1.创建测试环境
1.1.新建用户和表
CREATE USER monkey01 IDENTIFIED BY monkey01;
GRANT UNLIMITED TABLESPACE TO MONKEY01;
GRANT CREATE SESSION TO MONKEY01;
CREATE USER monkey02 IDENTIFIED BY monkey02;
GRANT CREATE SESSION TO MONKEY02;
CREATE TABLE MONKEY01.T01(ID NUMBER);
CREATE TABLE MONKEY.T01 (ID NUMBER);
1.2.创建视图
CREATE VIEW MONKEY.T AS SELECT * FROM MONKEY.T01 UNION ALL SELECT * FROM MONKEY01.T01;
2.测试
2.1.不赋权测试
使用MONKEY02用户登录后,访问MONKEY.T视图
2.2.赋予视图查询权限
使用MONKEY用户授予MONKEY02用户查询视图权限
GRANT SELECT ON MONKEY.T TO MONKEY02;
2.3.赋予基表查询权限给MONKEY02
MONKEY用户授予查询T01表权限给MONKEY02
GRANT SELECT ON MONKEY.T01 TO MONKEY02;
MONKEY01用户授予查询T01表权限给MONKEY02
GRANT SELECT ON MONKEY01.T01 TO MONKEY02;
MONKEY02查询视图
SELECT * FROM MONKEY.T;
MONKEY用户授予查询T视图权限给MONKEY02
GRANT SELECT ON MONKEY.T TO MONKEY02;
2.4.赋予基表查询权限给MONKEY01
先收回上一步赋予的权限
MONKEY01授予查询T01表权限给MONKEY
GRANT SELECT ON MONKEY01.T01 TO MONKEY;
MONKEY02查询视图
MONKEY授予查询MONKEY.T视图权限给MONKEY02
GRANT SELECT ON MONKEY.T TO MONKEY02;
2.5.赋予基表查询权限给MONKEY01并附加转授权限
先收回上一步的权限
MONKEY01授予查询T01表权限给MONKEY并附加选项
GRANT SELECT ON MONKEY01.T01 TO MONKEY WITH GRANT OPTION ;
MONKEY02查询视图
MONKEY授予查询MONKEY.T视图权限给MONKEY02
GRANT SELECT ON MONKEY.T TO MONKEY02;
MONKEY02查询视图成功
2.6.总结
MONKEY02需要查询视图MONKEY.T的权限
MONKEY.T下的基表有MONKEY.T01和MONKEY01.T01
因此MONKEY需要有MONKEY01.T01 SELECT的转授权限,在MONKEY02查询视图的时候将MONKEY01.T01的SELECT权限给MONKEY02