oracle数据库中除了sys,system具有DBA权限外,其他业务用户一般具有CONNECT,RESOURCE权限就够了,剩下的后期可根据业务需求授予相应权限。
收回数据库中DBA权限的业务用户:
SQL> select * from dba_role_privs where granted_role='DBA'; GRANTEE GRANTED_ROLE ADM DEF ------------------------------ ------------------------------ --- --- SYD DBA NO YES SYS DBA YES YES GOLDENGATE DBA NO YES SYSTEM DBA YES YES SQL> conn syd Enter password: Connected. SQL> select * from user_sys_privs; USERNAME PRIVILEGE ADM ------------------------------ ---------------------------------------- --- SYD UNLIMITED TABLESPACE NO SQL> select * from user_role_privs; USERNAME GRANTED_ROLE ADM DEF OS_ ------------------------------ ------------------------------ --- --- --- SYD DBA NO YES NO SQL> grant connect,resource to syd; Grant succeeded. SQL> select * from user_role_privs; USERNAME GRANTED_ROLE ADM DEF OS_ ------------------------------ ------------------------------ --- --- --- SYD CONNECT NO YES NO SYD DBA NO YES NO SYD RESOURCE NO YES NO SQL> conn GOLDENGATE Enter password: Connected. SQL> select * from user_sys_privs; USERNAME PRIVILEGE ADM ------------------------------ ---------------------------------------- --- GOLDENGATE CREATE ANY DIRECTORY NO GOLDENGATE DROP ANY DIRECTORY NO GOLDENGATE UNLIMITED TABLESPACE NO GOLDENGATE ALTER SESSION NO SQL> select * from user_role_privs; USERNAME GRANTED_ROLE ADM DEF OS_ ------------------------------ ------------------------------ --- --- --- GOLDENGATE CONNECT NO YES NO GOLDENGATE DBA NO YES NO GOLDENGATE GGS_GGSUSER_ROLE NO YES NO GOLDENGATE RESOURCE NO YES NO |
保证用户具有CONNECT ,RESOURCE 权限后,用sys用户登录,收回用户的DBA权限
SQL> conn sys as sysdba Enter password: Connected. SQL> revoke dba from syd; Revoke succeeded. SQL> revoke dba from GOLDENGATE; Revoke succeeded. SQL> select * from dba_role_privs where granted_role='DBA'; GRANTEE GRANTED_ROLE ADM DEF ------------------------------ ------------------------------ --- --- SYS DBA YES YES SYSTEM DBA YES YES |
查看角色对应的权限:
SQL> set line 200 pagesize 200 SQL> select * from role_sys_privs where role='RESOURCE'; ROLE PRIVILEGE ADM ------------------------------ ---------------------------------------- --- RESOURCE CREATE TRIGGER NO RESOURCE CREATE SEQUENCE NO RESOURCE CREATE TYPE NO RESOURCE CREATE PROCEDURE NO RESOURCE CREATE CLUSTER NO RESOURCE CREATE OPERATOR NO RESOURCE CREATE INDEXTYPE NO RESOURCE CREATE TABLE NO 8 rows selected. |
扫描二维码关注公众号,回复:
11881379 查看本文章