---------- user.txt ----------
/*
范例名称:user的使用
文件名称:user.txt
*/
--以如在linux下,以oracle用户登录。启动SVRMGRL
SVRMGRL
CONNECT system/manager
startup;
CREATE USER peter
IDENTIFIED BY peter
DEFAULT TABLESPACE users
TEMPORARY TABLESPACE temp
QUOTA 15m ON users
;
--ok
DESC DBA_USERS;
--察看user
SELECT USERNAME,DEFAULT_TABLESPACE,
TEMPORARY_TABLESPACE,ACCOUNT_STATUS
FROM DBA_USERS
WHERE USERNAME='PETER';
--在一个sqlplus中登录,检查peter用户是否可以登录。
connect
peter/peter
ERROR:
ORA-01045: user PETER lacks CREATE SESSION privilege; logon denied
--用户无法登录,因为没有CREATE SESSION privilege
--赋权
connect system/manager;
grant create session to peter;
grant create table to peter;
connect peter/peter
select sysdate from dual;
--使用 peter建立表。理解user的DEFAULT TABLESPACE,quota
--drop table tab_peter;
create table tab_peter(
name varchar2(10),
telno varchar2(8));
--ORA-01031: insufficient privileges
connect system/manager;
GRANT create table to peter;
insert into tab_peter values('John','800180');
--看看tab_peter在哪个tablespace?
select tablespace_name,
table_name from user_tables
where table_name='TAB_PETER';
--user_tables一个新的dd,存放表的完整信息。
--正好是peter 的default tablespace:users
--drop table tab_peter;
--更改user
ALTER USER peter QUOTA 0m ON users;
--再次建立表
create table tab_peter2(
name varchar2(10),
telno varchar2(8));
--ORA-01536: space quota exceeded for tablespace 'USERS'
--出入数据,可以
insert into tab_peter values('Jack','10001');
---------- userlock.txt ----------
/*
范例名称:user的lock,drop
文件名称:userlock.txt
*/
--下一次登录,立刻更改password
connect
system/manager
alter user peter password expire
connect
peter/peter
--输入新password
--打开另一个sqlplus,以peter/peter登录,再以新password登录
--user lock.以system/manager登录。
alter user scott account lock;
--打开另一个sqlplus,
conncet scott/tiger;
--登录成功吗?
--返回第一个sqlplus
alter user scott account unlock;
--返回第二个sqlplus,
conncet scott/tiger;
--登录成功吗?
--drop user
drop user peter;
--当peter的schema有对象时,必须用cascade
--drop user peter cascade;
--在一个sqlplus(1)中以peter登录,在另一个sqlplus(2)中system登录
drop user peter cascade;
--ORA-01940: cannot drop a user that is currently connected
--sqlplus(1)
disconnect;
--sqlplus(2)
drop user peter cascade;
---------- grant_public.txt ----------
/*
范例名称:系统权限
文件名称:grant_public.txt
*/
--如删除了peter,重建peter用户
CREATE USER peter2
IDENTIFIED BY peter2
DEFAULT TABLESPACE users
TEMPORARY TABLESPACE temp
QUOTA 15m ON users
;
--使peter可以登录数据库
grant create session to peter;
grant create session to public;
Grant create table to public;
alter user peter quota 30m on users;
--以system登录sqlplus(2)
connect
system/manager
--从public中revoke权限
revoke create table from peter;
--回到以sqlplus(1)
--Peter还能建立表吗?
--以system登录sqlplus(2)
connect
system/manager
--从public中revoke权限
revoke create table from public;
--回到以sqlplus(1)
--Peter还能建立表吗?
