日期:2014-05-16 浏览次数:20427 次
转载请注明出处:http://blog.csdn.net/guoyjoe/article/details/11584537
正确答案A
实验测试
1、创建用户:SKD
gyj@OCM> create user SKD identified by SKD; User created.
2、授权
gyj@OCM> grant connect,resource to SKD; Grant succeeded.
3、根据题意创建角色MGR_ROLE
gyj@OCM> create role MGR_ROLE; Role created.
4、查询角色
gyj@OCM> select * from dba_role_privs where grantee='MGR_ROLE'; no rows selected gyj@OCM> select * from role_sys_privs where role='MGR_ROLE'; no rows selected gyj@OCM> select * from role_tab_privs where role='MGR_ROLE'; no rows selected
5、根据题意给角色MGR_ROLE授权
gyj@OCM> grant create role to MGR_ROLE; Grant succeeded. gyj@OCM> grant create user to MGR_ROLE; Grant succeeded. gyj@OCM> grant select any table to MGR_ROLE; Grant succeeded.
6、再次查询ROLE
gyj@OCM> select * from dba_role_privs where grantee='MGR_ROLE'; no rows selected gyj@OCM> select * from role_sys_privs where role='MGR_ROLE'; ROLE PRIVILEGE ADM ------------------------------ ---------------------------------------- --- MGR_ROLE SELECT ANY TABLE NO MGR_ROLE CREATE ROLE NO MGR_ROLE CREATE USER NO gyj@OCM> select * from role_tab_privs where role='MGR_ROLE'; no rows selected
7、利用OEM查,与题意吻合
8、用SKD用户登录查一下自己的当前权限
gyj@OCM> conn SKD/SKD Connected. skd@OCM> select * from session_privs; PRIVILEGE ---------------------------------------- CREATE SESSION UNLIMITED TABLESPACE CREATE TABLE CREATE CLUSTER CREATE SEQUENCE CREATE PROCEDURE CREATE TRIGGER CREATE TYPE CREATE OPERATOR CREATE INDEXTYPE 10 rows selected.
10、用WITHADMIN OPTION给SKD用户授权角色
WITH ADMIN OPTION的意思是被授予该权限的用户有权将某个权限(如MGR_ROLE)授予其他用户或角色,取消是不级联的。
gyj@OCM> GRANT MGR_ROLE TO SKD WITH ADMIN OPTION; Grant succeeded.
11、再次查SKD用户的当前权限,多出三条,即角色MGR_ROLE,就说现在SKD用户有13个系统权限。
skd@OCM> select * from session_privs; PRIVILEGE ---------------------------------------- CREATE SESSION UNLIMITED TABLESPACE CREATE USER CREATE TABLE SELECT ANY TABLE CREATE CLUSTER CREATE SEQUENCE CREATE ROLE CREATE PROCEDURE CREATE TRIGGER CREATE TYPE CREATE OPERATOR CREATE INDEXTYPE 13 rows selected.
12、建个用户a,并只授于CREATE SESSION 系统权限
gyj@OCM> create user a identified by a; User created. gyj@OCM> grant create session to a; Grant succeeded.
13、查当前a用户只有一个创建会话的权限
gyj@OCM> conn a/a Connected. a@OCM> select * from session_privs; PRIVILEGE ---------------------------------------- CREATE SESSION
答案A正确,能授于MGR_ROLE权限,但不能授于SKD用户下的其它权限,因为以上的第8步GRANT MGR_ROLE TO SKD WITH ADMIN OPTION;的操作加上了WITH ADMIN OPTION.
实验如下:
a@OCM> conn SKD/SKD Connected. skd@OCM> grant MGR_ROLE to a; Grant succeeded. skd@OCM> grant CREATE TABLE to a; grant CREATE TABLE to a * ERROR at l