rights reserved.