4

我在 oracle 中对模式、用户和功能 ID 感到困惑。让我们考虑一下我的两种不同情况

案例一:

让我们考虑 SCOTT@ORCL。如果我们认为 SCOTT 是用户。在单独创建用户时,它会创建一个模式。纠正我如果我错了。在这种情况下,当我们单独创建 SCOTT 用户时,会创建 SCOTT 模式。假设如果我们创建另一个模式说 X 。SCOTT 用户是否可以拥有 X 架构?

案例二:

让我们考虑SCOTT@ORCL。如果我们认为SCOTT 是单独的模式,即它是由模式命令单独创建的。如果是这样,那么没有任何将拥有它的用户,模式的用途是什么。

我听说 oracle 函数 ID 是一个将多个用户/模式(我不知道我是否可以将模式/用户放在这里)连接到数据库中的函数 ID。b/w oracle 功能 ID 与用户/模式有区别吗?

4

2 回答 2

9

Many people find this topic confusing, because we tend to bandy around USER and SCHEMA interchangeably, when they are in fact separate if related entities.

A schema is the collection of database objects owned by a user. When we create a user we create their schema at the same time. Initially their schema is empty.

It is easy to demonstrate that USER and SCHEMA are distinct, because we change the current schema in the session. This just means we can reference objects in another user's schema without prefixing them with the owner's name. 

SQL> desc t1
 Name                                      Null?    Type
 ----------------------------------------- -------- -------------
 ID                                                 NUMBER

SQL> alter session set current_schema=APC
  2  /

Session altered.

SQL> desc t1
ERROR:
ORA-04043: object t1 does not exist

SQL> sho user
USER is "X"
SQL>

In this case, either APC doesn't have a table called T1 or he hasn't granted it to X. The only way X can see her own table is to prefix it with her own name, or switch the current schema back to herself.

To answer your first question, the schema always has the same name as the user. So it is not possible for SCOTT to own schema X; schema X is owned by user X.

To answer your second question, it is impossible to create a schema without a user.

True, there is a CREATE SCHEMA command, but this requires the prior creation of the user. It is actually not creating a schema but creating several database objects. In effect it is more of a ADD OBJECTS TO SCHEMA command.

SQL> conn sys as sysdba
Enter password:
Connected.

SQL> create user x identified by x
  2  default tablespace users quota 10m on users
  3  /

User created.

SQL> grant create session, create table to x
  2  /

Grant succeeded.

SQL> conn x/x
Connected.

SQL> create schema authorization x
  2      create table t1 (id number)
  3      create table t2 (id number)
  4  /

Schema created.

SQL> select table_name from user_tables
  2  /

TABLE_NAME
------------------------------
T1
T2

SQL>

The CREATE SCHEMA command is pretty limited: we can create tables, views and indexes, and grant privileges on objects. The advantage of it is simply that we can create several objects in a single transaction, so that all the creates are rolled back if one fails. This is not possible when we run each create statement separately.

Not sure what you're thinking off when you mention "function ID". It's not a standard piece of Oracle functionality.

于 2011-08-04T12:59:25.537 回答
1

这并没有定义所有者和模式之间的区别。

但是我一直在为创建 N 个用户的想法而苦恼……当我希望这些用户中的每一个“消费”(又名,使用)一个模式时。

这个人展示了如何做到这一点(有N个用户......被“重定向”到一个单一的模式。

我也将粘贴他的代码,以防将来 URL 链接失效。

http://www.oracle-base.com/articles/misc/schema-owners-and-application-users.php

他有第二种“同义词”方法。但我只粘贴 CURRENT_SCHEMA 版本。再一次,我不相信这一点。我只是讨厌有人说“你的答案在这个链接上”并且 BOOM,链接已经死了。:<

..................................................... ……

(来自http://www.oracle-base.com/articles/misc/schema-owners-and-application-users.php

CURRENT_SCHEMA 方法

此方法使用 CURRENT_SCHEMA 会话属性自动将应用程序用户指向正确的模式。

首先,我们创建模式所有者和应用程序用户。

CONN sys/password AS SYSDBA

-- Remove existing users and roles with the same names.
DROP USER schema_owner CASCADE;
DROP USER app_user CASCADE;
DROP ROLE schema_rw_role;
DROP ROLE schema_ro_role;

-- Schema owner.
CREATE USER schema_owner IDENTIFIED BY password
  DEFAULT TABLESPACE users
  TEMPORARY TABLESPACE temp
  QUOTA UNLIMITED ON users;

GRANT CONNECT, CREATE TABLE TO schema_owner;

-- Application user.
CREATE USER app_user IDENTIFIED BY password
  DEFAULT TABLESPACE users
  TEMPORARY TABLESPACE temp;

GRANT CONNECT TO app_user;

请注意,应用程序用户可以连接,但没有任何表空间配额或创建对象的权限。

接下来,我们创建一些角色来允许读写和只读访问。

CREATE ROLE schema_rw_role;
CREATE ROLE schema_ro_role;

我们希望为我们的应用程序用户提供对模式对象的读写访问权限,因此我们授予相关角色。

GRANT schema_rw_role TO app_user;

我们需要确保应用程序用户的默认架构指向架构所有者,因此我们创建了一个 AFTER LOGON 触发器来为我们执行此操作。

CREATE OR REPLACE TRIGGER app_user.after_logon_trg
AFTER LOGON ON app_user.SCHEMA
BEGIN
  DBMS_APPLICATION_INFO.set_module(USER, 'Initialized');
  EXECUTE IMMEDIATE 'ALTER SESSION SET current_schema=SCHEMA_OWNER';
END;
/

现在我们准备在模式所有者中创建一个对象。

CONN schema_owner/password

CREATE TABLE test_tab (
  id          NUMBER,
  description VARCHAR2(50),
  CONSTRAINT test_tab_pk PRIMARY KEY (id)
);

GRANT SELECT ON test_tab TO schema_ro_role;
GRANT SELECT, INSERT, UPDATE, DELETE ON test_tab TO schema_rw_role;

请注意权限是如何授予相关角色的。没有这个,应用程序用户将看不到对象。我们现在有一个正常工作的模式所有者和应用程序用户。

SQL> CONN app_user/password
Connected.
SQL> DESC test_tab
 Name                                                  Null?    Type
 ----------------------------------------------------- -------- ------------------------------------
 ID                                                    NOT NULL NUMBER
 DESCRIPTION                                                    VARCHAR2(50)

SQL>

这种方法非常适合应用程序用户只是主模式的替代入口点,不需要自己的对象。

于 2012-08-01T19:24:57.047 回答