在oracle 11G之前,无法将单个表设为read only,只能对表空间进行read only操作,11G在这方面做了增强。
在Oracle 11g中,我们可以直接对表的读写权限进行设置:
ALTER TABLE table_name READ ONLY;
ALTER TABLE table_name READ WRITE;
下面做一个测试:
建立一个表,将其设置为read only
SQL> conn l5m/l5m
Connected.
SQL> create table test_ro as select * from dba_users;
Table created.
SQL> alter table test_ro read only;
Table altered.
下面做一些dml及ddl操作
SQL> select table_name,status,read_only from dba_tables where table_name='TEST_RO';
TABLE_NAME STATUS REA
------------------------------ -------- ---
TEST_RO VALID YES
SQL> insert into test_ro select * from dba_users;
insert into test_ro select * from dba_users
*
ERROR at line 1:
ORA-12081: update operation not allowed on table "L5M"."TEST_RO"
SQL> delete from test_ro;
delete from test_ro
*
ERROR at line 1:
ORA-12081: update operation not allowed on table "L5M"."TEST_RO"
SQL> truncate table test_ro;
truncate table test_ro
*
ERROR at line 1:
ORA-12081: update operation not allowed on table "L5M"."TEST_RO"
SQL> alter table test_ro add col1 varchar2(100);
alter table test_ro add col1 varchar2(100)
*
ERROR at line 1:
ORA-12081: update operation not allowed on table "L5M"."TEST_RO"
发现dml操作是不允许的,truncatec以及对表结构的更改也不允许。
那哪些操作是允许的?
SQL> create index i_test_ro on test_ro(username);
Index created.
SQL> drop index i_test_ro;
Index dropped.
SQL> drop table test_ro;
Table dropped.
对表增加和删除索引是允许的,甚至可以将read only的表删除也是允许的,因为drop操作是对其数据字典进行操作,和表本身不相关的。所以drop的权限不要随便赋予给普通用户!