附录1 “三权分立”预设角色权限列表
说明:表中所列权限均为在同一数据库类型中的权限,如DBA具有SELECT ANY TABLE的权限,但是不能查询SYSAUDITOR.SYSAUDIT表;而DB_AUDIT_ADMIN具有CREATE USER权限,创建的用户也只能是AUDIT类型用户。
预设角色 | 预设数据库权限 |
DBA | ALTER DATABASE |
RESTORE DATABASE | |
CREATE USER | |
ALTER USER | |
DROP USER | |
CREATE ROLE | |
CREATE SCHEMA | |
CREATE TABLE | |
CREATE VIEW | |
CREATE PROCEDURE | |
CREATE SEQUENCE | |
CREATE TRIGGER | |
CREATE INDEX | |
CREATE CONTEXT INDEX | |
BACKUP DATABASE | |
CREATE LINK | |
CREATE REPLICATE | |
CREATE PACKAGE | |
CREATE SYNONYM | |
CREATE PUBLIC SYNONYM | |
ALTER REPLICATE | |
DROP REPLICATE | |
DROP ROLE | |
ADMIN ANY ROLE | |
ADMIN ANY DATABASE PRIVILEGE | |
GRANT ANY OBJECT PRIVILEGE | |
CREATE ANY SCHEMA | |
DROP ANY SCHEMA | |
CREATE ANY TABLE | |
ALTER ANY TABLE | |
DROP ANY TABLE | |
INSERT TABLE | |
INSERT ANY TABLE | |
UPDATE TABLE | |
UPDATE ANY TABLE | |
DELETE TABLE | |
DELETE ANY TABLE | |
SELECT TABLE | |
SELECT ANY TABLE | |
REFERENCES TABLE | |
REFERENCES ANY TABLE | |
DUMP TABLE | |
DUMP ANY TABLE | |
GRANT TABLE | |
GRANT ANY TABLE | |
CREATE ANY VIEW | |
ALTER ANY VIEW | |
DROP ANY VIEW | |
INSERT VIEW | |
INSERT ANY VIEW | |
UPDATE VIEW | |
UPDATE ANY VIEW | |
DELETE VIEW | |
DELETE ANY VIEW | |
SELECT VIEW | |
SELECT ANY VIEW | |
GRANT VIEW | |
GRANT ANY VIEW | |
CREATE ANY PROCEDURE | |
DROP ANY PROCEDURE | |
EXECUTE PROCEDURE | |
EXECUTE ANY PROCEDURE | |
GRANT PROCEDURE | |
GRANT ANY PROCEDURE | |
CREATE ANY SEQUENCE | |
ALTER ANY SEQUENCE | |
DROP ANY SEQUENCE | |
SELECT SEQUENCE | |
SELECT ANY SEQUENCE | |
GRANT SEQUENCE | |
GRANT ANY SEQUENCE | |
CREATE ANY TRIGGER | |
DROP ANY TRIGGER | |
CREATE ANY INDEX | |
ALTER ANY INDEX | |
DROP ANY INDEX | |
CREATE ANY CONTEXT INDEX | |
ALTER ANY CONTEXT INDEX | |
DROP ANY CONTEXT INDEX | |
CREATE ANY PACKAGE | |
DROP ANY PACKAGE | |
EXECUTE PACKAGE | |
EXECUTE ANY PACKAGE | |
GRANT PACKAGE | |
GRANT ANY PACKAGE | |
CREATE ANY LINK | |
DROP ANY LINK | |
CREATE ANY SYNONYM | |
DROP ANY SYNONYM | |
DROP PUBLIC SYNONYM | |
ADMIN REPLAY | |
ADMIN BUFFER | |
CREATE TABLESPACE | |
ALTER TABLESPACE | |
DROP TABLESPACE | |
ALTER ANY TRIGGER | |
CREATE MATERIALIZED VIEW | |
CREATE ANY MATERIALIZED VIEW | |
