转载请注明出处:http://blog.csdn.net/guoyjoe/article/details/11663717
正确答案:A
启用角色
默认方式下,如果为用户授予了角色,则将启用角色。这意味着,在建立了连接用户账户的会话的时,将激活授予此角色的所有权限和其它角色。通过将角色设置为非默认来修改此行为。下面的查询接着前面给出的示例。显示已为SL_REP授予了什么角色。
1、创建用户SL_REP
gyj@OCM> create user SL_REP identified by SL_REP default tablespace users;
User created.
2、授权
gyj@OCM> grant resource,connect to SL_REP;
Grant succeeded.
gyj@OCM> grant SELECT_CATALOG_ROLE to SL_REP;
Grant succeeded.
3、查询用户SL_REP所有角色
gyj@OCM> select GRANTED_ROLE ,ADMIN_OPTION,DEFAULT_ROLE from dba_role_privs where grantee='SL_REP';
GRANTED_ROLE ADM DEF
------------------------------ --- ---
SELECT_CATALOG_ROLE NO YES
RESOURCE NO YES
CONNECT NO YES
已为SL_REP授予了RESOURCE/CONNECT/SELECT_CATALOG_ROLE角色。他不拥有这些角色的管理权限(因此不能将其传递给其他人),但每个角色都是默认的角色,每当连接时,将拥有这些角色。
我给这些角色设置为非默认的用如下命令:
gyj@OCM> alter user SL_REP default role none;
User altered.
gyj@OCM> select GRANTED_ROLE ,ADMIN_OPTION,DEFAULT_ROLE from dba_role_privs where grantee='SL_REP';
GRANTED_ROLE ADM DEF
------------------------------ --- ---
SELECT_CATALOG_ROLE NO NO
RESOURCE NO NO
CONNECT NO NO
gyj@OCM> conn SL_REP/SL_REP
ERROR:
ORA-01045: user SL_REP lacks CREATE SESSION privilege; logon denied
Warning: You are no longer connected to ORACLE.
果然非默认的是不能用的,需要激……
gyj@OCM> alter user SL_REP default role connect,resource;
User altered.
gyj@OCM> select GRANTED_ROLE ,ADMIN_OPTION,DEFAULT_ROLE from dba_role_privs where grantee='SL_REP';
GRANTED_ROLE ADM DEF
------------------------------ --- ---
SELECT_CATALOG_ROLE NO NO
RESOURCE NO YES
CONNECT NO YES
以上这个就是如上题所显示的结果:SL_REP用户授予了SELECT_CATALOG_ROLE 非默认的角色。
我们再来登录看会不会报错:
sys@OCM> conn SL_REP/SL_REP
Connected.
你看登录是可以了,看上面的视图也可以看出CONNECT是默认的角色了。
SELECT_CATALOG_ROLE是非默认角色,SL_REP是不用直接使用他的
SELECT_CATALOG_ROLE:拥有针对数据字典对象的2000多个对象权限,但没有系统权限或针对用户数据的权限.这对新管理员有用,这些人必须监视数据库并报告数据库情况,但看不到用户数据。
用以上实验再你证明,非默认的角需要激活才能使用,即要设为默认角色才能使用。
gyj@OCM> conn SL_REP/SL_REP
Connected.
sl_rep@OCM> select * from dba_objects;
select * from dba_objects
*
ERROR at line 1:
ORA-00942: table or view does not exist
sl_rep@OCM> conn / as sysdba
Connected.
gyj@OCM> alter user SL_REP default role connect,resource,SELECT_CATALOG_ROLE;
User altered.
gyj@OCM> conn SL_REP/SL_REP
Connected.
sl_rep@OCM> select * from dba_objects where rownum=1;
OWNER OBJECT_NAME SUBOBJECT_NAME OBJECT_ID DATA_OBJECT_ID OBJECT_TYPE CREATED LAST_DDL_TIM TIMESTAMP STATUS T G S NAMESPACE EDITION_NAME
------------------------------ -------------------------------------------------------------------------------------------------------------------------------- ------------------------------ ---------- -------------- ------------------- ------------ ------------ ------------------- ------- - - - ---------- ------------------------------
SYS ICOL$ 20 2 TABLE 17-SEP-11 17-SEP-11 2011-09-17:09:46:13 VALID N N N 1
sl_rep@OCM> select GRANTED_ROLE ,ADMIN_OPTION,DEFAULT_ROLE from dba_role_privs where grantee='SL_REP';
GRANTED_ROLE ADM DEF
------------------------------ --- ---
SELECT_CATALOG_ROLE NO YES
RESOURCE NO YES
CONNECT NO YES
答案B不正确,SL_REP不拥有这些角色的管理权限,因此不能将其传递给其他人。
答案C不正确,DBA拥有SELECT_CATALOG_ROLE角色,并授予了SL_REP这个角色,之后这个角色各自管自己的,跟DBA启用或关闭这个角色没关系,不影响SL_REP用户。
答案D不正确,非默认不能用,需要修改成默认才行。
分享到:
相关推荐
OCPOCA认证考试指南全册:Oracle Database 11g(1Z0-051,1Z0-052,1Z0-053) 共2部分:此为第002部分 基本信息 原书名: OCA/OCP Oracle Database 11g All-in-One Exam Guide with CD-ROM: Exams 1Z0-051, 1Z0-052...
