//显示表空间状态
select TABLESPACE_NAME,status from dba_tablespaces;
create table t3(id int)tablespace tbs;
insert into t3 values(1);
commit;
//将表空间改为离线状态
alter tablespace tbs offline;
SQL> insert into t3 values(2);
insert into t3 values(2)
*
第 1 行出现错误:
ORA-00376: 此时无法读取文件 13
ORA-01110: 数据文件 13: ‘D:\DEV\ORACLEDATA\TEST\TBS01.DBF‘
SQL> drop table t3;
表已删除。
离线状态表是可以被删除的,原因表是在元数据中
alter tablespace tbs online;
alter tablespace tbs read only;
表不能修改
alter tablespace tbs read write;
表空间可以看到状态
删除指定的数据文件
alter tablespace system drop datafile ‘d:kkk‘;
//如果确认数据文件没有数据可以删除
//如果dba_extents视图可以查询指定数据文件是否存在表
//--------------------------------------------------
想知道数据文件是否有数据
select * from dba_extents where file_id=10;
如果为空没有数据....
create table t3(id int)tablespace tbs;
表空间重命名
alter tablespace tbs rename to tbs2;
//--------------------------------------------------
管理用户安全性
数据库里有哪些用户
SELECT username,user_id,account_status,created FROM dba_users;
//-----------------------------------
创建用户
create user aa identified by aa;
SELECT username,user_id,account_status,created FROM dba_users;
//-------------------------------------
通过aa登录系统
sqlplus aa/aa@abc
ORA-01045: 用户 AA 没有 CREATE SESSION 权限; 登录被拒绝
//--------------------------------------
显示oracle 系统权限
select * from system_privilege_map;
//-------------------------------
授权
grant create session to aa;
sqlplus aa/aa@abc
show user
USER 为 "AA"
//-------------------------------------------------------
session
[会话]
process
connection
//------------------------------
查看当前数据库session数量
select count(*) from v$session;
//-------------------------------
查看当前进程
select count(*) from v$process;
select paddr,spid,pname from v$process;
//---------------------------------
每一个session后台有一个服务
为其关联..依靠paddr 关联
select addr,pname from v$process;
select paddr from v$session;
//---------------------------------------
select addr from v$process where pid<>1
minus
select paddr from v$session;
000007FF11169198
000007FF1116A208
select pname from v$process where addr in(‘000007FF11169198‘,‘000007FF1116A208‘);
PNAME
-----
D000
S000
这二个共享模式的服务进程[虽然我们现在工作在专用模式下]
show parameter shared;
shared_servers integer 1[s000]
//------------------------------------------
修改这个属性
alter system set shared_servers=0;
仃止服务器生效
shutdown immediate
startup
//----------------------------------------
还有一个d进程
show parameter dispatcher
dispatchers string (PROTOCOL=TCP) (SERVICE=test1XDB)
修改参数
alter system set dispatchers=‘‘;
现在是一个进程一个session
//----------------------------------------------------
案例:
如果
sqlplus b/b@abcd 命名出错TNS拒绝
[数据库没有任何影响]
sqlplus b/b@abc abc有效
session 26
process 27
多了一个进程:【验证用户名】
oracle TNS 负责启动这个进程,
如果输入正确命名TNS启动进程
1分秒不正确用户名密码..oracle 杀死进程
PMON 进程负责清理
//---------------------------------------
输入正确用户名,创建session 对象..
//---------------------------
获取 session id
select distinct sid from v$mystat;
给aa用户授角色[select_catalog_role 这个角色可以查询oracle系统表和视图权限]
grant select_catalog_role to aa;
授权后aa重登..
sqlplus aa/aa@abc
为这个session服务的进程
select distinct sid from v$mystat;
244
select paddr from v$session where sid=244;
000007FF1116B278 进程地址
select addr,pid,spid from v$process where addr=‘000007FF1116B278‘;
//------------------------------
客户程序与服务器的进程
的连接通道
1:先创建连接
2:再创建会话
问题
tablespace datafile segment table
datafile 物理文件
tablespace->segments->extents->block;
table
//---------------------------------------
授权create table 给aa用户[系统权限立即生效不用登重]
create table t(id int);
insert into t values(1);
oracle 11.2 新特性[延迟创建]
创建元数据时可以延迟创建数据段...
