[Oracle]分享：我的oracle9i学习笔记（7）

文章作者 100test 发表时间 2007:03:14 13:54:39
来源 100Test.Com百考试题网

######### Managing Privileges #############

grant create table,create session to user_name.

grant create any table to user_name. revoke create any table from user_name.

/*授予权限语法,public 标识所有用户,with admin option允许能将权限授予第三者的权限*/

grant system_privs,[......] to [user/role/public],[....] [with admin option].

0select * from v$pwfile_users.

/*当 O7_dictionary_accessiblity参数为True时，标识0select any table时，包括系统表也能0select ,否则，不包含系统表.缺省为false*/

show parameter O7.

/*由于 O7_dictionary_accessiblity为静态参数，不能动态改变，故加scope=spfile,下次启动时才生效*/

alter system set O7_dictionary_accessiblity=true scope=spfile.

/*授予对象中的某些字段的权限，如0select 某表中的某些字段的权限*/

grant [object_privs(column,....)],[...] on object_name to user/role/public,... with grant option.

/*oracle不允许授予0select某列的权限,但可以授insert ,0update某列的权限*/

grant insert(column_name1,column_name2,...) on table_name to user_name with grant option.

0select * from dba_sys_privs/session_privs/dba_tab_privs/user_tab_privs/dba_col_privs/user_col_privs.

/*db/os/none 审计被记录在 数据库/操作系统/不审计 缺省是none*/

show parameter audit_trail.

/*启动对表的0select动作*/

audit 0select on user.table_name by session.

/*by session在每个session中发出command只记录一次，by access则每个command都记录*/

audit [create table][0select/0update/insert on object by session/access][whenever successful/not successful].

desc dbms_fga.---进一步设计，则可使用dbms_fgs包

/*取消审计*/

noaudit 0select on user.table_name.

/*查被审计信息*/

0select * from all_def_audit_opts/dba_stmt_audit_opts/dba_priv_audit_opts/dba_obj_audit_opts.

/*获取审计记录*/

0select * from dba_audit_trail/dba_audit_exists/dba_audit_object/dba_audit_session/dba_audit_statement.

########### Managing Role #################

create role role_name. grant 0select on table_name to role_name. grant role_name to user_name. set role role_name.

create role role_name.