实际应用中,会遇到在某个用户下需要查询另一个用户下的表数据或视图的情况,然而在没有授权时,会提示无权限操作的错误。那就需要通过授权处理后,再能进行查询操作,下面我们来看看是怎么处理的。

一、系统权限说明:

1、用户权限

CREATE SESSIOIN --连接到数据库

CREATE TABLE    --在用户的方案中创建表

CREATE SEQUENCE --在用户的方案中创建序列

CREATE VIEW     --在用户的方案中创视图

CREATE PROCEDURE  --在用户的方案中创建存储过程,函数或包

1.1、例子:授予系统权限

DBA能够授予用户指定的系统权限

GRANT create session,create table,create sequence,create view TO scott;

二、创建用户只用于查询其它用户库的表和视图

1、创建用户

登录后复制

create user 用户名 identified by 密码;
grant connectselect any table to 用户名;
这样创建的用户就可以连接数据库和只有对任何表有查询权限了

grant connect to 用户名  --只有连接权限

2、授权查询表与视图权限

2.1、a用户下授权查询所有表给b用户(a用户登录执行下面语句)

登录后复制

select 'grant select on a.' || tname || ' to b;' from tab;
'GRANTSELECTONA.'||TNAME||'TOB;'
------------------------------------------------------
grant select on a.VOTE_NUM to b;
grant select on a.TMP_MSG to b;
grant select on a.VOTE_IP to b;
grant select on a.QUESTION to b;
grant select on a.QUESTION_COUNT to b;
grant select on a.RECORD_DICT to b;
grant select on a.BM_COLUMN to b;
grant select on a.BM_COLUMN_CLASSIFY_REL to b;
grant select on a.BM_INFO_CLASSIFY to b;
grant select on a.BM_MODULE to b;
grant select on a.BM_MODULE_AUTH to b;

或者:

select 'grant select on '||table_name||' to b;'  from user_tables;

'GRANTSELECTON'||TABLE_NAME||'TOB;'
----------------------------------------------------
grant select on VOTE_NUM to b;
grant select on TMP_MSG to b;
grant select on VOTE_IP to b;
grant select on QUESTION to b;
grant select on QUESTION_COUNT to b;
grant select on RECORD_DICT to b;
grant select on BM_COLUMN to b;
grant select on BM_COLUMN_CLASSIFY_REL to b;

说明:在a用户下执行该语句,执行后会生成对所有表的赋权限语句,拷贝出来执行就可以了。
例如:

SQL> conn scott/tiger;
SQL> select 'GRANT SELECT ON' || table_name || 'to userA;'  from user_tables

得到的结果如下

grant select on emp to userA;
grant select on dept to userA;
grant select on bonus to userA;
grant select on loc to userA;

再把上面得到的结果逐一执行一遍:

SQL> grant select on emp to userA;
SQL> grant select on dept to userA;
SQL> grant select on bonus to userA;
SQL> grant select on loc to userA;

这种方法的缺点是要执行比较多的语句,如果有100个表,就得执行100个grant语句;
另外scott新建的表不在被授权的范围内,新建的表要想被userA访问,也得执行grant语句:

grant select on 新建的表 to userA;

2.2、a用户下授权查询单个表给b用户

登录后复制

grant select on a.tablename to b;

2.3、a用户下授权查询所有序列给b用户

登录后复制

select 'grant select on ' || sequence_name || ' to b;' from dba_sequences where sequence_owner='A';

2.4、–Oracle查询用户视图

登录后复制

select * from user_views;

2.5、a用户下授权查询视图给test11用户

登录后复制

select 'grant select on a.' || view_name || ' to test11;' from user_views;

视图查询如下:

'GRANTSELECTON'||VIEW_NAME||'TOTEST11;'
---------------------------------------------------------
grant select on CONFIRM_RESERVATION_VIEW to test11;
grant select on DEPARTMENT_RESERVATION_VIEW to test11;
grant select on DEPART_CANCEL_RESERVATION_VIEW to test11;
grant select on DOCTOR_CANCEL_RESERVATION_VIEW to test11;
grant select on DOCTOR_RESERVATION_VIEW to test11;
grant select on GRPSS to test11;
grant select on HOSPITAL_ALL_SCHEDULE_VIEW to test11;
grant select on HOSPITAL_DEPARTMENT_VIEW to test11;
grant select on HOSPITAL_DEP_SCHEDULE_VIEW to test11;
grant select on HOSPITAL_DOCTOR_VIEW to test11;
grant select on HOSPITAL_DOC_SCHEDULE_VIEW to test11;

