ITPub博客

首页 > 数据库 > Oracle > 11G的rsource角色与Unlimited Tablespace

11G的rsource角色与Unlimited Tablespace

原创 Oracle 作者:lfree 时间:2014-11-03 12:00:12 0 删除 编辑

[20141103]11G的rsource角色与Unlimited Tablespace.txt

--11G下resource角色,用户自动获得Unlimited Tablespace的权限,应该引起注意.自己做一个测试:

SCOTT@test> @ver1
PORT_STRING                    VERSION        BANNER
------------------------------ -------------- --------------------------------------------------------------------------------
x86_64/Linux 2.4.xx            11.2.0.3.0     Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production


SCOTT@test> select grantee, privilege, admin_option from dba_sys_privs where grantee='CONNECT';
GRANTEE                        PRIVILEGE                                ADM
------------------------------ ---------------------------------------- ---
CONNECT                        CREATE SESSION                           NO

--connect角色仅仅有create session的权限.

SCOTT@test> select grantee, privilege, admin_option from dba_sys_privs where grantee='RESOURCE';
GRANTEE                        PRIVILEGE                                ADM
------------------------------ ---------------------------------------- ---
RESOURCE                       CREATE TRIGGER                           NO
RESOURCE                       CREATE SEQUENCE                          NO
RESOURCE                       CREATE TYPE                              NO
RESOURCE                       CREATE PROCEDURE                         NO
RESOURCE                       CREATE CLUSTER                           NO
RESOURCE                       CREATE OPERATOR                          NO
RESOURCE                       CREATE INDEXTYPE                         NO
RESOURCE                       CREATE TABLE                             NO

8 rows selected.

--resource角色有8个权限.

--建立用户test12并且授权resource角色.

SCOTT@test> grant resource to test12 identified by test12;
Grant succeeded.

SCOTT@test> select * from dba_role_privs where grantee = 'TEST12';
GRANTEE                        GRANTED_ROLE                   ADM DEF
------------------------------ ------------------------------ --- ---
TEST12                         RESOURCE                       NO  YES

SCOTT@test> select * from dba_sys_privs where grantee='TEST12';
GRANTEE                        PRIVILEGE                                ADM
------------------------------ ---------------------------------------- ---
TEST12                         UNLIMITED TABLESPACE                     NO

--可以发现test12用户拥有UNLIMITED TABLESPACE的权限.如果可能应该收回.

SCOTT@test> revoke unlimited tablespace from test12;
Revoke succeeded.

SCOTT@test> select * from dba_sys_privs where grantee='TEST12';
no rows selected

--安全需要,要注意这个问题!

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/267265/viewspace-1318578/,如需转载,请注明出处,否则将追究法律责任。

全部评论
熟悉oracle相关技术,擅长sql优化,rman备份与恢复,熟悉linux shell编程。

注册时间:2008-01-03

  • 博文量
    2698
  • 访问量
    6480283