一、数据库管理员
1、sys与system的区别(用实例说明)
在第一讲说过下面两句话: (1)sys用户是超级用户,具有最高权限,具有dba的角色和sysdba、sysoper数据库管理特殊权限,所有 oracle 的数据字典的基表和视图都存放在sys 用户中,这些基表和视图对于 oracle 的运行是至关重要的,由数据库自己维护,任何用户都不能手动更改,sys有创建create database的权限。 (2)system用户是管理操作员,权限一样很大具有dba角色,没有创建create database的权限。SQL> select * from dba_roles where role='DBA'; ROLE PASSWORD_REQUIRED ------------------------------ ----------------- DBA NOdba_roles是查询所有 系统角色,从结果上看DBA是系统角色,不是权限,同样dba_roles中没有sysdba和sysoper说明这两个不是角色。
SQL> select * from dba_role_privs where granted_role='DBA' and (grantee='SYS' or grantee='SYSTEM'); GRANTEE GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE ------------------------------ ------------------------------ ------------ ------------ SYS DBA YES YES SYSTEM DBA YES YESDBA_ROLE_PRIVS是查询所有用户或角色对应的角色,从结果上看sys和system都有DBA的角色。
SQL> select * from v$pwfile_users; USERNAME SYSDBA SYSOPER ------------------------------ ------ ------- SYS TRUE TRUE
SQL> select * from system_privilege_map;
PRIVILEGE NAME PROPERTY
---------- ---------------------------------------- ----------
-3 ALTER SYSTEM 0
-4 AUDIT SYSTEM 0
-5 CREATE SESSION 0
-6 ALTER SESSION 0
-7 RESTRICTED SESSION 0
-10 CREATE TABLESPACE 0
-11 ALTER TABLESPACE 0
-12 MANAGE TABLESPACE 0
-13 DROP TABLESPACE 0
-15 UNLIMITED TABLESPACE 0
-20 CREATE USER 0
-21 BECOME USER 0
-22 ALTER USER 0
-23 DROP USER 0
-30 CREATE ROLLBACK SEGMENT 0
-31 ALTER ROLLBACK SEGMENT 0
-32 DROP ROLLBACK SEGMENT 0
-40 CREATE TABLE 0
-41 CREATE ANY TABLE 0
-42 ALTER ANY TABLE 0
PRIVILEGE NAME PROPERTY
---------- ---------------------------------------- ----------
-43 BACKUP ANY TABLE 0
-44 DROP ANY TABLE 0
-45 LOCK ANY TABLE 0
-46 COMMENT ANY TABLE 0
-47 SELECT ANY TABLE 0
-48 INSERT ANY TABLE 0
-49 UPDATE ANY TABLE 0
-50 DELETE ANY TABLE 0
-60 CREATE CLUSTER 0
-61 CREATE ANY CLUSTER 0
-62 ALTER ANY CLUSTER 0
-63 DROP ANY CLUSTER 0
-71 CREATE ANY INDEX 0
-72 ALTER ANY INDEX 0
-73 DROP ANY INDEX 0
-80 CREATE SYNONYM 0
-81 CREATE ANY SYNONYM 0
-82 DROP ANY SYNONYM 0
-83 SYSDBA 0
-84 SYSOPER 0
-85 CREATE PUBLIC SYNONYM 0
PRIVILEGE NAME PROPERTY
---------- ---------------------------------------- ----------
-86 DROP PUBLIC SYNONYM 0
-90 CREATE VIEW 0
-91 CREATE ANY VIEW 0
-92 DROP ANY VIEW 0
-105 CREATE SEQUENCE 0
-106 CREATE ANY SEQUENCE 0
-107 ALTER ANY SEQUENCE 0
-108 DROP ANY SEQUENCE 0
-109 SELECT ANY SEQUENCE 0
-115 CREATE DATABASE LINK 0
-120 CREATE PUBLIC DATABASE LINK 0
-121 DROP PUBLIC DATABASE LINK 0
-125 CREATE ROLE 0
-126 DROP ANY ROLE 0
-127 GRANT ANY ROLE 0
-128 ALTER ANY ROLE 0
-130 AUDIT ANY 0
-135 ALTER DATABASE 0
-138 FORCE TRANSACTION 0
-139 FORCE ANY TRANSACTION 0
-140 CREATE PROCEDURE 0
PRIVILEGE NAME PROPERTY
---------- ---------------------------------------- ----------
-141 CREATE ANY PROCEDURE 0
-142 ALTER ANY PROCEDURE 0
-143 DROP ANY PROCEDURE 0
-144 EXECUTE ANY PROCEDURE 0
-151 CREATE TRIGGER 0
-152 CREATE ANY TRIGGER 0
-153 ALTER ANY TRIGGER 0
-154 DROP ANY TRIGGER 0
-160 CREATE PROFILE 0
-161 ALTER PROFILE 0
-162 DROP PROFILE 0
-163 ALTER RESOURCE COST 0
-165 ANALYZE ANY 0
-167 GRANT ANY PRIVILEGE 0
-172 CREATE MATERIALIZED VIEW 0
-173 CREATE ANY MATERIALIZED VIEW 0
-174 ALTER ANY MATERIALIZED VIEW 0
-175 DROP ANY MATERIALIZED VIEW 0
-177 CREATE ANY DIRECTORY 0
-178 DROP ANY DIRECTORY 0
-180 CREATE TY