Home | 簡體中文 | 繁體中文 | 雜文 | 打賞(Donations) | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 知乎專欄 | Search | Email

37.3. grant

37.3.1. 列出權限

CREATE SESSION	登陸權限,例如sqlplus			
			
			
SQL> SELECT * FROM SYSTEM_PRIVILEGE_MAP;

 PRIVILEGE NAME 				      PROPERTY
---------- ---------------------------------------- ----------
	-3 ALTER SYSTEM 				     0
	-4 AUDIT SYSTEM 				     0
	-5 CREATE SESSION				     0
	-6 ALTER SESSION				     0
	-7 RESTRICTED SESSION				     0
       -10 CREATE TABLESPACE				     0
       -11 ALTER TABLESPACE				     0
       -12 MANAGE TABLESPACE				     0
       -13 DROP TABLESPACE				     0
       -15 UNLIMITED TABLESPACE 			     0
       -20 CREATE USER					     0
       -21 BECOME USER					     0
       -22 ALTER USER					     0
       -23 DROP USER					     0
       -30 CREATE ROLLBACK SEGMENT			     0
       -31 ALTER ROLLBACK SEGMENT			     0
       -32 DROP ROLLBACK SEGMENT			     0
       -40 CREATE TABLE 				     0
       -41 CREATE ANY TABLE				     0
       -42 ALTER ANY TABLE				     0
       -43 BACKUP ANY TABLE				     0
       -44 DROP ANY TABLE				     0
       -45 LOCK ANY TABLE				     0
       -46 COMMENT ANY TABLE				     0
       -47 SELECT ANY TABLE				     0
       -48 INSERT ANY TABLE				     0
       -49 UPDATE ANY TABLE				     0
       -50 DELETE ANY TABLE				     0
       -60 CREATE CLUSTER				     0
       -61 CREATE ANY CLUSTER				     0
       -62 ALTER ANY CLUSTER				     0
       -63 DROP ANY CLUSTER				     0
       -71 CREATE ANY INDEX				     0
       -72 ALTER ANY INDEX				     0
       -73 DROP ANY INDEX				     0
       -80 CREATE SYNONYM				     0
       -81 CREATE ANY SYNONYM				     0
       -82 DROP ANY SYNONYM				     0
       -83 SYSDBA					     0
       -84 SYSOPER					     0
       -85 CREATE PUBLIC SYNONYM			     0
       -86 DROP PUBLIC SYNONYM				     0
       -90 CREATE VIEW					     0
       -91 CREATE ANY VIEW				     0
       -92 DROP ANY VIEW				     0
      -105 CREATE SEQUENCE				     0
      -106 CREATE ANY SEQUENCE				     0
      -107 ALTER ANY SEQUENCE				     0
      -108 DROP ANY SEQUENCE				     0
      -109 SELECT ANY SEQUENCE				     0
      -115 CREATE DATABASE LINK 			     0
      -120 CREATE PUBLIC DATABASE LINK			     0
      -121 DROP PUBLIC DATABASE LINK			     0
      -125 CREATE ROLE					     0
      -126 DROP ANY ROLE				     0
      -127 GRANT ANY ROLE				     0
      -128 ALTER ANY ROLE				     0
      -130 AUDIT ANY					     0
      -135 ALTER DATABASE				     0
      -138 FORCE TRANSACTION				     0
      -139 FORCE ANY TRANSACTION			     0
      -140 CREATE PROCEDURE				     0
      -141 CREATE ANY PROCEDURE 			     0
      -142 ALTER ANY PROCEDURE				     0
      -143 DROP ANY PROCEDURE				     0
      -144 EXECUTE ANY PROCEDURE			     0
      -151 CREATE TRIGGER				     0
      -152 CREATE ANY TRIGGER				     0
      -153 ALTER ANY TRIGGER				     0
      -154 DROP ANY TRIGGER				     0
      -160 CREATE PROFILE				     0
      -161 ALTER PROFILE				     0
      -162 DROP PROFILE 				     0
      -163 ALTER RESOURCE COST				     0
      -165 ANALYZE ANY					     0
      -167 GRANT ANY PRIVILEGE				     0
      -172 CREATE MATERIALIZED VIEW			     0
      -173 CREATE ANY MATERIALIZED VIEW 		     0
      -174 ALTER ANY MATERIALIZED VIEW			     0
      -175 DROP ANY MATERIALIZED VIEW			     0
      -177 CREATE ANY DIRECTORY 			     0
      -178 DROP ANY DIRECTORY				     0
      -180 CREATE TYPE					     0
      -181 CREATE ANY TYPE				     0
      -182 ALTER ANY TYPE				     0
      -183 DROP ANY TYPE				     0
      -184 EXECUTE ANY TYPE				     0
      -186 UNDER ANY TYPE				     0
      -188 CREATE LIBRARY				     0
      -189 CREATE ANY LIBRARY				     0
      -190 ALTER ANY LIBRARY				     0
      -191 DROP ANY LIBRARY				     0
      -192 EXECUTE ANY LIBRARY				     0
      -200 CREATE OPERATOR				     0
      -201 CREATE ANY OPERATOR				     0
      -202 ALTER ANY OPERATOR				     0
      -203 DROP ANY OPERATOR				     0

