« 重建控制文件恢复丢失表空间一例 |
Blog首页
| 那些花儿 »
SYSOPER身份用户的权限限制
缺省的SYSOPER可以起停数据库,但是不能查询数据字典。
$ sqlplus "/ as sysdba"
SQL*Plus: Release 10.1.0.2.0 - Production on Fri Mar 25 17:20:49 2005
Copyright (c) 1982, 2004, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
SYS AS SYSDBA on 25-MAR-05 >CREATE USER operator IDENTIFIED BY operator;
User created.
授予dba,sysoper角色。
SYS AS SYSDBA on 25-MAR-05 >grant dba,sysoper to operator;
Grant succeeded.
|
以普通用户方式登录可以查询,因为具有DBA角色:
SYS AS SYSDBA on 25-MAR-05 >connect operator/operator
Connected.
OPERATOR on 25-MAR-05 >show user
USER is "OPERATOR"
OPERATOR on 25-MAR-05 >select count(*) from dba_users;
COUNT(*)
----------
12
|
以SYSOPER身份登录,实际上用户身份切换为PUBLIC,不能查询数据字典:
OPERATOR on 25-MAR-05 >connect operator/operator as sysoper;
Connected.
PUBLIC AS SYSOPER on 25-MAR-05 >select count(*) from dba_users;
select count(*) from dba_users
*
ERROR at line 1:
ORA-00942: table or view does not exist
PUBLIC AS SYSOPER on 25-MAR-05 >show user
USER is "PUBLIC"
|
但是此时有权启动数据库:
PUBLIC AS SYSOPER on 25-MAR-05 >shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
PUBLIC AS SYSOPER on 25-MAR-05 >startup
ORACLE instance started.
Database mounted.
Database opened.
|
可以单独授予SELECT ANY DICTIONARY,SELECT ANY TABLE权限给PUBLIC角色,这样sysoper身份登录用户同时就获得查询字典及表权限。
PUBLIC AS SYSOPER on 25-MAR-05 >connect / as sysdba
Connected.
SYS AS SYSDBA on 25-MAR-05 >grant SELECT ANY DICTIONARY,SELECT ANY TABLE to public;
Grant succeeded.
SYS AS SYSDBA on 25-MAR-05 >connect operator/operator
Connected.
OPERATOR on 25-MAR-05 >connect operator/operator as sysoper
Connected.
PUBLIC AS SYSOPER on 25-MAR-05 >select count(*) from dba_users;
COUNT(*)
----------
12
|
历史上的今天...
>>
2013-03-25文章:
>>
2008-03-25文章:
>>
2007-03-25文章:
>>
2006-03-25文章:
By eygle on 2005-03-25 17:55 |
Comments (0) |
FAQ | 218 |
SQL