源自:http://www.eygle.com/archives/2005/03/sysopereioaaeei.html
缺省的SYSOPER可以起停数据库,但是不能查询数据字典。
$ sqlplus "/ as sysdba" SQL*Plus: Release 10.1.0.2.0 - Production on Fri Mar 25 17:20:49 2005 Copyright (c) 1982, 2004, Oracle. All rights reserved. Connected to: Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - 64bit Production With the Partitioning, OLAP and Data Mining options SYS AS SYSDBA on 25-MAR-05 >CREATE USER operator IDENTIFIED BY operator; User created. 授予dba,sysoper角色。 SYS AS SYSDBA on 25-MAR-05 >grant dba,sysoper to operator; Grant succeeded. |
以普通用户方式登录可以查询,因为具有DBA角色:
SYS AS SYSDBA on 25-MAR-05 >connect operator/operator
Connected.
OPERATOR on 25-MAR-05 >show user
USER is "OPERATOR"
OPERATOR on 25-MAR-05 >select count(*) from dba_users;
COUNT(*)
----------
12
|
以SYSOPER身份登录,实际上用户身份切换为PUBLIC,不能查询数据字典:
OPERATOR on 25-MAR-05 >connect operator/operator as sysoper;
Connected.
PUBLIC AS SYSOPER on 25-MAR-05 >select count(*) from dba_users;
select count(*) from dba_users
*
ERROR at line 1:
ORA-00942: table or view does not exist
PUBLIC AS SYSOPER on 25-MAR-05 >show user
USER is "PUBLIC"
|
但是此时有权启动数据库:
PUBLIC AS SYSOPER on 25-MAR-05 >shutdown immediate; Database closed. Database dismounted. ORACLE instance shut down. PUBLIC AS SYSOPER on 25-MAR-05 >startup ORACLE instance started. Database mounted. Database opened. |
可以单独授予SELECT ANY DICTIONARY,SELECT ANY TABLE权限给PUBLIC角色,这样sysoper身份登录用户同时就获得查询字典及表权限。
PUBLIC AS SYSOPER on 25-MAR-05 >connect / as sysdba
Connected.
SYS AS SYSDBA on 25-MAR-05 >grant SELECT ANY DICTIONARY,SELECT ANY TABLE to public;
Grant succeeded.
SYS AS SYSDBA on 25-MAR-05 >connect operator/operator
Connected.
OPERATOR on 25-MAR-05 >connect operator/operator as sysoper
Connected.
PUBLIC AS SYSOPER on 25-MAR-05 >select count(*) from dba_users;
COUNT(*)
----------
12
|