 PRIVILEGE NAME 				      PROPERTY
---------- ---------------------------------------- ----------
      -204 EXECUTE ANY OPERATOR 			     0
      -205 CREATE INDEXTYPE				     0
      -206 CREATE ANY INDEXTYPE 			     0
      -207 ALTER ANY INDEXTYPE				     0
      -208 DROP ANY INDEXTYPE				     0
      -209 UNDER ANY VIEW				     0
      -210 QUERY REWRITE				     0
      -211 GLOBAL QUERY REWRITE 			     0
      -212 EXECUTE ANY INDEXTYPE			     0
      -213 UNDER ANY TABLE				     0
      -214 CREATE DIMENSION				     0
      -215 CREATE ANY DIMENSION 			     0
      -216 ALTER ANY DIMENSION				     0
      -217 DROP ANY DIMENSION				     0
      -218 MANAGE ANY QUEUE				     1
      -219 ENQUEUE ANY QUEUE				     1
      -220 DEQUEUE ANY QUEUE				     1
      -222 CREATE ANY CONTEXT				     0
      -223 DROP ANY CONTEXT				     0
      -224 CREATE ANY OUTLINE				     0
      -225 ALTER ANY OUTLINE				     0
      -226 DROP ANY OUTLINE				     0
      -227 ADMINISTER RESOURCE MANAGER			     1
      -228 ADMINISTER DATABASE TRIGGER			     0
      -233 MERGE ANY VIEW				     0
      -234 ON COMMIT REFRESH				     0
      -235 EXEMPT ACCESS POLICY 			     0
      -236 RESUMABLE					     0
      -237 SELECT ANY DICTIONARY			     0
      -238 DEBUG CONNECT SESSION			     0
      -241 DEBUG ANY PROCEDURE				     0
      -243 FLASHBACK ANY TABLE				     0
      -244 GRANT ANY OBJECT PRIVILEGE			     0
      -245 CREATE EVALUATION CONTEXT			     1
      -246 CREATE ANY EVALUATION CONTEXT		     1
      -247 ALTER ANY EVALUATION CONTEXT 		     1
      -248 DROP ANY EVALUATION CONTEXT			     1
      -249 EXECUTE ANY EVALUATION CONTEXT		     1
      -250 CREATE RULE SET				     1
      -251 CREATE ANY RULE SET				     1
      -252 ALTER ANY RULE SET				     1
      -253 DROP ANY RULE SET				     1
      -254 EXECUTE ANY RULE SET 			     1
      -255 EXPORT FULL DATABASE 			     0
      -256 IMPORT FULL DATABASE 			     0
      -257 CREATE RULE					     1
      -258 CREATE ANY RULE				     1
      -259 ALTER ANY RULE				     1
      -260 DROP ANY RULE				     1
      -261 EXECUTE ANY RULE				     1
      -262 ANALYZE ANY DICTIONARY			     0
      -263 ADVISOR					     0
      -264 CREATE JOB					     0
      -265 CREATE ANY JOB				     0
      -266 EXECUTE ANY PROGRAM				     0
      -267 EXECUTE ANY CLASS				     0
      -268 MANAGE SCHEDULER				     0
      -269 SELECT ANY TRANSACTION			     0
      -270 DROP ANY SQL PROFILE 			     0
      -271 ALTER ANY SQL PROFILE			     0
      -272 ADMINISTER SQL TUNING SET			     0
      -273 ADMINISTER ANY SQL TUNING SET		     0
      -274 CREATE ANY SQL PROFILE			     0
      -275 EXEMPT IDENTITY POLICY			     0
      -276 MANAGE FILE GROUP				     1
      -277 MANAGE ANY FILE GROUP			     1
      -278 READ ANY FILE GROUP				     1
      -279 CHANGE NOTIFICATION				     0
      -280 CREATE EXTERNAL JOB				     0
      -281 CREATE ANY EDITION				     0
      -282 DROP ANY EDITION				     0
      -283 ALTER ANY EDITION				     0
      -284 CREATE ASSEMBLY				     0
      -285 CREATE ANY ASSEMBLY				     0
      -286 ALTER ANY ASSEMBLY				     0
      -287 DROP ANY ASSEMBLY				     0
      -288 EXECUTE ANY ASSEMBLY 			     0
      -289 EXECUTE ASSEMBLY				     0
      -290 CREATE MINING MODEL				     0
      -291 CREATE ANY MINING MODEL			     0
      -292 DROP ANY MINING MODEL			     0
      -293 SELECT ANY MINING MODEL			     0
      -294 ALTER ANY MINING MODEL			     0
      -295 COMMENT ANY MINING MODEL			     0
      -301 CREATE CUBE DIMENSION			     0
      -302 ALTER ANY CUBE DIMENSION			     0
      -303 CREATE ANY CUBE DIMENSION			     0
      -304 DELETE ANY CUBE DIMENSION			     0
      -305 DROP ANY CUBE DIMENSION			     0
      -306 INSERT ANY CUBE DIMENSION			     0
      -307 SELECT ANY CUBE DIMENSION			     0
      -308 CREATE CUBE					     0
      -309 ALTER ANY CUBE				     0
      -310 CREATE ANY CUBE				     0
      -311 DROP ANY CUBE				     0
      -312 SELECT ANY CUBE				     0
      -313 UPDATE ANY CUBE				     0

