个人头像

Oracle数据库作业:数据库安全管理

发表于2022-5-13  | 分类于秋风无言

今天换种写法:题目放在答案的上面,这样可能看起来方便些
(1)创建一个名为Tom的用户,采用口令认证方式,口令为Tom,默认表空间为USERS表空间,默认临时表空间为TEMP,在USERS表空间上配额为10MB,在BOOKTBS1表空间上的配额为50MB。 

create user Tom identified by Tom default tablespace users temporary tablespace temp quota 10m on users quota 50m on booktbs1;

(2)创建一个名为Joan的用户,采用口令认证方式,口令为Joan,默认表空间为BOOKTBS2表空间,默认临时表空间为TEMP,在USERS表空间上配额为10MB,在BOOKTBS2表空间上的配额为20MB。该用户的初始状态为锁定状态。

create user Joan identified by Joan default tablespace booktbs2 temporary tablespace temp quota 10m on users quota 20m on booktbs2 account lock;

(3)为方便数据库中用户的登录,为BOOKSALES数据库中所有用户授予CREATE SESSION系统权限。

grant create session to public;

(4)分别使用Tom用户和Joan用户登录BOOKSALES数据库,测试是否成功。

Conn Tom/Tom @booksales;
Conn Joan/Joan @booksales;

(5)为Joan用户账户解锁,并重新进行登录。

conn / as sysdba;
Alter user Joan account unlock;
Conn Joan/Joan @booksales;

(6)为Tom用户授予CREATE TABLE、CREATE VIEW系统权限,并可以进行权限传递;将图书销售系统中的各个表的SELECT、UPDATE、DELETE、INSERT对象权限授予Tom用户,也具有传递性。

Conn system/你的密码 @booksales;
Grant create table,create view to Tom with admin option;
Grant select,update,delete,insert on customers to Tom with grant option;
Grant select,update,delete,insert on publishers to Tom with grant option;
Grant select,update,delete,insert on books to Tom with grant option;
Grant select,update,delete,insert on orders to Tom with grant option;
Grant select,update,delete,insert on orderitem to Tom with grant option;
Grant select,update,delete,insert on promotion to Tom with grant option;


(7)Tom用户将图书销售系统中的customers表、publishers表、books表的查询权限以及CREATE VIEW、CREATE TABLE的系统权限授予Joan用户。
sql Conn Tom/Tom @booksales; Grant select on system.customers to Joan; Grant select on system.publishers to Joan; Grant select on system.books to Joan; Grant create table,create view to Joan;

我猜有人不清楚为什么要写成system.的写法,因此放一个链接

oracle 用户授权问题,提示授权成功,但是还是访问不到表

(8)Tom用户回收其授予Joan用户的CREATE VIEW的系统权限。

Conn Tom/Tom @booksales;
Revoke create view from Joan;

(9)利用system用户登录BOOKSALES数据库,回收Tom用户所有具有的CREATE TABLE系统权限以及在customers表、publishers表、books表上SELECT权限。

Conn system/你的密码 @booksales;
Revoke create table from Tom;
Revoke select on customers from Tom;
Revoke select on publishers from Tom;
Revoke select on books from Tom;

(10)分别查询Tom用户、Joan用户所具有的对象权限和系统权限详细信息。

Conn Tom/Tom @booksales;
select * from user_sys_privs;
select * from user_sys_privs;
Conn Joan/Joan @booksales;
select * from user_sys_privs;
select * from user_sys_privs;

(11)创建一个角色bs_role,将BOOKSALES数据库中books表的所有对象权限以及对customers表、publishers表、orders表的SELECT权限授予该角色。

Conn system/你的密码 @booksales;
create role bs_role not identified;
Grant select,update,delete,insert on system.books to bs_role;
Grant select on system.customers to bs_role;
Grant select on system.publishers to bs_role;
Grant select on system.orders to bs_role;

(12)将bs_role角色授予Joan用户,将CREATE SESSION、RESOURCE、bs_role角色授予Tom用户。

grant bs_role to Joan;
Grant create session,resource,bs_role to Tom;