Home > Developer > PHP

Difference between the object permission and system permission revocation in OraclePL/SQL

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
Object permission test: in the Initial State, neither user2 nor user3 has the object permission of user1.t1.

Object permission test: in the Initial State, neither user2 nor user3 has the object permission of user1.t1.

Object permission test:
In the initial state, neither user2 nor user3 has the object permission of user1.t1.
Table t1 exists in user1:
Duzz $ user1 @ orcl> select * from t1;

C1
----------
1111

Elapsed: 00:00:00. 00

User2 cannot query user1.t1:
Duzz $ user2 @ orcl> select * from user1.t1;
Select * from user1.t1
*
ERROR at line 1:
ORA-00942: table or view does not exist


Elapsed: 00:00:00. 00

User3 cannot query user1.t1:
Duzz $ user3 @ orcl> select * from user1.t1;
Select * from user1.t1
*
ERROR at line 1:
ORA-00942: table or view does not exist


Elapsed: 00:00:00. 01

User1 grants user2 the object permission on t1 and allows user2 to grant this permission to other users:
Duzz $ user1 @ orcl> grant all on t1 to user2 with grant option;

Grant succeeded.

Elapsed: 00:00:00. 00

User2 can query user1.t1 and grant the object permission of user1.t1 to user3:
Duzz $ user2 @ orcl> select * from user1.t1;

C1
----------
1111

Elapsed: 00:00:00. 00
Duzz $ user2 @ orcl> grant all on user1.t1 to user3;

Grant succeeded.

Elapsed: 00:00:00. 00
Duzz $ user2 @ orcl>

User3 can also query user1.t1:
Duzz $ user3 @ orcl> select * from user1.t1;

C1
----------
1111

Elapsed: 00:00:00. 00

User1 tries to revoke permissions directly from user3. Although the execution statement does not report an error, it does not actually work:
Duzz $ user1 @ orcl> revoke all on t1 from user3;

Revoke succeeded.

Elapsed: 00:00:00. 00

User3 can still query user1.t1:
Duzz $ user3 @ orcl> select * from user1.t1;

C1
----------
1111

Elapsed: 00:00:00. 00

User1 revokes permissions from user2 this time,
Duzz $ user1 @ orcl> revoke all on t1 from user2;

Revoke succeeded.

Elapsed: 00:00:00. 01

User2 permission revoked:
Duzz $ user2 @ orcl> select * from user1.t1;
Select * from user1.t1
*
ERROR at line 1:
ORA-00942: table or view does not exist


Elapsed: 00:00:00. 01

At the same time, the permissions of user3 are also revoked:
Duzz $ user3 @ orcl> select * from user1.t1;
Select * from user1.t1
*
ERROR at line 1:
ORA-00942: table or view does not exist


Elapsed: 00:00:00. 01

Object permissions cannot be recycled from non-directly granted users, but they are cascade.


System permission test:
User1 has the system permission to create view, and can grant this permission to other users. user2 and user3 do not have this permission:
Duzz $ user1 @ orcl> select * from session_privs;

PRIVILEGE
---------------------------------------------------
CREATE SESSION
UNLIMITED TABLESPACE
CREATE TABLE
CREATE VIEW

Elapsed: 00:00:00. 00

User2 has no system permission for create view:
Duzz $ user2 @ orcl> select * from session_privs;

PRIVILEGE
------------------------------------------------
CREATE SESSION
UNLIMITED TABLESPACE
CREATE TABLE

Elapsed: 00:00:00. 01

User3 also has no system permission for create view:
Duzz $ user3 @ orcl> select * from session_privs;

PRIVILEGE
------------------------------------------------
CREATE SESSION
UNLIMITED TABLESPACE
CREATE TABLE

Elapsed: 00:00:00. 01

User1 grants the create view permission to user2 and user2 to grant this permission to other users:
Duzz $ user1 @ orcl> grant create view to user2 with admin option;

Grant succeeded.

Elapsed: 00:00:00. 01

User2 permission to create view:
Duzz $ user2 @ orcl> select * from session_privs;

PRIVILEGE
-------------------------------------------------
CREATE SESSION
UNLIMITED TABLESPACE
CREATE TABLE
CREATE VIEW

Elapsed: 00:00:00. 00


User2 grants the create view permission to user3:
Duzz $ user2 @ orcl> grant create view to user3;

Grant succeeded.

Elapsed: 00:00:00. 00

User3: Get the create view permission:
Duzz $ user3 @ orcl> select * from session_privs;

PRIVILEGE
--------------------------------------------------
CREATE SESSION
UNLIMITED TABLESPACE
CREATE TABLE
CREATE VIEW

Elapsed: 00:00:00. 01

Different from object permissions, system permissions can be directly revoked from non-directly granted users.
User1 tries to revoke the create view permission from user3 directly:
Duzz $ user1 @ orcl> revoke create view from user3;

Revoke succeeded.

Elapsed: 00:00:00. 01

The create view permission of user3 is revoked:
Duzz $ user3 @ orcl> select * from session_privs;

PRIVILEGE
---------------------------------------------
CREATE SESSION
UNLIMITED TABLESPACE
CREATE TABLE

Elapsed: 00:00:00. 01

Whether or not the system permission is the same as the object permission.
User2 again grants the create view permission to user3:
Duzz $ user2 @ orcl> grant create view to user3;

Grant succeeded.

Elapsed: 00:00:00. 01

User1 revokes the create view permission of user2:
Duzz $ user1 @ orcl> revoke create view from user2;

Revoke succeeded.

Elapsed: 00:00:00. 00

The create view permission of user2 is revoked:
Duzz $ user2 @ orcl> select * from session_privs;

PRIVILEGE
------------------------------------------------
CREATE SESSION
UNLIMITED TABLESPACE
CREATE TABLE

Elapsed: 00:00:00. 00

However, user3 still has the create view permission:
Duzz $ user3 @ orcl> select * from session_privs;

PRIVILEGE
-------------------------------------------------
CREATE SESSION
UNLIMITED TABLESPACE
CREATE TABLE
CREATE VIEW

Elapsed: 00:00:00. 00

System permissions can be revoked from non-directly granted users, but do not have the permission to be recycled.


Summary:
Object permissions cannot be recycled from non-directly granted users, but they are cascade.
System permissions can be revoked from non-directly granted users, but do not have the permission to be recycled.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
difference between exec and system in perl difference between system and exec in perl difference between object and object reference in java difference between variable and object difference between object and reference variable in java with example sql create user and grant permission what difference between instance and object

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More