附录1 “三权分立”预设角色权限列表
说明:表中所列权限均为在同一数据库类型中的权限,如DBA具有SELECT ANY TABLE的权限,但是不能查询SYSAUDITOR.SYSAUDIT表;而DB_AUDIT_ADMIN具有CREATE USER权限,创建的用户也只能是AUDIT类型用户。
| 预设角色 | 预设数据库权限 |
| DBA | ALTER DATABASE |
| RESTORE DATABASE | |
| CREATE USER | |
| ALTER USER | |
| DROP USER | |
| CREATE ROLE | |
| CREATE SCHEMA | |
| CREATE TABLE | |
| CREATE VIEW | |
| CREATE PROCEDURE | |
| CREATE SEQUENCE | |
| CREATE TRIGGER | |
| CREATE INDEX | |
| CREATE CONTEXT INDEX | |
| BACKUP DATABASE | |
| CREATE LINK | |
| CREATE REPLICATE | |
| CREATE PACKAGE | |
| CREATE SYNONYM | |
| CREATE PUBLIC SYNONYM | |
| ALTER REPLICATE | |
| DROP REPLICATE | |
| DROP ROLE | |
| ADMIN ANY ROLE | |
| ADMIN ANY DATABASE PRIVILEGE | |
| GRANT ANY OBJECT PRIVILEGE | |
| CREATE ANY SCHEMA | |
| DROP ANY SCHEMA | |
| CREATE ANY TABLE | |
| ALTER ANY TABLE | |
| DROP ANY TABLE | |
| INSERT TABLE | |
| INSERT ANY TABLE | |
| UPDATE TABLE | |
| UPDATE ANY TABLE | |
| DELETE TABLE | |
| DELETE ANY TABLE | |
| SELECT TABLE | |
| SELECT ANY TABLE | |
| REFERENCES TABLE | |
| REFERENCES ANY TABLE | |
| DUMP TABLE | |
| DUMP ANY TABLE | |
| GRANT TABLE | |
| GRANT ANY TABLE | |
| CREATE ANY VIEW | |
| ALTER ANY VIEW | |
| DROP ANY VIEW | |
| INSERT VIEW | |
| INSERT ANY VIEW | |
| UPDATE VIEW | |
| UPDATE ANY VIEW | |
| DELETE VIEW | |
| DELETE ANY VIEW | |
| SELECT VIEW | |
| SELECT ANY VIEW | |
| GRANT VIEW | |
| GRANT ANY VIEW | |
| CREATE ANY PROCEDURE | |
| DROP ANY PROCEDURE | |
| EXECUTE PROCEDURE | |
| EXECUTE ANY PROCEDURE | |
| GRANT PROCEDURE | |
| GRANT ANY PROCEDURE | |
| CREATE ANY SEQUENCE | |
| ALTER ANY SEQUENCE | |
| DROP ANY SEQUENCE | |
| SELECT SEQUENCE | |
| SELECT ANY SEQUENCE | |
| GRANT SEQUENCE | |
| GRANT ANY SEQUENCE | |
| CREATE ANY TRIGGER | |
| DROP ANY TRIGGER | |
| CREATE ANY INDEX | |
| ALTER ANY INDEX | |
| DROP ANY INDEX | |
| CREATE ANY CONTEXT INDEX | |
| ALTER ANY CONTEXT INDEX | |
| DROP ANY CONTEXT INDEX | |
| CREATE ANY PACKAGE | |
| DROP ANY PACKAGE | |
| EXECUTE PACKAGE | |
| EXECUTE ANY PACKAGE | |
| GRANT PACKAGE | |
| GRANT ANY PACKAGE | |
| CREATE ANY LINK | |
| DROP ANY LINK | |
| CREATE ANY SYNONYM | |
| DROP ANY SYNONYM | |
| DROP PUBLIC SYNONYM | |
| ADMIN REPLAY | |
| ADMIN BUFFER | |
| CREATE TABLESPACE | |
| ALTER TABLESPACE | |
| DROP TABLESPACE | |
| ALTER ANY TRIGGER | |
| CREATE MATERIALIZED VIEW | |
| CREATE ANY MATERIALIZED VIEW | |
| DROP ANY MATERIALIZED VIEW | |
