Oracle回收权限报错ORA-01952

原创

DomDanrtsey 2020-09-08 15:06:51 博主文章分类：OracleDB ©著作权

文章标签 Oracle回收权限报错ORA-019 文章分类 Oracle 数据库

©著作权归作者所有：来自51CTO博客作者DomDanrtsey的原创作品，谢绝转载，否则将追究法律责任

Oracle操作回收权限时，报错ORA-01952: system privileges not granted to CRM

解决记录：

查询发现系统存在crm与CRM用户，所以当回收crm权限时需要添加双引号，否则系统会报ORA-01952错误。 1、查询crm具有哪些 dba_role 与 dba_sys 权限

SQL> select * from dba_role_privs where GRANTEE='crm';
no rows selected

SQL> select * from dba_sys_privs where GRANTEE='crm';
GRANTEE 		       PRIVILEGE				ADM
------------------------------ ---------------------------------------- ---
crm			       ALTER ANY SEQUENCE			NO
crm			       CREATE SESSION				NO

2、查询CRM具有哪些 dba_role 与 dba_sys 权限

SQL> select * from dba_role_privs where GRANTEE='CRM';
GRANTEE 		       GRANTED_ROLE		      ADM DEF
------------------------------ ------------------------------ --- ---
CRM			       RESOURCE 		      NO  YES
CRM			       CONNECT			      NO  YES

SQL> select * from dba_sys_privs where GRANTEE='CRM';
GRANTEE 		       PRIVILEGE				ADM
------------------------------ ---------------------------------------- ---
CRM			       UNLIMITED TABLESPACE			NO
CRM			       DROP PUBLIC SYNONYM			NO
CRM			       CREATE VIEW				NO
CRM			       CREATE PUBLIC SYNONYM			NO

3、回收crm权限错误操作

SQL> revoke CREATE SESSION from crm;
revoke CREATE SESSION from crm
*
ERROR at line 1:
ORA-01952: system privileges not granted to 'CRM'


SQL> revoke ALTER ANY SEQUENCE from crm;
revoke ALTER ANY SEQUENCE from crm
*
ERROR at line 1:
ORA-01952: system privileges not granted to 'CRM'

4、回收crm权限正确操作如下

SQL> revoke CREATE SESSION from "crm";
Revoke succeeded.
SQL> revoke ALTER ANY SEQUENCE from "crm";
Revoke succeeded.
SQL> grant connect,resource to "crm";
Grant succeeded.
SQL> grant create view to "crm";
Grant succeeded.
SQL> grant create public synonym to "crm";
Grant succeeded.
SQL> grant drop public synonym to "crm";
Grant succeeded.
SQL> grant unlimited tablespace to "crm";
Grant succeeded.

5、再次查询crm具有哪些 dba_role 与 dba_sys 权限

SQL> select * from dba_role_privs where GRANTEE='crm';
GRANTEE 		       GRANTED_ROLE		      ADM DEF
------------------------------ ------------------------------ --- ---
crm		       RESOURCE 		      NO  YES
crm		       CONNECT			      NO  YES
SQL> select * from dba_sys_privs where GRANTEE='crm';
GRANTEE 		       PRIVILEGE				ADM
------------------------------ ---------------------------------------- ---
crm		       CREATE PUBLIC SYNONYM			NO
crm		       CREATE VIEW				NO
crm		       DROP PUBLIC SYNONYM			NO
crm		       UNLIMITED TABLESPACE			NO