|
- select * from system_privilege_map
- order by name;
- select * from table_privilege_map;
- select * from dba_roles;
- select * from user$ where name='SH' ;
- grant sysdba to hr;
- grant sysdba to oe;
- alter user oe identified by oracle_4U account unlock;
- select * from dba_sys_privs sp where sp.privilege='CREATE TABLE';
- revoke sysdba from oe;
- select * from dba_sys_privs sp where sp.grantee='HR';
- select * from dba_tab_privs tp where tp.grantee='HR';
- select * from dba_role_privs rp where rp.grantee='HR';
- grant select_catalog_role to hr;
- select * from dba_users u
- where u.username='SYS';
-
- select * from dba_users u
- where u.username='USER3';
复制代码 SQLPLUS:
- [root@station90 桌面]# su - oracle
- [oracle@station90 ~]$ cd /u01/app/oracle/product/
- [oracle@station90 product]$ ls
- 11.2.0 11.2.0.3
- [oracle@station90 product]$ cd 11.2.0
- [oracle@station90 11.2.0]$ ls
- dbhome_1 grid
- [oracle@station90 11.2.0]$ cd dbhome_1/
- [oracle@station90 dbhome_1]$ ls
- apex config dc_ocm has javavm log odbc oui rdbms sqlplus usm
- assistants crs deinstall hs jdbc md olap owb relnotes srvm utl
- bin csmig demo ide jdev mesg OPatch owm root.sh station90.example.com_orcl wwg
- ccr css diagnostics install jdk mgw opmn perl scheduler sysman xdk
- cdata ctx dv instantclient jlib network oracore plsql slax timingframework
- cfgtoollogs cv emcli inventory ldap nls oraInst.loc precomp sqldeveloper ucp
- clone dbs EMStage j2ee lib oc4j ord racg sqlj uix
- [oracle@station90 dbhome_1]$ cd dbs
- [oracle@station90 dbs]$ ls
- hc_DBUA0.dat hc_orcl.dat hc_rcat.dat init.ora initorcl.ora lkORCL orapworcl orapwrcat snapcf_orcl.f spfilercat.ora
- [oracle@station90 dbs]$ vim orapworcl
- [oracle@station90 dbs]$ vim orapworcl
- [oracle@station90 dbs]$ sqlplus /nolog
- SQL*Plus: Release 11.2.0.3.0 Production on Wed Nov 29 20:00:11 2017
- Copyright (c) 1982, 2011, Oracle. All rights reserved.
- SQL> conn hr/oracle_4U@orcl as sysdba
- ERROR:
- ORA-01031: insufficient privileges
- SQL> conn hr/oracle_4U as sysdba
- Connected.
- SQL> conn / as sysdba
- Connected.
- SQL> alter user sys account lock;
- User altered.
- SQL> conn / as sysdba
- Connected.
- SQL> conn sys/oracle_4U@orcl as sysdba
- Connected.
- SQL> conn / as sysdba
- Connected.
- SQL> drop user sys;
- drop user sys
- *
- ERROR at line 1:
- ORA-01031: insufficient privileges
- SQL> drop user sys;
- drop user sys
- *
- ERROR at line 1:
- ORA-01031: insufficient privileges
- SQL> drop user system ;
- drop user system
- *
- ERROR at line 1:
- ORA-01922: CASCADE must be specified to drop 'SYSTEM'
- SQL> drop user system cascade ;
- drop user system cascade
- *
- ERROR at line 1:
- ORA-00604: error occurred at recursive SQL level 1
- ORA-00054: resource busy and acquire with NOWAIT specified or timeout expired
- SQL> conn system/oracle_$U
- ERROR:
- ORA-01017: invalid username/password; logon denied
- Warning: You are no longer connected to ORACLE.
- SQL> conn system/oracle_4U
- ERROR:
- ORA-28002: the password will expire within 7 days
- Connected.
- SQL> conn / as sysdba
- Connected.
- SQL> alter user sys password expire;
- User altered.
- SQL> conn / as sysdba
- Connected.
- SQL> conn sys/oracle_4U@orcl as sysdba
- Connected.
- SQL> show parameter authen
- NAME TYPE VALUE
- ------------------------------------ ----------- ------------------------------
- os_authent_prefix string ops$
- remote_os_authent boolean FALSE
- SQL> create user ops$oracle identified externally ;
- User created.
