通过dbc.allrights表中的UserName列,DatabaseName列,TableName列和AccessRight列的查询可以获取指定用于对于指定数据库中指定表的操作权限。可用于在执行某条SQL语句之前,判定当前用户是否有执行此语句的权限,在权限不足时还可以尝试自动授权(不太安全,执行完应当revoke)等措施。
AccessRight列缩写词对应列表(共40个):
AccessRight | 含义 |
AF | ALTER FUNCTION |
AP | ALTER PROCEDURE |
AS | ABORT SESSION |
CD | CREATE DATABASE |
CF | CREATE FUNCTION |
CG | CREATE TRIGGER |
CM | CREATE MACRO |
CO | CREATE PROFILE |
CP | CHECKPOINT |
CR | CREATE ROLE |
CT | CREATE TABLE |
CU | CREATE USER |
CV | CREATE VIEW |
D | DELETE |
DD | DROP DATABASE |
DF | DROP FUNCTION |
DG | DROP TRIGGER |
DM | DROP MACRO |
DO | DROP PROFILE |
DP | DUMP |
DR | DROP ROLE |
DT | DROP TABLE |
DU | DROP USER |
DV | DROP VIEW |
E | EXECUTE |
EF | EXECUTE FUNCTION |
I | INSERT |
IX | INDEX |
MR | MONITOR RESOURCE |
MS | MONITOR SESSION |
PC | CREATE PROCEDURE |
PD | DROP PROCEDURE |
PE | EXECUTE PROCEDURE |
RO | REPLICATION OVERRIDE |
R | RETRIEVE/SELECT |
RF | REFERENCE |
RS | RESTORE |
SS | SET SESSION RATE |
SR | SET RESOURCE RATE |
U | UPDATE |
示例SQL语句:
select username, databasename, tablename, accessright from dbc.allrights
where databasename='systemfe' and username='dbc' and tablename='opt_ras_table';
上述语句的执行结果为:
*** Query completed. 12 rows found. 4 columns returned.
*** Total elapsed time was 1 second.
UserName DatabaseName TableName AccessRight
------------------------------ ------------------------------ ------------------------------ -----------
DBC SystemFe opt_ras_table DT
DBC SystemFe opt_ras_table U
DBC SystemFe opt_ras_table DG
DBC SystemFe opt_ras_table RF
DBC SystemFe opt_ras_table RS
DBC SystemFe opt_ras_table R
DBC SystemFe opt_ras_table I
DBC SystemFe opt_ras_table CG
DBC SystemFe opt_ras_table ST
DBC SystemFe opt_ras_table DP
DBC SystemFe opt_ras_table D
DBC SystemFe opt_ras_table IX
SEL
TRIM(username)
,TRIM(databasename)
,TRIM(tablename)
,'GRANT '|| CASE
WHEN AccessRight = 'AF ' THEN 'ALTER FUNCTION'
WHEN AccessRight = 'AP ' THEN 'ALTER PROCEDURE'
WHEN AccessRight = 'AS ' THEN 'ABORT SESSION'
WHEN AccessRight = 'CD ' THEN 'CREATE DATABASE'
WHEN AccessRight = 'CF ' THEN 'CREATE FUNCTION'
WHEN AccessRight = 'CG ' THEN 'CREATE TRIGGER'
WHEN AccessRight = 'CM ' THEN 'CREATE MACRO'
WHEN AccessRight = 'CO ' THEN 'CREATE PROFILE'
WHEN AccessRight = 'CP ' THEN 'CHECKPOINT'
WHEN AccessRight = 'CR ' THEN 'CREATE ROLE'
WHEN AccessRight = 'CT ' THEN 'CREATE TABLE'
WHEN AccessRight = 'CU ' THEN 'CREATE USER'
WHEN AccessRight = 'CV ' THEN 'CREATE VIEW'
WHEN AccessRight = 'D ' THEN 'DELETE'
WHEN AccessRight = 'DD ' THEN 'DROP DATABASE'
WHEN AccessRight = 'DF ' THEN 'DROP FUNCTION'
WHEN AccessRight = 'DG ' THEN 'DROP TRIGGER'
WHEN AccessRight = 'DM ' THEN 'DROP MACRO'
WHEN AccessRight = 'DO ' THEN 'DROP PROFILE'
WHEN AccessRight = 'DP ' THEN 'DUMP'
WHEN AccessRight = 'DR ' THEN 'DROP ROLE'
WHEN AccessRight = 'DT ' THEN 'DROP TABLE'
WHEN AccessRight = 'DU ' THEN 'DROP USER'
WHEN AccessRight = 'DV ' THEN 'DROP VIEW'
WHEN AccessRight = 'E ' THEN 'EXECUTE'
WHEN AccessRight = 'EF ' THEN 'EXECUTE FUNCTION'
WHEN AccessRight = 'I ' THEN 'INSERT'
WHEN AccessRight = 'IX ' THEN 'INDEX'
WHEN AccessRight = 'MR ' THEN 'MONITOR RESOURCE'
WHEN AccessRight = 'MS ' THEN 'MONITOR SESSION'
WHEN AccessRight = 'PC ' THEN 'CREATE PROCEDURE'
WHEN AccessRight = 'PD ' THEN 'DROP PROCEDURE'
WHEN AccessRight = 'PE ' THEN 'EXECUTE PROCEDURE'
WHEN AccessRight = 'RO ' THEN 'REPLICATION OVERRIDE'
WHEN AccessRight = 'R ' THEN 'RETRIEVE/SELECT'
WHEN AccessRight = 'RF ' THEN 'REFERENCE'
WHEN AccessRight = 'RS ' THEN 'RESTORE'
WHEN AccessRight = 'SS ' THEN 'SET SESSION RATE'
WHEN AccessRight = 'SR ' THEN 'SET RESOURCE RATE'
WHEN AccessRight = 'U ' THEN 'UPDATE'
END || ' ON '||TRIM(databasename)||'.'||TRIM(tablename)||' to '||TRIM(username)||';' AS Permission
FROM dbc.AllRights
WHERE DatabaseName = 'DBNAME' and USERNAME = 'LOGGEDINUSERNAME' AND TABLENAME = 'TABLENAME';