如何检查分配给模式、oracle 数据库中角色的对象的权限（DDL、DML、DCL）？

Posted 2023-05-09

【中文标题】如何检查分配给模式、oracle 数据库中角色的对象的权限（DDL、DML、DCL）？

【英文标题】：How to check the privileges (DDL,DML,DCL) on objects assigned to Schema, Roles in oracle Database?

【发布时间】：2018-04-15 10:09:49

【问题描述】：

大多数时候，我们都在为获取有关 Schema、Role 及其对象的权限细节而苦苦挣扎，并尝试找到一些简单的方法来获取有关它的所有细节以及伪查询代码以在批量以供进一步执行。所以我们要得到它。

【参考方案1】：

关于数据字典视图前缀的一点简单介绍：

ALL_    -Describes PUBLIC Object grants.
USER_   -Describes current user Object grants.
DBA_    -Describes all object grants in the database.

有用的浏览信息：

ROLE_ROLE_PRIVS     -describes the roles granted to other roles. 
ROLE_SYS_PRIVS      -describes system privileges granted to roles.
ROLE_TAB_PRIVS      -describes table privileges granted to roles. 
DBA_ROLE_PRIVS      -describes the roles granted to all users and roles in the database.
DBA_SYS_PRIVS       -describes system privileges granted to users and roles.
DBA_TAB_PRIVS       -describes all object grants in the database.
DBA_COL_PRIVS       -describes all column object grants in the database.

要了解有关 PRIVS 视图的更多信息，请访问here。

查询：

-关于用户/模式状态

select username,account_status, created from dba_users where username in ('SCOTT');

-检查分配给角色和架构的角色

select * from DBA_ROLE_PRIVS where grantee in ('SCOTT','RESOURCE');

-检查角色权限

select * from ROLE_ROLE_PRIVS where role in ('RESOURCE','CONNECT');    
select * from ROLE_TAB_PRIVS  where role in ('RESOURCE','CONNECT');
select * from ROLE_SYS_PRIVS  where role in ('RESOURCE','CONNECT');

Pseudo Code:
select 'grant '||privilege||' to ROLE_SLAVE;' from ROLE_SYS_PRIVS where role in ('RESOURCE','CONNECT');
select 'grant '||privilege||' to ROLE_SLAVE;' from ROLE_TAB_PRIVS where role in ('RESOURCE','CONNECT');

-检查授予对象的架构权限

select * from DBA_SYS_PRIVS where grantee in ('SCOTT');
select * from DBA_TAB_PRIVS where grantee in ('SCOTT');
select * from DBA_COL_PRIVS where grantee in ('SCOTT');

Pseudo Code: 
select 'grant '||privilege||' to SCOTT_SLAVE;' from DBA_SYS_PRIVS where grantee in ('SCOTT');
select 'grant '||privilege||' on '||owner||'.'||table_name||' to SCOTT_SLAVE;' from DBA_TAB_PRIVS where grantee in ('SCOTT');
select 'grant '||privilege||' ('||column_name||') '||' on '||owner||'.'||table_name||' to SCOTT_SLAVE;' from DBA_COL_PRIVS where grantee in ('SCOTT');

谢谢！