授予系统权限:
GRANT { system_privilege | role }
[,{ system_privilege | role }]... ...
TO {user | role | PUBLIC }
[,{user | role | PUBLIC }]... ...
[WITH ADMIN OPTION]
回收系统权限:
REVOKE {system_privilege | role }
[,{ system_privilege | role }]... ...
FROM {user | role | PUBLIC }
[,{user | role | PUBLIC }]... ...
对于使用了WITH ADMIN OPTION参数赋予的权限,回收权限不是级联的。
授予对象权限:
GRANT { object_privilege [(column_list)] --对象权限操作的列的列表
[,object_privilege [(column_list)]]... ...
| ALL [PRIVILEGE]} --将当前用户的某个数据库对象的所有权限赋予新用户
ON [schema.]object --说明具体的数据库对象,如表或者存储过程
TO {user | role PUBLIC }
[,{user | role PUBLIC}]... ...
[WITH GRANT OPTION] --新用户可以继续授权
eg:GRANT UPDATE(column_name1,column_name2) ON table TO user;
数据字典:USER_COL_PRIVS_MADE查看相关列的权限赋予信息
回收对象权限:
REVOKE {object_privilege [,object_privilege ]... ...| ALL [PRIVILEGE] }
ON [schema.]object
FROM {user | role PUBLIC }
[,{user | role PUBLIC}]... ...
[CASCADE CONSTRAINTS]