就是我用create user 创建了 kgx和foxconn两个新的用户。然后用scott连接数据库,将里面的一个表(例如emp表)的查询权限赋予kgx用户 grant select on scott.emp to kgx with grant option,然后用kgx连接数据库,再将scott.emp的查询权限赋予foxconn.当我用sys连接数据库,为什么用revoke select on scott.emp from foxconn的时候,它会提示我:无法 REVOKE 您未授权的权限
你可以用kgx用户连接数据库,执行revoke select on scott.emp from foxconn,将foxconn权限收回。也可以用sys用户连接数据库,执行revoke select on scott.emp from kgx,这样kgx和foxconn的权限都将被收回。
是否可以在sys用户下,直接撤销对foxconn的权限。而kgx的权限依然保留
foxconn取消kgx权限
欢迎探讨
foxconn如何取消kgx权限的呢?
kgx用户根本没有赋权的权限!怎么能给foxconn授的权!
那为什么我用scott赋予给kgx查询的权限,而用sys用户也能把kgx的权限撤销呢
个人感觉可能是因为SCOTT赋予T1的时候只有一层
所以SYS可以直接收回权限
而SCOTT赋予T1 T1再赋予T2 就两层了
SQL> create user t1 identified by t1;User created.SQL> create user t2 identified by t2;User created.
SQL> conn / as sysdba
Connected.
SQL> grant connect to t1;Grant succeeded.SQL> grant connect to t2;Grant succeeded.SQL> conn scott/tiger
Connected.
SQL> grant select on dept to t1 with grant option;Grant succeeded.SQL> conn t1/t1
Connected.
SQL> grant select on scott.dept to t2;Grant succeeded.SQL> conn / as sysdba
Connected.
SQL> revoke select on scott.dept from t2;
revoke select on scott.dept from t2
*
ERROR at line 1:
ORA-01927: cannot REVOKE privileges you did not grant
SQL> revoke select on scott.dept from t1;Revoke succeeded.SQL> conn t2/t2
Connected.
SQL> select * from scott.dept;
select * from scott.dept
*
ERROR at line 1:
ORA-00942: table or view does not exist
SYS把T1的权限回收了以后
T2的权限会被级联收回
这也算是ORACLE提供的一种间接的越级回收权利的手段吧
Cause: You can only revoke privileges you granted.
Action: Don't revoke these privileges.
我想说的是否有办法让kgx的权限保留的情况下,foxconn的权限被收回,不知道是否可行
你用KGX登陆去撤销FOXCONN不就行了只不过你是想知道为什么SYS不能撤销FOXCONN
而却可以撤销由SCOTT赋予KGX的权限吧我也想知道个确切点的说法