Oracle Data Operation and Control Language (part 3)

Http://wanwentao.blog.51cto.com/2406488/457604

Roles and permissions
Role permissions are used to grant permissions of a user to a role. Any permission can be granted to a role. You must use the with_admin_option clause to grant the system permission to the grantee. You can use the set role statement to grant or revoke the role permission during a session. However, role permissions cannot rely on permissions stored in SQL. If a function, program, package, trigger, or method uses an object owned by another plan, you must directly authorize the owner of the object because the permission will not change between sessions.
　　Grant and revoke permissions
Grant permissions to a user or role to use the grant statement. The syntax of the grant statement is as follows:
Grant role (or system privilege) to user (role, public) with admin option (optional)
Object permission is granted with grant option,
　　Permission and Data Dictionary
A data dictionary is a place where Oracle stores information about the database structure. data is stored elsewhere. A data dictionary consists of tables and views. The easiest way to take a data dictionary test during the test is to view the permissions that have been granted. For example, dba_tab_priv contains the object permission granted to another user by the user and whether the permission is granted with the with Grant otpion substring. Note that dba_tab_priv not only includes the relationship between table permissions, but also permissions on functions, packages, queues, and so on. The following table lists the data dictionary views of all permissions and roles:
Table: Permission data dictionary View

View	Function
All_col_privs	Indicates column authorization. The user and public are granted to the column.
All_col_privs_made	Indicates column authorization. The user is the owner and the authorized user.
All_col_recd	Indicates column authorization. The user and public are granted to the column.
All_tab_privs	Indicates the authorization on the object. The user is public or authorized or the user is the owner.
All_tab_privs_made	Indicates the permission on the object. The user is the owner or an authorized user.
All_tab_privs_recd	Indicates the permission on the object. The user is public or authorized.
Dba_col_privs	All permissions on Database Columns
Dba_role_privs	Show roles that have been granted to users or other roles
Dba_sys_privs	System permissions granted to users or roles
Dba_tab_privs	All permissions on database objects
Role_role_privs	Show roles granted to users
Role_sys_privs	Displays the system permissions granted to users through roles
Role_tab_privs	Displays the object permissions granted to users through roles
Session_privs	Displays all current system permissions that a user can use
User_col_privs	Displays the permissions on the column. The user is the owner, the grantee, or the grantee.
User_col_privs_made	Displays the permissions granted to the column. The user is the owner or the principal.
User_col_privs_recd	Displays the permissions granted to the column. The user is the owner or authorized.
User_role_privs	Show all roles granted to users
User_sys_privs	Displays all system permissions granted to users
User_tab_privs	Show all object permissions granted to the user
User_tab_privs_made	Displays the object permissions granted to other users. The user is the owner.
User_tab_privs_recd	Displays the object permissions granted to other users. The user is an authorized user.