Chinaunix首页 | 论坛 | 博客
  • 博客访问: 927706
  • 博文数量: 358
  • 博客积分: 8185
  • 博客等级: 中将
  • 技术积分: 3751
  • 用 户 组: 普通用户
  • 注册时间: 2008-10-15 16:27
个人简介

The views and opinions expressed all for my own,only for study and test, not reflect the views of Any Company and its affiliates.

文章分类

全部博文(358)

文章存档

2012年(8)

2011年(18)

2010年(50)

2009年(218)

2008年(64)

我的朋友

分类: Oracle

2009-08-13 15:21:20

/**/
Revoking system privileges from a user will not cascade to anyone
the revokee granted the same system privilege if he had been granted the
privilege WITH ADMIN OPTION.

Object privileges revoked from a user to whom they were granted
WITH GRANT OPTION will also be revoked from anyone the revokee
granted them to; i.e., the revoke will cascade.

It is not possible to grant object privileges to roles WITH GRANT OPTION

--Determining System Privileges Granted
• DBA_SYS_PRIVS for all system privileges granted to all users
• USER_SYS_PRIVS (for system privileges granted to the currently logged-on use

--Determining the Object Privileges Granted
• USER_TAB_PRIVS_MADE Object privileges the user has granted to others
on his schema objects
• USER_TAB_PRIVS_RECD Privileges granted to the user to objects in other
schemas
• ALL_TAB_PRIVS_MADE Object privileges the user has granted to others on
his and other schema objects
• ALL_TAB_PRIVS_RECD Privileges granted to the user to objects in his and
other schemas
• USER_COL_PRIVS_MADE Column privileges granted by the user to tables
in his schema
• USER_COL_PRIVS_RECD Column privileges granted to the user to columns
in tables in other schemas
• ALL_COL_PRIVS_MADE Column privileges granted by the user to tables in
his and other schemas
• ALL_COL_PRIVS_RECD Column privileges granted to the user to columns
in tables in his and other schemas

/*Creating and Managing Roles*/
With roles, there are no cascading revokes for object privileges
granted to roles, because you cannot grant object privileges to a role WITH GRANT
OPTION; the syntax is not allowed. However, you can grant a system privilege, or
another role, to a role WITH ADMIN OPTION.Doing so allows anyone granted the
role to grant those system privileges or roles to others.
--Dropping Roles
In order to drop a role, you must be the user who created the role, have been granted the DROP
ANY ROLE system privilege, or have been granted the role WITH ADMIN OPTION.

When you drop a role, any user or role to which the role being dropped has been
granted will have it revoked at the time the role is dropped

--Predefined Roles
Every Oracle 10g database, once created and once the CATPROC.SQL and CATALOG.SQL scripts are run, will include a number of predefined roles.

/*Profiles*/
--A user cannot himself change his active profile. Only the DBA can modify
a user’s profile or the profile limits.

CREATE PROFILE profile_name LIMIT
[SESSIONS_PER_USER value]
[CPU_PER_SESSION value]
[CPU_PER_CALL value]
[CONNECT_TIME value]
[IDLE_TIME value]
[LOGICAL_READS_PER_SESSION value]
[LOGICAL_READS_PER_CALL value]
[COMPOSITE_LIMIT value]
[PRIVATE_SGA bytes [K|M]]
--
In order to have a profile limit a user’s actions, you need to enable them by setting them in the parameter
file (SPFILE or INIT.ORA file) or by changing the value of the RESOURCE_LIMIT
initialization parameter to TRUE with the ALTER SYSTEM command.

--determine the currently configured profile values
DBA_PROFILES

阅读(545) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~