1. 授予权限:
GRANT privilege[, privilege...]
TO user [, user| role, PUBLIC...];①DBA授予用户系统权限
GRANT create session, create table,
create sequence, create view
TO LGR;②创建角色并授权
SYS@LGR> create role manager;
Role created. --创建manager角色
SYS@LGR> grant create table,create view to manager;
Grant succeeded. --授权给manager
SYS@LGR> grant manager to LGR;
Grant succeeded. --把manager角色授予LGR用户
③授予对象权限
GRANT select on employees
TO LGR;④授予指定的列给用户和角色
GRANT update (department_name, location_id)
on departments
TO LGR, manager;⑤WITH GRANT OPTION 使用户同样具有分配权限的权利
GRANT select, insert
on departments
TO LGR
WITH GRANT OPTION;⑥向数据库中所有用户分配权限
GRANT select
on hr.employees
TO PUBLIC;2.确认授予的权限
3.撤销对象权限
•使用REVOKE语句撤销权限
•使用WITH GRANT OPTION 子句所分配的权限同样被收回
REVOKE {privilege [, privilege...]|ALL}
ONobject
FROM {user[, user...]|role|PUBLIC}
[CASCADE CONSTRAINTS];例如:撤销授予给LGR 用户EMP表的SELECT 和INSERT 权限。
revoke select,insert on EMP from LGR;