- SQL> conn /
- ERROR:
- ORA-01045: user OPS$ORACLE lacks CREATE SESSION privilege; logon denied
- Warning: You are no longer connected to ORACLE.
- SQL> conn / as sysdba
- Connected.
- SQL> grant create session to ops$oracle;
- Grant succeeded.
- SQL> conn /
- Error accessing PRODUCT_USER_PROFILE
- Warning: Product user profile information not loaded!
- You may need to run PUPBLD.SQL as SYSTEM
- Connected.
- SQL> show user
- USER is "OPS$ORACLE"
- SQL>
- SQL>
- SQL>
- SQL> conn hr/oracle_4U
- ERROR:
- ORA-28002: the password will expire within 7 days
- Error accessing PRODUCT_USER_PROFILE
- Warning: Product user profile information not loaded!
- You may need to run PUPBLD.SQL as SYSTEM
- Connected.
- SQL> exit
- Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
- With the Partitioning, Automatic Storage Management, OLAP, Data Mining
- and Real Application Testing options
- [oracle@station90 dbs]$ cd /u01/app/oracle/product/11.2.0
- [oracle@station90 11.2.0]$ ls
- dbhome_1 grid
- [oracle@station90 11.2.0]$ cd dbhome_1/
- [oracle@station90 dbhome_1]$ ls
- apex config dc_ocm has javavm log odbc oui rdbms sqlplus usm
- assistants crs deinstall hs jdbc md olap owb relnotes srvm utl
- bin csmig demo ide jdev mesg OPatch owm root.sh station90.example.com_orcl wwg
- ccr css diagnostics install jdk mgw opmn perl scheduler sysman xdk
- cdata ctx dv instantclient jlib network oracore plsql slax timingframework
- cfgtoollogs cv emcli inventory ldap nls oraInst.loc precomp sqldeveloper ucp
- clone dbs EMStage j2ee lib oc4j ord racg sqlj uix
- [oracle@station90 dbhome_1]$ cd sql
- sqldeveloper/ sqlj/ sqlplus/
- [oracle@station90 dbhome_1]$ cd sqlplus/
- [oracle@station90 sqlplus]$ ls
- admin bin doc lib mesg
- [oracle@station90 sqlplus]$ cd admin/
- [oracle@station90 admin]$ ls
- glogin.sql help libsqlplus.def plustrce.sql pupbld.sql
- [oracle@station90 admin]$ sqlplus /nolog
- SQL*Plus: Release 11.2.0.3.0 Production on Wed Nov 29 20:21:49 2017
- Copyright (c) 1982, 2011, Oracle. All rights reserved.
- SQL> conn system/oracle_4U
- ERROR:
- ORA-28002: the password will expire within 7 days
- Connected.
- SQL> @pupbld.sql
- DROP SYNONYM PRODUCT_USER_PROFILE
- *
- ERROR at line 1:
- ORA-01434: private synonym to be dropped does not exist
- DATE_VALUE FROM PRODUCT_USER_PROFILE
- *
- ERROR at line 3:
- ORA-00980: synonym translation is no longer valid
- DROP TABLE PRODUCT_USER_PROFILE
- *
- ERROR at line 1:
- ORA-00942: table or view does not exist
- ALTER TABLE SQLPLUS_PRODUCT_PROFILE ADD (LONG_VALUE LONG)
- *
- ERROR at line 1:
- ORA-00942: table or view does not exist
- Table created.
- DROP TABLE PRODUCT_PROFILE
- *
- ERROR at line 1:
- ORA-00942: table or view does not exist
- DROP VIEW PRODUCT_PRIVS
- *
- ERROR at line 1:
- ORA-00942: table or view does not exist
- View created.
- Grant succeeded.
- Synonym dropped.
- Synonym created.
- DROP SYNONYM PRODUCT_USER_PROFILE
- *
- ERROR at line 1:
- ORA-01434: private synonym to be dropped does not exist
- Synonym created.
- Synonym dropped.
- Synonym created.
- SQL> conn /
- Connected.
- SQL> conn hr/oracle_4U
- ERROR:
- ORA-28002: the password will expire within 7 days
- Connected.
