155. The user HR owns the EMP table. The user HR grants privileges to the user SCOTT by using this
command:
SQL> GRANT SELECT,INSERT,UPDATE ON emp TO scott WITH GRANT OPTION;
The user SCOTT executes this command to grant privileges to the user JIM:
SQL> GRANT SELECT,INSERT,UPDATE ON hr.emp TO jim;
Now, the user HR decides to revoke privileges from JIM using this command:
SQL> REVOKE SELECT,INSERT,UPDATE ON emp FROM jim;
Which statement is true after HR issues the REVOKE command?
A.The command fails because SCOTT still has privileges.
B.The command succeeds and privileges are revoked from JIM.
C.The command fails because HR cannot revoke the privileges from JIM.
D.The command succeeds and only HR has the privilege to perform the SELECT, INSERT, and UPDATE
operations on the EMP table.
Answer: C
現象重制:
hr将DML操作emp表的權限給scott,并且scott有傳遞權限,scott将此權限傳遞給jim,此時hr想将jim的權限收回,出錯,
因為hr沒有授予過權限給jim,此時jim可以DML操作EMP表,當hr将scott的權限收回時,jim不能再查詢等操作。
1、hr将DML操作emp表的權限給scott,并且scott有傳遞權限。
[email protected]> grant select,insert,update on employees to scott with grant option; Grant succeeded. [email protected]> conn /as sysdba Connected. [email protected]> create user jim identified by jim; User created. 2、scott将此權限傳遞給jim。 [email protected]> conn scott/tiger Connected. [email protected]> grant select,insert,update on hr.employees to jim; Grant succeeded. 3、hr想将jim的權限收回,出錯。 [email protected]> conn hr/hr Connected. [email protected]> revoke select,insert,update on employees from jim; revoke select,insert,update on employees from jim * ERROR at line 1: ORA-01927: cannot REVOKE privileges you did not grant 4、DBA将連接配接資料庫權限給jim,jim登陸,可以通路hr的表。 [email protected]> conn jim/jim ERROR: ORA-01045: user JIM lacks CREATE SESSION privilege; logon denied Warning: You are no longer connected to ORACLE. [email protected]> conn /as sysdba Connected. [email protected]> grant create session to jim; Grant succeeded. [email protected]> conn jim/jim Connected. [email protected]> select * from hr.employees; EMPLOYEE_ID FIRST_NAME LAST_NAME EMAIL ----------- -------------------- ------------------------- ------------------------- PHONE_NUMBER HIRE_DATE JOB_ID SALARY COMMISSION_PCT MANAGER_ID DEPARTMENT_ID -------------------- --------- ---------- ---------- -------------- ---------- ------------- 198 Donald OConnell DOCONNEL 650.507.9833 21-JUN-07 SH_CLERK 2600 5、當hr把DML操作emp表操作的權限從scott收回後,jim無法通路hr的表了。 [email protected]> conn hr/hr Connected. [email protected]> revoke select,insert,update on employees from scott; Revoke succeeded. [email protected]> conn jim/jim Connected. [email protected]> select * from hr.employees; select * from hr.employees * ERROR at line 1: ORA-00942: table or view does not exist
![OCP-1Z0-053-V12.02-53題[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)