源自:http://www.eygle.com/archives/2005/03/sysopereioaaeei.html
缺省的SYSOPER可以起停数据库,但是不能查询数据字典。
$ sqlplus "/ as sysdba"
SQL*Plus: Release 10.1.0.2.0 - Production on Fri Mar 25 17:20:49 2005
Copyright (c) 1982, 2004, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.1.0.2.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
SYS AS SYSDBA on 25-MAR-05 >CREATE USER operator IDENTIFIED BY operator;
User created.
授予dba,sysoper角色。
SYS AS SYSDBA on 25-MAR-05 >grant dba,sysoper to operator;
Grant succeeded.
|
以普通用户方式登录可以查询,因为具有DBA角色:
SYS AS SYSDBA on 25-MAR-05 >connect operator/operator
Connected.
OPERATOR on 25-MAR-05 >show user
USER is "OPERATOR"
OPERATOR on 25-MAR-05 >select count(*) from dba_users;
COUNT(*)
----------
12
|
以SYSOPER身份登录,实际上用户身份切换为PUBLIC,不能查询数据字典:
OPERATOR on 25-MAR-05 >connect operator/operator as sysoper;
Connected.
PUBLIC AS SYSOPER on 25-MAR-05 >select count(*) from dba_users;
select count(*) from dba_users
*
ERROR at line 1:
ORA-00942: table or view does not exist
PUBLIC AS SYSOPER on 25-MAR-05 >show user
USER is "PUBLIC"
|
但是此时有权启动数据库:
PUBLIC AS SYSOPER on 25-MAR-05 >shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
PUBLIC AS SYSOPER on 25-MAR-05 >startup
ORACLE instance started.
Database mounted.
Database opened.
|
可以单独授予SELECT ANY DICTIONARY,SELECT ANY TABLE权限给PUBLIC角色,这样sysoper身份登录用户同时就获得查询字典及表权限。
PUBLIC AS SYSOPER on 25-MAR-05 >connect / as sysdba
Connected.
SYS AS SYSDBA on 25-MAR-05 >grant SELECT ANY DICTIONARY,SELECT ANY TABLE to public;
Grant succeeded.
SYS AS SYSDBA on 25-MAR-05 >connect operator/operator
Connected.
OPERATOR on 25-MAR-05 >connect operator/operator as sysoper
Connected.
PUBLIC AS SYSOPER on 25-MAR-05 >select count(*) from dba_users;
COUNT(*)
----------
12
|
