oracle O7_DICTIONARY_ACCESSIBILITY 参数
O7_DICTIONARY_ACCESSIBILITY是用来控制select any table权限是否可以访问data dictionary的,主要用来保护数据字典。oracle建议把O7_DICTIONARY_ACCESSIBILITY参数设为 false,9i及以上版本默认为false,8i及以前版本默认为true。如果该参数为true,那么被赋予select any table权限的用户可以访问所有数据字典。如果该参数被设置为false那么即使用户被被赋予了select any table权限还是不能访问数据字典(此时需要赋予用户select any dictionary权限,才能使用户有权限访问数据字典)
下面贴一些简单的实验过程
SQL> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
PL/SQL Release 11.2.0.3.0 - Production
--数据库版本为11.2.0.3
一:我们先看O7_DICTIONARY_ACCESSIBILITY参数设为 false时,用户拥有select any table 权限时能否查询数据字典
SQL> show parameter o7
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
O7_DICTIONARY_ACCESSIBILITY boolean FALSE
--参数为默认值false
SQL> create user scott identified by oracle default tablespace users temporary tablespace temp;
User created.
--新建scott用户
SQL> grant connect,select any table to scott;
Grant succeeded.
--给新建用户赋予connect和select any table权限
SQL> conn scott/oracle
Connected.
SQL> show user
USER is "SCOTT"
SQL> select count(1) from dba_objects;
select count(1) from dba_objects
*
ERROR at line 1:
ORA-00942: table or view does not exist
--结论:O7_DICTIONARY_ACCESSIBILITY 参数为false,scott用户拥有select any table权限也无法查数据字典
现在我们再来看O7_DICTIONARY_ACCESSIBILITY 参数为true时情况
SQL> alter system set O7_DICTIONARY_ACCESSIBILITY=true scope=spfile;
System altered.
--注意静态参数修改后要重启数据库才能生效
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup;
--重启数据库
SQL> conn scott/oracle
Connected.
SQL> select count(1) from dba_objects;
COUNT(1)
----------
13659
--以scott用户查询数据字典成功
页:
[1]