1、系统权限:允许用户在数据库中执行特定的操作
A、SYSDBA/SYSOPER这两个权限比较特殊
gyj@OCM> select * from dba_sys_privswhere granteein('SYSDBA','SYSOPER');
no rows selected
B、DBA的系统权限是可以查到的
gyj@OCM> select * from dba_sys_privswhere grantee='DBA';
GRANTEE PRIVILEGE ADM
-------------------------------------------------------------------------
DBA DROP ANY CUBE BUILDPROCESS YES
DBA CREATECUBE YES
DBA ALTERANY CUBE DIMENSION YES
DBA ALTERANY MINING MODEL YES
(中间结果省略)
…………………………..
202 rows selected.
C、普通用户的系统权限
gyj@OCM> select * from dba_sys_privs where grantee='GYJ';
GRANTEE PRIVILEGE ADM
-------------------------------------------------------------------------
GYJ UNLIMITEDTABLESPACE NO
D、 当前会话上的系统权限
gyj@OCM> select * from session_privs;
PRIVILEGE
----------------------------------------
ALTER SYSTEM
AUDIT SYSTEM
CREATE SESSION
ALTER SESSION
RESTRICTED SESSION
(中间结果省略)
……………………………
202 rows selected.
2、对象权限:允许用户访问和操纵特定的对象
A、查对象权限
gyj@OCM> select * fromdba_tab_privs where grantee='GYJ';
no rows selected
B、查对象上列的权限
gyj@OCM>select* from dba_col_privs wheregrantee='GYJ';
no rows selected
为什么没显示对象的权限和对象上列的权限呢,用户GYJ明明有对象的呀:
gyj@OCM> show user;
USER is "GYJ"
gyj@OCM> select table_name from tabs;
TABLE_NAME
------------------------------
T10
好,我登录到HR用户下给GYJ用户授对象权限
sys@OCM> conn hr/hr
Connected.
hr@OCM> grant select on employees to gyj;
Grant succeeded.
hr@OCM> grant update (department_id)onemployees to gyj;
Grant succeeded.
再次查对象权限就有结果了,这下明白这个意思了吧,好!这个就不多说了。
联系客服