 PRIVILEGE NAME 				      PROPERTY
---------- ---------------------------------------- ----------
      -314 CREATE MEASURE FOLDER			     0
      -315 CREATE ANY MEASURE FOLDER			     0
      -316 DELETE ANY MEASURE FOLDER			     0
      -317 DROP ANY MEASURE FOLDER			     0
      -318 INSERT ANY MEASURE FOLDER			     0
      -319 CREATE CUBE BUILD PROCESS			     0
      -320 CREATE ANY CUBE BUILD PROCESS		     0
      -321 DROP ANY CUBE BUILD PROCESS			     0
      -322 UPDATE ANY CUBE BUILD PROCESS		     0
      -326 UPDATE ANY CUBE DIMENSION			     0
      -327 ADMINISTER SQL MANAGEMENT OBJECT		     0
      -328 ALTER PUBLIC DATABASE LINK			     0
      -329 ALTER DATABASE LINK				     0
      -350 FLASHBACK ARCHIVE ADMINISTER 		     0

208 rows selected.			
			
			

37.3.2. 查看用戶權限

SELECT * FROM TABLE_PRIVILEGES;
SELECT * FROM DBA_TAB_PRIVS;			
			
select * from dict where table_name like '%PRIV%';			
			

SELECT grantee,privilege,admin_option FROM dba_sys_privs WHERE grantee IN ('SCOTT','SYS','SYSTEM') ORDER BY grantee;

			
SQL> SELECT grantee,privilege,admin_option FROM dba_sys_privs WHERE grantee IN ('SCOTT','SYS','SYSTEM') ORDER BY grantee;

