共计 2538 个字符,预计需要花费 7 分钟才能阅读完成。
前言
在 Oracle 11gR2 环境中,假如用户同时被授予了 connect 和 resource 角色后,即可登录数据库创建对象。但是在 Oracle 12c 中,如果用户只是被授予了这两个角色,可以创建对象,但是无法插入数据。
实验
下面做一个小实验:
Oracle 11g 环境:
(1) 创建表空间
CREATE TABLESPACE test DATAFILE
‘/u01/app/oracle/oradata/bond/test01.dbf’ SIZE 5242880
AUTOEXTEND ON NEXT 1310720 MAXSIZE 32767M
LOGGING ONLINE PERMANENT BLOCKSIZE 8192
EXTENT MANAGEMENT LOCAL AUTOALLOCATE DEFAULT
NOCOMPRESS SEGMENT SPACE MANAGEMENT AUTO;
(2) 创建用户并授权
create user test identified by “test” default tablespace test;
grant resource,connect to test;
(3) 创建对象并插入数据
[oracle@bond ~]$ sqlplus test/test
SQL*Plus: Release 11.2.0.4.0 Production on Sun Aug 18 13:56:26 2019
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
SQL> create table t_dict as
2 select * from dict where rownum <=100;
Table created.
插入数据成功!
Oracle 12c 环境
(1) 创建表空间
CREATE TABLESPACE test DATAFILE
‘/u01/app/oracle/oradata/bond/test01.dbf’ SIZE 5242880
AUTOEXTEND ON NEXT 1310720 MAXSIZE 32767M
LOGGING ONLINE PERMANENT BLOCKSIZE 8192
EXTENT MANAGEMENT LOCAL AUTOALLOCATE DEFAULT
NOCOMPRESS SEGMENT SPACE MANAGEMENT AUTO;
(2) 创建用户并授权
create user test identified by “test” default tablespace test;
grant resource,connect to test;
(3) 建对象并插入数据
[oracle@bond ~]$ sqlplus test/test
SQL*Plus: Release 12.2.0.1.0 Production on Fri Sep 6 19:53:16 2019
Copyright (c) 1982, 2016, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 – 64bit Production
SQL> create table t_dict as
2 select * from dict where rownum <=100;
select * from dict where rownum <=100
*
ERROR at line 2:
ORA-01950: no privileges on tablespace ‘TEST’
插入数据失败。
原因分析
对比 11g 和 12c 的角色权限及用户权限可知,当用户被授予 connect 和 resource 权限后,11g 默认会授予用户 UNLIMITED TABLESPACE 权限,而 12c 并没有默认授予该权限。
查询官网得知,11g R2 的这种现象貌似是一个 bug,而 12c 修复了这个 bug。官网解释如下:
The UNLIMITED TABLESPACE system privilege will be removed from the RESOURCE role in a future Oracle Database release (reference Bug 7614645).
思考
既然 12c 不能像 11g 那样直接授予用户 connect 和 resource 权限即可使用,那么该怎么去创建用户并分配权限呢?
以下给个创建普通用户的示例:
CREATE TABLESPACE test DATAFILE
‘/u01/app/oracle/oradata/bond/test01.dbf’ SIZE 5242880
AUTOEXTEND ON NEXT 1310720 MAXSIZE 32767M
LOGGING ONLINE PERMANENT BLOCKSIZE 8192
EXTENT MANAGEMENT LOCAL AUTOALLOCATE DEFAULT
NOCOMPRESS SEGMENT SPACE MANAGEMENT AUTO;
CREATE TEMPORARY TABLESPACE test_temp TEMPFILE
‘/u01/app/oracle/oradata/bond/test_temp01.dbf’ SIZE 33554432
AUTOEXTEND ON NEXT 655360 MAXSIZE 32767M
EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1048576;
create user test identified by “test”
default tablespace test
quota 30G on test
temporary tablespace test_temp;
更多 Oracle 相关信息见 Oracle 专题页面 https://www.linuxidc.com/topicnews.aspx?tid=12
:
