Oracle 赋权和回收权限的生效时间(2)

对对象权限的grant和revoke操作与系统权限的一致，所有的命令都是立即生效，包括对已经连接的会话。
三、测试角色的grant和revoke
现在的linuxidc用户仍然只有connect角色，并且已经打开一个会话
123456789101112 --session 2
sys@ORCL>select * from dba_role_privs where grantee='linuxidc';
 
GRANTEE              GRANTED_ROLE            ADMIN_OPT DEFAULT_R
------------------------------ ------------------------------ --------- ---------
linuxidc                CONNECT                NO  YES
--session 1
linuxidc@ORCL>select * from session_roles;
 
ROLE
------------------------------------------
CONNECT

测试grant DBA权限

--session 1查看会话中的角色
linuxidc@ORCL>select * from session_roles;
 
ROLE
------------------------------------------------------------------------------------------
CONNECT
--session 2赋予linuxidc用户dba角色
sys@ORCL>grant dba to linuxidc;
 
Grant succeeded.
 
sys@ORCL>select * from dba_role_privs where grantee='linuxidc';
 
GRANTEE              GRANTED_ROLE            ADMIN_OPT DEFAULT_R
------------------------------ ------------------------------ --------- ---------
linuxidc                DBA                NO  YES
linuxidc                CONNECT                NO  YES
--session 1再次查看会话中的角色，没有dba角色，也没有查看v$session的权限
linuxidc@ORCL>select * from session_roles;
 
ROLE
------------------------------------------------------------------------------------------
CONNECT
 
linuxidc@ORCL>select count(*) from v$session;
select count(*) from v$session
                    *
ERROR at line 1:
ORA-00942: table or view does not exist
--session 1执行set role命令，可以看到DBA及相关的角色已经加载到session1中了，也可以查询v$session
linuxidc@ORCL>set role dba;
 
Role set. 
 
linuxidc@ORCL>select * from session_roles;
 
ROLE
------------------------------------------------------------------------------------------
DBA
SELECT_CATALOG_ROLE
HS_ADMIN_SELECT_ROLE
......
 
19 rows selected. 
 
linuxidc@ORCL>select count(*) from v$session;
 
  COUNT(*)
----------
    29
--使用linuxidc用户打开session 3，可以看到新会话中默认会加载DBA及相关角色
[oracle@rhel6 ~]$ sqlplus linuxidc/zhaoxu
 
SQL*Plus: Release 11.2.0.4.0 Production on Sat Jan 21 16:22:01 2017
 
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
 
 
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options 
 
linuxidc@ORCL>select * from session_roles;
 
ROLE
------------------------------------------------------------------------------------------
CONNECT
DBA
SELECT_CATALOG_ROLE
......
 
20 rows selected.