GRANTEE 		       PRIVILEGE				ADM
------------------------------ ---------------------------------------- ---
SCOTT			       UNLIMITED TABLESPACE			NO
SYS			       ADMINISTER ANY SQL TUNING SET		NO
SYS			       ADMINISTER DATABASE TRIGGER		NO
SYS			       ADMINISTER RESOURCE MANAGER		NO
SYS			       ADMINISTER SQL MANAGEMENT OBJECT 	NO
SYS			       ADMINISTER SQL TUNING SET		NO
SYS			       ADVISOR					NO
SYS			       ALTER ANY ASSEMBLY			NO
SYS			       ALTER ANY CLUSTER			NO
SYS			       ALTER ANY CUBE				NO
SYS			       ALTER ANY CUBE DIMENSION 		NO
SYS			       ALTER ANY DIMENSION			NO
SYS			       ALTER ANY EDITION			NO
SYS			       ALTER ANY EVALUATION CONTEXT		YES
SYS			       ALTER ANY INDEX				NO
SYS			       ALTER ANY INDEXTYPE			NO
SYS			       ALTER ANY LIBRARY			NO
SYS			       ALTER ANY MATERIALIZED VIEW		NO
SYS			       ALTER ANY MINING MODEL			NO
SYS			       ALTER ANY OPERATOR			NO
SYS			       ALTER ANY OUTLINE			NO
SYS			       ALTER ANY PROCEDURE			NO
SYS			       ALTER ANY ROLE				NO
SYS			       ALTER ANY RULE				YES
SYS			       ALTER ANY RULE SET			YES
SYS			       ALTER ANY SEQUENCE			NO
SYS			       ALTER ANY SQL PROFILE			NO
SYS			       ALTER ANY TABLE				NO
SYS			       ALTER ANY TRIGGER			NO
SYS			       ALTER ANY TYPE				NO
SYS			       ALTER DATABASE				NO
SYS			       ALTER PROFILE				NO
SYS			       ALTER RESOURCE COST			NO
SYS			       ALTER ROLLBACK SEGMENT			NO
SYS			       ALTER SESSION				NO
SYS			       ALTER SYSTEM				NO
SYS			       ALTER TABLESPACE 			NO
SYS			       ALTER USER				NO
SYS			       ANALYZE ANY				NO
SYS			       AUDIT ANY				NO
SYS			       AUDIT SYSTEM				NO
SYS			       BACKUP ANY TABLE 			NO
SYS			       BECOME USER				NO
SYS			       CHANGE NOTIFICATION			NO
SYS			       COMMENT ANY MINING MODEL 		NO
SYS			       COMMENT ANY TABLE			NO
SYS			       CREATE ANY ASSEMBLY			NO
SYS			       CREATE ANY CLUSTER			NO
SYS			       CREATE ANY CONTEXT			NO
SYS			       CREATE ANY CUBE				NO
SYS			       CREATE ANY CUBE BUILD PROCESS		NO
SYS			       CREATE ANY CUBE DIMENSION		NO
SYS			       CREATE ANY DIMENSION			NO
SYS			       CREATE ANY DIRECTORY			NO
SYS			       CREATE ANY EDITION			NO
SYS			       CREATE ANY EVALUATION CONTEXT		YES
SYS			       CREATE ANY INDEX 			NO
SYS			       CREATE ANY INDEXTYPE			NO
SYS			       CREATE ANY JOB				NO
SYS			       CREATE ANY LIBRARY			NO
SYS			       CREATE ANY MATERIALIZED VIEW		NO
SYS			       CREATE ANY MEASURE FOLDER		NO
SYS			       CREATE ANY MINING MODEL			NO
SYS			       CREATE ANY OPERATOR			NO
SYS			       CREATE ANY OUTLINE			NO
SYS			       CREATE ANY PROCEDURE			NO
SYS			       CREATE ANY RULE				YES
SYS			       CREATE ANY RULE SET			YES
SYS			       CREATE ANY SEQUENCE			NO
SYS			       CREATE ANY SQL PROFILE			NO
SYS			       CREATE ANY SYNONYM			NO
SYS			       CREATE ANY TABLE 			NO
SYS			       CREATE ANY TRIGGER			NO
SYS			       CREATE ANY TYPE				NO
SYS			       CREATE ANY VIEW				NO
SYS			       CREATE ASSEMBLY				NO
SYS			       CREATE CLUSTER				NO
SYS			       CREATE CUBE				NO
SYS			       CREATE CUBE BUILD PROCESS		NO
SYS			       CREATE CUBE DIMENSION			NO
SYS			       CREATE DATABASE LINK			NO
SYS			       CREATE DIMENSION 			NO
SYS			       CREATE EVALUATION CONTEXT		YES
SYS			       CREATE EXTERNAL JOB			NO
SYS			       CREATE INDEXTYPE 			NO
SYS			       CREATE JOB				NO
SYS			       CREATE LIBRARY				NO
SYS			       CREATE MATERIALIZED VIEW 		NO
SYS			       CREATE MEASURE FOLDER			NO
SYS			       CREATE MINING MODEL			NO
SYS			       CREATE OPERATOR				NO
SYS			       CREATE PROCEDURE 			NO
SYS			       CREATE PROFILE				NO
SYS			       CREATE PUBLIC DATABASE LINK		NO
SYS			       CREATE PUBLIC SYNONYM			NO
SYS			       CREATE ROLE				NO
SYS			       CREATE ROLLBACK SEGMENT			NO

