本文介绍如何使用dbc.allrights表查询特定用户在指定数据库表上的操作权限,并提供了一个示例SQL语句来展示如何构建授予权限的SQL语句。
通过dbc.allrights表中的UserName列,DatabaseName列,TableName列和AccessRight列的查询可以获取指定用于对于指定数据库中指定表的操作权限。可用于在执行某条SQL语句之前,判定当前用户是否有执行此语句的权限,在权限不足时还可以尝试自动授权(不太安全,执行完应当revoke)等措施。
AccessRight列缩写词对应列表(共40个):
| AccessRight | 含义 |
| AF | ALTER FUNCTION |
| AP | ALTER PROCEDURE |
| AS | ABORT SESSION |
| CD | CREATE DATABASE |
| CF | CREATE FUNCTION |
| CG | CREATE TRIGGER |
| CM | CREATE MACRO |
| CO | CREATE PROFILE |
| CP | CHECKPOINT |
| CR | CREATE ROLE |
| CT | CREATE TABLE |
| CU | CREATE USER |
| CV | CREATE VIEW |
| D | DELETE |
| DD | DROP DATABASE |
| DF | DROP FUNCTION |
| DG | DROP TRIGGER |
| DM | DROP MACRO |
| DO | DROP PROFILE |
| DP | DUMP |
| DR | DROP ROLE |
| DT | DROP TABLE |
| DU | DROP USER |
| DV | DROP VIEW |
| E | EXECUTE |
| EF | EXECUTE FUNCTION |
| I | INSERT |
| IX | INDEX |
| MR | MONITOR RESOURCE |
| MS | MONITOR SESSION |
| PC | CREATE PROCEDURE |
| PD | DROP PROCEDURE |
| PE | EXECUTE PROCEDURE |
| RO | REPLICATION OVERRIDE |
| R | RETRIEVE/SELECT |
| RF | REFERENCE |
| RS | RESTORE |
| SS | SET SESSION RATE |
| SR | SET RESOURCE RATE |
| U | UPDATE |
示例SQL语句:
select username, databasename, tablename, accessright from dbc.allrights
where databasename='systemfe' and username='dbc' and tablename='opt_ras_table';*** Query completed. 12 rows found. 4 columns returned.
*** Total elapsed time was 1 second.
UserName DatabaseName TableName AccessRight
------------------------------ ------------------------------ ------------------------------ -----------
DBC SystemFe opt_ras_table DT
DBC SystemFe opt_ras_table U
DBC SystemFe opt_ras_table DG
DBC SystemFe opt_ras_table RF
DBC SystemFe opt_ras_table RS
DBC SystemFe opt_ras_table R
DBC SystemFe opt_ras_table I
DBC SystemFe opt_ras_table CG
DBC SystemFe opt_ras_table ST
DBC SystemFe opt_ras_table DP
DBC SystemFe opt_ras_table D
DBC SystemFe opt_ras_table IX如下的SQL语句可以自动构建出授予权限的SQL语句(即GRANT语句):
SEL
TRIM(username)
,TRIM(databasename)
,TRIM(tablename)
,'GRANT '|| CASE
WHEN AccessRight = 'AF ' THEN 'ALTER FUNCTION'
WHEN AccessRight = 'AP ' THEN 'ALTER PROCEDURE'
WHEN AccessRight = 'AS ' THEN 'ABORT SESSION'
WHEN AccessRight = 'CD ' THEN 'CREATE DATABASE'
WHEN AccessRight = 'CF ' THEN 'CREATE FUNCTION'
WHEN AccessRight = 'CG ' THEN 'CREATE TRIGGER'
WHEN AccessRight = 'CM ' THEN 'CREATE MACRO'
WHEN AccessRight = 'CO ' THEN 'CREATE PROFILE'
WHEN AccessRight = 'CP ' THEN 'CHECKPOINT'
WHEN AccessRight = 'CR ' THEN 'CREATE ROLE'
WHEN AccessRight = 'CT ' THEN 'CREATE TABLE'
WHEN AccessRight = 'CU ' THEN 'CREATE USER'
WHEN AccessRight = 'CV ' THEN 'CREATE VIEW'
WHEN AccessRight = 'D ' THEN 'DELETE'
WHEN AccessRight = 'DD ' THEN 'DROP DATABASE'
WHEN AccessRight = 'DF ' THEN 'DROP FUNCTION'
WHEN AccessRight = 'DG ' THEN 'DROP TRIGGER'
WHEN AccessRight = 'DM ' THEN 'DROP MACRO'
WHEN AccessRight = 'DO ' THEN 'DROP PROFILE'
WHEN AccessRight = 'DP ' THEN 'DUMP'
WHEN AccessRight = 'DR ' THEN 'DROP ROLE'
WHEN AccessRight = 'DT ' THEN 'DROP TABLE'
WHEN AccessRight = 'DU ' THEN 'DROP USER'
WHEN AccessRight = 'DV ' THEN 'DROP VIEW'
WHEN AccessRight = 'E ' THEN 'EXECUTE'
WHEN AccessRight = 'EF ' THEN 'EXECUTE FUNCTION'
WHEN AccessRight = 'I ' THEN 'INSERT'
WHEN AccessRight = 'IX ' THEN 'INDEX'
WHEN AccessRight = 'MR ' THEN 'MONITOR RESOURCE'
WHEN AccessRight = 'MS ' THEN 'MONITOR SESSION'
WHEN AccessRight = 'PC ' THEN 'CREATE PROCEDURE'
WHEN AccessRight = 'PD ' THEN 'DROP PROCEDURE'
WHEN AccessRight = 'PE ' THEN 'EXECUTE PROCEDURE'
WHEN AccessRight = 'RO ' THEN 'REPLICATION OVERRIDE'
WHEN AccessRight = 'R ' THEN 'RETRIEVE/SELECT'
WHEN AccessRight = 'RF ' THEN 'REFERENCE'
WHEN AccessRight = 'RS ' THEN 'RESTORE'
WHEN AccessRight = 'SS ' THEN 'SET SESSION RATE'
WHEN AccessRight = 'SR ' THEN 'SET RESOURCE RATE'
WHEN AccessRight = 'U ' THEN 'UPDATE'
END || ' ON '||TRIM(databasename)||'.'||TRIM(tablename)||' to '||TRIM(username)||';' AS Permission
FROM dbc.AllRights
WHERE DatabaseName = 'DBNAME' and USERNAME = 'LOGGEDINUSERNAME' AND TABLENAME = 'TABLENAME';
扫一扫
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
