81

我用的是Linux,Oracle10g。我创建了一个名为 test 的用户。并授予同一用户的创建会话和选择任何字典权限。

我还将 sysdba 和 sysoper 角色授予相同的用户。

现在我想显示授予用户的所有权限和角色。我发现了以下查询,但它仅显示创建会话和选择字典权限。

select privilege 
from dba_sys_privs 
where grantee='SAMPLE' 
order by 1;

请帮助解决问题。

谢谢

4

9 回答 9

73

除了 VAV 的回答,第一个在我的环境中最有用

select * from USER_ROLE_PRIVS where USERNAME='SAMPLE';
select * from USER_TAB_PRIVS where Grantee = 'SAMPLE';
select * from USER_SYS_PRIVS where USERNAME = 'SAMPLE';
于 2014-01-15T21:21:35.587 回答
69

看看http://docs.oracle.com/cd/B10501_01/server.920/a96521/privs.htm#15665

使用这些选择语句检查 USER_SYS_PRIVS、USER_TAB_PRIVS、USER_ROLE_PRIVS 表

SELECT * FROM USER_SYS_PRIVS; 
SELECT * FROM USER_TAB_PRIVS; 
SELECT * FROM USER_ROLE_PRIVS;
于 2013-02-25T12:01:43.800 回答
62

其他答案都不适合我,所以我写了自己的解决方案:

从 Oracle 11g 开始。

将 USER 替换为所需的用户名

授予角色:

SELECT * 
  FROM DBA_ROLE_PRIVS 
 WHERE GRANTEE = 'USER';

直接授予用户的权限:

SELECT * 
  FROM DBA_TAB_PRIVS 
 WHERE GRANTEE = 'USER';

授予用户的角色权限:

SELECT * 
  FROM DBA_TAB_PRIVS  
 WHERE GRANTEE IN (SELECT granted_role 
                     FROM DBA_ROLE_PRIVS 
                    WHERE GRANTEE = 'USER');

授予的系统特权:

SELECT * 
  FROM DBA_SYS_PRIVS 
 WHERE GRANTEE = 'USER';

如果要查找当前连接的用户,可以将表名中的 DBA 替换为 USER 并删除 WHERE 子句。

于 2016-04-01T02:52:44.887 回答
13

结合前面的建议来确定您的个人权限(即“用户”权限),然后使用:

-- your permissions
select * from USER_ROLE_PRIVS where USERNAME= USER;
select * from USER_TAB_PRIVS where Grantee = USER;
select * from USER_SYS_PRIVS where USERNAME = USER;

-- granted role permissions
select * from ROLE_ROLE_PRIVS where ROLE IN (select granted_role from USER_ROLE_PRIVS where USERNAME= USER);
select * from ROLE_TAB_PRIVS  where ROLE IN (select granted_role from USER_ROLE_PRIVS where USERNAME= USER);
select * from ROLE_SYS_PRIVS  where ROLE IN (select granted_role from USER_ROLE_PRIVS where USERNAME= USER);
于 2015-10-28T16:49:57.180 回答
10

如果通过某些角色将权限授予用户,则可以使用以下 SQL

select * from ROLE_ROLE_PRIVS where ROLE = 'ROLE_NAME';
select * from ROLE_TAB_PRIVS  where ROLE = 'ROLE_NAME';
select * from ROLE_SYS_PRIVS  where ROLE = 'ROLE_NAME';
于 2014-12-16T15:28:53.250 回答
3 
SELECT * 
FROM DBA_ROLE_PRIVS 
WHERE UPPER(GRANTEE) LIKE '%XYZ%';
于 2013-07-24T16:20:30.203 回答
1 
select * 
from ROLE_TAB_PRIVS 
where role in (
    select granted_role
    from dba_role_privs 
    where granted_role in ('ROLE1','ROLE2')
)
于 2014-01-15T09:16:57.563 回答
0

始终使 SQL 可重用:-:)

-- ===================================================
-- &role_name will be "enter value for 'role_name'".
-- Date:  2015 NOV 11.

-- sample code:   define role_name=&role_name
-- sample code:   where role like '%&&role_name%'
-- ===================================================


define role_name=&role_name

select * from ROLE_ROLE_PRIVS where ROLE = '&&role_name';
select * from ROLE_SYS_PRIVS  where ROLE = '&&role_name';


select role, privilege,count(*)
 from ROLE_TAB_PRIVS
where ROLE = '&&role_name'
group by role, privilege
order by role, privilege asc
;
于 2015-11-11T23:23:40.303 回答
0

我能够理解的唯一可见结果是首先与我想获得权限的用户联系,然后使用以下查询:

SELECT GRANTEE, PRIVILEGE, TABLE_NAME FROM USER_TAB_PRIVS;
于 2020-10-08T13:15:23.407 回答