One, Oracle users:
Second, the Authority
1. System Permissions:
SYS login to create a C # #test用户后, to the User C # #test授权, and with the propagation of:
sql> Create User C # #test identified by 123456 default tablespace users;
sql> Create User C # #test2 identified by 123456 default tablespace users;
Sql> Grant Create session, CREATE table to C # #test with admin option;
Authorization is successful.
C # #test用户就可以给之前创建完毕的c # #test2用户, authorize the permissions just to propagate create session,create table:
Sql> Grant Create session to C # #test2;
Authorization is successful.
Sql> grant CREATE table to C # #test2;
Authorization is successful.
SELECT * FROM
2. Object permissions:
Now the SYS user creates a table AA; View this table is this: SELECT * FROM sys. AA; Use the test user to view the SELECT * FROM sys. AA is not authorized; The prompt table or view does not exist; sys logs in and gives the test user permission to view the table:Grant Select on AA to test;Test, test will now be able to view the Sys. AA This table, but not update:update sys. AA set name= ' hehe ' where id = 1; insufficient prompt permission; sys, grant test to modify the permissions of Table AA:Grant Update on AA to test;Test can modify the AA table; One of the authorizations is too cumbersome, SYS can grant all the permissions of the AA table to test:Grant all on AA to test;The test user now has all operation Sys. AA table, test now propagates these permissions to test2, prompting for insufficient permissions because test does not have these permissions; Grant SELECT on sys. AA to Test2;sys gives Test authorization sys. All permissions for the AA table, and with propagation characteristics:Grant all on AA to test with GRANT option;Test will operate SYS again. The AA table has permission to grant Test2: it will succeed;Grant SELECT on sys. AA to Test2;SYS recycles test for sys. Update permissions for AA tables:revoke update on AA from test;SYS recycles test, test2 all permissions for the AA table:revoke all on AA from Test, test2;third, the role:
SYS view role,select * from Dba_roles;
To create a role:
Create role Role_aa;
Grant this role some permissions:
Grant SELECT, UPDATE, INSERT, delete on AA to ROLE_AA;
Assign this role to the test user:
Grant ROLE_AA to test;
Test User select * FROM sys. AA will be able to view the table;
For example, to create a new user, assign a DBA authority, the user has a lot of permissions; Create user Zhangsan identified by 123456 default Tablespace users;grant dba to Zhangs An
Oracle Learning Operations (7) Users, permissions, roles