今天发现一个用户上有很多特殊的系统权限,才想到是原来导dmp数据时,没有使用grants=n参数,
需要把这些系统权限删除
SQL> select * from dba_sys_privs p where p.grantee = 'LCMID';
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
LCMID EXECUTE ANY RULE NO
LCMID SELECT ANY TABLE NO
LCMID DEQUEUE ANY QUEUE NO
LCMID DROP ANY RULE SET NO
LCMID ENQUEUE ANY QUEUE NO
LCMID EXECUTE ANY RULE SET NO
LCMID CREATE SECURITY PROFILE NO
LCMID DROP ANY SECURITY PROFILE NO
LCMID DROP ANY EVALUATION CONTEXT NO
LCMID EXECUTE ANY EVALUATION CONTEXT NO
已选择10行。
SQL> revoke execute any rule from lcmid;
revoke execute any rule from lcmid
*
ERROR 位于第 1 行:
ORA-00990: 缺少或无效权限
SQL> exec dbms_resource_manager_privs.revoke_system_privilege(REVOKEE_NAME => 'LCMID', PRIVILEGE_NAME => 'EXECUTE ANY RULE');
BEGIN dbms_resource_manager_privs.revoke_system_privilege(REVOKEE_NAME => 'LCMID', PRIVILEGE_NAME => 'EXECUTE ANY RULE'); END;
*
ERROR 位于第 1 行:
ORA-29398: 指定的权限名无效
ORA-06512: 在"SYS.DBMS_SYS_ERROR", line 79
ORA-06512: 在"SYS.DBMS_RESOURCE_MANAGER_PRIVS", line 16
ORA-06512: 在"SYS.DBMS_RESOURCE_MANAGER_PRIVS", line 69
ORA-06512: 在line 1
使用TOAD查看,得到如下赋权限的脚本
DBMS_RULE_ADM.GRANT_SYSTEM_PRIVILEGE(
PRIVILEGE => SYS.DBMS_RULE_ADM.DROP_ANY_EVALUATION_CONTEXT,
GRANTEE => 'LCMID',
GRANT_OPTION => FALSE);
使用revoke方法:
EXEC DBMS_RULE_ADM.revoke_system_privilege(privilege => sys.dbms_rule_adm.EXECUTE_ANY_RULE,revokee => 'LCMID');
阅读(1423) | 评论(0) | 转发(0) |