oracle 用户 角色 权限

SQL> create user user1 identified by user1;

用户被创建

SQL> create user user2 identified by user2;

用户被创建

SQL> create role temp;

角色被创建

SQL> grant connect to temp with grant option;（预定义角色赋给自定义角色）

grant connect to temp with grant option

ORA-01939: 只能指定 ADMIN OPTION

SQL> grant connect to temp with admin option;

授予成功

SQL> grant temp to user1 with grant option;（自定义角色赋予用户）

grant temp to user1 with grant option

ORA-01939: 只能指定 ADMIN OPTION

SQL> grant temp to user1 with admin option;

授予成功

SQL> conn user1/user1;（user1可以登录）
已连接到 Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
已连接为 user1

SQL> conn system/cqstc;
已连接到 Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
已连接为 system

SQL> revoke connect from temp;

撤回成功

SQL> conn user1/user1;(user1不可以登陆，但有temp的角色，角色temp没有角色)
没有登录

SQL> select * from dba_role_privs where grantee='USER1';

GRANTEE                        GRANTED_ROLE                                       ADMIN_OPTION         DEFAULT_ROLE
------------------ ------------------------------                                   -----------               ------------
USER1                                  TEMP                                                          YES                         YES

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=

已连接到 Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
已连接为 system

SQL> SHOW user;
User is "system"

SQL> grant connect to temp with admin option;

授予成功

SQL> select * from dba_role_privs where grantee='USER1';

GRANTEE                        GRANTED_ROLE                   ADMIN_OPTION DEFAULT_ROLE
------------------------------ ------------------------------ ------------ ------------
USER1                          TEMP                           YES          YES
SQL> select * from dba_ROLE_privs where grantee='TEMP';

GRANTEE                        GRANTED_ROLE                   ADMIN_OPTION DEFAULT_ROLE
------------------------------ ------------------------------ ------------ ------------
TEMP                           CONNECT                        YES          YES

SQL> select * from dba_SYS_privs where grantee='TEMP';

GRANTEE                        PRIVILEGE                                ADMIN_OPTION
------------------------------ ---------------------------------------- ------------

SQL> select * from dba_SYS_privs where grantee='USER1';

GRANTEE                        PRIVILEGE                                ADMIN_OPTION
------------------------------ ---------------------------------------- ------------
SQL> select * from dba_SYS_privs where grantee='CONNECT';

GRANTEE                        PRIVILEGE                                ADMIN_OPTION
------------------------------ ---------------------------------------- ------------
CONNECT                        CREATE SESSION                           NO

 //都没有对象权限

 SQL> select * from dba_TAB_privs where grantee='CONNECT';

GRANTEE                        OWNER                          TABLE_NAME                     GRANTOR                        PRIVILEGE                                GRANTABLE HIERARCHY
------------------------------ ------------------------------ ------------------------------ ------------------------------ ----------------------------------------

SQL> select * from dba_TAB_privs where grantee='USER1';

GRANTEE                        OWNER                          TABLE_NAME                     GRANTOR                        PRIVILEGE                                GRANTABLE HIERARCHY
------------------------------ ------------------------------ ------------------------------ ------------------------------ ----------------------------------------
SQL> select * from dba_TAB_privs where grantee='TEMP';

GRANTEE                        OWNER                          TABLE_NAME                     GRANTOR                        PRIVILEGE                                GRANTABLE HIERARCHY
------------------------------ ------------------------------ ------------------------------ ------------------------------ ----------------------------------------

 SQL> conn user1/user1;（user1可以登录，有temp角色）
已连接到 Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
已连接为 user1

SQL> grant connect to user2;

授予成功

SQL> conn user2/user2;（user2可以登录）
已连接到 Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
已连接为 user2

SQL> select * from user_role_privs;

USERNAME                       GRANTED_ROLE                   ADMIN_OPTION DEFAULT_ROLE OS_GRANTED
------------------------------ ------------------------------ ------------ ------------ ----------
USER2                          CONNECT                        NO           YES          NO
SQL> conn system/cqstc;
已连接到 Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
已连接为 system

SQL> revoke connect from temp;

撤回成功

SQL> conn user1/user1;（user1不可以登录）
没有登录

SQL> conn user2/user2;（user2可以登录）
已连接到 Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
已连接为 user2

SQL> conn system/cqstc;
已连接到 Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
已连接为 system

SQL> revoke temp from user1;

撤回成功

SQL> conn user2/user2;（user2可以登录）
已连接到 Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
已连接为 user2

SQL> conn user1/user1;(USRE1不可以登陆)
没有登录

SQL> conn system/cqstc;
已连接到 Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
已连接为 system

SQL> select* from dba_role_privs where grantee='USER1';

GRANTEE                        GRANTED_ROLE                   ADMIN_OPTION DEFAULT_ROLE
------------------------------ ------------------------------ ------------ ------------

SQL> select* from dba_role_privs where grantee='TEMP';

GRANTEE                        GRANTED_ROLE                   ADMIN_OPTION DEFAULT_ROLE
------------------------------ ------------------------------ ------------ ------------

SQL> select* from dba_role_privs where grantee='USER2';

GRANTEE                        GRANTED_ROLE                   ADMIN_OPTION DEFAULT_ROLE
------------------------------ ------------------------------ ------------ ------------
USER2                          CONNECT                        NO           YES

SQL>