当前位置:操作系统 > Unix/Linux >>

[每日一题]OCP1z0-047 :2013-08-02权限―――分配系统权限

[每日一题]OCP1z0-047 :2013-08-02权限―――分配系统权限
 
 
这题是考权限的知识点,权限分为两大类,系统权限和对象权限,这题主要讲系统权限,我们先来了解什么是系统权,什么是对象权限吧。
1、系统权限:允许用户在数据库中执行特定的操作
A、SYSDBA/SYSOPER这两个权限比较特殊

[html] 
gyj@OCM> select * from dba_sys_privs where granteein('SYSDBA','SYSOPER');  
   
no rows selected  

 

 
B、DBA的系统权限是可以查到的
 
[html] 
gyj@OCM> select * from dba_sys_privs where grantee='DBA';  
   
GRANTEE                       PRIVILEGE                               ADM  
---------------------------------------------------------------------- ---  
DBA                            DROP ANY CUBE BUILD PROCESS              YES  
DBA                           CREATE CUBE                             YES  
DBA                           ALTER ANY CUBE DIMENSION                YES  
DBA                           ALTER ANY MINING MODEL                   YES  
 (中间结果省略)  
…………………………..  
202 rows selected.  

 

 
C、普通用户的系统权限
 
[html] 
 gyj@OCM> select * from  dba_sys_privs where grantee='GYJ';  
   
GRANTEE                       PRIVILEGE                               ADM  
------------------------------ -------------------------------------------  
GYJ                           UNLIMITED TABLESPACE                    NO 

 

 
D、 当前会话上的系统权限
 
[html] 
gyj@OCM> select * from session_privs;  
   
PRIVILEGE  
----------------------------------------  
ALTER SYSTEM  
AUDIT SYSTEM  
CREATE SESSION  
ALTER SESSION  
RESTRICTED SESSION  
(中间结果省略)  
……………………………  
202 rows selected.  

 

 
2、对象权限:允许用户访问和操纵特定的对象
   A、查对象权限    

[html] 
gyj@OCM> select *  fromdba_tab_privs where grantee='GYJ';  
   
no rows selected  

 

 
B、查对象上列的权限
 
[html] 
gyj@OCM>select *  from dba_col_privs wheregrantee='GYJ';  
  
o rows selected  

 

 
 为什么没显示对象的权限和对象上列的权限呢,用户GYJ明明有对象的呀:

[html] 
gyj@OCM> show user;  
USER is "GYJ"  
gyj@OCM> select table_name from tabs;  
   
TABLE_NAME  
------------------------------  
T10  

 

 
好,我登录到HR用户下给GYJ用户授对象权限
 
[html] 
sys@OCM> conn hr/hr  
Connected.  
hr@OCM> grant select on employees to gyj;  
   
Grant succeeded.  
   
hr@OCM> grant update (department_id) onemployees to gyj;  
   
Grant succeeded.  

 

 
再次查对象权限就有结果了,这下明白这个意思了吧,好!这个就不多说了。

[html] 
hr@OCM> select *  from dba_tab_privs wheregrantee='GYJ';  
   
GRANTEE                        OWNER                          TABLE_NAME                     GRANTOR                 PRIVILEGE                                 GRA HIE  
------------------------------------------------------------ ------------------------------------------------------------ ---------------------------------------- --- ---  
GYJ                            HR                             EMPLOYEES                      HR                      SELECT                                    NO  NO  
   
hr@OCM> select *  from dba_col_privs where grantee='GYJ';  
   
GRANTEE                        OWNER                          TABLE_NAME                     COLUMN_NAME             GRANTOR                         PRIVILEGE                                GRA  
------------------------------ ------------------------------------------------------------ ------------------------------------------------------------ ---------------------------------------- ---  
GYJ                            HR                             EMPLOYEES                      DEPARTMENT_ID           HR                              UPDATE                                   NO  

 

 
答案A:
GRANT EXECUTE ON  proc1  TO PUBLIC;

 

即grant 权限 on 数据库对象 to 用户是属于对象权限,而不是系统权限,所以答案不符合题意。
 
答案B:在create view后面不能加具体某个对象,没有这样的写法,操作如下直接报错
gyj@OCM> GRANT CREATE VIEW  ON T1TO hr;
GRANT CREATE VIEW  ON T1 TO hr
      *
ERROR at line 1:
ORA-00990: missing or invalid privilege

 

 
分配创建视图的系统权限应该这样写
gyj@OCM> GRANT CREATE VIEW   TOhr;

Grant succeeded.

gyj@OCM> GRANT CREATE ANY VIEW TO HR;

Grant succeeded.

 

 
查整个库关于CREATE VIEW的系统权限,如下:
 
 
答案D:没有ALL这个用户
gyj@OCM> GRANT CREATE SESSION TO ALL;
GRANT CREATE SESSION TO ALL
                        *
ERROR at line 1:
ORA-00987: missing or invalid username(s)

应该具体某个用户,比如给hr用户授予连接的权限
gyj@OCM> GRANT CREATE SESSION TO HR;

Grant succeeded.

 

 
 
正确答案:C
 
总结:这里要搞清楚系统权限和对象权限,系统权限的视图:
dba_sys_privs

 


CopyRight © 2012 站长网 编程知识问答 www.zzzyk.com All Rights Reserved
部份技术文章来自网络,