DROP ANY MATERIALIZED VIEW | |
ALTER ANY MATERIALIZED VIEW | |
SELECT MATERIALIZED VIEW | |
SELECT ANY MATERIALIZED VIEW | |
CREATE ANY DOMAIN | |
DROP ANY DOMAIN | |
CREATE DOMAIN | |
GRANT ANY DOMAIN | |
GRANT DOMAIN | |
USAGE ANY DOMAIN | |
USAGE DOMAIN | |
CREATE ANY CONTEXT | |
DROP ANY CONTEXT | |
GRANT ANY CONTEXT | |
COMMENT ANY TABLE | |
CREATE ANY DIRECTORY | |
DROP ANY DIRECTORY | |
ADMIN JOB | |
RESOURCE | CREATE SCHEMA |
CREATE TABLE | |
CREATE VIEW | |
CREATE PROCEDURE | |
CREATE SEQUENCE | |
CREATE TRIGGER | |
CREATE INDEX | |
CREATE CONTEXT INDEX | |
CREATE LINK | |
CREATE PACKAGE | |
CREATE SYNONYM | |
CREATE PUBLIC SYNONYM | |
INSERT TABLE | |
UPDATE TABLE | |
DELETE TABLE | |
SELECT TABLE | |
REFERENCES TABLE | |
DUMP TABLE | |
GRANT TABLE | |
INSERT VIEW | |
UPDATE VIEW | |
DELETE VIEW | |
SELECT VIEW | |
GRANT VIEW | |
EXECUTE PROCEDURE | |
GRANT PROCEDURE | |
SELECT SEQUENCE | |
GRANT SEQUENCE | |
EXECUTE PACKAGE | |
GRANT PACKAGE | |
CREATE MATERIALIZED VIEW | |
SELECT MATERIALIZED VIEW | |
CREATE DOMAIN | |
GRANT DOMAIN | |
USAGE DOMAIN | |
PUBLIC | INSERT TABLE |
UPDATE TABLE | |
DELETE TABLE | |
SELECT TABLE | |
REFERENCES TABLE | |
GRANT TABLE | |
INSERT VIEW | |
UPDATE VIEW | |
DELETE VIEW | |
SELECT VIEW | |
GRANT VIEW | |
EXECUTE PROCEDURE | |
GRANT PROCEDURE | |
SELECT SEQUENCE | |
GRANT SEQUENCE | |
EXECUTE PACKAGE | |
GRANT PACKAGE | |
SELECT MATERIALIZED VIEW | |
GRANT DOMAIN | |
USAGE DOMAIN | |
DUMP TABLE | |
DB_AUDIT_ADMIN | CREATE USER |
ALTER USER | |
DROP USER | |
AUDIT DATABASE | |
DB_AUDIT_OPER | AUDIT DATABASE |
DB_AUDIT_PUBLIC | 无 |
DB_POLICY_ADMIN | CREATE USER |
ALTER USER | |
DROP USER | |
LABEL DATABASE | |
DB_POLICY_OPER | LABEL_DATABASE |
DB_POLICY_PUBLIC | 无 |
附录2 “四权分立”预设角色权限列表
说明:表中所列权限均为在同一数据库类型中的权限,如DBA具有SELECT ANY TABLE的权限,但是不能查询SYSAUDITOR.SYSAUDIT表;而DB_AUDIT_ADMIN具有CREATE USER权限,创建的用户也只能是AUDIT类型用户。
预设角色 | 预设数据库 |
DBA | ALTER DATABASE |
BACKUP DATABASE | |
RESTORE DATABASE | |
CREATE USER | |
ALTER USER | |
DROP USER | |
CREATE ROLE | |
DROP ROLE | |
ADMIN ANY ROLE | |
CREATE TABLESPACE | |
ALTER TABLESPACE | |
DROP TABLESPACE | |
CREATE REPLICATE | |
ALTER REPLICATE | |
DROP REPLICATE | |
VERIFY DATABASE | |
