应用限制DML和DDL
[英]Apply restriction DML and DDL
问题描述
SELECT
D.OS_USERNAME
,D.terminal AS MACHINE
,D.OBJ_NAME
,D.ACTION_NAME
,D.timestamp
,D.Sql_Text
FROM DBA_AUDIT_TRAIL D
WHERE D.OWNER = 'HRADMIN'
AND D.ACTION_NAME LIKE '%INSERT%'
AND D.OS_USERNAME NOT IN ('MuhammadJav','zeeshankh1');
this query give me record 
这个查询给我记录
I want to apply limit or restriction so that only D.OS_USERNAME ('MuhammadJav','zeeshankh1','Alikh1') can run insert,update,delete,alter statements but other user can't insert,update,delete,alter the data. 我想应用限制或限制,以便只有D.OS_USERNAME ('MuhammadJav','zeeshankh1','Alikh1')可以运行insert,update,delete,alter语句,但其他用户不能插入,update,delete,alter数据。
1 个解决方案
解决方案1
1 已采纳 2018-07-06 09:05:51
In Oracle, the privilege to insert, update or delete are managed on the user or role level. 在Oracle中,插入,更新或删除的权限在用户或角色级别上进行管理。 Those users are database users, just like your HRADMIN . 这些用户是数据库用户,就像您的HRADMIN 。
If the operating systems users like MuhammadJav, zeeshankh1, Alikh1 use the same oracle account, things become much more difficult. 如果像MuhammadJav,zeeshankh1,Alikh1这样的操作系统用户使用相同的oracle帐户,事情就会变得更加困难。
DML statements like 'ALTER' or 'CREATE' are handled totally different. DML语句(如“ ALTER”或“ CREATE”)的处理方式完全不同。 A user like 'HRADMIN' can do what he/she wants with the tables and other objects in it's own schema. 像“ HRADMIN”这样的用户可以使用其自己的架构中的表和其他对象来完成他/她想要的事情。 It is possible, but very difficult to prevent this. 有可能,但很难阻止这种情况。
So, the traditional solution is to give MuhammadJav, zeeshankh1, Alikh1 their own oracle accounts and grant them the privileges you want as user HRADMIN: 因此,传统的解决方案是给MuhammadJav,zeeshankh1,Alikh1他们自己的oracle帐户,并以用户HRADMIN的身份授予您想要的特权:
GRANT INSERT,UPDATE,DELETE ON HRADMIN.your_table_name TO MUHAMMADJAV;
GRANT INSERT,UPDATE,DELETE ON HRADMIN.your_table_name TO ZEESHANKH1;
etc
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.