vault创建领域不让sys/system访问,但是可以让其他用户访问

环境:

OS:Centos 7

DB:11.2.0.4

 

1.dbvmgr用户登录创建2个新用户

SQL> connect dbvmgr/Oracle#123
Connected.
SQL> create user hxl100 identified by oracle;
SQL> create user hxl200 identified by oracle;

 

2.sys用户登录给新用户授权

SQL> connect / as sysdba
Connected.
SQL> grant create session,resource to hxl100;

Grant succeeded.

SQL> grant create session,resource to hxl200;

Grant succeeded.

 

3.使用用户hxl100登录创建表并写入数据

SQL> connect hxl100/oracle
Connected.
SQL> create table tb_100(id number,name varchar2(32));

Table created.

SQL> insert into tb_100 values(1,'name1');

1 row created.

SQL> insert into tb_100 values(2,'name2');

1 row created.

SQL> commit;

Commit complete.

SQL> select * from tb_100;

        ID NAME
---------- --------------------------------
         1 name1
         2 name2

 

4.下面我们创建领域,让hxl200用户可以访问hxl100下的表,但是sys和system不能访问

 创建领域

 

创建领域保护对象

 这里领域的保护对象是用户hxl100下的所有对象

 

领域授权

这里要授权2个,一个是owner,目的是授权该账号下的对象给其他用户相应的权限，另外一个是参与者,我们这里的参与者就是hxl200

a.owner授权

 

b.参与者授权

 

5.授权查询权限给hxl200用户 

 

SQL> connect hxl100/oracle
Connected.
SQL> grant select on tb_100 to hxl200;

Grant succeeded.

 

6.验证
SQL> connect / as sysdba
Connected.
SQL> select * from hxl100.tb_100;
select * from hxl100.tb_100
*
ERROR at line 1:
ORA-01031: insufficient privileges

SQL> connect hxl200/oracle
Connected.
SQL> select * from hxl100.tb_100;

ID NAME
---------- --------------------------------
1 name1
2 name2