如何find授予Oracle用户的权限和angular色?

我正在使用Linux,Oracle10g。 我创build了一个名为test的用户。 并授予创build会话并为同一用户select任何字典权限。

我还将sysdba和sysoperangular色授予相同的用户。

现在我想显示授予用户的所有特权和angular色。 我发现下面的查询,但它只显示创build会话并select字典权限。

select privilege from dba_sys_privs where grantee='SAMPLE' order by 1; 

请帮忙解决这个问题。

谢谢

查看http://docs.oracle.com/cd/B10501_01/server.920/a96521/privs.htm#15665

检查USER_SYS_PRIVS,USER_TAB_PRIVS,USER_ROLE_PRIVS表。

除了VAV的答案,第一个在我的环境中是最有用的

 select * from USER_ROLE_PRIVS where USERNAME='SAMPLE'; select * from USER_TAB_PRIVS where Grantee = 'SAMPLE'; select * from USER_SYS_PRIVS where USERNAME = 'SAMPLE'; 

没有其他答案为我工作,所以我写了我自己的解决scheme:

从Oracle 11g开始。

用所需的用户名replaceUSER

授予angular色:

 SELECT * FROM DBA_ROLE_PRIVS WHERE GRANTEE = 'USER'; 

特权直接授予用户:

 SELECT * FROM DBA_TAB_PRIVS WHERE GRANTEE = 'USER'; 

授予用户的angular色特权:

 SELECT * FROM DBA_TAB_PRIVS WHERE GRANTEE IN (SELECT granted_role FROM DBA_ROLE_PRIVS WHERE GRANTEE = 'USER'); 

授予系统权限:

 SELECT * FROM DBA_SYS_PRIVS WHERE GRANTEE = 'USER'; 

如果要查找当前连接的用户,可以用USERreplace表名中的DBA,并删除WHERE子句。

IF权限是通过一些angular色给用户的,那么可以使用下面的SQL

 select * from ROLE_ROLE_PRIVS where ROLE = 'ROLE_NAME'; select * from ROLE_TAB_PRIVS where ROLE = 'ROLE_NAME'; select * from ROLE_SYS_PRIVS where ROLE = 'ROLE_NAME'; 

结合先前的build议来确定您的个人权限(即“用户”权限),然后使用这个:

 -- your permissions select * from USER_ROLE_PRIVS where USERNAME= USER; select * from USER_TAB_PRIVS where Grantee = USER; select * from USER_SYS_PRIVS where USERNAME = USER; -- granted role permissions select * from ROLE_ROLE_PRIVS where ROLE IN (select granted_role from USER_ROLE_PRIVS where USERNAME= USER); select * from ROLE_TAB_PRIVS where ROLE IN (select granted_role from USER_ROLE_PRIVS where USERNAME= USER); select * from ROLE_SYS_PRIVS where ROLE IN (select granted_role from USER_ROLE_PRIVS where USERNAME= USER); 
 select * from ROLE_TAB_PRIVS where role in ( select granted_role from dba_role_privs where granted_role in ('ROLE1','ROLE2') ) 
 SELECT * FROM DBA_ROLE_PRIVS WHERE UPPER(GRANTEE) LIKE '%XYZ%'; 

总是让SQL重用: – 🙂

 -- =================================================== -- &role_name will be "enter value for 'role_name'". -- Date: 2015 NOV 11. -- sample code: define role_name=&role_name -- sample code: where role like '%&&role_name%' -- =================================================== define role_name=&role_name select * from ROLE_ROLE_PRIVS where ROLE = '&&role_name'; select * from ROLE_SYS_PRIVS where ROLE = '&&role_name'; select role, privilege,count(*) from ROLE_TAB_PRIVS where ROLE = '&&role_name' group by role, privilege order by role, privilege asc ;