用戶表空間配額（User tablespace Quota）

時間 2020-07-11

標籤用戶空間配額 user tablespace quota 简体版

原文原文鏈接

用戶表空間配額（User tablespace Quota）

真題一、什麼是用戶的表空間配額（User tablespace Quota）？面試

答案：用戶的表空間配額也叫表空間限額，指的是用戶可使用指定表空間的最大大小。控制用戶的表空間配額也就等於控制用戶所佔用的表空間大小。在默認狀況下，須要對用戶賦予RESOURCE角色，雖然該角色沒有UNLIMITED TABLESPACE權限，可是對用戶賦予了該角色後，系統將會默認給用戶賦予UNLIMITED TABLESPACE的系統權限，所以，新建的用戶對全部表空間都是沒有配額的，即不受空間的限制。表空間配額能夠在建立用戶的時候指定，也能夠在建立用戶後再修改用戶的配額。關於表空間配額須要注意如下幾點：數據庫

①　DBA用戶是具備UNLIMITED TABLESPACE的權限的，如果回收DBA角色，則會致使UNLIMITED TABLESPACE權限被連帶回收，易引發生產事故，因此，在回收DBA角色時需特別注意。安全

②　當用戶使用空間超出限額的時候會報「ORA-01536」和「ORA-01950」的錯誤。微信

③　目標用戶必須不能含有UNLIMITED TABLESPACE的系統權限，不然空間配額對用戶的設置無效，也就會出如今DBA_TS_QUOTAS中的BYTES大於MAX_BYTES的狀況。網絡

經常使用命令以下所示： session

CREATE USER LHR_TS_QUOTAS IDENTIFIED BY LHR DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP QUOTA 10M ON USERS; --USERS表空間限額10M oracle

ALTER USER LHR_TS_QUOTAS QUOTA UNLIMITED ON USERS;--修改用戶LHR_TS_QUOTAS無配額限制 less

ALTER USER LHR_TS_QUOTAS QUOTA 5M ON USERS;--修改用戶在USERS表空間上爲5M限額 ide

SELECT TABLESPACE_NAME,USERNAME,MAX_BYTES FROM DBA_TS_QUOTAS WHERE USERNAME='LHR_TS_QUOTAS';--查詢用戶的表空間限額學習

REVOKE UNLIMITED TABLESPACE FROM LHR_TS_QUOTAS;--回收無限制的表空間權限

ALTER USER LHR_TS_QUOTAS QUOTA 0 ON USERS;--執行這條語句後LHR_TS_QUOTAS用戶在DBA_TS_QUOTAS視圖中就查不到了

測試示例以下所示：

SYS@orclasm > CREATE USER LHR_TS_QUOTAS IDENTIFIED BY LHR DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP QUOTA 10M ON USERS;

User created.

SYS@orclasm > SELECT TABLESPACE_NAME,USERNAME,MAX_BYTES FROM DBA_TS_QUOTAS WHERE USERNAME='LHR_TS_QUOTAS';

TABLESPACE_NAME USERNAME MAX_BYTES

------------------------------ ------------------------------ ----------

USERS LHR_TS_QUOTAS 10485760

SYS@orclasm > ALTER USER LHR_TS_QUOTAS QUOTA UNLIMITED ON USERS;

User altered.

SYS@orclasm > SELECT TABLESPACE_NAME,USERNAME,MAX_BYTES FROM DBA_TS_QUOTAS WHERE USERNAME='LHR_TS_QUOTAS';

TABLESPACE_NAME USERNAME MAX_BYTES

------------------------------ ------------------------------ ----------

USERS LHR_TS_QUOTAS -1 <--- -1表示沒有空間配額限制

SYS@orclasm > ALTER USER LHR_TS_QUOTAS QUOTA 5M ON USERS;

User altered.

SYS@orclasm > SELECT TABLESPACE_NAME,USERNAME,MAX_BYTES FROM DBA_TS_QUOTAS WHERE USERNAME='LHR_TS_QUOTAS';

TABLESPACE_NAME USERNAME MAX_BYTES

------------------------------ ------------------------------ ----------

USERS LHR_TS_QUOTAS 5242880

SYS@orclasm > ALTER USER LHR_TS_QUOTAS QUOTA 0 ON USERS;

User altered.

SYS@orclasm > SELECT TABLESPACE_NAME,USERNAME,MAX_BYTES FROM DBA_TS_QUOTAS WHERE USERNAME='LHR_TS_QUOTAS';

no rows selected

一. 官網的說明

Oracle 官網對quota的定義以下：

A limit on a resource, such as a limit on the amount of database storage used by a database user. A database administrator can set tablespace quotas for each Oracle Database username.

