Oracle系统权限基础是建立在三个维度层面上,即系统权限(System Privilege)、对象权限(Object Privilege)和角色权限(Role P
Oracle系统权限基础是建立在三个维度层面上,即系统权限(System Privilege)、对象权限(Object Privilege)和角色权限(Role Privilege)。系统权限定义了用户可以执行的某些行为操作;对象权限定义了用户在某个系统对象(如数据表、视图等)的操作权限;角色权限更像是一个容器对象,可以将一组系统权限、对象权限甚至其他角色权限容纳到其中。
三个维度权限在三个层面上构建了Oracle权限体系框架。传统应用系统的一种配置方式是在数据库层面建立用户,,配置相关权限进行操作。这样的系统还可以在一些旧应用系统或者国外业务系统中看到。随着Web应用的广泛使用,Oracle权限体系需求的复杂性其实是在不断降低的。Web应用通常只需要连接一个Schema用户名即可,用户体系是在应用层面加以实现。
最近笔者遇到一个关于角色Role的问题,最后发现是一个Default Role这个经常被忽视的设置出现问题。本文主要系统介绍一下这个特点功能。
1、环境介绍
Oracle的权限体系在过去的版本中都在不断地发展丰富,笔者讨论基于Oracle 11g,具体版本号为11.2.0.4。
SQL> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 – Production
建立一个全新的用户。
SQL> create user test identified by test;
User created
2、Default Role概论
和系统权限、对象权限相比,角色权限是比较特殊的一种权限类型。它更像是一种组合容器,可以将其他权限以组Group的方式进行组织。一般来说,角色权限Role Privilege最常用的场景是简化管理难度,实现标准化配置管理。另一个角色权限的特点是动态赋予。系统权限和对象权限一旦赋予,用户只要登录就直接获得。而对象权限在这个问题上是可以选择的。
首先我们进行默认设置,对用户test进行一系列角色赋予动作。
SQL> grant connect, resource to test;
Grant succeeded
SQL> grant sicspccgrole to test;
Grant succeeded
SQL> grant sicspctbcgrole to test;
Grant succeeded
SQL> grant sicspctrrole to test;
Grant succeeded
通过视图db_role_privs,可以查看到角色与授予关系。
SQL> select * from dba_role_privs where GRANTEE='TEST';
GRANTEE GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE
------------------------------ ------------------------------ ------------ ------------
TEST RESOURCE NO YES
TEST SICSPCCGROLE NO YES
TEST SICSPCTBTRROLE NO YES
TEST CONNECT NO YES
TEST SICSPCTBCGROLE NO YES
TEST SICSPCTRROLE NO YES
6 rows selected
重点关注default_role列,对应test的几个权限,都被授予为default_role。换而言之,一个用户被赋予角色之后,直接就是默认角色即default role。
3、相关权限变化
如果角色对象底层权限发生变化,已经授权对象有什么影响呢?
SQL> create role testrole ;
Role created
SQL> grant select on sics.cnu_environment to testrole;
Grant succeeded
SQL> grant testrole to test;
Grant succeeded
此时新角色testrole被授予为default role。
SQL> select * from dba_role_privs where GRANTEE='TEST';
GRANTEE GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE
------------------------------ ------------------------------ ------------ ------------
TEST RESOURCE NO YES
TEST SICSPCCGROLE NO YES
BLOB Data Type in MySQL: A Detailed Overview for DevelopersMay 07, 2025 pm 05:41 PMBlobdatatypesinmysqlareusedforvoringLargebinarydatalikeImagesoraudio.1) Useblobtypes (tinyblobtolongblob) Basedondatasizeneeds. 2) Storeblobsin Perplate Petooptimize Performance.3) ConsidersxterNal Storage Forel Blob Romana DatabasesizerIndimprovebackupupe
How to Add Users to MySQL from the Command LineMay 07, 2025 pm 05:01 PMToadduserstoMySQLfromthecommandline,loginasroot,thenuseCREATEUSER'username'@'host'IDENTIFIEDBY'password';tocreateanewuser.GrantpermissionswithGRANTALLPRIVILEGESONdatabase.*TO'username'@'host';anduseFLUSHPRIVILEGES;toapplychanges.Alwaysusestrongpasswo
What Are the Different String Data Types in MySQL? A Detailed OverviewMay 07, 2025 pm 03:33 PMMySQLofferseightstringdatatypes:CHAR,VARCHAR,BINARY,VARBINARY,BLOB,TEXT,ENUM,andSET.1)CHARisfixed-length,idealforconsistentdatalikecountrycodes.2)VARCHARisvariable-length,efficientforvaryingdatalikenames.3)BINARYandVARBINARYstorebinarydata,similartoC
The Ultimate Guide to Adding Users in MySQLMay 07, 2025 pm 03:29 PMToaddauserinMySQL,usetheCREATEUSERstatement.1)UseCREATEUSER'newuser'@'localhost'IDENTIFIEDBY'password';tocreateauser.2)Enforcestrongpasswordpolicieswithvalidate_passwordpluginsettings.3)GrantspecificprivilegesusingGRANTstatement.4)Forremoteaccess,use
What are stored procedures in MySQL?May 01, 2025 am 12:27 AMStored procedures are precompiled SQL statements in MySQL for improving performance and simplifying complex operations. 1. Improve performance: After the first compilation, subsequent calls do not need to be recompiled. 2. Improve security: Restrict data table access through permission control. 3. Simplify complex operations: combine multiple SQL statements to simplify application layer logic.
How does query caching work in MySQL?May 01, 2025 am 12:26 AMThe working principle of MySQL query cache is to store the results of SELECT query, and when the same query is executed again, the cached results are directly returned. 1) Query cache improves database reading performance and finds cached results through hash values. 2) Simple configuration, set query_cache_type and query_cache_size in MySQL configuration file. 3) Use the SQL_NO_CACHE keyword to disable the cache of specific queries. 4) In high-frequency update environments, query cache may cause performance bottlenecks and needs to be optimized for use through monitoring and adjustment of parameters.
What are the advantages of using MySQL over other relational databases?May 01, 2025 am 12:18 AMThe reasons why MySQL is widely used in various projects include: 1. High performance and scalability, supporting multiple storage engines; 2. Easy to use and maintain, simple configuration and rich tools; 3. Rich ecosystem, attracting a large number of community and third-party tool support; 4. Cross-platform support, suitable for multiple operating systems.
How do you handle database upgrades in MySQL?Apr 30, 2025 am 12:28 AMThe steps for upgrading MySQL database include: 1. Backup the database, 2. Stop the current MySQL service, 3. Install the new version of MySQL, 4. Start the new version of MySQL service, 5. Recover the database. Compatibility issues are required during the upgrade process, and advanced tools such as PerconaToolkit can be used for testing and optimization.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Zend Studio 13.0.1
Powerful PHP integrated development environment
Notepad++7.3.1
Easy-to-use and free code editor
Dreamweaver Mac version
Visual web development tools
WebStorm Mac version
Useful JavaScript development tools
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
