Oracle CREATE USER特权

编程问答 2022-06-09

问题描述

晚上好!

问题是-我授予某些用户创建,更改和删除用户的权限(CREATE USER,ALTER USER,DROP USER),但是当我尝试使用该用户创建CREATE USER时,它表示该用户的权限不足。该如何解决

谢谢大家!

编辑:我使用Oracle Database 18c Express Edition

EDIT2: 用户创建:

sql> CREATE USER predefined
  2  IDENTIFIED BY pf
  3  DEFAULT TABLESPACE USERS
  4  QUOTA 50M ON USERS
  5  TEMPORARY TABLESPACE TEMP;

User created.

sql> GRANT CREATE SESSION TO predefined;

Grant succeeded.

sql> GRANT CREATE ANY TABLE,CREATE ANY SEQUENCE,CREATE ANY VIEW,CREATE ANY PROCEDURE,CREATE ANY INDEX,CREATE ANY TRIGGER TO predefined

Grant succeeded.

sql> GRANT CREATE USER TO predefined;

Grant succeeded.

sql> GRANT ALTER USER TO predefined;

Grant succeeded.

sql> GRANT DROP USER TO predefined;

Grant succeeded.

当我尝试与该用户创建用户时,我得到了:

sql> CREATE USER predefined2
  2  IDENTIFIED BY pf2
  3  DEFAULT TABLESPACE USERS
  4  QUOTA 5M ON USERS
  5  TEMPORARY TABLESPACE TEMP;
CREATE USER predefined2
*
ERROR at line 1:
ORA-01031: insufficient privileges

另一件事-我检查了USER_SYS_PRIVS表,它向我显示了这一点:

USERNAME                                                                                                                         PRIVILEGE                                ADM COM INH
-------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------- --- --- ---
PredefineD                                                                                                                         ALTER USER                               NO  NO  NO
PredefineD                                                                                                                         CREATE USER                              NO  NO  NO
PredefineD                                                                                                                         DROP USER                                NO  NO  NO
PredefineD                                                                                                                         CREATE ANY VIEW                          NO  YES NO
PredefineD                                                                                                                         CREATE ANY PROCEDURE                     NO  YES NO
PredefineD                                                                                                                         CREATE ANY SEQUENCE                      NO  YES NO
PredefineD                                                                                                                         CREATE SESSION                           NO  YES NO
PredefineD                                                                                                                         CREATE ANY TRIGGER                       NO  YES NO
PredefineD                                                                                                                         CREATE ANY INDEX                         NO  YES NO
PredefineD                                                                                                                         CREATE ANY TABLE                         NO  YES NO

我注意到,在COM列中,它对CREATE USER,ALTER USER和DROP USER特权没有权限。因此,可能与它有关系吗?

解决方法

好吧,您应该不会遇到问题。我至少不会。

作为SYS,我正在创建一个全新的用户,该用户将被授予CREATE USER特权:

SQL> show user
USER is "SYS"
SQL> create user predefined identified by pf;

User created.

SQL> grant create session,create user to predefined;

Grant succeeded.

那么,它行得通吗?

SQL> connect predefined/pf
Connected.
SQL> create user test identified by test;

User created.

SQL>

是的。

请编辑问题,并张贴您的确切行为(就像我一样),以便我们看到。

,

所以问题是-我在授予privs时没有添加CONTAINTER=ALL子句。

因此GRANT子句应如下所示 GRANT CREATE USER TO predefined CONTAINTER=ALL;

之后,创建新用户成功。

编辑: 经过研究后,我发现这些是系统特权,因此,如果要将它们从系统用户授予其他用户,则必须在Grant子句的末尾添加CONTAINER = ALL子句。 如果我错了,请指正我,但我希望这也会对将来的人有所帮助! :)

createuseroracleprivileges