通过dbc.allrights表中的UserName列,DatabaseName列,TableName列和AccessRight列的查询可以获取指定用于对于指定数据库中指定表的操作权限。可用于在执行某条SQL语句之前,判定当前用户是否有执行此语句的权限,在权限不足时还可以尝试自动授权(不太安全,执行完应当revoke)等措施。
AccessRight列缩写词对应列表(共40个):
| AccessRight | 含义 |
| AF | ALTER FUNCTION |
| AP | ALTER PROCEDURE |
| AS | ABORT SESSION |
| CD | CREATE DATABASE |
| CF | CREATE FUNCTION |
| CG | CREATE TRIGGER |
| CM | CREATE MACRO |
| CO | CREATE PROFILE |
| CP | CHECKPOINT |
| CR | CREATE ROLE |
| CT | CREATE TABLE |
| CU | CREATE USER |
| CV | CREATE VIEW |
| D | DELETE |
| DD | DROP DATABASE |
| DF | DROP FUNCTION |
| DG | DROP TRIGGER |
| DM | DROP MACRO |
| DO | DROP PROFILE |
| DP | DUMP |
| DR | DROP ROLE |
| DT | DROP TABLE |
| DU | DROP USER |
| DV | DROP VIEW |
| E | EXECUTE |
| EF | EXECUTE FUNCTION |
| I | INSERT |
| IX | INDEX |
| MR | MONITOR RESOURCE |
| MS | MONITOR SESSION |
| PC | CREATE PROCEDURE |
| PD | DROP PROCEDURE |
| PE | EXECUTE PROCEDURE |
| RO | REPLICATION OVERRIDE |
| R | RETRIEVE/SELECT |
| RF | REFERENCE |
| RS | RESTORE |
| SS | SET SESSION RATE |
| SR | SET RESOURCE RATE |
| U | UPDATE |
示例SQL语句:
select username, databasename, tablename, accessright from dbc.allrights
where databasename='systemfe' and username='dbc' and tablename='opt_ras_table';
上述语句的执行结果为:
*** Query completed. 12 rows found. 4 columns returned. *** Total elapsed time was 1 second. UserName DatabaseName TableName AccessRight ------------------------------ ------------------------------ ------------------------------ ----------- DBC SystemFe opt_ras_table DT DBC SystemFe opt_ras_table U DBC SystemFe opt_ras_table DG DBC SystemFe opt_ras_table RF DBC SystemFe opt_ras_table RS DBC SystemFe opt_ras_table R DBC SystemFe opt_ras_table I DBC SystemFe opt_ras_table CG DBC SystemFe opt_ras_table ST DBC SystemFe opt_ras_table DP DBC SystemFe opt_ras_table D DBC SystemFe opt_ras_table IX
如下的SQL语句可以自动构建出授予权限的SQL语句(即GRANT语句):
SEL TRIM(username) ,TRIM(databasename) ,TRIM(tablename) ,'GRANT '|| CASE WHEN AccessRight = 'AF ' THEN 'ALTER FUNCTION' WHEN AccessRight = 'AP ' THEN 'ALTER PROCEDURE' WHEN AccessRight = 'AS ' THEN 'ABORT SESSION' WHEN AccessRight = 'CD ' THEN 'CREATE DATABASE' WHEN AccessRight = 'CF ' THEN 'CREATE FUNCTION' WHEN AccessRight = 'CG ' THEN 'CREATE TRIGGER' WHEN AccessRight = 'CM ' THEN 'CREATE MACRO' WHEN AccessRight = 'CO ' THEN 'CREATE PROFILE' WHEN AccessRight = 'CP ' THEN 'CHECKPOINT' WHEN AccessRight = 'CR ' THEN 'CREATE ROLE' WHEN AccessRight = 'CT ' THEN 'CREATE TABLE' WHEN AccessRight = 'CU ' THEN 'CREATE USER' WHEN AccessRight = 'CV ' THEN 'CREATE VIEW' WHEN AccessRight = 'D ' THEN 'DELETE' WHEN AccessRight = 'DD ' THEN 'DROP DATABASE' WHEN AccessRight = 'DF ' THEN 'DROP FUNCTION' WHEN AccessRight = 'DG ' THEN 'DROP TRIGGER' WHEN AccessRight = 'DM ' THEN 'DROP MACRO' WHEN AccessRight = 'DO ' THEN 'DROP PROFILE' WHEN AccessRight = 'DP ' THEN 'DUMP' WHEN AccessRight = 'DR ' THEN 'DROP ROLE' WHEN AccessRight = 'DT ' THEN 'DROP TABLE' WHEN AccessRight = 'DU ' THEN 'DROP USER' WHEN AccessRight = 'DV ' THEN 'DROP VIEW' WHEN AccessRight = 'E ' THEN 'EXECUTE' WHEN AccessRight = 'EF ' THEN 'EXECUTE FUNCTION' WHEN AccessRight = 'I ' THEN 'INSERT' WHEN AccessRight = 'IX ' THEN 'INDEX' WHEN AccessRight = 'MR ' THEN 'MONITOR RESOURCE' WHEN AccessRight = 'MS ' THEN 'MONITOR SESSION' WHEN AccessRight = 'PC ' THEN 'CREATE PROCEDURE' WHEN AccessRight = 'PD ' THEN 'DROP PROCEDURE' WHEN AccessRight = 'PE ' THEN 'EXECUTE PROCEDURE' WHEN AccessRight = 'RO ' THEN 'REPLICATION OVERRIDE' WHEN AccessRight = 'R ' THEN 'RETRIEVE/SELECT' WHEN AccessRight = 'RF ' THEN 'REFERENCE' WHEN AccessRight = 'RS ' THEN 'RESTORE' WHEN AccessRight = 'SS ' THEN 'SET SESSION RATE' WHEN AccessRight = 'SR ' THEN 'SET RESOURCE RATE' WHEN AccessRight = 'U ' THEN 'UPDATE' END || ' ON '||TRIM(databasename)||'.'||TRIM(tablename)||' to '||TRIM(username)||';' AS Permission FROM dbc.AllRights WHERE DatabaseName = 'DBNAME' and USERNAME = 'LOGGEDINUSERNAME' AND TABLENAME = 'TABLENAME';