问题: 在开发系统时候,有时我们希望能够限制前端页面对数据库的访问行为,比如在Oracle数据库当中,我们采用A用户创建数据库的表结构,package,视图,序列,因此A用户具有访问这些对象的所有权限,
如果前端页面是另一个团队(BTeam)开发,另一个团队对数据库的表结构了解不够熟悉,为了防止BTeam错误的操作导致数据的混乱,我们为BTeam用户创建一个用户B,BTeam通过用户B来访问A用户下
创建的对象,由于BTeam通过B用户来访问数据库,此时在数据库层面可以限制B用户的访问权限,从而在一定程度上防止BTeam错误的操作导致数据库中数据的混乱。
此时开发一个较大的系统时,A用户下可能会存在很多对象,那么如果把A用户的对象批量的授权给B用户呢? 脚本如下
--授权并创建同义词
declare
CURSOR c_tabname is
SELECT object_name FROM user_objects
where object_type in(‘TABLE‘);
v_tabname dba_tables.table_name%TYPE;
sqlstr VARCHAR2(200);
CURSOR c_package IS
SELECT object_name FROM user_objects
where object_type in(‘PACKAGE‘);
r_package c_package%ROWTYPE;
CURSOR c_view_seq IS
SELECT object_name FROM user_objects
where object_type in(‘VIEW‘,‘SEQUENCE‘);
r_view_seq c_view_seq%ROWTYPE;
CURSOR c_synonym IS
select ‘ create public synonym ‘||OBJECT_NAME||‘ for userA.‘||OBJECT_NAME||‘;‘ syn_create,
‘ drop public synonym ‘||OBJECT_NAME syn_drop
from user_objects
where object_type
in(‘TABLE‘,‘VIEW‘,‘PROCEDURE‘,‘SEQUENCE‘,‘PACKAGE‘);
r_syn c_synonym%ROWTYPE;
begin
open c_tabname;
loop
fetch c_tabname
into v_tabname;
exit when c_tabname%NOTFOUND;
sqlstr := ‘grant select, update, insert on userA.‘ || v_tabname ||
‘ to userB;‘;
dbms_output.put_line(sqlstr);
execute immediate sqlstr;
end loop;
close c_tabname;
FOR r_package IN c_package LOOP
sqlstr := ‘grant execute on userA.‘ || r_package.object_name ||
‘ to userB;‘;
dbms_output.put_line(sqlstr);
execute immediate sqlstr;
END LOOP;
dbms_output.put_line(‘视图和序列‘);
FOR r_view_seq IN c_view_seq LOOP
sqlstr := ‘grant select on userA.‘ || r_view_seq.object_name ||
‘ to userB;‘;
dbms_output.put_line(sqlstr);
execute immediate sqlstr;
END LOOP;
--创建同义词
dbms_output.put_line(‘创建同义词!‘);
FOR r_syn IN c_synonym LOOP
BEGIN
sqlstr := r_syn.syn_drop;
dbms_output.put_line(sqlstr);
EXECUTE IMMEDIATE sqlstr;
sqlstr := r_syn.syn_create;
dbms_output.put_line(sqlstr);
EXECUTE IMMEDIATE sqlstr;
EXCEPTION
WHEN OTHERS THEN
NULL;
END ;
END LOOP;
END;
时间: 2024-07-31 06:55:17