主页 / dba / 问题 / 283558
Accepted
SHR
Asked: 2021-01-20 03:48:51 +0800 CST

从过程调用时从 V$LOGMNR_CONTENTS 中选择失败

  • 772

假设以下用户被授予这些权限:

-- create admin user on CDB
CREATE USER c##myadmin IDENTIFIED BY myadmin DEFAULT TABLESPACE system QUOTA UNLIMITED ON system ACCOUNT UNLOCK
/
-- allow access to all PDBs to the admin user
ALTER USER c##myadmin SET CONTAINER_DATA=ALL CONTAINER=CURRENT
/ 
-- grant needed permissions
GRANT DBA to c##myadmin                            ;
GRANT CREATE SESSION TO c##myadmin                 ;
GRANT CREATE TABLE TO c##myadmin                   ;
GRANT EXECUTE_CATALOG_ROLE TO c##myadmin           ;
GRANT EXECUTE ON DBMS_LOGMNR TO c##myadmin         ;
GRANT SELECT ON V_$DATABASE TO c##myadmin          ;
GRANT SELECT ON V_$LOGMNR_CONTENTS TO c##myadmin   ;
GRANT SELECT ON V_$ARCHIVED_LOG TO c##myadmin      ;
GRANT SELECT ON V_$LOG TO c##myadmin               ;
GRANT SELECT ON V_$LOGFILE TO c##myadmin           ;
GRANT RESOURCE, CONNECT TO c##myadmin              ;

现在,当我以我的管理员身份连接时,我可以运行以下命令:

BEGIN 
  DECLARE v NUMBER := 0;
BEGIN
  DBMS_LOGMNR.ADD_LOGFILE(LogFileName=>'/path/to/archive/log/arc0000013.0001', Options=>DBMS_LOGMNR.new);
  DBMS_LOGMNR.START_LOGMNR(StartScn=>23456789, EndScn=>23567890,  Options=>DBMS_LOGMNR.DICT_FROM_ONLINE_CATALOG+DBMS_LOGMNR.NO_ROWID_IN_STMT);
  select count(*) into v from v$logmnr_contents;
END;
END;
/

PL/SQL procedure successfully completed.

但是当它作为一个过程创建时,它因权限不足而失败:

Create Or Replace Procedure Test AS
 v NUMBER:=0;
BEGIN
 DBMS_LOGMNR.ADD_LOGFILE(LogFileName=>'/path/to/archive/log/arc0000013.0001', Options=>DBMS_LOGMNR.new);
 DBMS_LOGMNR.START_LOGMNR(StartScn=>23456789, EndScn=>23567890,  Options=>DBMS_LOGMNR.DICT_FROM_ONLINE_CATALOG+DBMS_LOGMNR.NO_ROWID_IN_STMT); 
 Select Count(*) into v from v$logmnr_contents;
END;
/
Exec Test
/

Procedure Test compiled


Error starting at line 9 in command -
BEGIN Test; END;
Error report - 
ORA-01031: insufficient privileges
ORA-06512: at "C##MYADMIN.TEST", line 6
ORA-06512: at line 1
01031. 00000 -  "insufficient privileges"
*Cause:    An attempt was made to perform a database operation without
           the necessary privileges.
*Action:   Ask your database administrator or designated security
           administrator to grant you the necessary privileges

如果我注释掉select程序成功。

是否有额外的权限使其能够select从过程中运行?

oracle permissions

2 个回答

  1. Best Answer

    V$LOGMNR_CONTENTS

    V$LOGMNR_CONTENTS 包含日志历史信息。要查询此视图,您必须具有 LOGMINING 权限。

    特权被LOGMINING授予DBA角色。运行匿名块时,您通过角色授予的所有权限都是有效的。运行使用默认定义者权限选项定义的存储过程时,将忽略通过角色授予的权限。该LOGMINING权限应直接授予您的用户:

    grant logmining to c##myadmin;
    • 1

  2. 您需要REFERENCE表格/视图的能力才能包含在预编译的 ptogram 中。

    仅用于试错测试,您可以授予ALL权限。但是,这是一个严重的安全风险。

    • 0

相关问题