环境: sys@EMREP select * from v$version;BANNER----------------------------------------------------------------Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - ProdPL/SQL Release 10.2.0.1.0 - ProductionCORE 10.2.0.1.0 Production
环境:
sys@EMREP> select * from v$version; BANNER ---------------------------------------------------------------- Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod PL/SQL Release 10.2.0.1.0 - Production CORE 10.2.0.1.0 Production TNS for Linux: Version 10.2.0.1.0 - Production NLSRTL Version 10.2.0.1.0 - Production
缺省值
sys@EMREP> show parameter o7_ NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ O7_DICTIONARY_ACCESSIBILITY boolean FALSE
参数解释
参数名: o7_DICTIONARY_ACCESSIBILITY
类别 : 安全性和审计
说明 : 主要用于从Oracle7移植到Oracle8i.
如果该值为TRUE,SYSTEM权限(如SELECT ANY TABLE)将不限制对SYS方案中各对象的访问(Oracle7行为)
如果该值为FALSE,只有被授予了SELECT_CATALOG_ROLE,EXECUTE_CATALOG_ROLE
或DELETE_CATALOG_ROLE权限的用户才能访问SYS方案中的各对象
值范围: TRUE | FALSE
位置 : $ORACLE_HOME/dbs/initSID.ora里面设置
两个错误
① ORA-28009
o7_DICTIONARY_ ACCESSIBILITY参数的默认设置为FALSE,所以使用SYS用户连接数据库时必须作为SYSDBA或SYSOPER身份。
如果将o7_DICTIONARY_ACCESSIBILITY参数设置为TRUE,该错误将不会产生
sys@EMREP> conn sys/oracle ERROR: ORA-28009: connection as SYS should be as SYSDBA or SYSOPER sys@EMREP> conn / as sysdba Connected. sys@EMREP> alter system set O7_DICTIONARY_ACCESSIBILITY=true scope=spfile; System altered. sys@EMREP> shutdown immediate Database closed. Database dismounted. ORACLE instance shut down. sys@EMREP> startup ORACLE instance started. Total System Global Area 524288000 bytes Fixed Size 1220384 bytes Variable Size 155189472 bytes Database Buffers 364904448 bytes Redo Buffers 2973696 bytes Database mounted. Database opened. sys@EMREP> conn sys/oracle Connected.
② ORA-00942
当用户没有select any table的时候
sys@EMREP> create user u1 identified by u1; User created. sys@EMREP> grant connect,resource to u1; Grant succeeded. sys@EMREP> conn u1/u1 Connected. u1@EMREP> show parameter dictionary ORA-00942: table or view does not exist sys@EMREP> grant select any table to u1; Grant succeeded. sys@EMREP> conn u1/u1 Connected. u1@EMREP> show parameter dictionary NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ O7_DICTIONARY_ACCESSIBILITY boolean TRUE
相关问题
今天给一个用户select any table的权限,但不想让该用户查询dictionary views;想在init
答:
没影响!这个参数是控制select any table权限使用的,若该参数为 true,则有 select any table 权限的帐号则可查看DBA_ V$等之类的数据字典,否(false),则只能看自己权限内的如:user_, all_之类的字典,但被授予了select_catalog_role 则不受此参数的控制