核心sql
查看用户有哪些系统特权
select * from session_privs;
授予connect,resource角色
grant connect,resource to test4;
收回权限
revoke unlimited tablespace from test4;
配额限制
alter user test4 quota 5m on users;
关于配额的几条简单命令,可以参照:
https://blog.csdn.net/weixin_42161670/article/details/102651036
实际操作
//创建用户test4
sys@ORCL>create user test4 identified by test4;
User created.
//连接用户test4,报错
sys@ORCL>conn test4/test4;
ERROR:
ORA-01045: user TEST4 lacks CREATE SESSION privilege; logon denied
Warning: You are no longer connected to ORACLE.
//授权test4予以create session权限
sys@ORCL>grant create session to test4;
Grant succeeded.
//连接用户test4,可以连接了
scott@ORCL>conn test4/test4;
Connected.
test4@ORCL>
test4@ORCL>
test4@ORCL>
//查看用户test4具有哪些系统权限
test4@ORCL>select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
//用户test4创建表,报错说没有权限
test4@ORCL>create table t1(id number(10));
create table t1(id number(10))
*
ERROR at line 1:
ORA-01031: insufficient privileges
//授权test4予以create table权限
sys@ORCL>grant create table to test4;
Grant succeeded.
//这下终于可以建表了
test4@ORCL>create table t1(id number(10));
Table created.
//这下再查看用户test4具有哪些系统权限,多了一个create table权限
test4@ORCL>select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE TABLE
//授权test4予以connect,resource角色
sys@ORCL>grant connect,resource to test4;
Grant succeeded.
//这下再查看用户test4具有哪些系统权限,明显多了很多,这些是赋予了connect,resource之后获得的系统权限
//UNLIMITED TABLESPACE表示对表空间的使用是无配额限制,对于一个普通用户来说,赋予此权限是很危险的,所以我们打算将此权限收回,并赋予一个有配额限制的权限
test4@ORCL>select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
UNLIMITED TABLESPACE
CREATE TABLE
CREATE CLUSTER
CREATE SEQUENCE
CREATE PROCEDURE
CREATE TRIGGER
CREATE TYPE
CREATE OPERATOR
CREATE INDEXTYPE
10 rows selected.
//收回UNLIMITED TABLESPACE权限(注:revoke只对该角色里的UNLIMITED TABLESPACE有效,对其他权限无效)
sys@ORCL>revoke unlimited tablespace from test4;
Revoke succeeded.
//UNLIMITED TABLESPACE权限被回收了
test4@ORCL>select * from session_privs;
PRIVILEGE
----------------------------------------
CREATE SESSION
CREATE TABLE
CREATE CLUSTER
CREATE SEQUENCE
CREATE PROCEDURE
CREATE TRIGGER
CREATE TYPE
CREATE OPERATOR
CREATE INDEXTYPE
9 rows selected.
//赋予test4有配额限制的权限,使得该用户可以使用users表空间,但配额限制是5m
sys@ORCL>alter user test4 quota 5m on users;
User altered.