|
19.04.2017, 13:03
#39440848
Ссылка:
Ссылка на сообщение:
Ссылка с названием темы:
Ссылка на профиль пользователя:
|
|
|
Участник
Сообщения: 30 360
Рейтинг:
0
/ 0
|
|
|
|
При наличии невключенной роли DBA (и, в частности, в хранимом коде с AUTHID DEFINER) пользователю необязательно было иметь WITH ADMIN OPTION на системную привилегию, чтобы грантовать её:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
create user tst_grantor identified by tst_grantor;
grant create session, create user, dba to tst_grantor;
--grant create session, create user to tst_grantor with admin option;
connect tst_grantor/tst_grantor
define _O_VERSION
set role none;
col username for a30
select * from user_sys_privs;
create user tst_grantee identified by tst_grantee;
grant create session to tst_grantee;
grant create user to tst_grantee;
<=11g 1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
Elic@elic11>; create user tst_grantor identified by tst_grantor;
User created.
Elic@elic11>; grant create session, create user, dba to tst_grantor identified by tst_grantor;
Grant succeeded.
Elic@elic11>; --grant create session, create user to tst_grantor with admin option;
Elic@elic11>; connect tst_grantor/tst_grantor
Connected.
Среда 19.04.2017 12:39:40, User: TST_GRANTOR@elic11, DB: Elic11@ELIC(::1)
Tst_Grantor@elic11>; define _O_VERSION
DEFINE _O_VERSION = "Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options" (CHAR)
Tst_Grantor@elic11>; set role none;
Role set.
Tst_Grantor@elic11>; col username for a30
Tst_Grantor@elic11>; select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
TST_GRANTOR UNLIMITED TABLESPACE NO
TST_GRANTOR CREATE USER NO
TST_GRANTOR CREATE SESSION NO
3 rows selected.
Tst_Grantor@elic11>; create user tst_grantee identified by tst_grantee;
User created.
Tst_Grantor@elic11>; grant create session to tst_grantee;
Grant succeeded.
Tst_Grantor@elic11>; grant create user to tst_grantee;
Grant succeeded.
В 12с этo прикрыли: 12c 1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
Elic@elic12>; create user tst_grantor identified by tst_grantor;
User created.
Elic@elic12>; grant create session, create user, dba to tst_grantor identified by tst_grantor;
Grant succeeded.
Elic@elic12>; --grant create session, create user to tst_grantor with admin option;
Elic@elic12>; connect tst_grantor/tst_grantor
Connected.
Среда 19.04.2017 12:46:38, User: TST_GRANTOR@elic12, DB: Elic12@ELIC(::1)
Tst_Grantor@elic12>; define _O_VERSION
DEFINE _O_VERSION = "Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options" (CHAR)
Tst_Grantor@elic12>; set role none;
Role set.
Tst_Grantor@elic12>; col username for a30
Tst_Grantor@elic12>; select * from user_sys_privs;
USERNAME PRIVILEGE ADM COM
------------------------------ ---------------------------------------- --- ---
TST_GRANTOR UNLIMITED TABLESPACE NO NO
TST_GRANTOR CREATE USER NO NO
TST_GRANTOR CREATE SESSION NO NO
3 rows selected.
Tst_Grantor@elic12>; create user tst_grantee identified by tst_grantee;
User created.
Tst_Grantor@elic12>; grant create session to tst_grantee;
grant create session to tst_grantee
*
ERROR at line 1:
ORA-01031: insufficient privileges
Tst_Grantor@elic12>; grant create user to tst_grantee;
grant create user to tst_grantee
*
ERROR at line 1:
ORA-01031: insufficient privileges
|
|
|
