这是一篇简短的论文,介绍了如何在Oracle中向用户授予“所有权限”,更重要的是,要做到这一点,需要哪些权限。这是我最近在新闻组/邮件列表中发布的帖子。这只是为了提供信息,因为它是有用的,但这里应该强调的一个重要事实是,我无法想象任何情况,也无法想象所有特权何时应该授予任何人。这是完全没有必要的。正确完成工作,找出手头工作所需的确切权限,并授予这些权限。授予所有权限是一种安全风险,因为这意味着拥有这些权限的用户可以在数据库中做任何事情。
记住在任何时候都要使用最低特权原则,并给予所需的权利。不要为了快速完成工作而给予一切。这是示例代码!
Connected to:
Personal Oracle9i Release 9.2.0.1.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.1.0 - Production
SQL>
SQL> sho user
USER is "SYSTEM"
SQL> select * from system_privilege_map
2 where name like '%PRIV%';
PRIVILEGE NAME PROPERTY
---------- ---------------------------------------- ----------
-167 GRANT ANY PRIVILEGE 0
-244 GRANT ANY OBJECT PRIVILEGE 0
SQL>
SQL> -- Create a new user with just create session (to log on) and grant
SQL> -- any privilege to, well grant all privileges.
SQL> create user emil identified by emil;
User created.
SQL> grant create session, grant any privilege to emil;
Grant succeeded.
SQL> -- because we want to test this privilege create a second user to
SQL> -- test it with
SQL> create user zulia identified by zulia;
User created.
SQL> -- connect as emil and grant all privileges to Zulia
SQL> connect emil/emil@sans
Connected.
SQL> grant all privileges to zulia;
Grant succeeded.
SQL> -- connect as system and find out if it worked.
SQL> connect system/manager@sans
Connected.
SQL> select count(*),grantee
2 from dba_sys_privs
3 where grantee in ('MDSYS','EMIL','ZULIA')
4* group by grantee
SQL> /
COUNT(*) GRANTEE
---------- ------------------------------
2 EMIL
139 MDSYS
139 ZULIA
SQL>
我们使用了
MDSYS
作为检查点
多线程系统
具有授予它的所有权限
默认情况下,在Oracle的默认安装中。您需要的特权
因此是
GRANT ANY PRIVILEGE
