oracle 同义词和基础表的访问权限
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/36767902/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Access right on synonym and underlying table
提问by Kenny
1/ How are privileges on synonyms and underlying objects related ? If one has rights on synonym, would he automatically has rights on the table and vice versa ?
1/ 同义词和底层对象的权限如何相关?如果一个人拥有同义词的权利,他是否会自动拥有桌子上的权利,反之亦然?
Oraclesays
甲骨文说
When you grant object privileges on a synonym, you are really granting privileges on the underlying object, and the synonym is acting only as an alias for the object in the GRANT statement
当您授予对同义词的对象权限时,您实际上是在授予对底层对象的权限,而同义词仅充当 GRANT 语句中对象的别名
which means privilege on synonym is enough. That will bypass table privilege.
这意味着对同义词的特权就足够了。这将绕过表特权。
Another sourcesays that access right on table is enough and synonym privilege has no meaning.
另一个消息来源说,表上的访问权限就足够了,同义词特权没有意义。
Does it mean either privilege on the synonym or the underlying table is enough ?
这是否意味着对同义词或基础表的特权就足够了?
2/ Is the behavior the same for private and public synonym. I haven't really seen an example of granting privileges on synonyms for a user to "see/access". How to grant privilege on private synonyms to a user ?
2/ 私有和公共同义词的行为是否相同。我还没有真正看到授予用户“查看/访问”同义词权限的示例。如何向用户授予私有同义词的权限?
回答by Bob Jarvis - Reinstate Monica
Both the Oracle docs and the message you referred to say exactly the same thing. Privileges are not granted on a synonym. When you attempt to grant privileges on a synonym the database actually performs the grant on the object referred to by the synonym. Thus, it makes no difference if the synonym is public or private because the actual grant is made on the object referred to by the synonym.
Oracle 文档和您提到的消息都说的是完全相同的事情。不对同义词授予特权。当您尝试授予对同义词的权限时,数据库实际上会对该同义词所引用的对象执行授权。因此,同义词是公共的还是私有的没有区别,因为实际授权是在同义词所引用的对象上进行的。
Best of luck.
祝你好运。
EDIT
编辑
Let's demonstrate what happens:
让我们演示一下会发生什么:
-- Logged in as user BOB2
CREATE TABLE RPJ_TEST (N NUMBER);
SELECT *
FROM DBA_TAB_PRIVS
WHERE TABLE_NAME = 'RPJ_TEST';
-- the above statement returns no rows
CREATE SYNONYM RPJ_TEST_SYN -- create synonym
FOR RPJ_TEST;
SELECT *
FROM DBA_TAB_PRIVS
WHERE TABLE_NAME = 'RPJ_TEST';
-- the above statement returns no rows
GRANT SELECT ON RPJ_TEST TO BOB; -- grant on table
SELECT *
FROM DBA_TAB_PRIVS
WHERE TABLE_NAME = 'RPJ_TEST';
-- the above statement returns
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY
BOB BOB2 RPJ_TEST BOB2 SELECT NO NO
GRANT UPDATE ON RPJ_TEST_SYN TO BOB2; -- grant "on synonym" actually performs grant on table
SELECT *
FROM DBA_TAB_PRIVS
WHERE TABLE_NAME = 'RPJ_TEST';
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTABLE HIERARCHY
BOB BOB2 RPJ_TEST BOB2 SELECT NO NO
BOB BOB2 RPJ_TEST BOB2 UPDATE NO NO
Note that after the grant on the synonym RPJ_TEST_SYN the privileges granted on the table referred to by the synonym had been changed.
请注意,在授予同义词 RPJ_TEST_SYN 之后,授予同义词引用的表的权限已更改。
回答by ArtBajji
From Oracle Doc "A public synonym is owned by the special user group named PUBLIC and is accessible to every user in a database. A private synonym is contained in the schema of a specific user and available only to the user and to grantees for the underlying object."
来自 Oracle Doc “公共同义词归名为 PUBLIC 的特殊用户组所有,数据库中的每个用户都可以访问。私有同义词包含在特定用户的架构中,并且仅对用户和底层的被授权者可用目的。”
With a public synonym PUBS on TABLE X of Schema B, User A can access User B's table X. With a private synonym PVTS on TABLE Y of Schema B, User A cannot access User B's table Y unless access is granted explicitly as mentioned above.
使用模式 B 的表 X 上的公共同义词 PUBS,用户 A 可以访问用户 B 的表 X。使用模式 B 的表 Y 上的私有同义词 PVTS,除非如上所述明确授予访问权限,否则用户 A 无法访问用户 B 的表 Y。
Check OracleDoc