ADMIN REPLAY | |
ADMIN BUFFER | |
ADMIN JOB | |
RESOURCE | CREATE ROLE |
DROP ROLE | |
PUBLIC | &##26080; |
DB_OBJECT_ADMIN | CREATE USER |
ALTER USER | |
DROP USER | |
CREATE ROLE | |
DROP ROLE | |
ADMIN ANY ROLE | |
CREATE SCHEMA | |
CREATE TABLE | |
INSERT TABLE | |
UPDATE TABLE | |
DELETE TABLE | |
SELECT TABLE | |
REFERENCES TABLE | |
DUMP TABLE | |
GRANT TABLE | |
CREATE VIEW | |
INSERT VIEW | |
UPDATE VIEW | |
DELETE VIEW | |
SELECT VIEW | |
GRANT VIEW | |
CREATE DOMAIN | |
GRANT DOMAIN | |
USAGE DOMAIN | |
CREATE PROCEDURE | |
EXECUTE PROCEDURE | |
GRANT PROCEDURE | |
CREATE SEQUENCE | |
SELECT SEQUENCE | |
GRANT SEQUENCE | |
CREATE TRIGGER | |
CREATE INDEX | |
CREATE CONTEXT INDEX | |
CREATE PACKAGE | |
EXECUTE PACKAGE | |
GRANT PACKAGE | |
CREATE SYNONYM | |
CREATE PUBLIC SYNONYM | |
DROP PUBLIC SYNONYM | |
CREATE LINK | |
CREATE ANY CONTEXT | |
DROP ANY CONTEXT | |
GRANT ANY CONTEXT | |
COMMENT ANY TABLE | |
CREATE ANY DIRECTORY | |
DROP ANY DIRECTORY | |
DB_OBJECT_OPER | CREATE SCHEMA |
CREATE TABLE | |
INSERT TABLE | |
UPDATE TABLE | |
DELETE TABLE | |
SELECT TABLE | |
REFERENCES TABLE | |
DUMP TABLE | |
GRANT TABLE | |
CREATE VIEW | |
INSERT VIEW | |
UPDATE VIEW | |
DELETE VIEW | |
SELECT VIEW | |
GRANT VIEW | |
CREATE DOMAIN | |
CREATE PROCEDURE | |
EXECUTE PROCEDURE | |
GRANT PROCEDURE | |
CREATE SEQUENCE | |
SELECT SEQUENCE | |
GRANT SEQUENCE | |
CREATE TRIGGER | |
CREATE INDEX | |
CREATE CONTEXT INDEX | |
CREATE PACKAGE | |
EXECUTE PACKAGE | |
GRANT PACKAGE | |
CREATE SYNONYM | |
CREATE PUBLIC SYNONYM | |
CREATE LINK | |
DB_OBJECT_PUBLIC | INSERT TABLE |
UPDATE TABLE | |
DELETE TABLE | |
SELECT TABLE | |
REFERENCES TABLE | |
DUMP TABLE | |
GRANT TABLE | |
INSERT VIEW | |
UPDATE VIEW | |
DELETE VIEW | |
SELECT VIEW | |
GRANT VIEW | |
EXECUTE PROCEDURE | |
GRANT PROCEDURE | |
SELECT SEQUENCE | |
GRANT SEQUENCE | |
EXECUTE PACKAGE | |
GRANT PACKAGE | |
DB_AUDIT_ADMIN | CREATE USER |
ALTER USER | |
DROP USER | |
AUDIT DATABASE | |
DB_AUDIT_OPER | AUDIT DATABASE |
DB_AUDIT_PUBLIC | &##26080; |
DB_POLICY_ADMIN | CREATE USER |
ALTER USER | |
DROP USER | |
LABEL DATABASE | |
DB_POLICY_OPER | LABEL_DATABASE |
DB_POLICY_PUBLIC | 无 |