--測試環境,20遠端,30本地; --準備1,20遠端建立表的同義詞,用戶信息; 1.11 準備階段,有表有用戶可以忽略此步驟 SQL> conn yang/y ERROR: ORA-01017: invalid username/password; logon denied --無效的用戶名密碼 ...
--測試環境,20遠端,30本地;
--準備1,20遠端建立表的同義詞,用戶信息;
1.11
---------------------------------------------------準備階段,有表有用戶可以忽略此步驟-------------------------------------------------------------------
SQL> conn yang/y ERROR: ORA-01017: invalid username/password; logon denied --無效的用戶名密碼,拒絕進入系統
Warning: You are no longer connected to ORACLE.警告:你是不能嘗試連接到oracle
SQL> desc dba_users; ----查詢視圖
SQL> select USERNAME,USER_ID,ACCOUNT_STATUS,LOCK_DATE,DEFAULT_TABLESPACE from dba_users where username='YANG';
no rows selected --沒有記錄
SQL> create user yang identified by y; --創建用戶,授予兩個角色
SQL> grant connect,resource to yang;
create table abcdefaefef as select * from hr.employees --創建表,無法查詢到-表存在,許可權不足導致
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> grant select any table to yang;----授予許可權後,角色許可權需要在新的用戶會話生效(oracle的一致性:你不能說我正查著dba的視圖,回收許可權後,我報錯,返回許可權不足吧)
SQL> create table abcdefaefef as select * from hr.employees; --創建測試表
SQL> select USERNAME,USER_ID,ACCOUNT_STATUS,LOCK_DATE,DEFAULT_TABLESPACE from dba_users where username='YANG';---查詢用戶信息
YANG 107 OPEN USERS
---------------------------------------------------------------------------------------表、用戶準備完畢------------------
1.12:
創建私有同義詞(自己看到 ):
create synonym a for abcdefaefef
*
ERROR at line 1:
ORA-01031: insufficient privileges
--需要許可權:SQL> grant create any synonym to yang; =========(操作)==========
SQL> create synonym a for abcdefaefef; ==============(操作)=================
SQL> select count(*) from a; ---當前用戶可以使用查詢;
select * from yang.a ----SYS用戶也可以查詢,雖然這個同義詞是私有的;
SQL> select count(*) from yang.abcdefaefef; --HR用戶無法查詢表,同義詞更無法識別;
授予許可權,讓Hr能查詢表,驗證能否可以使用同義詞查詢;
SQL> grant select on yang.abcdefaefef to hr;
SQL> select count(*) from yang.abcdefaefef;
COUNT(*) ---------- 107
SQL> select count(*) from yang.a;
COUNT(*) ---------- 107
---同義詞,私有情況下,收到的訪問約束局限在於表,而不再與同義詞本身;
1.13
---創建公共的同義詞
1)yang用戶創建:
create public synonym b for abcdefaefef
*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> grant create public synonym to yang;
SQL> create public synonym b for abcdefaefef;----創建公共的同義詞需要的許可權不同;一個表的同義詞可以有多個;
2)我們回收用戶創建私有同義詞的許可權,公有的不回收,創建私有同義詞,驗證:
public synonym 許可權能否創建私有同義詞:
SQL> revoke create any synonym from yang;
SQL> select * from session_privs; ---驗證回收的許可權------發現次許可權會話生效,回收也是;
drop synonym a; ---刪除同義詞;
create synonym a for abcdefaefef;
ERROR at line 1:
ORA-01031: insufficient privileges ----這個許可權有點意思,公有的許可權無法創建私有的同義詞;
-----------------反過來呢?
revoke create public synonym from yang;
SQL> grant create any synonym to yang;
SQL> select * from session_privs;
create public synonym a for abcdefaefef;
ERROR at line 1:
ORA-01031: insufficient privileges
3) 創建公共同義詞a;
然後對比,查詢能查詢數據的用戶對象;
SQL> grant create public synonym to yang;
SQL> create public synonym a for abcdefaefef;
---排除創建本身的用戶
--使用SYS用戶查詢:
SQL> select count(*) from a;
COUNT(*) ---------- 87024
SQL> desc a; ----------------------------發現如果有其它同義詞相同,會造成干擾
--測試HR:用戶查詢公共同義詞
select * from a;----------------------OK,可以查詢到數據
SQL> create table a(id int); ---創建同義詞的表名,干擾
Table created.
