允许用户访问 Oracle 中其他模式的正确方法
我在 Oracle 中有两个用户 Bob 和 Alice,这两个用户都是通过从 sqlplus 以 sysdba 身份运行以下命令创建的:
create user $blah identified by $password; grant resource, connect, create view to $blah;
我希望 Bob 能够完全访问 Alice 的架构(即所有表),但我不确定要运行什么授权,以及是以 sysdba 身份还是以 Alice 身份运行它。
我也很高兴听到有关参考资料的任何好的建议 - 似乎无法从 Internet 或我桌上的“Oracle Database 10g 完整参考”中获得对此问题的良好答案。
I have two users Bob and Alice in Oracle, both created by running the following commands as sysdba from sqlplus:
create user $blah identified by $password; grant resource, connect, create view to $blah;
I want Bob to have complete access to Alice's schema (that is, all tables), but I'm not sure what grant to run, and whether to run it as sysdba or as Alice.
Happy to hear about any good pointers to reference material as well -- don't seem to be able to get a good answer to this from either the Internet or "Oracle Database 10g The Complete Reference", which is sitting on my desk.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
AFAIK,您需要一次执行一项赠款对象。
通常,您会使用脚本来执行此操作,大致如下:
对于其他数据库对象也类似。
您可以在需要发出授权的每个模式中放置一个包,该包将通过 EXECUTE IMMEDIATE 执行每个 GRANT 语句的所有调用。
例如
AFAIK you need to do the grants object one at a time.
Typically you'd use a script to do this, something along the lines of:
And similar for other db objects.
You could put a package in each schema that you need to issue the grant from which will go through all call each GRANT statement via an EXECUTE IMMEDIATE.
e.g.
有很多事情需要考虑。 当您说访问时,是否要在表前添加其他用户名前缀? 您可以使用公共同义词,以便隐藏原始所有者(如果这是一个问题)。 然后授予同义词的权限。
您还想尽可能提前计划。 稍后,您是否希望 Frank 也能够访问 Alice 的架构? 您不希望必须重新授予 N 个表的权限。 使用数据库角色将是更好的解决方案。 例如,将选择权限授予角色“ALICE_TABLES”,当其他用户需要访问权限时,只需授予他们该角色的权限即可。 这有助于组织您在数据库内进行的资助。
There are many things to consider. When you say access, do you want to prefix the tables with the other users name? You can use public synonyms so that you can hide the original owner, if that is an issue. And then grant privs on the synonym.
You also want to plan ahead as best you can. Later, will you want Frank to be able to access Alice's schema as well? You don't want to have to regrant privileges on N number of tables. Using a database role would be a better solution. Grant the select to role "ALICE_TABLES" for example and when another user needs access, just grant them privilege to the role. This helps to organize the grants you make inside the DB.
如果您有不同的所有者,另一个解决方案:
Another solution if you have different owner: