sys@TEST0924> create user SKD identified by SKD;

User created.

sys@TEST0924> grant connect,resource to SKD;

Grant succeeded.

sys@TEST0924> create role MGR_ROLE;

Role created.

sys@TEST0924> grant create role to MGR_ROLE;

Grant succeeded.

sys@TEST0924> grant create user to MGR_ROLE;

Grant succeeded.

sys@TEST0924> grant select any table to MGR_ROLE;

Grant succeeded.

查dba_sys_privs、dba_role_privs,dba_tab_privs三个视图看用户到底有哪些权限

sys@TEST0924>select * fromdba_role_privs where  grantee='MGR_ROLE';

no rows selected

sys@TEST0924> select * fromrole_sys_privs where role='MGR_ROLE';

ROLE                          PRIVILEGE                              ADM

---------------------------------------------------------------------- ---

MGR_ROLE                      SELECT ANY TABLE                        NO

MGR_ROLE                      CREATE ROLE                            NO

MGR_ROLE                      CREATE USER                            NO

sys@TEST0924> select * fromrole_tab_privs where role='MGR_ROLE';

no rows selected

WITH ADMINOPTION的意思是被授予该权限的用户有权将某个权限(如MGR_ROLE)授予其他用户或角色，取消是不级联的。

sys@TEST0924> GRANT MGR_ROLE TO SKDWITH ADMIN OPTION;

Grant succeeded.

sys@TEST0924> create user user1identified by test1;

User created.

sys@TEST0924> grant create session touser1;

Grant succeeded.

skd@TEST0924> grant MGR_ROLE to user1;

Grant succeeded.

skd@TEST0924> grant create user to user1;

grant create user to user1

*

ERROR at line 1:

ORA-01031: insufficient privileges

1、hr将DML操作emp表的权限给scott，并且scott有传递权限。

hr@TEST0910> grant select,insert,updateon employees to scott with grant option;

Grant succeeded.

hr@TEST0910> conn /as sysdba

Connected.

sys@TEST0910> create user jimidentified by jim;

User created.

2、scott将此权限传递给jim。

sys@TEST0910> conn scott/tiger

Connected.

scott@TEST0910> grantselect,insert,update on hr.employees to jim;

Grant succeeded.

3、hr想将jim的权限收回，出错。

scott@TEST0910> conn hr/hr

Connected.

hr@TEST0910> revokeselect,insert,update on employees from jim;

revoke select,insert,update on employeesfrom jim

*

ERROR at line 1:

ORA-01927: cannot REVOKE privileges you did not grant

4、DBA将连接数据库权限给jim，jim登陆，可以访问hr的表。

hr@TEST0910> conn jim/jim

ERROR:

ORA-01045: user JIM lacks CREATE SESSIONprivilege; logon denied

Warning: You are no longer connected toORACLE.

hr@TEST0910> conn /as sysdba

Connected.

sys@TEST0910> grant create session to jim;

Grant succeeded.

sys@TEST0910> conn jim/jim

Connected.

jim@TEST0910> select * fromhr.employees;

EMPLOYEE_IDFIRST_NAME          LAST_NAME                EMAIL

----------- --------------------------------------------- -------------------------

PHONE_NUMBER        HIRE_DATE JOB_ID         SALARYCOMMISSION_PCT MANAGER_ID DEPARTMENT_ID

-------------------- --------- -------------------- -------------- ---------- -------------

198Donald              OConnell                 DOCONNEL

650.507.9833        21-JUN-07 SH_CLERK        2600

5、当hr把DML操作emp表操作的权限从scott收回后，jim无法访问hr的表了。

jim@TEST0910> conn hr/hr

Connected.

hr@TEST0910> revokeselect,insert,update on employees from scott;

Revoke succeeded.

hr@TEST0910> conn jim/jim

Connected.

jim@TEST0910> select * fromhr.employees;

select * from hr.employees

*

ERROR at line 1:

ORA-00942: table or view does not exist