Oracle批量賦權的方法可以實現一些特定的功能:兩個用戶,其中一個用戶A 沒有數據結構,實現通過用戶A訪問用戶B的所有數據,只有讀取數據的權限,看不到B用戶數據結構,只能查詢。
一、建立只讀用戶A:
- -- Create the user
- create user A
- identifIEd by ""
- default tablespace LMIS
- temporary tablespace LMIS
- profile DEFAULT;
二、授予A相應的權限(在有DBA權限用戶B下執行)
- grant create session to A;
- grant create synonym to A;
三、以擁有者B身份執行下面的語句(commit 窗口)
- set heading OFF;
- set feedback OFF;
- SPOOL c:\temp\A.SQL; --放文件的路徑
- SELECT 'create synonym '||tname||' for B.'||tname||';' FROM TAB;
- SPOOL OFF;
四、轉變為被賦權用戶A的身份,執行
- @c:\temp\A.SQL
五、賦予用戶A權限(在B用戶COMMIT窗口下執行)
- set heading OFF;
- set feedback OFF;
- SPOOL c:\grantA.SQL;
- SELECT 'grant select,insert,update,delete,REFERENCES,INDEX on ' ||
- TNAME || ' to A;'
- FROM TAB WHERE TABTYPE <>'VIEW'
- UNION ALL
- SELECT 'grant select,insert,update,deleteon ' || OBJECT_NAME ||
- ' to A;'
- FROM USER_OBJECTS
- WHERE OBJECT_TYPE = 'VIEW'
- UNION ALL
- SELECT 'grant EXECUTEon ' || OBJECT_NAME || ' to A;'
- FROM USER_OBJECTS
- WHERE OBJECT_TYPE = 'PROCEDURE'
- UNION ALL
- SELECT 'grant EXECUTEon ' || OBJECT_NAME || ' to A;'
- FROM USER_OBJECTS
- WHERE OBJECT_TYPE = 'FUNCTION'
- UNION ALL
- SELECT 'grant selecton ' || OBJECT_NAME || ' to A;'
- FROM USER_OBJECTS
- WHERE OBJECT_TYPE = 'SEQUENCE';
- SPOOL OFF;
六、執行腳本
- @c:\grantA.SQL;
