Oracle课程档案,第十天
Posted 麻包缝裤衩
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Oracle课程档案,第十天相关的知识,希望对你有一定的参考价值。
用户管理
Authentication: 身份验证
AAA:
Authentication: 身份验证
Authorization: 权限管理
Audition: 审计
grant:授权
unset:撤销(消除)
SQL>echo $ORACLE_SID ORCL 查询数据库的名字为ORCL
SQL>vnset ORACLE_SID 删除数据库名字为ORCL
SQL>export ORACLE_SID=ORCL 重新添加变量数据库的名字为ORCL
管理员的身份验证:
本地连接:
本地连接,预先设置ORACLE_SID,操作系统用户是dba群组的成员
id
uid=1001(oracle) gid=1000(oinstall) groups=1000(oinstall),1031(dba),1032(oper)
$ sqlplus / as sysdba
SQL> show user
USER is "SYS"
$ su -
# usermod -G oper oracle 或 -G:附加群组 -g:主群组 -d:删除 -a:添加
# gpasswd -d oracle dba
# exit
$ sqlplus / as sysdba
报错,权限不够
只要是dba群组中的成员,就可以不需要知道sys的口令,直接以sqlplus / as sysdba登录
并且身份为sys。
恢复:
# gpasswd -a oracle dba
远程客户端连接:
$ sqlplus sys/[email protected] as sysdba
$ ls $ORACLE_HOME/dbs/orapworcl
$ orapwd
操作系统中创建用户:
$ su -
Password:
[[email protected] ~]# useradd osuser
[[email protected] ~]# passwd osuser
$ sqlplus / as sysdba
外部用户使用固定的前缀:
SQL> show parameter os_auth
SQL> create user ops$osuser identified externally;
SQL> grant create session to ops$osuser;
不要su - osuser,环境变量保留:
$ su osuser
Password:
[[email protected] admin]$ sqlplus /
SQL> show user
USER is "OPS$OSUSER"
或者用命令创建:
SQL> create user user01 identified by password;
SQL> grant create session to user01; grant:授权
测试:
$ sqlplus user01/password
authorization:(权限管理)
预先创建测试表
SQL> create table t1(x int);
SQL> create user user01 identified by password;
SQL> grant create session to user01;★
SQL> grant select any table to user01;★
user01测试:
$ sqlplus user01/password
SQL> select count(*) from hr.employees(hr.departments scott.emp);
SQL> delete from scott.emp; 失败!
SQL> select * from sys.t1; 失败!
select any table n-1模式 注:(any不包括sys)★★
sys再次授权:
SQL> grant select any dictionary to user01;
user01测试:
SQL> select * from sys.t1; 成功
select any table(n-1)+select any dictionary(1)
sys授权:
SQL> grant create table to user01;
user01测试:
SQL> create table t1(x int);
sys授权:
SQL> grant unlimited tablespace to user01;
user01测试:
SQL> insert into t1 values (1);
对象权限:关键字为“on”
sys授权:
SQL> grant select on hr.employees to user01;
user01测试:
SQL> select count(*) from hr.employees;
SQL> delete from hr.employees; 失败
SQL> select count(*) from hr.departments; 失败
sys授权:
SQL> grant index on hr.employees to user01;
SQL> grant unlimited tablespace to user01;
user01测试:
SQL> create index emp_sal_idx on hr.employees(salary);
SQL> select index_name from user_indexes where table_name=‘EMPLOYEES‘;
create any table 系统级别的选项,能在任何一个模式下创建表 create table 系统级别的选项,权限也为系统的
alter any table 系统级别的权限,能修改任何一张表(any不包括sys) alter table 对象权限
drop any table 系统级别的权限 ,能删除任何一张表 drop table 没有权限
权限的级联删除:
系统权限:
sys准备工作:
SQL> drop user user01 cascade;
SQL> drop user user02 cascade;
SQL> create user user01 identified by password;
SQL> create user user02 identified by password;
SQL> grant create session to user01;
SQL> grant create session to user02;
sys授权:
SQL> grant select any table to user01 with admin option;
user01测试成功并授权给user02:
SQL> select count(*) from hr.employees;
SQL> grant select any table to user02 with admin option;
user02测试成功:
SQL> select count(*) from hr.employees;
sys收回权限:
SQL> revoke select any table from user01;
user01操作失败:
SQL> select count(*) from hr.employees;
user02测试成功:
SQL> select count(*) from hr.employees;
对象权限:
SQL> grant select on hr.employees to user01 with grant option;
dba+sysdba=sys
revoke:收回(收回权限)
预定义的角色:
SQL> select role from dba_roles;
创建角色:
SQL> create role hr_mgr;
SQL> create role hr_clerk;
SQL> grant select any table to hr_mgr;
SQL> grant select on hr.employees to hr_clerk;
SQL> grant hr_mgr to user01;
SQL> grant hr_clerk to user02;
user01/user02测试:
角色生效必须重新登录
audit(审计)
开启开关参数:
SQL> show parameter audit_trail
设置审计选项:
每次设置新的审计选项,测试用户需要重新连接
sys准备工作:
SQL> drop user user01 cascade;
SQL> create user user01 identified by password;
SQL> grant create session, create table, create any table to user01;
以上是关于Oracle课程档案,第十天的主要内容,如果未能解决你的问题,请参考以下文章