Oracle中的PUBLIC是一种特殊的存在,总是感觉概念比较模糊,我们就简单通过几个测试来理解吧。 首先我们创建一个public的synonym,我们看看这个public的含义。 SQL> create public synonym test for n1.test; Synonym created. 查看数据字典,可以看到owner是PUBLIC SQL> select object_name,owner,object_type from dba_objects where object_name='TEST' ; OBJECT_NAME OWNER OBJECT_TYPE -------------------- -------------------- -------------------------------------- TEST PUBLIC SYNONYM TEST N1 TABLE
public是一个用户吗? SQL> select *from dba_users where username='PUBLIC'; no rows selected 那public是一个角色吗? SQL> select *from dba_roles where role='PUBLIC'; no rows selected
大体而言,public两种表现形式 一种是创建public的对象,都是在PUBLIC的这个owner下 create public synonym xxxx for xxx;
或者我们把某个对象的权限赋予PUBLIC grant select on xxx to public;
如果我们创建了某个public的对象,那么在对象数据字典里就会有相应的记录。 SQL> select * from dba_synonyms where synonym_name='TEST'; OWNER SYNONYM_NAME TABLE_OWNER TABLE_NAME DB_LINK -------------------- -------------------- -------------------- -------------------- -------------------- PUBLIC TEST N1 TEST
如果我们赋予了某个对象的权限给PUBLIC,在权限数据字典中会有相应的记录。 SQL> select * from dba_tab_privs where grantee='PUBLIC' and rownum<10; GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRANTA HIERAR -------------------- -------------------- ------------------------------ ---------- -------------------- ------ ------ PUBLIC SYS ORA$BASE SYS USE NO NO PUBLIC SYS DUAL SYS SELECT YES NO PUBLIC SYS SYSTEM_PRIVILEGE_MAP SYS SELECT YES NO PUBLIC SYS TABLE_PRIVILEGE_MAP SYS SELECT YES NO PUBLIC SYS STMT_AUDIT_OPTION_MAP SYS SELECT NO NO PUBLIC SYS DM$EXPIMP_ID_SEQ SYS SELECT NO NO PUBLIC SYS STANDARD SYS EXECUTE NO NO PUBLIC SYS DBMS_STANDARD SYS EXECUTE NO NO PUBLIC SYS ALL_XML_SCHEMAS SYS SELECT YES NO 9 rows selected.
如果感觉有些奇怪,我们可能记得在使用sysoper的时候,shou user显示的是PUBLIC [oracle@newtest ~]$ sqlplus sys/oracle as sysoper SQL> show user USER is "PUBLIC" 而如果我们尝试把它当做用户,修改密码,那是行不通的。 SQL> alter user public identified by oracle; alter user public identified by oracle * ERROR at line 1: ORA-01935: missing user or role name 当然此处需要多补充一些,就是查看数据库软件安装的时候选择的用户组信息,是通过下面的这个文件可以看到的,在$ORACLE_HOME/rdbms/lib/config.c里面。 [oracle@newtest lib]$ less config.c /* SS_DBA_GRP defines the UNIX group ID for sqldba adminstrative access. */ /* Refer to the Installation and User's Guide for further information. */
/* IMPORTANT: this file needs to be in sync with rdbms/src/server/osds/config.c, specifically regarding the number of elements in the ss_dba_grp array. */