oracle cloud 用户角色权限表关系(废弃)

发表于 | 分类于 | 阅读次数:
字数统计: 784 | 阅读时长 ≈ 4
oracle cloud 中用户角色权限之间的表关系

根据 sr 回复,ase相关表只是给 oracle 内部使用,表的数据并不准确,后期如果有找到相关表再做更新吧,大家看到这个直接忽略吧,打扰了

Cloud 查看用户角色权限

Security Console

user role privilege

表关系

主要涉及表:

前缀ASE开头的

ASE_USER_VL 用户表

ASE_USER_ROLE_MBR 用户角色分配表

ASE_ROLE_VL 角色表

ASE_PRIVILEGE_VL 权限表

ASE_PRIV_ROLE_MBR 权限角色表

ASE_ROLE_ROLE_MBR 角色父子关系表

sql 查询

角色父子关系

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
SELECT t.parent_role_id,
         pr.code          AS parent_role_code,
         pr.role_name     AS parent_role_name,
         t.leaf,
         t.ase_role_id,
         r.code           AS role_code,
         r.role_name
    FROM (SELECT parent_role_id,
                 connect_by_isleaf leaf,
                 connect_by_root(child_role_id) ase_role_id
            FROM ase_role_role_mbr
          CONNECT BY PRIOR ase_role_role_mbr.parent_role_id = ase_role_role_mbr.child_role_id) t,
         ase_role_vl pr,
         ase_role_vl r
   WHERE t.parent_role_id = pr.role_id(+)
     AND t.ase_role_id = r.role_id

用户角色查询

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
WITH
-- 角色父子关系
role_role_mbr_ AS
 (SELECT t.parent_role_id,
         pr.code          AS parent_role_code,
         pr.role_name     AS parent_role_name,
         t.leaf,
         t.ase_role_id,
         r.code           AS role_code,
         r.role_name
    FROM (SELECT parent_role_id,
                 connect_by_isleaf leaf,
                 connect_by_root(child_role_id) ase_role_id
            FROM ase_role_role_mbr
          CONNECT BY PRIOR ase_role_role_mbr.parent_role_id = ase_role_role_mbr.child_role_id) t,
         ase_role_vl pr,
         ase_role_vl r
   WHERE t.parent_role_id = pr.role_id(+)
     AND t.ase_role_id = r.role_id),

-- 用户角色
user_role_ AS
 (SELECT u.user_login,
         u.user_display_name,
         -- 与当前日期比较判断是否有效
         decode((SELECT 1
                  FROM dual
                 WHERE (u.effective_start_date <= SYSDATE OR u.effective_start_date IS NULL)
                   AND (u.effective_end_date >= SYSDATE OR u.effective_end_date IS NULL)
                      -- 使用suspend 判断是否失效
                   AND EXISTS (SELECT 1
                          FROM per_users pu
                         WHERE pu.user_guid = u.user_guid
                           AND pu.suspended = 'N')),
                1,
                'Active',
                'Inactive') AS is_user_active,
         u.creation_date AS user_creation_date,
         u.last_update_date AS user_last_update_date,
         r.role_id,
         r.code AS role_code,
         r.role_name,
         -- 与当前日期比较判断是否有效
         decode((SELECT 1
                  FROM dual
                 WHERE (r.effective_start_date <= SYSDATE OR r.effective_start_date IS NULL)
                   AND (r.effective_end_date >= SYSDATE OR r.effective_end_date IS NULL)),
                1,
                'Active',
                'Inactive') AS is_role_active,
         r.creation_date AS role_creation_date,
         r.last_update_date AS role_last_update_date,
         -- 与当前日期比较判断是否有效
         decode((SELECT 1
                  FROM dual
                 WHERE (ur.effective_start_date <= SYSDATE OR ur.effective_start_date IS NULL)
                   AND (ur.effective_end_date >= SYSDATE OR ur.effective_end_date IS NULL)),
                1,
                'Active',
                'Inactive') AS is_user_role_active,
         ur.creation_date AS user_role_creation_date,
         ur.last_update_date AS user_role_last_update_date
    FROM fusion.ase_user_vl       u,
         fusion.ase_user_role_mbr ur,
         fusion.ase_role_vl       r
   WHERE u.user_id = ur.user_id
     AND r.role_id = ur.role_id)

-- 主查询
SELECT t.user_login,
       t.user_display_name,
       t.is_user_active,
       t.user_creation_date,
       t.user_last_update_date,
       t.role_code,
       t.role_name,
       rr.parent_role_code,
       rr.parent_role_name,
       t.is_role_active,
       t.role_creation_date,
       t.role_last_update_date,
       t.is_user_role_active,
       t.user_role_creation_date,
       t.user_role_last_update_date
  FROM user_role_     t,
       role_role_mbr_ rr
 WHERE t.role_id = rr.ase_role_id(+)
      /* 参数 */
      -- 用户登陆名
   AND (t.user_login = :p_user OR :p_user IS NULL)
      -- 角色编码,包含父角色
   AND (:p_role_code IS NULL OR t.role_code = :p_role_code OR rr.parent_role_code = :p_role_code)
      -- 用户是否有效
   AND (t.is_user_active = :p_user_active OR :p_user_active IS NULL)
      -- 角色是否有效
   AND (t.is_role_active = :p_role_active OR :p_role_active IS NULL)
      -- 用户角色分配是否有效
   AND (t.is_user_role_active = :p_user_role_active OR :p_user_role_active IS NULL)
      -- 用户创建时间
   AND (t.user_creation_date >= :p_user_creation_date_from OR :p_user_creation_date_from IS NULL)
   AND (t.user_creation_date <= :p_user_creation_date_to OR :p_user_creation_date_to IS NULL)
      -- 角色创建时间
   AND (t.role_creation_date >= :p_role_creation_date_from OR :p_role_creation_date_from IS NULL)
   AND (t.role_creation_date <= :p_role_creation_date_to OR :p_role_creation_date_to IS NULL)
      -- 用户角色创建时间
   AND (t.user_role_creation_date >= :p_ur_creation_date_from OR :p_ur_creation_date_from IS NULL)
   AND (t.user_role_creation_date <= :p_ur_creation_date_to OR :p_ur_creation_date_to IS NULL)

参考

https://community.oracle.com/thread/3924763?parent=MOSC_EXTERNAL&sourceId=MOSC&id=3924763

参考 hen

显示 Gitment 评论
0%