Manipulation Role Et Privs

SQL> conn system/manager
Connecté.
=======SYSTEM
SQL> create role r_session;

Rôle créé.
SQL> grant create session to r_session with admin option;

Autorisation de privilèges (GRANT) acceptée.
SQL> create user r_user1 identified by r_user1;

Utilisateur créé.

Utilisateur créé.
SQL> grant r_session to r_user1;

SQL> conn r_user1/r_user1

Connecté.
=======R_USER1
SQL> grant r_session to r_user2;

ERREUR à la ligne 1 :
ORA-01932: option ADMIN non accordée pour rôle 'R_SESSION'
SQL> grant create session to r_user2;


Connecté.
=======R_USER2

Connecté.
=======SYSTEM
SQL> grant select on hr.employees to r_user1 with grant option;


Connecté.
=======R_USER1
SQL> select count(*) from hr.employees;

COUNT(*)
----------
104
1/4
SQL> grant select on hr.employees to r_user2;

Connecté.
=======R_USER2

COUNT(*)
----------
104

Connecté.
=======SYSTEM
SQL> desc dba_tab_privs

Nom
-------------------------------
GRANTEE
OWNER
TABLE_NAME
GRANTOR
PRIVILEGE
GRANTABLE
HIERARCHY
SQL> select * from dba_tab_privs where grantee in ('R_USER1','R_USER2');

GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRA
--------------------------------------------------------------------------------------------------------
R_USER2 HR EMPLOYEES R_USER1 SELECT NO
R_USER1 HR EMPLOYEES HR SELECT YES
SQL> revoke select on hr.employees from r_user1;

Suppression de privilèges (REVOKE) acceptée.
SQL> select * from dba_tab_privs where grantee in ('R_USER1','R_USER2');

aucune ligne sélectionnée
SQL> conn r_user1/r_user1;

Connecté.
=======R_USER1

ORA-01031: privilèges insuffisants
SQL> conn r_user1/r_user_2

Connecté.
=======R_USER1
2/4

Connecté.
=======SYSTEM
SQL> revoke create session from r_user1;

ORA-01952: privilèges du système non accordés à 'R_USER1'
SQL> revoke r_session from r_user1;


ORA-01045: user R_USER1 lacks CREATE SESSION privilege; logon denied
Avertissement : vous n'êtes plus connecté à ORACLE.

Connecté.
=======R_USER2

Connecté.
=======SYSTEM

Utilisateur créé.


SQL> grant select on hr.employees to public;


Connecté.
=======R_USER1

COUNT(*)
----------
104
Connecté.
=======R_USER2
3/4
COUNT(*)
----------
104

Connecté.
=======R_USER3

COUNT(*)
----------
104

Connecté.
=======SYSTEM
SQL> revoke select on hr.employees from public;


Connecté.
=======R_USER3

4/4

Manipulation Role Et Privs

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Manipulation Role Et Privs

Transféré par

Droits d'auteur :

Formats disponibles

SQL> conn system/manager

SQL> create role r_session;

SQL> grant create session to r_session with admin option;

SQL> create user r_user1 identified by r_user1;

SQL> create user r_user2 identified by r_user2;

SQL> grant r_session to r_user1;

SQL> conn r_user1/r_user1

SQL> grant r_session to r_user2;

SQL> grant create session to r_user2;

SQL> conn r_user2/r_user2

SQL> conn system/manager

SQL> grant select on hr.employees to r_user1 with grant option;

SQL> conn r_user1/r_user1

SQL> select count(*) from hr.employees;

SQL> conn r_user2/r_user2

SQL> select count(*) from hr.employees;

SQL> conn system/manager

SQL> desc dba_tab_privs

SQL> select * from dba_tab_privs where grantee in ('R_USER1','R_USER2');

SQL> revoke select on hr.employees from r_user1;

SQL> select * from dba_tab_privs where grantee in ('R_USER1','R_USER2');

SQL> conn r_user1/r_user1;

SQL> select count(*) from hr.employees;

SQL> conn r_user1/r_user_2

SQL> conn system/manager

SQL> revoke create session from r_user1;

SQL> revoke r_session from r_user1;

SQL> conn r_user1/r_user1

SQL> conn r_user2/r_user_2

SQL> conn system/manager

SQL> create user r_user3 identified by r_user3;

SQL> grant create session to r_user3;

SQL> grant create session to r_user1;

SQL> grant select on hr.employees to public;

SQL> conn r_user1/r_user_2

SQL> select count(*) from hr.employees;

SQL> conn r_user3/r_user3

SQL> select count(*) from hr.employees;

SQL> conn system/manager

SQL> revoke select on hr.employees from public;

SQL> conn r_user3/r_user3

SQL> select count(*) from hr.employees;

Vous aimerez peut-être aussi