GRANTEE 		       PRIVILEGE				ADM
------------------------------ ---------------------------------------- ---
SYS			       CREATE RULE				YES
SYS			       CREATE RULE SET				YES
SYS			       CREATE SEQUENCE				NO
SYS			       CREATE SESSION				NO
SYS			       CREATE SYNONYM				NO
SYS			       CREATE TABLE				NO
SYS			       CREATE TABLESPACE			NO
SYS			       CREATE TRIGGER				NO
SYS			       CREATE TYPE				NO
SYS			       CREATE USER				NO
SYS			       CREATE VIEW				NO
SYS			       DEBUG ANY PROCEDURE			NO
SYS			       DEBUG CONNECT SESSION			NO
SYS			       DELETE ANY CUBE DIMENSION		NO
SYS			       DELETE ANY MEASURE FOLDER		NO
SYS			       DELETE ANY TABLE 			NO
SYS			       DEQUEUE ANY QUEUE			YES
SYS			       DROP ANY ASSEMBLY			NO
SYS			       DROP ANY CLUSTER 			NO
SYS			       DROP ANY CONTEXT 			NO
SYS			       DROP ANY CUBE				NO
SYS			       DROP ANY CUBE BUILD PROCESS		NO
SYS			       DROP ANY CUBE DIMENSION			NO
SYS			       DROP ANY DIMENSION			NO
SYS			       DROP ANY DIRECTORY			NO
SYS			       DROP ANY EDITION 			NO
SYS			       DROP ANY EVALUATION CONTEXT		YES
SYS			       DROP ANY INDEX				NO
SYS			       DROP ANY INDEXTYPE			NO
SYS			       DROP ANY LIBRARY 			NO
SYS			       DROP ANY MATERIALIZED VIEW		NO
SYS			       DROP ANY MEASURE FOLDER			NO
SYS			       DROP ANY MINING MODEL			NO
SYS			       DROP ANY OPERATOR			NO
SYS			       DROP ANY OUTLINE 			NO
SYS			       DROP ANY PROCEDURE			NO
SYS			       DROP ANY ROLE				NO
SYS			       DROP ANY RULE				YES
SYS			       DROP ANY RULE SET			YES
SYS			       DROP ANY SEQUENCE			NO
SYS			       DROP ANY SQL PROFILE			NO
SYS			       DROP ANY SYNONYM 			NO
SYS			       DROP ANY TABLE				NO
SYS			       DROP ANY TRIGGER 			NO
SYS			       DROP ANY TYPE				NO
SYS			       DROP ANY VIEW				NO
SYS			       DROP PROFILE				NO
SYS			       DROP PUBLIC DATABASE LINK		NO
SYS			       DROP PUBLIC SYNONYM			NO
SYS			       DROP ROLLBACK SEGMENT			NO
SYS			       DROP TABLESPACE				NO
SYS			       DROP USER				NO
SYS			       ENQUEUE ANY QUEUE			YES
SYS			       EXECUTE ANY ASSEMBLY			NO
SYS			       EXECUTE ANY CLASS			NO
SYS			       EXECUTE ANY EVALUATION CONTEXT		YES
SYS			       EXECUTE ANY INDEXTYPE			NO
SYS			       EXECUTE ANY LIBRARY			NO
SYS			       EXECUTE ANY OPERATOR			NO
SYS			       EXECUTE ANY PROCEDURE			NO
SYS			       EXECUTE ANY PROGRAM			NO
SYS			       EXECUTE ANY RULE 			YES
SYS			       EXECUTE ANY RULE SET			YES
SYS			       EXECUTE ANY TYPE 			NO
SYS			       EXECUTE ASSEMBLY 			NO
SYS			       EXPORT FULL DATABASE			NO
SYS			       FLASHBACK ANY TABLE			NO
SYS			       FLASHBACK ARCHIVE ADMINISTER		NO
SYS			       FORCE ANY TRANSACTION			NO
SYS			       FORCE TRANSACTION			NO
SYS			       GLOBAL QUERY REWRITE			NO
SYS			       GRANT ANY OBJECT PRIVILEGE		NO
SYS			       GRANT ANY PRIVILEGE			NO
SYS			       GRANT ANY ROLE				NO
SYS			       IMPORT FULL DATABASE			NO
SYS			       INSERT ANY CUBE DIMENSION		NO
SYS			       INSERT ANY MEASURE FOLDER		NO
SYS			       INSERT ANY TABLE 			NO
SYS			       LOCK ANY TABLE				NO
SYS			       MANAGE ANY FILE GROUP			NO
SYS			       MANAGE ANY QUEUE 			YES
SYS			       MANAGE FILE GROUP			NO
SYS			       MANAGE SCHEDULER 			NO
SYS			       MANAGE TABLESPACE			NO
SYS			       MERGE ANY VIEW				NO
SYS			       ON COMMIT REFRESH			NO
SYS			       QUERY REWRITE				NO
SYS			       READ ANY FILE GROUP			NO
SYS			       RESTRICTED SESSION			NO
SYS			       RESUMABLE				NO
SYS			       SELECT ANY CUBE				NO
SYS			       SELECT ANY CUBE DIMENSION		NO
SYS			       SELECT ANY MINING MODEL			NO
SYS			       SELECT ANY SEQUENCE			NO
SYS			       SELECT ANY TABLE 			YES
SYS			       SELECT ANY TRANSACTION			NO
SYS			       UNDER ANY TABLE				NO

