如何列出用户收到的所有赠款?
我需要查看Oracle数据库上的所有授权。
我用TOADfunction来比较模式,但它不显示可临时授权等,所以这是我的问题:
我如何列出Oracle数据库的所有资助?
如果您不仅需要直接授予表(例如,通过angular色授予权限,系统权限(如select任何表等)),还有一些额外的查询:
系统权限为用户:
SELECT PRIVILEGE FROM sys.dba_sys_privs WHERE grantee = <theUser> UNION SELECT PRIVILEGE FROM dba_role_privs rp JOIN role_sys_privs rsp ON (rp.granted_role = rsp.role) WHERE rp.grantee = <theUser> ORDER BY 1;
直接授予表/视图:
SELECT owner, table_name, select_priv, insert_priv, delete_priv, update_priv, references_priv, alter_priv, index_priv FROM table_privileges WHERE grantee = <theUser> ORDER BY owner, table_name;
间接拨款给表/视图:
SELECT DISTINCT owner, table_name, PRIVILEGE FROM dba_role_privs rp JOIN role_tab_privs rtp ON (rp.granted_role = rtp.role) WHERE rp.grantee = <theUser> ORDER BY owner, table_name;
假设您想要列出特定用户收到的所有对象的授权:
select * from all_tab_privs_recd where grantee = 'your user'
这不会返回用户拥有的对象。 如果您需要这些,请使用all_tab_privs
视图。
抱歉的家伙,但从all_tab_privs_recdselect哪里grantee ='你的用户'将不会提供任何输出,除了公共补助金和当前用户授予,如果你从一个不同的(让我们说,SYS)用户运行select。 正如文件所述,
ALL_TAB_PRIVS_RECD描述了以下types的授权:
Object grants for which the current user is the grantee Object grants for which an enabled role or PUBLIC is the grantee
因此,如果您是DBA,并且想要列出特定(不是SYS本身)用户的所有对象授权,则不能使用该系统视图。
在这种情况下,您必须执行更复杂的查询。 以下是从TOAD获取(追踪)的select所有对象特许用户的对象:
select tpm.name privilege, decode(mod(oa.option$,2), 1, 'YES', 'NO') grantable, ue.name grantee, ur.name grantor, u.name owner, decode(o.TYPE#, 0, 'NEXT OBJECT', 1, 'INDEX', 2, 'TABLE', 3, 'CLUSTER', 4, 'VIEW', 5, 'SYNONYM', 6, 'SEQUENCE', 7, 'PROCEDURE', 8, 'FUNCTION', 9, 'PACKAGE', 11, 'PACKAGE BODY', 12, 'TRIGGER', 13, 'TYPE', 14, 'TYPE BODY', 19, 'TABLE PARTITION', 20, 'INDEX PARTITION', 21, 'LOB', 22, 'LIBRARY', 23, 'DIRECTORY', 24, 'QUEUE', 28, 'JAVA SOURCE', 29, 'JAVA CLASS', 30, 'JAVA RESOURCE', 32, 'INDEXTYPE', 33, 'OPERATOR', 34, 'TABLE SUBPARTITION', 35, 'INDEX SUBPARTITION', 40, 'LOB PARTITION', 41, 'LOB SUBPARTITION', 42, 'MATERIALIZED VIEW', 43, 'DIMENSION', 44, 'CONTEXT', 46, 'RULE SET', 47, 'RESOURCE PLAN', 66, 'JOB', 67, 'PROGRAM', 74, 'SCHEDULE', 48, 'CONSUMER GROUP', 51, 'SUBSCRIPTION', 52, 'LOCATION', 55, 'XML SCHEMA', 56, 'JAVA DATA', 57, 'EDITION', 59, 'RULE', 62, 'EVALUATION CONTEXT', 'UNDEFINED') object_type, o.name object_name, '' column_name from sys.objauth$ oa, sys.obj$ o, sys.user$ u, sys.user$ ur, sys.user$ ue, table_privilege_map tpm where oa.obj# = o.obj# and oa.grantor# = ur.user# and oa.grantee# = ue.user# and oa.col# is null and oa.privilege# = tpm.privilege and u.user# = o.owner# and o.TYPE# in (2, 4, 6, 9, 7, 8, 42, 23, 22, 13, 33, 32, 66, 67, 74, 57) and ue.name = 'your user' and bitand (o.flags, 128) = 0 union all -- column level grants select tpm.name privilege, decode(mod(oa.option$,2), 1, 'YES', 'NO') grantable, ue.name grantee, ur.name grantor, u.name owner, decode(o.TYPE#, 2, 'TABLE', 4, 'VIEW', 42, 'MATERIALIZED VIEW') object_type, o.name object_name, c.name column_name from sys.objauth$ oa, sys.obj$ o, sys.user$ u, sys.user$ ur, sys.user$ ue, sys.col$ c, table_privilege_map tpm where oa.obj# = o.obj# and oa.grantor# = ur.user# and oa.grantee# = ue.user# and oa.obj# = c.obj# and oa.col# = c.col# and bitand(c.property, 32) = 0 /* not hidden column */ and oa.col# is not null and oa.privilege# = tpm.privilege and u.user# = o.owner# and o.TYPE# in (2, 4, 42) and ue.name = 'your user' and bitand (o.flags, 128) = 0;
这将列出您的(指定的)用户的所有对象授予(包括列授予)。 如果您不想列级授权,则删除以“union”子句开头的所有部分。
UPD:研究文档我发现另一种视图,以更简单的方式列出所有的赠款:
select * from DBA_TAB_PRIVS where grantee = 'your user';
请记住,Oracle中没有 DBA_TAB_PRIVS_RECD视图。
我知道的最全面和最可靠的方法仍然是使用DBMS_METADATA :
select dbms_metadata.get_granted_ddl( 'SYSTEM_GRANT', :username ) from dual; select dbms_metadata.get_granted_ddl( 'OBJECT_GRANT', :username ) from dual; select dbms_metadata.get_granted_ddl( 'ROLE_GRANT', :username ) from dual;
有趣的答案虽然。
select distinct 'GRANT '||privilege||' ON '||OWNER||'.'||TABLE_NAME||' TO '||RP.GRANTEE from DBA_ROLE_PRIVS RP join ROLE_TAB_PRIVS RTP on (RP.GRANTED_ROLE = RTP.role) where (OWNER in ('YOUR USER') --Change User Name OR RP.GRANTEE in ('YOUR USER')) --Change User Name and RP.GRANTEE not in ('SYS', 'SYSTEM') ;