近期,生产的测试系统需要读取实际数据,为了区分用户,做了如下select any Table系统权限的测试
--1.用户test有表T1
TEST@ORA10G>desc t
Name Null? Type
----------------------------------------------------------------- -------- --------------------------------------------
OWNER VARCHAR2(30)
OBJECT_NAME VARCHAR2(128)
SUBOBJECT_NAME VARCHAR2(30)
OBJECT_ID NUMBER
DATA_OBJECT_ID NUMBER
OBJECT_TYPE VARCHAR2(19)
CREATED DATE
LAST_DDL_TIME DATE
TIMESTAMP VARCHAR2(19)
STATUS VARCHAR2(7)
TEMPORARY VARCHAR2(1)
GENERATED VARCHAR2(1)
SECONDARY VARCHAR2(1)
--2. 创建用户test1,授予create session的权限
SYS@ORA10G>create user test1 identified by test1;
User created.
SYS@ORA10G>grant create session to test1;
Grant succeeded.
--3. 测试用户test1是否可以访问test用户下的t表
T EST1@ORA10G>select count(*) from test.t;
select count(*) from test.t
*
ERROR at line 1:
ORA-00942: table or view does not exist
--4. 授予test1用户select any table的系统权限并测试
SYS@ORA10G>grant select any table to test1;
Grant succeeded.
--发现test1用户可以访问test用户下的t表
TEST1@ORA10G>select count(*) from test.t;
COUNT(*)
----------
405720
--5. 测试是否可以访问test用户下的视图
--创建视图
TEST@ORA10G>create view v_t as select * from t;
View created.
--test1也可以访问test用户下的视图
TEST1@ORA10G>select count(*) from test.v_t;
COUNT(*)
----------
405720
--6. 测试同义词(用户需要有create pubilc synonym 的系统权限)
TEST@ORA10G>create or replace public synonym t for test.t;
Synonym created.
TEST1@ORA10G>select count(*) from t;
COUNT(*)
----------
405720
--能够实现此过程的前提是:test1用户下,不能拥有同名的对象t;且test1用户需要具有select any table的权限;
--需要给应用连接用户create public synonym的权限;
不知道思路是否正确,有待验证~~
--1.用户test有表T1
TEST@ORA10G>desc t
Name Null? Type
----------------------------------------------------------------- -------- --------------------------------------------
OWNER VARCHAR2(30)
OBJECT_NAME VARCHAR2(128)
SUBOBJECT_NAME VARCHAR2(30)
OBJECT_ID NUMBER
DATA_OBJECT_ID NUMBER
OBJECT_TYPE VARCHAR2(19)
CREATED DATE
LAST_DDL_TIME DATE
TIMESTAMP VARCHAR2(19)
STATUS VARCHAR2(7)
TEMPORARY VARCHAR2(1)
GENERATED VARCHAR2(1)
SECONDARY VARCHAR2(1)
--2. 创建用户test1,授予create session的权限
SYS@ORA10G>create user test1 identified by test1;
User created.
SYS@ORA10G>grant create session to test1;
Grant succeeded.
--3. 测试用户test1是否可以访问test用户下的t表
T EST1@ORA10G>select count(*) from test.t;
select count(*) from test.t
*
ERROR at line 1:
ORA-00942: table or view does not exist
--4. 授予test1用户select any table的系统权限并测试
SYS@ORA10G>grant select any table to test1;
Grant succeeded.
--发现test1用户可以访问test用户下的t表
TEST1@ORA10G>select count(*) from test.t;
COUNT(*)
----------
405720
--5. 测试是否可以访问test用户下的视图
--创建视图
TEST@ORA10G>create view v_t as select * from t;
View created.
--test1也可以访问test用户下的视图
TEST1@ORA10G>select count(*) from test.v_t;
COUNT(*)
----------
405720
--6. 测试同义词(用户需要有create pubilc synonym 的系统权限)
TEST@ORA10G>create or replace public synonym t for test.t;
Synonym created.
TEST1@ORA10G>select count(*) from t;
COUNT(*)
----------
405720
--能够实现此过程的前提是:test1用户下,不能拥有同名的对象t;且test1用户需要具有select any table的权限;
--需要给应用连接用户create public synonym的权限;
不知道思路是否正确,有待验证~~
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/26129555/viewspace-1295192/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/26129555/viewspace-1295192/
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