SQL> select * from a; -----查詢的是本用戶下的表名;
no rows selected------------------------------發現如果用戶下的表名與公共同義詞一樣,也會造成干擾
--測試HR,沒有訪問yang.ABCDEFAEFEF表許可權的時候;
SQL> revoke select on yang.ABCDEFAEFEF from hr;
select count(*) from yang.ABCDEFAEFEF
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> drop table a;
select count(*) from a
*
ERROR at line 1:
ORA-00942: table or view does not exist---------沒有訪問表的許可權,同義詞公共也看不到
SQL> grant select on yang.ABCDEFAEFEF to hr;
SQL> create table a(id int);
select * from yang.ABCDEFAEFEF
SQL> select * from yang.a;
select * from yang.a
*
ERROR at line 1:
ORA-00942: table or view does not exist----
---小結:公共同義詞,一樣收到表是否能被訪問的風險;
--同義詞無法username.object指定,無法指定用戶+對象;
--同義詞收到表名、同義詞朋友的干擾,建議名稱奇怪一點好;
--建議查詢同義詞之前先desc 看一下結構是否相同;
--查詢同義詞:
ORA-01031: insufficient privileges --公共同義詞也需要許可權才能刪除(grant drop public synonym to yang);
SQL> drop public synonym b;
SQL> select * from dba_synonyms where table_name='ABCDEFAEFEF';
PUBLIC A YANG ABCDEFAEFEF
YANG B YANG ABCDEFAEFEF
-------------------------------------------------------------------------------------------------------------------
以上同義詞準備完畢:共有同義詞a, 私有同義詞b=》用戶yang;
以下開始準備dblink配置
----------------------------------------------------------------------------------------------------------------
--創建dblink測試:
dblink,是啥其實就是個連接串,連接到你想查詢的資料庫上;
創建是在自己本地上創建:
30本地,abc用戶,想查詢20ip,下的yang用戶下的表;
SQL> select * from session_privs;
SQL> select * from user_sys_privs where privilege like upper('%DATABASE LINK%'); ----查詢資料庫的dblink
no rows selected
create /* public */ database link dblink1 connect to yang identified by y using '(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.54.20)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=jx)))';
---創建完畢:測試:
select * from ab@dblink1
*
ERROR at line 1:
ORA-12541: TNS:no listener -----發現都找不著TNS服務了
grid$ cd /picclife/app/11.2.0/grid/network/admin/ ---先搞自己的監聽,tns配置
listener.ora tnsnames.ora
oracle$ sqlplus hr/[email protected]:1521/bj
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
)
)
Instance "bj", status READY, has 1 handler(s) for this service...
時刻準備著為實例xx服務
The command completed successfully --這個命令是順利成功的;
grid/network/admin$ cat tnsnames.ora
yang2 =
(DESCRIPTION=
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.54.30)(PORT = 1521))
)
(CONNECT_DATA=
(SERVICE_NAME = bj)
)
)
$ sqlplus hr/hr@yang2 ==============================以上是本地的監聽+tns配置
select * from ab@dblink1-----再次查詢:報錯不一樣了;
*
ERROR at line 1:
ORA-02019: connection description for remote database not found
連接為遙遠的資料庫,連接未找到;
+++++
繼續配置,本地的tnsnames,ora文件,存放加入,遠程的tns配置文件;(有自己的,但是沒有遠程的tns配置文件,發不出去)
===在本地: tnsnames.ora文件中加入,遠程,遠端的tnsnames.ora配置文件信息,保存退出;
--查詢驗證: sqlplus sys/oracle@yang1 as sysdba
SQL> select instance_name from v$Instance;---查詢資料庫實例
INSTANCE_NAME ---------------- jx
SQL> host echo $ORACLE_SID +ASM1 --查詢本地的sid,實例啥
---本地環境是,使用ASM存儲的單節點,因此,tnsname,listener都是grid用戶管理的;
---代表什麼:可以通過tnsnames.ora文件,去訪問其他資料庫,登陸其它資料庫;
select * from ab@dblink1 ==SYS用戶,可以使用,abc用戶卻不能使用
58 rows selected.