| ALTER ANY MATERIALIZED VIEW | |
| SELECT MATERIALIZED VIEW | |
| SELECT ANY MATERIALIZED VIEW | |
| CREATE ANY DOMAIN | |
| DROP ANY DOMAIN | |
| CREATE DOMAIN | |
| GRANT ANY DOMAIN | |
| GRANT DOMAIN | |
| USAGE ANY DOMAIN | |
| USAGE DOMAIN | |
| CREATE ANY CONTEXT | |
| DROP ANY CONTEXT | |
| GRANT ANY CONTEXT | |
| COMMENT ANY TABLE | |
| CREATE ANY DIRECTORY | |
| DROP ANY DIRECTORY | |
| ADMIN JOB | |
| RESOURCE | CREATE SCHEMA |
| CREATE TABLE | |
| CREATE VIEW | |
| CREATE PROCEDURE | |
| CREATE SEQUENCE | |
| CREATE TRIGGER | |
| CREATE INDEX | |
| CREATE CONTEXT INDEX | |
| CREATE LINK | |
| CREATE PACKAGE | |
| CREATE SYNONYM | |
| CREATE PUBLIC SYNONYM | |
| INSERT TABLE | |
| UPDATE TABLE | |
| DELETE TABLE | |
| SELECT TABLE | |
| REFERENCES TABLE | |
| DUMP TABLE | |
| GRANT TABLE | |
| INSERT VIEW | |
| UPDATE VIEW | |
| DELETE VIEW | |
| SELECT VIEW | |
| GRANT VIEW | |
| EXECUTE PROCEDURE | |
| GRANT PROCEDURE | |
| SELECT SEQUENCE | |
| GRANT SEQUENCE | |
| EXECUTE PACKAGE | |
| GRANT PACKAGE | |
| CREATE MATERIALIZED VIEW | |
| SELECT MATERIALIZED VIEW | |
| CREATE DOMAIN | |
| GRANT DOMAIN | |
| USAGE DOMAIN | |
| PUBLIC | INSERT TABLE |
| UPDATE TABLE | |
| DELETE TABLE | |
| SELECT TABLE | |
| REFERENCES TABLE | |
| GRANT TABLE | |
| INSERT VIEW | |
| UPDATE VIEW | |
| DELETE VIEW | |
| SELECT VIEW | |
| GRANT VIEW | |
| EXECUTE PROCEDURE | |
| GRANT PROCEDURE | |
| SELECT SEQUENCE | |
| GRANT SEQUENCE | |
| EXECUTE PACKAGE | |
| GRANT PACKAGE | |
| SELECT MATERIALIZED VIEW | |
| GRANT DOMAIN | |
| USAGE DOMAIN | |
| DUMP TABLE | |
| DB_AUDIT_ADMIN | CREATE USER |
| ALTER USER | |
| DROP USER | |
| AUDIT DATABASE | |
| DB_AUDIT_OPER | AUDIT DATABASE |
| DB_AUDIT_PUBLIC | 无 |
| DB_POLICY_ADMIN | CREATE USER |
| ALTER USER | |
| DROP USER | |
| LABEL DATABASE | |
| DB_POLICY_OPER | LABEL_DATABASE |
| DB_POLICY_PUBLIC | 无 |
附录2 “四权分立”预设角色权限列表
说明:表中所列权限均为在同一数据库类型中的权限,如DBA具有SELECT ANY TABLE的权限,但是不能查询SYSAUDITOR.SYSAUDIT表;而DB_AUDIT_ADMIN具有CREATE USER权限,创建的用户也只能是AUDIT类型用户。
| 预设角色 | 预设数据库 |
| DBA | ALTER DATABASE |
| BACKUP DATABASE | |
| RESTORE DATABASE | |
| CREATE USER | |
| ALTER USER | |
| DROP USER | |
| CREATE ROLE | |
| DROP ROLE | |
| ADMIN ANY ROLE | |
| CREATE TABLESPACE | |
| ALTER TABLESPACE | |
| DROP TABLESPACE | |
| CREATE REPLICATE | |
| ALTER REPLICATE | |
| DROP REPLICATE | |
| VERIFY DATABASE | |
