0

我想根据 select 语句从用户列表中删除一个角色。我的 select 语句工作正常,但是当我尝试实现 revoke 语句时,我得到“缺少或无效的特权”。

我假设我缺少用于读取用户列表的命令的某些内容,但不确定如何使它在列表中循环。

REVOKE ORACLE_ROLE FROM (SELECT GRANTEE
  FROM DBA_ROLE_PRIVS 
  JOIN SYS.DBA_USERS ON DBA_ROLE_PRIVS.GRANTEE = DBA_USERS.USERNAME 
  WHERE DBA_ROLE_PRIVS.GRANTED_ROLE = 'ROLE_1'
  AND DBA_USERS.ACCOUNT_STATUS != 'OPEN'
  AND EXISTS (SELECT * FROM DBA_ROLE_PRIVS WHERE GRANTED_ROLE != 'ROLE_1'));
4

1 回答 1

0

你可以这样做:

SELECT 'REVOKE ORACLE_ROLE FROM  ' || GRANTEE || ' ;'
  FROM DBA_ROLE_PRIVS 
  JOIN SYS.DBA_USERS ON DBA_ROLE_PRIVS.GRANTEE = DBA_USERS.USERNAME 
  WHERE DBA_ROLE_PRIVS.GRANTED_ROLE = 'ROLE_1'
  AND DBA_USERS.ACCOUNT_STATUS != 'OPEN'
  AND EXISTS (SELECT * FROM DBA_ROLE_PRIVS WHERE GRANTED_ROLE != 'ROLE_1');

然后执行输出。

如果你愿意,你可以手动或在execute immediate

于 2019-10-15T13:33:46.317 回答