ORACLE授權用戶查詢另一個用戶下的表與視圖
一、系統權限說明:
1、用戶權限
CREATE SESSIOIN 連接到數據庫
CREATE TABLE 在用戶的方案中創建表
CREATE SEQUENCE 在用戶的方案中創建序列
CREATE VIEW 在用戶的方案中創視圖
CREATE PROCEDURE在用戶的方案中創建存儲過程,函數或包
1.1、例子:授予系統權限
DBA能夠授予用戶指定的系統權限
GRANT create session,create table,
create sequence,create view
TO scott;
二、創建用戶只用於查詢其它用戶庫的表和視圖
1、創建用戶
create user 用戶名 identified by 密碼; grant connect,select any table to 用戶名; 這樣創建的用戶就可以連接數據庫和只有對任何表有查詢權限了 grant connect to 用戶名 //只有連接權限
2、授權查詢表與視圖權限
2.1、a用戶下授權查詢所有表給b用戶(a用戶登錄執行下面語句)
select 'grant select on a.' || tname || ' to b;' from tab; 'GRANTSELECTONA.'||TNAME||'TOB;' ------------------------------------------------------ grant select on a.VOTE_NUM to b; grant select on a.TMP_MSG to b; grant select on a.VOTE_IP to b; grant select on a.QUESTION to b; grant select on a.QUESTION_COUNT to b; grant select on a.RECORD_DICT to b; grant select on a.BM_COLUMN to b; grant select on a.BM_COLUMN_CLASSIFY_REL to b; grant select on a.BM_INFO_CLASSIFY to b; grant select on a.BM_MODULE to b; grant select on a.BM_MODULE_AUTH to b; 或 select 'grant select on '||table_name||' to b;' from user_tables; 'GRANTSELECTON'||TABLE_NAME||'TOB;' ---------------------------------------------------- grant select on VOTE_NUM to b; grant select on TMP_MSG to b; grant select on VOTE_IP to b; grant select on QUESTION to b; grant select on QUESTION_COUNT to b; grant select on RECORD_DICT to b; grant select on BM_COLUMN to b; grant select on BM_COLUMN_CLASSIFY_REL to b; 說明:在a用戶下執行該語句,執行後會生成對所有表的賦權限語句,拷貝出來執行就可以了。
2.2、a用戶下授權查詢單個表給b用戶
grant select on a.tablename to b;
2.3、a用戶下授權查詢所有序列給b用戶
select 'grant select on ' || sequence_name || ' to b;' from dba_sequences where sequence_owner='A';
2.4、--Oracle查詢用戶視圖
select * from user_views;
2.5、a用戶下授權查詢視圖給test11用戶
select 'grant select on a.' || view_name || ' to test11;' from user_views; 視圖查詢如下: 'GRANTSELECTON'||VIEW_NAME||'TOTEST11;' --------------------------------------------------------- grant select on CONFIRM_RESERVATION_VIEW to test11; grant select on DEPARTMENT_RESERVATION_VIEW to test11; grant select on DEPART_CANCEL_RESERVATION_VIEW to test11; grant select on DOCTOR_CANCEL_RESERVATION_VIEW to test11; grant select on DOCTOR_RESERVATION_VIEW to test11; grant select on GRPSS to test11; grant select on HOSPITAL_ALL_SCHEDULE_VIEW to test11; grant select on HOSPITAL_DEPARTMENT_VIEW to test11; grant select on HOSPITAL_DEP_SCHEDULE_VIEW to test11; grant select on HOSPITAL_DOCTOR_VIEW to test11; grant select on HOSPITAL_DOC_SCHEDULE_VIEW to test11; 'GRANTSELECTON'||VIEW_NAME||'TOTEST11;' --------------------------------------------------------- grant select on PATIENT_COUNT_RESERVATION_VIEW to test11; grant select on PATIENT_RESERVATION_VIEW to test11; grant select on PATIENT_RESERVATION_VIEW2 to test11; grant select on PATIENT_RES_VIEW to test11; grant select on PRVIEW to test11; grant select on RES_VIEW to test11; grant select on SS to test11;
備註:授權更新、刪除的 語法和授權查詢類似,只是關鍵字不同而已。
三、撤消權限
1、授權a用戶下取消給b用戶刪除單個表的權限
revoke delete on a.tablename from b;
2、授權a用戶下取消給b用戶更新單個表的權限
revoke update on a.tablename from b;
3、擁有dba權限的用戶下取消給b用戶創建dblink的權限
revoke create database link from b;
4、擁有dba權限的用戶下取消給tes11用戶查詢任何表的權限
revoke select any table from test11;
四、事例:
1、在rh_test用戶下授權查詢所有表給wd用戶
select 'grant select on rhip_test.' || tname || ' to wd;' from tab; 'GRANTSELECTONRH_TEST.'||TNAME||'TOWD;' ---------------------------------------------------------------- grant select on rh_test.BIZ_CODE_REL to wd; grant select on rh_test.BIZ_RMIM_DIC to wd; grant select on rh_test.BIZ_RMIM_VERSION to wd; grant select on rh_test.BIZ_RMIM_VERSION_DETAIL to wd; grant select on rh_test.BIZ_RMIM_VERSION_SUBDETAIL to wd; grant select on rh_test.BIZ_SYSTEM_LOGIN to wd; grant select on rh_test.BIZ_TREE_PATH to wd; grant select on rh_test.CLINIC_TRANSFER to wd; grant select on rh_test.CODE_SYSTEM_DIC to wd; 'GRANTSELECTONRH_TEST.'||TNAME||'TOWD;' ---------------------------------------------------------------- grant select on rh_test.ETL_PATIENT_INDEX to wd; grant select on rh_test.HOSPITAL_DIC to wd; grant select on rh_test.HOSPITAL_SUBSYSTEM to wd; grant select on rh_test.MAIL_RECORD to wd; grant select on rh_test.MEDICAL_RECORD to wd; grant select on rh_test.PATIENT_INDEX to wd; grant select on rh_test.RHIP_SYSCONFIG to wd; grant select on rh_test.SYSTEMLOGIN to wd; 將上面查出的語句執行一下即可。
2、a用戶下授權查詢單個表給test11用戶
select 'GRANT SELECT ON' || table_name || 'to test11;' from user_tables 得到的結果如下: GRANT SELECT ON WEBSERVICE_USER to test11 GRANT SELECT ON USERLESS_PATIENT to test11; 再把上面得到的結果逐一執行一遍: GRANT SELECT ON WEBSERVICE_USER to test11 GRANT SELECT ON USERLESS_PATIENT to test11; 新建的表要想被userA訪問,也得執行grant語句: grant select on 新建的表 to userA;
3、授權a用戶下授權更新單個表給b用戶
grant update on a.tablename to b;
4、授權a用戶下授權刪除單個表給b用戶
grant delete on a.tablename to b;
5、擁有dba權限的用戶下授權創建dblink給b用戶
grant create database link to b;
ORACLE授權用戶查詢另一個用戶下的表與視圖