GRANTEE 		       PRIVILEGE				ADM
------------------------------ ---------------------------------------- ---
SYS			       UNDER ANY TYPE				NO
SYS			       UNDER ANY VIEW				NO
SYS			       UNLIMITED TABLESPACE			NO
SYS			       UPDATE ANY CUBE				NO
SYS			       UPDATE ANY CUBE BUILD PROCESS		NO
SYS			       UPDATE ANY CUBE DIMENSION		NO
SYS			       UPDATE ANY TABLE 			NO
SYSTEM			       CREATE MATERIALIZED VIEW 		NO
SYSTEM			       CREATE TABLE				NO
SYSTEM			       GLOBAL QUERY REWRITE			NO
SYSTEM			       SELECT ANY TABLE 			NO
SYSTEM			       UNLIMITED TABLESPACE			YES

206 rows selected.			
						
			

select grantee,privilege,admin_option from dba_sys_privs where grantee in ('SCOTT','SYS') and privilege = 'EXECUTE ANY PROCEDURE' order by grantee;

			
SQL> select grantee,privilege,admin_option from dba_sys_privs where grantee in ('SCOTT','SYS')  and privilege = 'EXECUTE ANY PROCEDURE' order by grantee;

GRANTEE 		       PRIVILEGE				ADM
------------------------------ ---------------------------------------- ---
SYS			       EXECUTE ANY PROCEDURE			NO
						
			

37.3.3. 吊銷權限

REVOKE EXECUTE ANY PROCEDURE FROM scott;			
			

37.3.4. System Privileges 系統權限

授予DBA權限,不限制的表空間,查詢任何表,查詢任何字典

			
grant dba to neo;  
grant unlimited tablespace to neo;  
grant select any table to neo;  
grant select any dictionary to neo; 
			
			

37.3.4.1. EM 權限

grant connect, resource, select_catalog_role to username;
				

37.3.4.2. Granting and Revoking SYSDBA and SYSOPER Privileges

Granting and Revoking SYSDBA and SYSOPER Privileges

				
If your server is using an EXCLUSIVE password file, use the GRANT statement to grant the SYSDBA or SYSOPER system privilege to a user, as shown in the following example:

GRANT SYSDBA TO user;

Use the REVOKE statement to revoke the SYSDBA or SYSOPER system privilege from a user, as shown in the following example:

REVOKE SYSDBA FROM user;
				
				

SYSDBA, SYSOPER, SYSASM

REVOKE SYSOPER FROM non-SYS-user;
GRANT SYSOPER TO non-SYS-user;		
				

37.3.5. Object Privileges 對象權限