[每日一题] OCP1z0-047 :2013-08-02 权限―――分配系统权限............................................22

转载请注明出处:http://blog.csdn.net/guoyjoe/article/details/9721195

[每日一题] OCP1z0-047 :2013-08-02 权限―――分配系统权限............................................22_第1张图片


这题是考权限的知识点,权限分为两大类,系统权限和对象权限,这题主要讲系统权限,我们先来了解什么是系统权,什么是对象权限吧。

1、系统权限:允许用户在数据库中执行特定的操作

A、SYSDBA/SYSOPER这两个权限比较特殊


gyj@OCM> select * from dba_sys_privs where granteein('SYSDBA','SYSOPER');
 
no rows selected
 

B、DBA的系统权限是可以查到的


gyj@OCM> select * from dba_sys_privs where grantee='DBA';
 
GRANTEE                       PRIVILEGE                               ADM
---------------------------------------------------------------------- ---
DBA                            DROP ANY CUBE BUILD PROCESS              YES
DBA                           CREATE CUBE                             YES
DBA                           ALTER ANY CUBE DIMENSION                YES
DBA                           ALTER ANY MINING MODEL                   YES
 (中间结果省略)
…………………………..
202 rows selected.


C、普通用户的系统权限


 gyj@OCM> select * from  dba_sys_privs where grantee='GYJ';
 
GRANTEE                       PRIVILEGE                               ADM
------------------------------ -------------------------------------------
GYJ                           UNLIMITED TABLESPACE                    NO
 

D、 当前会话上的系统权限


gyj@OCM> select * from session_privs;
 
PRIVILEGE
----------------------------------------
ALTER SYSTEM
AUDIT SYSTEM
CREATE SESSION
ALTER SESSION
RESTRICTED SESSION
(中间结果省略)
……………………………
202 rows selected.

2、对象权限:允许用户访问和操纵特定的对象

   A、查对象权限    


gyj@OCM> select *  fromdba_tab_privs where grantee='GYJ';
 
no rows selected


B、查对象上列的权限


 gyj@OCM>select *  from dba_col_privs wheregrantee='GYJ';
 
no rows selected


 为什么没显示对象的权限和对象上列的权限呢,用户GYJ明明有对象的呀:


gyj@OCM> show user;
USER is "GYJ"
gyj@OCM> select table_name from tabs;
 
TABLE_NAME
------------------------------
T10


好,我登录到HR用户下给GYJ用户授对象权限


sys@OCM> conn hr/hr
Connected.
hr@OCM> grant select on employees to gyj;
 
Grant succeeded.
 
hr@OCM> grant update (department_id) onemployees to gyj;
 
Grant succeeded.


再次查对象权限就有结果了,这下明白这个意思了吧,好!这个就不多说了。


hr@OCM> select *  from dba_tab_privs wheregrantee='GYJ';
 
GRANTEE                        OWNER                          TABLE_NAME                     GRANTOR                 PRIVILEGE                                 GRA HIE
------------------------------------------------------------ ------------------------------------------------------------ ---------------------------------------- --- ---
GYJ                            HR                             EMPLOYEES                      HR                      SELECT                                    NO  NO
 
hr@OCM> select *  from dba_col_privs where grantee='GYJ';
 
GRANTEE                        OWNER                          TABLE_NAME                     COLUMN_NAME             GRANTOR                         PRIVILEGE                                GRA
------------------------------ ------------------------------------------------------------ ------------------------------------------------------------ ---------------------------------------- ---
GYJ                            HR                             EMPLOYEES                      DEPARTMENT_ID           HR                              UPDATE                                   NO
 

答案A:GRANT EXECUTE ON  proc1  TO PUBLIC;

grant权限 on数据库对象 to用户是属于对象权限,而不是系统权限,所以答案不符合题意。

 

答案B:在create view后面不能加具体某个对象,没有这样的写法,操作如下直接报错

gyj@OCM> GRANT CREATE VIEW  ON T1TO hr;

GRANT CREATE VIEW  ON T1 TO hr

      *

ERROR at line 1:

ORA-00990: missing or invalid privilege

 

分配创建视图的系统权限应该这样写

gyj@OCM> GRANT CREATE VIEW   TOhr;

 

Grant succeeded.

 

gyj@OCM> GRANT CREATE ANY VIEW TO HR;

 

Grant succeeded.

 

查整个库关于CREATE VIEW的系统权限,如下:



答案D:没有ALL这个用户

gyj@OCM> GRANT CREATE SESSION TO ALL;

GRANT CREATE SESSION TO ALL

                        *

ERROR at line 1:

ORA-00987: missing or invalid username(s)

 

应该具体某个用户,比如给hr用户授予连接的权限

gyj@OCM> GRANT CREATE SESSION TO HR;

 

Grant succeeded.

 

 

正确答案:C

 

总结:这里要搞清楚系统权限和对象权限,系统权限的视图:dba_sys_privs

 

QQ:252803295

学习交流QQ群:
DSI&Core Search  Ⅰ 群:127149411(技术:已满)
DSI&Core Search  Ⅱ 群:177089463(技术:未满)
DSI&Core Search  Ⅲ 群:284596437(技术:未满)
DSI&Core Search  Ⅳ 群:192136702(技术:未满)
DSI&Core Search  Ⅴ 群:285030382(闲聊:未满)



MAIL:[email protected]

BLOG: http://blog.csdn.net/guoyjoe

WEIBO:http://weibo.com/guoyJoe0218

ITPUB: http://www.itpub.net/space-uid-28460966.html

OCM:   http://education.oracle.com/education/otn/YGuo.HTM


你可能感兴趣的:([每日一题] OCP1z0-047 :2013-08-02 权限―――分配系统权限............................................22)