Examine the facts about a database:

1.USERS is the database default tablespace.

2.USER1,USER2,and USER3 have the CREATE SESSION privilege.

3.They also have UNLIMITED QUOTA on the default tablespace USERS.

4.They have no other privileges.

Examine these commands:

SQL > conn / as sysdba

Connected

SQL > GRANT CREATE TABLE TO user1 WITH ADMIN OPTION;

Grant succeeded.

SQL > GRANT CREATE TABLE TO user2;

Grant succeeded.

SQL > GRANT CREATE TABLE TO user3 WITH ADMIN OPTION;

Grant succeeded.

Which two are true ?

A)If sys revokes CREATE TABLE from user1 , it is not revoked from USER2 and USER3.

B)Only sys can revoke CREATE TABLE from user1.

C)If sys revokes CREATE TABLE FROM user1 , it is revoked from user2 but not from user3.

D)Any user with CREATE TABLE WITH GRANT OPTION can revoke CREATE TABLE

from user1.

E)Only sys and USER1 can revoke CREATE TABLE from user3.

Answer: AE

赵:AD=>AE。注意与下题的区别是,USER2 和 USER3 的权限是由 SYS 直接授权的,而不是由 USER1授权的。注意 D 选项中是 WITH GRANT OPTION,而不是 WITH ADMIN OPTION。经测试,选 E。USER2不能收回 USER3 的权限。

SQL> conn user2/123456;

Connected.

SQL> revoke create table from user3;

revoke create table from user3

*

ERROR at line 1:

ORA-01031: insufficient privileges

with admin option:

使用 with admin option,被授权用户可将所获得的权限再次授予其它用户或角色,而且取消授权时不级联。例如:

SQL>grant create session to user_a with admin option;

则用户 user_a 用户拥有了“create session”权限,然后用户 user_a 操作:

SQL>grant create session to user_b;

则 user_b 也拥有了“create session”权限。

如果系统管理员要回收 user_a 的权限,则 user_b 的权限仍然保留,但管理员可以显式回收 user_b 的权限:

SQL>revoke create session from user_b;

with grant option:

使用 with grant option。被授权用户可将所获得的权限再次授予其它用户或角色,并且权限的取消是级联的。级联的意思是,如果 user_a 使用“with grant option”语句将权限又授予了 user_b,当管理员回收 user_a 的权限时,则 user_b 的权限也会被回收。但管理员不可以显式回收用户 user_b 的权限。