關于ORACLE賬號的權限問題,一般分為兩種權限:
??????????
????? 系統權限: 允許用戶執行特定的數據庫動作,如創建表、創建索引、創建存儲過程等
????? 對象權限: 允許用戶操縱一些特定的對象,如讀取視圖,可更新某些列、執行存儲過程等
像這種查看存儲過程定義的權限為對象權限,但是我們還是首先來看看關于存儲過程的系統權限吧:
SELECT * FROM SYSTEM_PRIVILEGE_MAP WHERE NAME LIKE?'%PROCEDURE%'; PRIVILEGE NAME?????????????????????????????????????? PROPERTY
????? -140 CREATE PROCEDURE????????????????????????????????? 0 CREATE?ANY?PROCEDURE????????????????????????????? 0 ALTER?ANY?PROCEDURE?????????????????????????????? 0 DROP?ANY?PROCEDURE??????????????????????????????? 0 EXECUTE?ANY?PROCEDURE???????????????????????????? 0 ANY?PROCEDURE?????????????????????????????? 0 6 rows selected. 如上所示,關于存儲過程的系統權限一般有六種: CREATE PROCEDURE、CREATE ANY PROCEDURE、 ALTER ANY PROCEDURE、DROP ANY PROCEDURE、 EXECUTE ANY PROCEDURE、DEBUG ANY PROCEDURE. 那么關于存儲過程的對象權限又有那些呢? 如下例子所示,在用戶ESCMUSER下創建存儲過程PROC_TEST
OR REPLACE PROCEDURE ESCMUSER.PROC_TEST BEGIN? 'It is only test');
END; 使用system用戶創建用戶TEMP,如下所示
create?user temp identified by temp; User created. SQL> grant?connect,resource to temp; Grant succeeded. 在用戶ESCMUSER下將存儲過程PROC_TEST的所有權限授予給用戶TEMP。 那么我們發現存儲過程的對象權限只有EXECUTE、DEBUG權限
SQL> GRANT ALL ON PROC_TEST TO TEMP;
SQL> COL GRANTEE FOR A12; FOR A30;
FOR A12;
FOR A8;
SELECT * FROM USER_TAB_PRIVS_MADE WHERE GRANTEE='TEMP'; GRANTEE????? TABLE_NAME????????????? GRANTOR????? PRIVILEGE?????????????? GRA HIE
TEMP???????? PROC_TEST??????????????? ESCMUSER???? DEBUG?????????????????? NO? NO EXECUTE???????????????? NO? NO SQL> 
?
將存儲過程PORC_TEST的權限從TEMP用戶收回,然后授予用戶TEMP關于存儲過程PROC_TEST的DEBUG權限
REVOKE?ALL?ON PROC_TEST FROM TEMP; SQL>GRANT DEBUG ON PROC_TEST TO TEMP; 那么TEMP用戶此時執行存儲過程報權限不足
SET SERVEROUT ON; EXEC escmuser.proc_test;
begin escmuser.proc_test; end; ORA-06550: line 2, column 16: ORA-06550: line 2, column 7: SELECT * FROM ALL_SOURCE WHERE NAME='PROC_TEST'
所以,只需要授予存儲過程的DEBUG權限給某個用戶,就可以實現只授予用戶查看存儲過程定義的權限,而限制用戶修改、執行存儲過程。從而達到只授權用戶查看存儲過程定義的權限。
...)
