实际应用中,会遇到在某个用户下需要查询另一个用户下的表数据或视图的情况,然而在没有授权时,会提示无权限操作的错误。那就需要通过授权处理后,再能进行查询操作,下面我们来看看是怎么处理的。
一、系统权限说明:
1、用户权限
CREATE SESSIOIN 连接到数据库
CREATE TABLE 在用户的方案中创建表
CREATE SEQUENCE 在用户的方案中创建序列
CREATE VIEW 在用户的方案中创视图
CREATE PROCEDURE在用户的方案中创建存储过程,函数或包
1.1、例子:授予系统权限
DBA能够授予用户指定的系统权限
GRANT create session,create table,
create sequence,create view
TO scott;
二、创建用户只用于查询其它用户库的表和视图
1、创建用户
1
2
3
4
5
|
create user 用户名 identified by 密码;
grant connect,
select
any table to 用户名;
这样创建的用户就可以连接数据库和只有对任何表有查询权限了
grant connect to 用户名
//
只有连接权限
|
2、授权查询表与视图权限
2.1、a用户下授权查询所有表给b用户(a用户登录执行下面语句)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
select
'grant select on a.'
|| tname ||
' to b;'
from tab;
'GRANTSELECTONA.'
||TNAME||
'TOB;'
------------------------------------------------------
grant
select
on a.VOTE_NUM to b;
grant
select
on a.TMP_MSG to b;
grant
select
on a.VOTE_IP to b;
grant
select
on a.QUESTION to b;
grant
select
on a.QUESTION_COUNT to b;
grant
select
on a.RECORD_DICT to b;
grant
select
on a.BM_COLUMN to b;
grant
select
on a.BM_COLUMN_CLASSIFY_REL to b;
grant
select
on a.BM_INFO_CLASSIFY to b;
grant
select
on a.BM_MODULE to b;
grant
select
on a.BM_MODULE_AUTH to b;
或
select
'grant select on '
||table_name||
' to b;'
from user_tables;
'GRANTSELECTON'
||TABLE_NAME||
'TOB;'
----------------------------------------------------
grant
select
on VOTE_NUM to b;
grant
select
on TMP_MSG to b;
grant
select
on VOTE_IP to b;
grant
select
on QUESTION to b;
grant
select
on QUESTION_COUNT to b;
grant
select
on RECORD_DICT to b;
grant
select
on BM_COLUMN to b;
grant
select
on BM_COLUMN_CLASSIFY_REL to b;
说明:在a用户下执行该语句,执行后会生成对所有表的赋权限语句,拷贝出来执行就可以了。
|
2.2、a用户下授权查询单个表给b用户
1
|
grant
select
on a.tablename to b;
|
2.3、a用户下授权查询所有序列给b用户
1
|
select
'grant select on '
|| sequence_name ||
' to b;'
from dba_sequences where sequence_owner=
'A'
;
|
2.4、--Oracle查询用户视图
1
|
select
* from user_views;
|
2.5、a用户下授权查询视图给test11用户
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
select
'grant select on a.'
|| view_name ||
' to test11;'
from user_views;
视图查询如下:
'GRANTSELECTON'
||VIEW_NAME||
'TOTEST11;'
---------------------------------------------------------
grant
select
on CONFIRM_RESERVATION_VIEW to test11;
grant
select
on DEPARTMENT_RESERVATION_VIEW to test11;
grant
select
on DEPART_CANCEL_RESERVATION_VIEW to test11;
grant
select
on DOCTOR_CANCEL_RESERVATION_VIEW to test11;
grant
select
on DOCTOR_RESERVATION_VIEW to test11;
grant
select
on GRPSS to test11;
grant
select
on HOSPITAL_ALL_SCHEDULE_VIEW to test11;
grant
select
on HOSPITAL_DEPARTMENT_VIEW to test11;
grant
select
on HOSPITAL_DEP_SCHEDULE_VIEW to test11;
grant
select
on HOSPITAL_DOCTOR_VIEW to test11;
grant
select
on HOSPITAL_DOC_SCHEDULE_VIEW to test11;
'GRANTSELECTON'
||VIEW_NAME||
'TOTEST11;'
---------------------------------------------------------
grant
select
on PATIENT_COUNT_RESERVATION_VIEW to test11;
grant
select
on PATIENT_RESERVATION_VIEW to test11;
grant
select
on PATIENT_RESERVATION_VIEW2 to test11;
grant
select
on PATIENT_RES_VIEW to test11;
grant
select
on PRVIEW to test11;
grant
select
on RES_VIEW to test11;
grant
select
on SS to test11;
|
备注:授权更新、删除的 语法和授权查询类似,只是关键字不同而已。
三、撤消权限
1、授权a用户下取消给b用户删除单个表的权限
revoke delete on a.tablename from b;
2、授权a用户下取消给b用户更新单个表的权限
revoke update on a.tablename from b;
3、拥有dba权限的用户下取消给b用户创建dblink的权限
revoke create database link from b;
4、拥有dba权限的用户下取消给tes11用户查询任何表的权限
revoke select any table from test11;
四、事例:
1、在rh_test用户下授权查询所有表给wd用户
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
select 'grant select on rhip_test.' || tname || ' to wd;' from tab;
'GRANTSELECTONRH_TEST.'||TNAME||'TOWD;'
----------------------------------------------------------------
grant select on rh_test.BIZ_CODE_REL to wd;
grant select on rh_test.BIZ_RMIM_DIC to wd;
grant select on rh_test.BIZ_RMIM_VERSION to wd;
grant select on rh_test.BIZ_RMIM_VERSION_DETAIL to wd;
grant select on rh_test.BIZ_RMIM_VERSION_SUBDETAIL to wd;
grant select on rh_test.BIZ_SYSTEM_LOGIN to wd;
grant select on rh_test.BIZ_TREE_PATH to wd;
grant select on rh_test.CLINIC_TRANSFER to wd;
grant select on rh_test.CODE_SYSTEM_DIC to wd;
'GRANTSELECTONRH_TEST.'||TNAME||'TOWD;'
----------------------------------------------------------------
grant select on rh_test.ETL_PATIENT_INDEX to wd;
grant select on rh_test.HOSPITAL_DIC to wd;
grant select on rh_test.HOSPITAL_SUBSYSTEM to wd;
grant select on rh_test.MAIL_RECORD to wd;
grant select on rh_test.MEDICAL_RECORD to wd;
grant select on rh_test.PATIENT_INDEX to wd;
grant select on rh_test.RHIP_SYSCONFIG to wd;
grant select on rh_test.SYSTEMLOGIN to wd;
将上面查出的语句执行一下即可。
|
2、a用户下授权查询单个表给test11用户
1
2
3
4
5
6
7
8
9
10
|
select 'GRANT SELECT ON' || table_name || 'to test11;' from user_tables
得到的结果如下:
GRANT SELECT ON WEBSERVICE_USER to test11
GRANT SELECT ON USERLESS_PATIENT to test11;
再把上面得到的结果逐一执行一遍:
GRANT SELECT ON WEBSERVICE_USER to test11
GRANT SELECT ON USERLESS_PATIENT to test11;
新建的表要想被userA访问,也得执行grant语句:
grant select on 新建的表 to userA;
|
3、授权a用户下授权更新单个表给b用户
grant update on a.tablename to b;
4、授权a用户下授权删除单个表给b用户
grant delete on a.tablename to b;
5、拥有dba权限的用户下授权创建dblink给b用户
grant create database link to b;