以前的版本一块创建
show parameter segment;
deferred_segment_creation boolean TRUE //这个参数控制
//---------------------------------
查看当前用户数量
select username,account_status from dba_users;
查看所有权限
select name from system_privilege_map;
查看用户和角色拥有权限
select GRANTEE,PRIVILEGE from dba_sys_privs;
select GRANTEE,PRIVILEGE from dba_sys_privs where grantee=‘A‘;
select GRANTEE,PRIVILEGE from dba_sys_privs where grantee=‘DBA‘;
DBA 有哪几项没有呢?
select name from system_privilege_map
minus
select PRIVILEGE from dba_sys_privs where grantee=‘DBA‘;
只差6个权限DBA角色就拥有所有权限
ALTER DATABASE LINK
ALTER PUBLIC DATABASE LINK
EXEMPT ACCESS POLICY
EXEMPT IDENTITY POLICY
SYSDBA
SYSOPER
//--------------------------
SYSDBA 系统权限
DBA 角色
grant create table to bb;
查看表的信息
grant select_catalog_role to bb;
select * from dba_tables where owner=‘BB‘ and table_name=‘TB‘;
数据段不存在
select * from dba_segments where owner=‘BB‘ and segment_name=‘TB‘;
//------------------------------------
create table tb1(id int)tablespace test;
alter user bb quota unlimited on users quota 10m on test;
//------------------------------
bb 用户只能使用users表空间10m
alter user bb quota 10m on users;
alter user bb quota unlimited on users;
//--------------------------------
如何查看用户使用哪个表空间,还可以使用多少
select * from dba_ts_quotas;
//-------------------------------------
bb 用户可以使用所有表空间
grant unlimited tablespace to bb;
//--------------------------------------
创建用户
create user cc identified by cc default tablespace test;
grant create table,create session to cc;
alter user cc quota 10m on test;
查看cc用户拥有哪些权限
select privilege from dba_sys_privs where grantee=‘CC‘;
//------------------------------------------
口令过期
create user dd identified by dd password expire;
grant create session to dd;
//-------------------------------------
锁定帐户dd
alter user dd account lock;
alter user dd account unlock; //解锁
//-------------------------------
改变用户的口令
alter user dd identified by abc;
//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
privilege
权限不能创建,权限分二种
1:system
所有系统权限
select * from system_privilege_map
create table
create any table
区别
bb 用户想在aa 用户下创一张表
create table aa.ttbb_a1(id int);//相当于aa用户创表
默认权限不足,切换用户授权
grant create any table to bb;
select TABLE_NAME from dba_tables where owner=‘AA‘;
create table /没drop table [可以创建就可以删除]
create index /可以创建表就可以创建索引
crate any table 是个权限
bb 用户有哪些权限
select privilege from dba_sys_privs where grantee=‘BB‘;
授权管理选项
grant create table to aa with admin option;
sqlplus aa/aa@abc
grant create table to bb;//ok
查看用户权限列表
SELECT * FROM dba_sys_privs where grantee=‘BB‘;
create table-->a///a--->b//收回crate table a/b 是否拥有create table
不会的授权出去回不来..
revoke create table from bb;
2:object
跨用户访问表,需要拥有权限;
sqlplus bb/bb@abc
crate table ttb
sqlplus aa/aa@abc
select * from bb.ttb/ error no privileges
grant select on ttb to aa;
sqlplus aa/aa@abc
select * from bb.ttb;
查看对象权限列表
select * from v$object_privilege;
将ttc 表的所有权限授权给bb用户
sqlplus aa/aa@abc
create table ttc(id int);
alter user aa quota 10m on users;
grant all on ttc to bb;
//谁创建的表谁拥有权限,还可以把权限授给其它的用户..
查询指定的用户拥有所有对象权限
select * from dba_tab_privs where grantee=‘BB‘;
将insert权限授于a用户的同时,授于他可以再次授权的权限..
grant insert on t to a with grant option;
grant all on c.t to d;//aa用户将t表下所有权限授于d用户..
这个功能和系统权限不一样..
如果a-->a表给b用户-->b将a表权限授于c用户-->
a将授于b表权限收回-->c权限也将被收回..
//------------------------------
实验,对象权限
create user aaa identified by aaa;
create user bbb identified by bbb;
grant create table,create session to aaa,bbb;
create table taaa(id int);
insert into taaa values(1);
grant all on taaa to aaa with grant option;
select * from dba_tab_privs where grantee=‘AAA‘;
sqlplus aaa/aaa@abc
SQL> select * from sys.taaa;
ID
----------
1
grant all on sys.taaa to bbb;
授权成功。
sqlplus bbb/bbb@abc
SQL> select * from sys.taaa;
ID
----------
1
sqlplus /@abc as sysdba
revoke all on taaa from aaa;
select * from dba_tab_privs where grantee=‘AAA‘;
select * from dba_tab_privs where grantee=‘BBB‘;
权限全为空!!!!!
//---------------------------------------
角色
[可以包含sys,obj权限,也可以包role]
select * from dba_roles;
10g 16
11g 32
创建角色
create role role_test;
查询角色
select * from dba_roles;
向角色授权
grant create session to role_test;
grant all on t to role_test;
grant dba to role_test;
查看角色拥有哪些系统权限
select * from dba_sys_privs where grantee=‘ROLE_TEST1‘;
CREATE SESSION
UNLIMITED TABLESPACE
查看角色拥有哪些对象权限
select * from dba_tab_privs where grantee=‘ROLE_TEST‘;
查看角色包含哪些角色
select * from dba_role_privs where grantee=‘ROLE_TEST‘;
查看dba角色包含哪些角色
select * from dba_role_privs where grantee=‘DBA‘;
dba角色给哪些用户
select * from dba_role_privs where granted_role =‘DBA‘;
??????????????????????????
