ITPub博客

首页 > Linux操作系统 > Linux操作系统 > 实验:用视图加同义词实现数据安全

实验:用视图加同义词实现数据安全

原创 Linux操作系统 作者:湖湘文化 时间:2013-11-18 17:23:30 0 删除 编辑
 

实验:用视图加同义词实现数据安全

需求:test01用户需要访问test02用户的a表中的useridpassword列:

1,不使用视图

conn / as sysdba;
drop user test01 cascade;
drop user test02 cascade;

create user test01 account unlock identified by test01;
grant create session,create synonym to test01;
create user test02 account unlock identified by test02 quota 100m on users;
grant create session,create table to test02;

conn test02/test02
create table a(userid number,password varchar2(20),salary varchar2(20));
insert into a values(1,'abc','3000');
insert into a values(2,'edf','6000');
commit;
select * from a;
grant select on a to test01;

conn test01/test01
create synonym a for test02.a;
select userid,password from a;
select * from a;
结果 select * from a;用户看到了不该看到的其他列,这对DBA来说是一个重大失误。

2,使用视图

conn / as sysdba;
drop user test01 cascade;
drop user test02 cascade;

create user test01 account unlock identified by test01;
grant create session,create synonym to test01;
create user test02 account unlock identified by test02 quota 100m on users;
grant create session,create table,create view to test02;

conn test02/test02
create table a(userid number,password varchar2(20),salary varchar2(20));
insert into a values(1,'abc','3000');
insert into a values(2,'edf','6000');
commit;
select * from a;
create view a_vw as select userid,password from a;
grant select on a_vw to test01;

conn test01/test01
create synonym a for test02.a_vw;
select * from a;
结果:用户只能看到视图中指定的两列,既满足了需求同时也实现了数据安全性。

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/21256317/viewspace-776878/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论

注册时间:2009-05-31

  • 博文量
    109
  • 访问量
    1530370