1. 内嵌数据库一般是用sqlite进行轻量级管理的。网上可以下到sqlite-shell-win32-x86: sqlite3.exe 2. 为了方便命令行执行,将sqlite3.exe放到svn 项目的主目录下,和.svn目录同级下。 3. cmd进入该目录下,执行 ...
在运行查询SELECT * FROM V$SESSION 会出现ORA-29275:部分多字节字符的错误,这是什么原因开始我不得其解,网上也没有介绍什么好办法。本文给出答案。
padding:0 96px 0 0}#u1 .reg{display:none}#u1 a.pf,#u1 a.pf:visited{display:inline-block;float:left;color:#333;line-height:24px;font-size:13px;margin-left:20px;overflow:hidden;text-decoration:underline...
Applies to: Oracle Server - Enterprise Edition - Version: 10.2.0.4 to 11.1.0.6 ...NOTE:419871.1 - Failures due to "skgxpvfymmtu: process failed because of a resource problem in the OS" on 32-bit Linux
insert into truntab1 select * from SYS.TRUNTAB1$$2 第八步:验证数据是否完全恢复 select count(*) from truntab1; --72622 至此,truncate掉的数据成功恢复,并且此方法也可以恢复drop table ...
- FIX: Widget selection logic had a bug in it that would select the wrong widget in some cases. - FIX: Label "Max Lines" setting now works correctly with the "Shrink Content" overflow setting. - FIX: ...
qt.network.ssl: QSslSocket: cannot resolve TLSv1_1_client_method qt.network.ssl: QSslSocket: cannot resolve TLSv1_2_client_method qt.network.ssl: QSslSocket: cannot resolve TLSv1_1_server_method qt....
[ 3.968638] [mmc]: sdc2 set ios: clk 25000000Hz bm PP pm ON vdd 3.3V width 1 timing LEGACY(SDR12) dt B [ 3.968734] [mmc]: mclk 0xf1c20090 0xc100000b [ 3.989421] Bluetooth: BNEP filters: protocol ...
OCPOCA认证考试指南全册:Oracle Database 11g(1Z0-051,1Z0-052,1Z0-053) 共2部分:此为第001部分 基本信息 原书名: OCA/OCP Oracle Database 11g All-in-One Exam Guide with CD-ROM: Exams 1Z0-051, 1Z0-052...
Jan 15 2013 ----------- -- Next Common -- fixed: Bug fixes and internal tweaks. NextGrid v5.8 -- added: Count property to InsertRow method. fixed: Bug fixes and internal tweaks. NextDBGrid v5.8 -- ...
- New : Planner.Items.SelectAll method added - Improved : Handling of auto header sizing Update : TAdvCardList v2.2.2.0 - New : Swipe capability added Update : TAdvTreeView v1.1.0.6 - ...
1)....Added "ECC32TradeSpeedForMemory" option - defaults to 0/False, could be changed to 1 via Custom/Manual tab. This option will switch from fast-methods to slower methods, but which take less ...
NULL 博文链接:https://3w1h.iteye.com/blog/1211779
Laravel查询记录器 :memo: 一个开发工具,用于记录Laravel应用程序的所有查询。正在安装$ composer require overtrue/laravel-query-logger -vvv 当LOG_QUERY为true时,将启用Laravel查询记录器。用法$ tail -f ./...
Version 1.7 ----------- - ADD: Delphi/CBuilder 10.2 Tokyo now supported. - ADD: Delphi/CBuilder 10.1 Berlin now supported. - ADD: Delphi/CBuilder 10 Seattle now supported. - ADD: Delphi/CBuilder XE8 ...
不错的javascript地区联动,可以实现一级,二级,或多级联动,可根据自己需要调整.
HDP-GPL-3.1.4.0-centos7-gpl.tar.gz