0 建立測試使用者

create user soctt identified by 11;
grant dba to scott;

create user one identified by 11;

1 角色role

-- 查詢所有角色, connect/resource/dba比較常見
select * from dba_roles;	-- 不存在user_roles和all_roles

-- grantee-role: dba
select * from user_role_privs;
select * from dba_role_privs where grantee =
 
 'SCOTT';

-- 此時還沒有role
select * from dba_role_privs where grantee = 'ONE';

2 許可權privilege

• system_privilege和table_privilege

-- [create | alter | drop ..] any [table |view | index | trigger | procedure..]
-- [select | update | detele] and table
select * from system_privilege_map order by
 
 name;	-- 系統許可權共208個

-- create alter select update delete execute ...
select * from table_privilege_map;	-- 物件許可權共26個

-- 角色的系統許可權和物件許可權
select * from role_sys_privileges;
select * from role_tab_privileges;

• 授予、回收系統許可權（user_sys_privs）

-- 下面使用scott管理one的許可權
-- 報錯：user ONE lacks CREATE SESSION privilege; logon denied
 

sqlplus one/22		-- 沒有建立會話的許可權

grant create session to one;	-- sqlplus可登入
revoke create session from one;

-- 報錯：許可權不足
create table t1 ...

grant create table to one;

-- 報錯：對錶空間'SYSTEM'無許可權
create table t1 ...

-- select/update/delete都正常
grant UNLIMITED TABLESPACE to one;	-- create table t1 ...正常

-- 許可權：create session, create table, unlimited tablespace
select * from user_sys_privs;
select * from dba_sys_privs where grantee = 'ONE';

select * from dba_sys_privs where grantee = 'DBA' order by privilege;

• 授予、回收物件許可權（user_tab_privs）

grant select, update on scott.t1 to one;
revoke update from scott.t1 from one;

-- one可在scott.t1執行select/update
select * from scott.t1;		-- one

-- {grantee, owner, table_name, grantor, privilege}
select * from user_tab_privs;	--  scott

-- grantor/grantee分別是授予/被授予許可權的使用者
select * from dba_tab_privs where grantor = 'SCOTT';
select * from all_tab_privs where grantee = 'ONE';

參考：
https://www.cnblogs.com/lichuangblog/p/6892931.html