create table tab_peter2(
name varchar2(10),
telno varchar2(8));
--察看peter的权限
select * from user_sys_privs;
--回到以sqlplus(2)
grant create table to public;
grant create table to peter;
--回到以sqlplus(1),测试peter的权限
create table tab_peter2(
name varchar2(10),
telno varchar2(8));
insert into tab_peter2 values('li','123');
--不能一次revoke所用权限
revoke all privileges from public;
--ERROR at line 1:
--ORA-01952: system privileges not granted to 'PUBLIC'
--with ADMIN OPTION----------------权限迭带的控制---------------------------
--以SYSTEM登录sqlplus(1),
GRANT CREATE TABLE TO peter WITH ADMIN OPTION;
--建立peter2
CREATE USER peter2
IDENTIFIED BY peter2
DEFAULT TABLESPACE users
TEMPORARY TABLESPACE temp
QUOTA 15m ON users
;
--以peter2登录sqlplus(2),看他能否建表
create table tab_peter2(
name varchar2(10),
telno varchar2(8));
--以peter登录sqlplus(1):此时PETER已具有将权限给别人的能力。
grant create table to peter2;
--grant create table to public;
--或
--回到sqlplus(2),看peter2能否建表
create table tab_peter2(
name varchar2(10),
telno varchar2(8));
/*理解用户的系统权限,在收回时不具有迭代性,
即使权限是通过with ADMIN OPTION 获得的*/
--SYSTEM: GRANT CREATE TABLE TO PETER WITH ADMIN OPTIN
--PETRE: GRANT CREATE TABLE TO PETER2
--PETRE 建立一个表:tab_peter2
--PETER1建立一个表:tab_peter2
--SYSTEM 从PETER收回权限
revoke create table from peter;
--peter 还能建立表吗?peter 还能访问以建立的表吗?
--peter2还能建立表吗?peter2 还能访问以建立的表吗?
connect
peter/peter
select * from tab_peter2;
create table tab_peter3(
name varchar2(10),
telno varchar2(8));
connect
peter2/peter2
select * from tab_peter2;
create table tab_peter3(
name varchar2(10),
telno varchar2(8));
--connect system/manager
--revoke create table from peter2;
----------------------------对象权限----------------------------------
---------- object_privs.txt ----------
/*
范例名称:对对象进行授权和对权限的控制
文件名称:object_privs.txt
*/
/*本练习是为了实践对对象进行授权和对权限的控制*/
sqlplus system/manager --登陆数据库system用户
sql>
drop user peter1 cascade; --删除用户
drop user peter2 cascade;
drop user peter3 cascade;
--peter1
create user peter1 identified by peter1; --创建用户
grant connect to peter1; --对用户进行授权connect,resouce在后面讲解
grant resource to peter1;
--peter2
create user peter2 identified by peter2;
grant connect to peter2;
grant resource to peter2;
--peter3
create user peter3 identified by peter3;
grant connect to peter3;
grant resource to peter3;
--Grant之后,被赋予权限的用户如何引用对象呢?
sql>connect peter1/peter1 --登陆到数据库peter1用户
create table test1 --创建表
(
name varchar2(100)
);
sql>connect peter2/peter2
--select * from test1; 结果会怎么样?
sql>connect peter1/peter1
grant select on test1 to peter2;
--把peter1中的表test1的select权限授权给peter2]
--可以用user_tab_privs查询用户的对象权限
select * from user_tab_privs;
sql>connect peter2/peter2
--select * from test1; 结果会怎么样?
select * from peter1.test1;
-- with grant option的使用
sql>connect peter1/peter1
grant select on test1 to peter2
with grant option;
--把peter1中的表test1的select权限授权给peter2,并且peter2具有再授权的能力
sql>connect peter2/peter2
grant select on peter1.test1 to peter3;
--peter2把peter1中的表test1的select权限授权给peter3
--以connect peter3/peter3,测试peter3的
--select * from peter1.test1;
--revoke:peter1能从直接peter3中收回权限吗?
sql>connect peter1/peter1
--revoke select on test1 from peter3; --结果是怎样?peter1能从直接peter3中收回权限吗?
revoke select on test1 from peter2;
sql>connect peter3/peter3
--select * from peter1.test1; 结果是怎样?
--测试procedure的执行权限-------------------------------------------
sql>connect peter1/peter1
--创建procedure
create or replace procedure test1_inst(i_name varchar2) is
begin
insert into test1(name) values(i_name);
commit;
end;
/
grant execute on test1_inst to peter2; --把对test1_inst的执行权限授权给peter2
sql>connect peter2/peter2
exec peter1.test1_inst('Your name'); --通过授权的procedure往peter1.test1表insert 数据
--直接往peter1.test1表insert 数据结果是怎样?
--insert into peter1.test1(name) values('your name');
sql>connect peter1/peter1
select * from test1; --检查结果
