新增角色授权给用户后,用户进行查询提示无权限

问答 技术问答
1

创建了一个角色role1,给角色授予表t1的权限,并把角色授权给用户sino,但是用户sino去访问表t1提示没有权限:272: No SELECT permission for t1。是什么原因呢?

[informix@vm84145 ~]$ dbaccess testdb -

Database selected.

> create role role1;

Role created.

> grant all on t1 to role1;

Permission granted.

> grant role1 to sino;

Permission granted.

> 

Database closed.

[informix@vm84145 ~]$ exit
logout
[root@vm84145 ~]# su - sino
Last login: Fri Sep  1 14:30:07 CST 2023 on pts/3
[sino@vm84145 ~]$ dbaccess testdb -

Database selected.

> select * from t1;

  272: No SELECT permission for t1.
Error in line 1
Near character position 16
>
2

  在用户可以访问 ROLE 权限之前,他们必须通过default roles继承这些权限,或者通过 SET ROLE 语句将自己放入 ROLE,再进行查询。

  1. 因此,提问中仅使用:grant role1 to sino; 是不够的,需要改成:grant default role role1 to sino;

  2. 使用 set role 时,需要注意:set roleselect 要在同一个会话窗口中才会生效,如果不在用一个会话窗口,还是会提示无权限。

[sino@vm84145 ~]$ dbaccess testdb -

Database selected.

> select * from t1;

  272: No SELECT permission for t1.
Error in line 1
Near character position 16
> set role role1;

Role set.

> select * from t1;

col1  a1234567890
col2  
b0123456790123456789

col1  1
col2  
kjuiiopppfffffsssssgfdsfasdfa

2 row(s) retrieved.

>