'GRANTSELECTON'||VIEW_NAME||'TOTEST11;'
---------------------------------------------------------
grant select on PATIENT_COUNT_RESERVATION_VIEW to test11;
grant select on PATIENT_RESERVATION_VIEW to test11;
grant select on PATIENT_RESERVATION_VIEW2 to test11;
grant select on PATIENT_RES_VIEW to test11;
grant select on PRVIEW to test11;
grant select on RES_VIEW to test11;
grant select on SS to test11;

备注:授权更新、删除的 语法和授权查询类似,只是关键字不同而已。

三、撤消权限

1、授权a用户下取消给b用户删除单个表的权限

revoke delete on a.tablename from b;

2、授权a用户下取消给b用户更新单个表的权限

revoke update on a.tablename from b;

3、拥有dba权限的用户下取消给b用户创建dblink的权限

revoke create database link from b;

4、拥有dba权限的用户下取消给tes11用户查询任何表的权限

revoke select any table from test11;

四、示例:

1、在rh_test用户下授权查询所有表给wd用户

登录后复制

select 'grant select on rhip_test.' || tname || ' to wd;' from tab;

'GRANTSELECTONRH_TEST.'||TNAME||'TOWD;'
----------------------------------------------------------------
grant select on rh_test.BIZ_CODE_REL to wd;
grant select on rh_test.BIZ_RMIM_DIC to wd;
grant select on rh_test.BIZ_RMIM_VERSION to wd;
grant select on rh_test.BIZ_RMIM_VERSION_DETAIL to wd;
grant select on rh_test.BIZ_RMIM_VERSION_SUBDETAIL to wd;
grant select on rh_test.BIZ_SYSTEM_LOGIN to wd;
grant select on rh_test.BIZ_TREE_PATH to wd;
grant select on rh_test.CLINIC_TRANSFER to wd;
grant select on rh_test.CODE_SYSTEM_DIC to wd;

'GRANTSELECTONRH_TEST.'||TNAME||'TOWD;'
----------------------------------------------------------------
grant select on rh_test.ETL_PATIENT_INDEX to wd;
grant select on rh_test.HOSPITAL_DIC to wd;
grant select on rh_test.HOSPITAL_SUBSYSTEM to wd;
grant select on rh_test.MAIL_RECORD to wd;
grant select on rh_test.MEDICAL_RECORD to wd;
grant select on rh_test.PATIENT_INDEX to wd;
grant select on rh_test.RHIP_SYSCONFIG to wd;
grant select on rh_test.SYSTEMLOGIN to wd;

将上面查出的语句执行一下即可。

2、a用户下授权查询单个表给test11用户

登录后复制

select 'GRANT SELECT ON' || table_name || 'to test11;'  from user_tables

得到的结果如下:

GRANT SELECT ON WEBSERVICE_USER to test11
GRANT SELECT ON USERLESS_PATIENT to test11;

再把上面得到的结果逐一执行一遍:

GRANT SELECT ON WEBSERVICE_USER to test11
GRANT SELECT ON USERLESS_PATIENT to test11;

新建的表要想被userA访问,也得执行grant语句:

grant select on 新建的表 to userA;

3、授权a用户下授权更新单个表给b用户

grant update on a.tablename to b;

4、授权a用户下授权删除单个表给b用户

grant delete on a.tablename to b;

5、拥有dba权限的用户下授权创建dblink给b用户

grant create database link to b;
# oracle
Logo
华为云开发者联盟

为开发者提供学习成长、分享交流、生态实践、资源工具等服务,帮助开发者快速成长。

更多推荐

cover

华为云Stack8.3面向香港正式发布,六大亮点激发云上跃迁

avatar 华为云开发者联盟
cover

6个实例带你解读TinyVue 组件库跨框架技术

avatar 华为云开发者联盟
cover

GaussDB SQL查询语句执行过程解析

avatar 华为云开发者联盟