###2.4 撤销具有GRANT OPTION 的对象权限
- 撤销与数据操纵语言(DML) 操作相关的系统权限时可能会出现级联影响。
- Bob 无法撤销Jeff 授予给Emi 的对象权限。只有被授权者或具有 GRANT ANY OBJECT PRIVILEGE 权限的用户才可以撤销对象权限。
1. 用户bob 授权给jeff查询bob.test01的表带有grant option权限
SQL> grant select on test01 to jeff with grant option;
Grant succeeded.
SQL> select grantee,owner, table_name, privilege from dba_tab_privs where OWNER = 'BOB';
GRANTEE OWNER TABLE_NAME PRIVILEGE
---------- --------------- --------------- --------------------
JEFF BOB TEST01 SELECT
SQL> select * from bob.test01;
ID NAME
---------- ----------
1 test01
2. 用户jeff 授权给Emi查询bob.test01表的权限
SQL> show user;
USER is "JEFF"
SQL> grant select on bob.test01 to emi;
SQL> select grantee,owner, table_name, privilege from dba_tab_privs where OWNER = 'BOB';
GRANTEE OWNER TABLE_NAME PRIVILEGE
---------- --------------- --------------- --------------------
EMI BOB TEST01 SELECT
JEFF BOB TEST01 SELECT
3. 用户bob撤销用户emi查询bob.test01表的权限
SQL> revoke select on bob.test01 from emi;
revoke select on bob.test01 from emi
*
ERROR at line 1:
ORA-01927: cannot REVOKE privileges you did not grant
4. 用户bob撤销用户jeff查询bob.test01表的权限
SQL> revoke select on bob.test01 from jeff;
Revoke succeeded.
SQL> select grantee,owner, table_name, privilege from dba_tab_privs where OWNER = 'BOB';
no rows selected
