本文深入探讨了Oracle数据库中的角色管理,包括角色创建、分配和审计的过程。详细解释了角色无所有者特性,以及拥有CREATEROLE或SYSDBA权限的用户如何自动获得角色并能进一步授予其他用户。此外,还介绍了如何通过DBA_ROLE_PRIVS和USER_ROLE_PRIVS视图查询角色分配情况,以及如何使用AUDIT ROLE语句和DBA_AUDIT_TRAIL视图进行角色创建和授权的审计。
准备SQL考试,找了很久,明白了。
The roles in Oracle Database have no owner as well as directories have no owner.
When the user with CREATE ROLE or SYSDBA privilege creates the role, he or she is automatically assigned that role WITH ADMIN OPTION which means that the user can subsequently grant that role to other users even if the privilege CREATE ROLE is revoked from the user.
You can see what roles are assigned to which users querying DBA_ROLE_PRIVS view, or USER_ROLE_PRIVS if you want to know what roles are assigned to the current user.
Also, a user cannot create a role if the role with the same name already exists. However you can audit role creation and granting. You can do that with AUDIT ROLE statement (if it was for some reason disabled with NOAUDIT ROLE), and then querying DBA_AUDIT_TRAIL view.
通过下面的sql可以查看
select * from dba_role_privs
select * from user_role_privs
扫一扫
949
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
