SYSOPER身份用户的权限限制

导读：

　　 站内相关文章|Related Articles 缺省的SYSOPER可以起停数据库，但是不能查询数据字典。

　　

$ sqlplus "/ as sysdba"

SQL*Plus: Release 10.1.0.2.0 - Production on Fri Mar 25 17:20:49 2005

Copyright (c) 1982, 2004, Oracle. All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - 64bit Production

With the Partitioning, OLAP and Data Mining options

SYS AS SYSDBA on 25-MAR-05 >CREATE USER operator IDENTIFIED BY operator;

User created.

授予dba,sysoper角色。

SYS AS SYSDBA on 25-MAR-05 >grant dba,sysoper to operator;

Grant succeeded.



　　以普通用户方式登录可以查询，因为具有DBA角色:

　　

SYS AS SYSDBA on 25-MAR-05 >connect operator/operator

Connected.

OPERATOR on 25-MAR-05 >show user

USER is "OPERATOR"

OPERATOR on 25-MAR-05 >select count(*) from dba_users;

COUNT(*)

----------

12



　　以SYSOPER身份登录，实际上用户身份切换为PUBLIC，不能查询数据字典:

　　

OPERATOR on 25-MAR-05 >connect operator/operator as sysoper;

Connected.

PUBLIC AS SYSOPER on 25-MAR-05 >select count(*) from dba_users;

select count(*) from dba_users

*

ERROR at line 1:

ORA-00942: table or view does not exist

PUBLIC AS SYSOPER on 25-MAR-05 >show user

USER is "PUBLIC"



　　但是此时有权启动数据库:

　　

PUBLIC AS SYSOPER on 25-MAR-05 >shutdown immediate;

Database closed.

Database dismounted.

ORACLE instance shut down.

PUBLIC AS SYSOPER on 25-MAR-05 >startup

ORACLE instance started.

Database mounted.

Database opened.



　　可以单独授予SELECT ANY DICTIONARY,SELECT ANY TABLE权限给PUBLIC角色，这样sysoper身份登录用户同时就获得查询字典及表权限。

　　

PUBLIC AS SYSOPER on 25-MAR-05 >connect / as sysdba

Connected.

SYS AS SYSDBA on 25-MAR-05 >grant SELECT ANY DICTIONARY,SELECT ANY TABLE to public;

Grant succeeded.

SYS AS SYSDBA on 25-MAR-05 >connect operator/operator

Connected.

OPERATOR on 25-MAR-05 >connect operator/operator as sysoper

Connected.

PUBLIC AS SYSOPER on 25-MAR-05 >select count(*) from dba_users;

COUNT(*)

----------

12



本文转自

http://www.eygle.com/archives/2005/03/sysopereioaaeei.html