14 控制用户访问
- 知识点:
- 1)如何创建用户、修改密码;
- 2)如何创建角色,把不同的权限分配给角色、用户;
- 3)如何进行授权和回收权限(grant、revoke);
14.1 创建用户
DBA使用create user语句创建用户:
语法:
create user USERNAME identified by PASSWORD;
SYS@prod> create user deamon identified by deamon;
User created.
虽然,创建了新的用户deamon,但是,当conn新的用户deamon的时候,提示报错:
SYS@prod> conn deamon
Enter password:
ERROR:
ORA-01045: user DEAMON lacks CREATE SESSION privilege; logon denied
Warning: You are no longer connected to ORACLE.
@>
报错:信息说,用户deamon没有create session权限。
下面的事情,是授权会话给用户deamon;
SYS@prod> grant create session to deamon;
Grant succeeded.
SYS@prod> conn deamon/deamon;
Connected.
DEAMON@prod>
14.1.1 授权语句
新的用户被创建之后,DBA需要赋予新的用户一些系统权限;
语法格式:
grant PRIVILEGE [, PRIVIKEGE ... ] to USER [, USER|ROLE, PUBLIC ... ];
比如,前面提到的新建用户deamon为例,授权一些其它权限;
DEAMON@prod> create table t(id number);
create table t(id number)
*
ERROR at line 1:
ORA-01031: insufficient privileges
提示:sys用户下新创建的用户需要授权以下系统权限:
- create session
- create table
- create sequence
- create view
- create procedure
SYS@prod> grant create table, create sequence, create view, create procedure to deamon;
Grant succeeded.
授权语句需要牢记。
14.1.2 遇到oracle报错
在sqlplus中
语法:
!oerr ora xxxxx
DEAMON@prod> !oerr ora 01031
01031, 00000, "insufficient privileges"
// *Cause: An attempt was made to perform a database operation without
// the necessary privileges.
// *Action: Ask your database administrator or designated security
// administrator to grant you the necessary privileges