如果将一个指定表空间下所有权限授于指定用户
sqlplus /@abc as sysdba
grant role_test to aaa with admin option;
sqlplus aaa/aaa@abc
grant role_test to bbb;//ok
connect 角色[包含create session]
resource角色
dba 角色
select_datalog_role 查询系统表..
delete_catalog_role
exp_full_database
imp_full_database
sysoper
sysdba
二个系统权限
//--------------------------------
审记
查询是否激活审记项
show parameter audit;
audit_trail string DB
查看指定参数拥有哪些值.
select * from v$parameter_valid_values
where name=‘audit_trail‘;
DB 把审记结果保存数据为中
OS 操作系统
NONE
TRUE []
FALSE
DB_EXTENDED
XML [OS XML格式]/EXTENDED [DB 额外记录其它信息] 这二个选项需和起来使用..
这个参数是一个动态参数
select * from v$system_parameter where name = ‘audit_trail‘;
oracle把审记的结果放在一个视图中
select * from dba_audit_trail;
修改参数
alter system set audit_trail=DB_EXTENDED scope=spfile;
shutdown immediate
startup
show parameter audit;
//--------------------------------------
审记:
1:权限审记 system privilege
select * from dba_priv_audit_opts;
sys 用户操作时不审记
审记结果保存在
select os_username,username,timestamp from dba_audit_trail;
SQL> select * from dba_role_privs where granted_role=‘ROLE_TEST‘;
回收权限
revoke role_test from aaa,bbb,d,a,c;
//------------------------------
所有审记的信息都在基表
sys.aud$;
必须拥有delete_catalog_role 的用户才能删除这个系统表中的信息..
sqlplus aaa/aaa@abc
delete from sys.aud$;//error
sqlplus /@abc as sysdba
grant delete_catalog_role to aaa;
sqlplus aaa/aaa@abc;
delete from sys.aud$;
已删除141行。
//-----------------------------------
select ntimestamp# from aud$;
查看审记动作
select * from audit_actions;
select * from v$session
command 17
//-------------------------
单独为某一类用户审记
不审记[关闭]
noaudit create session;
audit create session by aaa;
系统开启的审记项
select * from dba_priv_audit_opts;
审记的记录项
select username,TIMESTAMP,AUDIT_OPTION,action,action_name from dba_audit_trail;
//-----------------------------
审记
audit create sesssion by aaa whenever;//失败成功都审记
//登录不成功时审记
//??????????????????????????
audit create session by aaa whenever not successful;
select * from dba_priv_audit_opts;
alter system set nls_date_format=‘yyyy-mm-dd hh24:mi:ss‘ scope=spfile;
alter session set nls_date_format=‘yyyy-mm-dd hh24:mi:ss‘;
select username,action_name,timestamp from dba_audit_trail;
系统开启的审记项
前面有指定用户项...
select * from dba_priv_audit_opts;
2:object(privilege)
对象审记默认没有开启
select * from dba_obj_audit_opts;
sqlplus aaa/aaa@abc
alter user aaa quota 10m on users;
insert into taa values(1);
audit select on taa;
通过视图查询
select object_type,sel from dba_obj_audit_opts;
给aaa 授权
grant select_catalog_role to aaa;
audit select on taa whenever successful;
//不审记
noaudit select on taa whenever successful;
noaudit select on taa ;//全部关闭审记
//----------------------------------------
select sql_text from dba_audit_trail;
select object_type,sel from dba_obj_audit_opts;
S:SESSION [写的S发挥作用是A]
A:ACCESS
不审记
noaudit select on taa;
audit select on taa by access whenever successful;
//----------------------------
练习
1:noaudit alter system;
2:audit alter system by system whenever successful;//system用户修改参数审记
3:alter system set db_cache_size=40m;
4:delete from sys.aud$;
5:select username,action_name,timestamp from dba_audit_trail;
//-------------------------
3:语句审记
statement
//查看一下系统开启了哪些语句审记
select * from dba_stmt_audit_opts;
//-------------------------------
audit table by aaa;
正在连接的AAA用户不生效
select timestamp,sql_text from dba_audit_trail;
sqlplus aaa/aaa@abc;
如果需要审记sys操作
show parameter audit;
audit_sys_operations true
在windows->OS日志
unix则
show parameter audit;
audit_file_dest 指定目录中的一个文件
windows 下将值 XML->放在指定的目录上
alter database datafile ‘D:\DEV\ORACLEDATA\TEST\SCOTT_TBS01.DBF‘ resize 200m;