在 Oracle 中将一个用户的权限授予另一个用户
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16682760/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Grant permission from one user to another in Oracle
提问by Srivatsan Nallazhagappan
I want to know how to grant permission of all database objects a particular user has access to to another user.
我想知道如何将特定用户有权访问的所有数据库对象的权限授予另一个用户。
To illustrate, there are four users in Oracle database: A, B, C, and D.
举例说明,Oracle 数据库中有四个用户:A、B、C 和 D。
- User A does not own any objects, but has access to certain objects in B and C.
- Users B and C own some objects, but also have access to other database objects in B, C, and D.
- 用户 A 不拥有任何对象,但可以访问 B 和 C 中的某些对象。
- 用户 B 和 C 拥有一些对象,但也可以访问 B、C 和 D 中的其他数据库对象。
Now I want the user A to have all the privileges that the user B and C have (some of them A would have already).
现在我希望用户 A 拥有用户 B 和 C 拥有的所有权限(其中一些 A 已经拥有)。
What is the proper way to do this. Should I use query or procedure? Should this procedure be run always with login of database object owner? For example, B has access to some object in D, can B give grant permission of D's object to A?
这样做的正确方法是什么。我应该使用查询还是过程?此过程是否应该始终以数据库对象所有者的登录名运行?例如,B 可以访问 D 中的某个对象,B 是否可以将 D 的对象的权限授予 A?
回答by Yasir Arsanukaev
You can group system and object privileges using roles and then assign those roles to users and other roles. This way you can grant the privileges the roles contain to the users en masse, which simplifies the security administration (See "Privilege and Role Authorization"in Database Concepts).
您可以使用角色对系统和对象权限进行分组,然后将这些角色分配给用户和其他角色。通过这种方式,您可以将角色包含的权限授予全体用户,从而简化安全管理(请参阅数据库概念中的“权限和角色授权”)。
For example, B has access to some object in D, can B give grant permission of D's object to A?
例如,B 可以访问 D 中的某个对象,B 是否可以将 D 的对象的权限授予 A?
The user SCOTTcan grant the object privilege, system privilege, or a role to another user or role if he has been granted this privilege or role WITH ADMIN OPTIONor WITH GRANT OPTION. For example, the role select_hrhas privileges to query some tables owned by the user HR:
用户SCOTT可以将对象权限、系统权限或角色授予另一个用户或角色,如果他已被授予此权限或角色WITH ADMIN OPTION或WITH GRANT OPTION。例如,角色select_hr有权限查询用户拥有的一些表HR:
create role select_hr;
grant select on hr.employees to select_hr;
grant select on hr.departments to select_hr;
Now you can assign this role to SCOTTthis way:
现在您可以以SCOTT这种方式分配这个角色:
grant select_hr to scott with admin option;
SCOTTis now able to assign this role to other database users with or without admin option:
SCOTT现在可以使用或不使用管理选项将此角色分配给其他数据库用户:
grant select_hr to bob;
See "Granting a User Privileges and Roles"in Database Security Guide.
请参阅数据库安全指南中的“授予用户权限和角色”。
