之前不是很明白加密角色的作用,今天查了一些資料發現加密角色可以以非default角色授予一個使用者,只有在需要的時候再進行啟用。一些比較敏感的許可權在平時的工作中基本用不到,為了防止誤操作完全可以把這些許可權單獨授予一個角色,只有在有需要的時候進行啟用。還有就是對同一使用者組的使用者可以有一些許可權上的分割,不知道加密角色密碼的人無法啟用這方面的許可權。
下面進行實驗:
首先建立兩個角色r_cs和r_select,並且授予相應的許可權:
SYS@ORCL>create role r_cs;
Role created.
SYS@ORCL>grant create session to r_cs;
Grant succeeded.
SYS@ORCL>create role r_select identified by r_select;
Role created.
SYS@ORCL>grant select on dba_objects to r_select;
Grant succeeded.
建立使用者test,將r_cs和r_select都授予它,並將r_cs置為default role(default role也可以有多個):
SYS@ORCL>create user test identified by test;
User created.
SYS@ORCL>grant r_cs,r_select to test;
Grant succeeded.
SYS@ORCL>alter user test default role r_cs;
User altered.
這時候我們通過test使用者串連後查詢dba_objects的資料:
SYS@ORCL>conn test/test
Connected.
EST@ORCL>select count(*) from dba_objects;
select count(*) from dba_objects
*
ERROR at line 1:
ORA-00942: table or view does not exist
會發現無法查詢,這時候我們啟用r_select角色,然後再進行查詢:
TEST@ORCL>set role r_select identified by r_select;
Role set.
TEST@ORCL>select count(*) from dba_objects;
COUNT(*)
----------
50327
本欄目更多精彩內容:http://www.bianceng.cnhttp://www.bianceng.cn/database/Oracle/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