| ADMIN REPLAY | |
| ADMIN BUFFER | |
| ADMIN JOB | |
| RESOURCE | CREATE ROLE |
| DROP ROLE | |
| PUBLIC | &##26080; |
| DB_OBJECT_ADMIN | CREATE USER |
| ALTER USER | |
| DROP USER | |
| CREATE ROLE | |
| DROP ROLE | |
| ADMIN ANY ROLE | |
| CREATE SCHEMA | |
| CREATE TABLE | |
| INSERT TABLE | |
| UPDATE TABLE | |
| DELETE TABLE | |
| SELECT TABLE | |
| REFERENCES TABLE | |
| DUMP TABLE | |
| GRANT TABLE | |
| CREATE VIEW | |
| INSERT VIEW | |
| UPDATE VIEW | |
| DELETE VIEW | |
| SELECT VIEW | |
| GRANT VIEW | |
| CREATE DOMAIN | |
| GRANT DOMAIN | |
| USAGE DOMAIN | |
| CREATE PROCEDURE | |
| EXECUTE PROCEDURE | |
| GRANT PROCEDURE | |
| CREATE SEQUENCE | |
| SELECT SEQUENCE | |
| GRANT SEQUENCE | |
| CREATE TRIGGER | |
| CREATE INDEX | |
| CREATE CONTEXT INDEX | |
| CREATE PACKAGE | |
| EXECUTE PACKAGE | |
| GRANT PACKAGE | |
| CREATE SYNONYM | |
| CREATE PUBLIC SYNONYM | |
| DROP PUBLIC SYNONYM | |
| CREATE LINK | |
| CREATE ANY CONTEXT | |
| DROP ANY CONTEXT | |
| GRANT ANY CONTEXT | |
| COMMENT ANY TABLE | |
| CREATE ANY DIRECTORY | |
| DROP ANY DIRECTORY | |
| DB_OBJECT_OPER | CREATE SCHEMA |
| CREATE TABLE | |
| INSERT TABLE | |
| UPDATE TABLE | |
| DELETE TABLE | |
| SELECT TABLE | |
| REFERENCES TABLE | |
| DUMP TABLE | |
| GRANT TABLE | |
| CREATE VIEW | |
| INSERT VIEW | |
| UPDATE VIEW | |
| DELETE VIEW | |
| SELECT VIEW | |
| GRANT VIEW | |
| CREATE DOMAIN | |
| CREATE PROCEDURE | |
| EXECUTE PROCEDURE | |
| GRANT PROCEDURE | |
| CREATE SEQUENCE | |
| SELECT SEQUENCE | |
| GRANT SEQUENCE | |
| CREATE TRIGGER | |
| CREATE INDEX | |
| CREATE CONTEXT INDEX | |
| CREATE PACKAGE | |
| EXECUTE PACKAGE | |
| GRANT PACKAGE | |
| CREATE SYNONYM | |
| CREATE PUBLIC SYNONYM | |
| CREATE LINK | |
| DB_OBJECT_PUBLIC | INSERT TABLE |
| UPDATE TABLE | |
| DELETE TABLE | |
| SELECT TABLE | |
| REFERENCES TABLE | |
| DUMP TABLE | |
| GRANT TABLE | |
| INSERT VIEW | |
| UPDATE VIEW | |
| DELETE VIEW | |
| SELECT VIEW | |
| GRANT VIEW | |
| EXECUTE PROCEDURE | |
| GRANT PROCEDURE | |
| SELECT SEQUENCE | |
| GRANT SEQUENCE | |
| EXECUTE PACKAGE | |
| GRANT PACKAGE | |
| DB_AUDIT_ADMIN | CREATE USER |
| ALTER USER | |
| DROP USER | |
| AUDIT DATABASE | |
| DB_AUDIT_OPER | AUDIT DATABASE |
| DB_AUDIT_PUBLIC | &##26080; |
| DB_POLICY_ADMIN | CREATE USER |
| ALTER USER | |
| DROP USER | |
| LABEL DATABASE | |
| DB_POLICY_OPER | LABEL_DATABASE |
| DB_POLICY_PUBLIC | 无 |
