通过shell得到数据库中权限的脚本-白红宇

通过shell得到数据库中权限的脚本

阅读量：2446 次

发布时间：2019-05-10

本文共 4632 字，大约阅读时间需要 15 分钟。

有些时候想直接查看某个用户下对应的权限信息。自己每次从数据字典中查找有些太麻烦了。如果涉及的对象类型多一些，很容易遗漏。

一种方式就是通过exp直接导出对象的信息来，可以直接解析dump内容来得到object的一些信息，也可以直接访问数据字典表来得到。

以下是在Metalink中提供的脚本，我在原本的脚本基础上稍微改动了一下。

不过可以看到这个脚本还是有一些的缺点，首先会创建一个临时的表。把各种过滤信息都放入临时的表中，然后继续筛查，而且对于表中的有些对象类型（比如回收站中的对象）也罗列了出来，这个不是大家期望看到的。其它的部分功能都很全面。

sqlplus -s < SET ECHO off

REM ------------------------------------------------------------------------

REM REQUIREMENTS:

REM DBA privs

REM ------------------------------------------------------------------------

REM AUTHOR:

REM Anonymous

REM ------------------------------------------------------------------------

REM PURPOSE:

REM Running this script will in turn create a script of

REM all the object grants to users and roles. This created

REM script is called tfscsopv.lst.

REM

REM Since a DBA cannot grant objects other than his own,

REM this script will contain various connect clauses before

REM each set of grant statements. You must add the passwords

REM for each user before executing the script. Object grants

REM are very dependant on the user who issues the grant,

REM therefore, it is important that the correct user issue the

REM grant.

REM

REM In addition, DO NOT change the order of the grant statement.

REM They are spooled in sequence order, so that dependant grants

REM are executed in the correct order. For example, lets say

REM that Scott grants Jack select on emp with grant option, and

REM in turn Jack grants select on Scott.emp to Steve. It is

REM essential that Scott's grant be issued before Jack's.

REM Otherwise, Jack's grant will fail.

REM

REM NOTE: This script DOES NOT include grants made by 'SYS'.

REM ------------------------------------------------------------------------

REM DISCLAIMER:

REM This script is provided for educational purposes only. It is NOT

REM supported by Oracle World Wide Technical Support.

REM The script has been tested and appears to work as intended.

REM You should always run new scripts on a test instance initially.

REM ------------------------------------------------------------------------

REM Main text of script follows:

set verify off

set feedback off

set termout off

set pagesize 500

set heading off

set recsep off

set linesize 200

set termout on

select 'Creating object grant script by user...' from dual;

set termout off

create table g_temp (seq NUMBER, grantor_owner varchar2(20),

text VARCHAR2(800));

DECLARE

cursor grant_cursor is

SELECT ur$.name, uo$.name, o$.name, ue$.name,

m$.name, t$.sequence#,

decode(NVL(t$.option$,0), 1, ' WITH GRANT OPTION;',';')

FROM sys.objauth$ t$, sys.obj$ o$, sys.user$ ur$,

sys.table_privilege_map m$, sys.user$ ue$, sys.user$ uo$

WHERE o$.obj# = t$.obj# AND t$.privilege# = m$.privilege AND

t$.col# IS NULL AND t$.grantor# = ur$.user# AND

t$.grantee# = ue$.user# and

o$.owner#=uo$.user# and

-- o$.name=upper('$2') and

ur$.name=upper('$1') and

t$.grantor# != 0

order by sequence#;

lv_grantor sys.user$.name%TYPE;

lv_owner sys.user$.name%TYPE;

lv_table_name sys.obj$.name%TYPE;

lv_grantee sys.user$.name%TYPE;

lv_privilege sys.table_privilege_map.name%TYPE;

lv_sequence sys.objauth$.sequence#%TYPE;

lv_option VARCHAR2(30);

lv_string VARCHAR2(800);

lv_first BOOLEAN;

procedure write_out(p_seq INTEGER, p_owner VARCHAR2, p_string VARCHAR2) is

begin

insert into g_temp (seq, grantor_owner,text)

values (lv_sequence, lv_grantor, lv_string);

end;

BEGIN

OPEN grant_cursor;

LOOP

FETCH grant_cursor INTO lv_grantor,lv_owner,lv_table_name,lv_grantee,

lv_privilege,lv_sequence,lv_option;

EXIT WHEN grant_cursor%NOTFOUND;

lv_string := 'GRANT ' || lv_privilege || ' ON ' || lv_owner ||

'.' ||

lv_table_name || ' TO ' || lv_grantee ||

lv_option;

write_out(lv_sequence, lv_grantor,lv_string);

END LOOP;

CLOSE grant_cursor;

END;

spool gen_sqls/$1_roles.sql

break on guser skip 1

col text format a60 word_wrap

col text format a100

select text

from g_temp

order by seq, grantor_owner

spool off

drop table g_temp;

EOF

exit

脚本的运行效果如下，输入schema名称即可。

[ora11g@rac1 dbm_lite]$ ksh genroles.sh n1

Creating object grant script by user...

GRANT READ ON SYS.EXPDP_LOCATION TO PRDCONN;

GRANT WRITE ON SYS.EXPDP_LOCATION TO PRDCONN;

GRANT READ ON SYS.EXT_DATAPUMP TO MIG;

GRANT WRITE ON SYS.EXT_DATAPUMP TO MIG;

GRANT SELECT ON N1.BIG_INSERT TO APP_CONN WITH GRANT OPTION;

GRANT SELECT ON N1.TT TO APP_CONN WITH GRANT OPTION;

GRANT SELECT ON N1.T TO APP_CONN WITH GRANT OPTION;

GRANT SELECT ON N1.BIN$/KBps0AbJ07gRQAAAAAAAQ==$0 TO APP_CONN WITH GRANT OPTION;

稍后会在这个基础的版本做一个大改造。让脚本的功能更加灵活和全面。

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/23718752/viewspace-1259191/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/23718752/viewspace-1259191/

你可能感兴趣的文章

sql 会话_在特定会话中禁用SQL Server中的触发器

查看>>

处理过多SQL Server PAGEIOLATCH_SH等待类型

查看>>

如何在SQL Server 2016中比较查询执行计划

查看>>

azure blob_如何在Azure Blob存储中恢复意外删除

查看>>

如何使用T-SQL生成随机SQL Server测试数据

查看>>

批量关停azure vm_如何从Azure VM数据库运行本地SQL报表

查看>>

azure云数据库_在Azure SQL数据库中实现动态数据屏蔽

查看>>

azure云数据库_保护Azure SQL数据库免于意外删除

查看>>

使用SSIS包导入SQL Server FILESTREAM数据

查看>>

SQL Server中的递归CTE和外键引用

查看>>

sql初学者指南_使用tSQLt框架SQL单元测试面向初学者

查看>>

对警报线程池的警报线程_检测和警报SQL Server代理丢失的作业

查看>>

sql truncate_SQL Truncate和SQL Delete语句的内部

查看>>

守望先锋代码_使用守望台自动刷新SQL Server容器

查看>>

dmv io读写高的sql_适用于DBA的前8大新（或增强）SQL Server 2017 DMV和DMF

查看>>

SQL Server实例的十大安全注意事项

查看>>

深入了解SQL Server灾难恢复计划

查看>>

read命令_dbatools Read-DbaBackupHeader命令的便捷功能

查看>>

sql limit 子句_具有并行性SQL Server TOP子句性能问题

查看>>

aws rds监控慢sql_AWS RDS SQL Server恢复模型，备份和还原

查看>>