SQL> select owner,object_name from dba_objects where object_type='DATABASE LINK';
OWNER -------------------------------------------OBJECT_NAME ----------------------------------
SYS DBLINK1 ---發現搞錯了
PUBLIC QQQ -
---------------------------------------------------------------DBLINK創建了一個私有,其它人不能用---------再加個公有的唄
grant create public database link to abc; --授予創建public dblink許可權
conn abc/abc;
create public database link yuan1 connect to yang identified by y using '(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.54.20)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=jx)))';
select * from ab@yuan1 ====OK---查詢驗證OK
SQL> select * from user_sys_privs where privilege like upper('%DATABASE LINK%');----查詢當前用戶對DBLINK的許可權
USERNAME用戶擁有著 ----------- PRIVILEGE許可權查詢 ---------------- ADMIN是否能聯級授予(能否給人錢,有決定權)
ABC CREATE PUBLIC DATABASE LINK NO
SQL> select * from cat@yuan1;
TABLE_NAME --------------------------- TABLE_TYPE -----------------
AB TABLE
ABCDE TABLE
ABCDEFAEFEF TABLE
---回到最初: 表太長,建立了同義詞,本地還能使用遠程的公共同義詞進行查詢嗎?
select * from a@yuan1; ==public 可以查詢
select * from b@yuan1; ====私有也可以,證明:遠端遠程一樣可以只有能看表,就能通過同義詞查詢
======================================================================================
dblink如何查詢:
select owner,object_name from dba_objects where object_type='DATABASE LINK';
SYS DBLINK1
PUBLIC QQQ
PUBLIC YUAN1
select * from dba_db_links;---可以查詢完整的DBLINK 信息
PUBLIC YUAN1 YANG (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.54.20)(PORT=1521)))(CONNEC 19-OCT-17
T_DATA=(SERVICE_NAME=jx)))
dblink如何刪除:
drop dblink qqq;
select * from dba_db_links where db_link='QQQ';
YANG
ORA-01031: insufficient privileges ---公共的DBLINK,即使是擁有著也沒有許可權刪除
SQL> show user USER is "YANG" SQL> conn / as sysdba Connected.
SQL> drop public database link qqq; =========公共的DBLINK,使用SYS用戶刪除
grant create database link to abc;
create database link si1 connect to yang identified by y using '(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.54.20)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=jx)))';
drop database link si1; ===================私有的DBLINK,自己的用戶可以刪除
drop database link abc.si1 ========================SYS找不到私有的DBLINK,藏起來了
*
ERROR at line 1:
ORA-02024: database link not found===咋整;
大神有方法,此處抄襲:http://blog.itpub.net/29337971/viewspace-1129917/ --我沒成功,先留著以後在學
SQL> select owner||'.'||db_link from dba_db_links where db_link not like '%OGG%';
OWNER||'.'||DB_LINK -------------------------------------------------------------------------------- SYS.DBLINK1
PUBLIC.YUAN1
ABC.SI1
小結:共有,私有的DBLINK與同義詞一樣,創建的許可權分開的;
其次:刪除共有的dblink,sys用戶,私有 誰創建的,誰刪除;SYS找不著對象
刪除DBLINK:能否禁用呢?
資料庫級別禁止功能:
SQL> alter system set open_links=0 scope=spfile;
ORA-02020: too many database links in use==資料庫使用過多的DBLINK
SQL> alter system set open_links=4 scope=spfile;
SQL> startup force;
---如何禁止單個呢?
dba_db_links
select * from dba_db_links;
SQL> select count(*) from cat@yuan1;
COUNT(*) ---------- 6
沒實現成功!!!!!!!!!!!!!!!!!!
alter session close database link 'dblink_name'
---------------------------------------------片外----------------------------------------------------
同義詞--刪除同義詞依托的對象後,同義詞是什麼狀態:
select object_name,object_type,status from user_objects where object_name='YANG' or object_name='ABCDEFAEFEF';
ABCDEFAEFEF TABLE VALID
drop table ABCDEFAEFEF ;
select * from dba_synonyms where table_name='ABCDEFAEFEF';
select * from a;
ORA-00980: synonym translation is no longer valid 同義詞長時間不是有效的
對象、私有同義詞、公共同義詞是否可以存在三者同名的情況?
對象與公司同義詞相等,對象優先順序最高;
共有私有同義詞一樣:
SQL> create table abcdefaefef as select * from hr.employees; ===公私同義詞不一樣,衝突,提升名稱已被使用;
SQL> create synonym a for abcdefaefef;
create public synonym a for yang.abcdefaefef
*
ERROR at line 1:
ORA-00955: name is already used by an existing object