- SQL> !pwd
- /u01/app/oracle/product/11.2.0/dbhome_1/sqlplus/admin
- SQL> conn /
- Connected.
- SQL> show user
- USER is "OPS$ORACLE"
- SQL> conn / as sysdba
- Connected.
- SQL> conn /
- Connected.
- SQL> conn hr/oracle_4U@orcl
- ERROR:
- ORA-28002: the password will expire within 7 days
- Connected.
- SQL> conn /@orcl
- ERROR:
- ORA-01017: invalid username/password; logon denied
- Warning: You are no longer connected to ORACLE.
- SQL> conn /
- Connected.
- SQL> conn / as sysdba
- Connected.
- SQL> exit
- Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
- With the Partitioning, Automatic Storage Management, OLAP, Data Mining
- and Real Application Testing options
- [oracle@station90 admin]$ echo $TNS_ADMIN
- /u01/app/oracle/product/11.2.0/grid/network/admin
- [oracle@station90 admin]$ sqlplus /nolog
- SQL*Plus: Release 11.2.0.3.0 Production on Wed Nov 29 20:27:08 2017
- Copyright (c) 1982, 2011, Oracle. All rights reserved.
- SQL> conn /
- ERROR:
- ORA-01017: invalid username/password; logon denied
- SQL> conn / as sysdba
- ERROR:
- ORA-01031: insufficient privileges
- SQL> conn /
- ERROR:
- ORA-01017: invalid username/password; logon denied
- SQL> exit
- [oracle@station90 admin]$ sqlplus /nolog
- SQL*Plus: Release 11.2.0.3.0 Production on Wed Nov 29 20:27:35 2017
- Copyright (c) 1982, 2011, Oracle. All rights reserved.
- SQL> conn /
- Connected.
- SQL> conn / as sysdba
- Connected.
- SQL>
复制代码
口令过期:
- select * from dba_users u
- where u.username='USER3';
-
- alter user user3 account lock;
-
- alter user user3 account unlock;
-
- alter user user3 password expire;
-
- select * from dba_users u
- where u.username='USER3';
复制代码- select * from dba_sys_privs sp where sp.grantee='USER3';
- select * from dba_tab_privs tp where tp.grantee='USER3';
- select * from dba_role_privs rp where rp.grantee='USER3';
- grant create table to user3 with admin option ;
- revoke create table from user3;
复制代码- grant select on employees to user3 with grant option;
- revoke select on employees from user3;
- grant update (email) on employees to user3;
复制代码
- select * from dba_col_privs c
- where c.grantee='USER3';
-
- select * from dba_sys_privs sp where sp.grantee='USER3';
- select * from dba_tab_privs tp where tp.grantee='USER3';
- select * from dba_role_privs rp where rp.grantee='USER3';
-
- select * from dba_roles order by 1;
-
- create role role1;
-
- select * from role_sys_privs rsp where rsp.role='ROLE1';
-
- select * from role_tab_privs rtp where rtp.role='ROLE1';
-
-
-
- select * from role_role_privs rrp where rrp.role='ROLE1';
-
- grant select on hr.employees to role1;
-
- grant update ( email ) on hr.employees to role1;
-
- grant role1 to user3 with admin option;
-
- revoke role1 from user3;
-
- revoke update on hr.employees from role1;
-
- revoke select on hr.employees from role1;
-
-
复制代码- grant select on hr.employees to role1;
- create role role2 ;
- grant role1 to role2;
- grant role2 to user1;
- select * from role_role_privs rrp where rrp.role='ROLE2';
- select * from dba_role_privs rp
- where rp.grantee='USER1';
-
- alter user user1 default role connect;
-
-
- select * from dba_roles r where r.role='ROLE2';
-
- alter role role2 identified by oracle_4U;
-
-
- grant role2 to user2;
- select * from dba_role_privs rp
- where rp.grantee='USER2';
-
- alter user user1 default role none;
-
-
-
- select * from role_sys_privs rsp where rsp.role='RESOURCE';
-
- select * from role_tab_privs rtp where rtp.role='RESOURCE';
-
-
-
- select * from role_role_privs rrp where rrp.role='RESOURCE';
-
- grant resource to user2;
复制代码
unlimited tablespace 彩蛋:
|
|