有關Oracle Quota 這塊，只在Oracle 的安全管理這塊搜到了一些內容。

Managing Security for Oracle Database Users

http://download.oracle.com/docs/cd/E11882_01/network.112/e16543/users.htm#DBSEG10220

1.1 Assigning a Tablespace Quota for the User

You can assign each user a tablespace quota for any tablespace (except a temporary tablespace). Assigning a quota accomplishes the following:

（1）Users with privileges to create certain types of objects can create those objects in the specified tablespace.

（2）Oracle Database limits the amount of space that can be allocated for storage of a user's objects within the specified tablespace to the amount of the quota.

By default, a user has no quota on any tablespace in the database. If the user has the privilege to create a schema object, then you must assign a quota to allow the user to create objects. At a minimum, assign users a quota for the default tablespace, and additional quotas for other tablespaces in which they can create objects.

The following CREATE USER statement assigns the following quotas for the test_ts and data_ts tablespaces:

CREATE USER jward

IDENTIFIED BY password

DEFAULT TABLESPACE data_ts

QUOTA 100M ON test_ts

QUOTA 500K ON data_ts

TEMPORARY TABLESPACE temp_ts

PROFILE clerk;

-- 在建立用戶的時候，就指定用戶在特定表空間上的配額

You can assign a user either individual quotas for a specific amount of disk space in each tablespace or an unlimited amount of disk space in all tablespaces. Specific quotas prevent a user's objects from using too much space in the database.

-- 配額的指定能夠禁止用戶的對象使用過多的表空間

You can assign quotas to a user tablespace when you create the user, or add or change quotas later. (You can find existing user quotas by querying the USER_TS_QUOTAS view.) 。

If a new quota is less than the old one, then the following conditions remain true:

（1）If a user has already exceeded a new tablespace quota, then the objects of a user in the tablespace cannot be allocated more space until the combined space of these objects is less than the new quota.

（2）If a user has not exceeded a new tablespace quota, or if the space used by the objects of the user in the tablespace falls under a new tablespace quota, then the user's objects can be allocated space up to the new quota.

1.2 Restricting the Quota Limits for User Objects in a Tablespace

You can restrict the quota limits for user objects in a tablespace by using the ALTER USER SQL statement to change the current quota of the user to zero.

After a quota of zero is assigned, the objects of the user in the tablespace remain, and the user can still create new objects, but the existing objects will not be allocated any new space.

For example, you could not insert data into one of this user's exiting tables. The operation will fail with an ORA-1536 space quota exceeded for tables error.

1.3 Granting Users the UNLIMITED TABLESPACE System Privilege

To permit a user to use an unlimited amount of any tablespace in the database, grant the user the UNLIMITED TABLESPACE system privilege. This overrides all explicit tablespace quotas for the user. If you later revoke the privilege, then you must explicitly grant quotas to individual tablespaces. You can grant this privilege only to users, not to roles.

Before granting the UNLIMITED TABLESPACE system privilege, you must consider the consequences of doing so.

Advantage:

You can grant a user unlimited access to all tablespaces of a database with one statement.

Disadvantages:

（1）The privilege overrides all explicit tablespace quotas for the user.

（2）You cannot selectively revoke tablespace access from a user with the UNLIMITED TABLESPACE privilege. You can grant selective or restricted access only after revoking the privilege.

1.4 Listing All Tablespace Quotas

Use the DBA_TS_QUOTAS view to list all tablespace quotas specifically assigned to each user. For example:

SELECT * FROM DBA_TS_QUOTAS;

TABLESPACE    USERNAME    BYTES     MAX_BYTES    BLOCKS    MAX_BLOCKS

----------    ---------  --------   ----------   -------   ----------

USERS         JFEE              0       512000         0          250

USERS         DCRANNEY          0           -1         0           -1

When specific quotas are assigned, the exact number is indicated in the MAX_BYTES column. This number is always a multiple of the database block size, so if you specify a tablespace quota that is not a multiple of the database block size, then it is rounded up accordingly. Unlimited quotas are indicated by -1.

二. Quota 說明

配額大小指的是用戶指定使用表空間的的大小。在1.1 節裏提到，默認狀況下，用戶對全部表空間都是沒有配額的，即不受空間的限制。查看幾個用戶的建立腳原本驗證一下：

CREATE USER SYSTEM

IDENTIFIED BY

DEFAULT TABLESPACE SYSTEM

TEMPORARY TABLESPACE TEMP

PROFILE DEFAULT

ACCOUNT UNLOCK;

-- 2 Roles for SYSTEM

GRANT AQ_ADMINISTRATOR_ROLE TO SYSTEM WITH ADMIN OPTION;

GRANT DBA TO SYSTEM WITH ADMIN OPTION;

ALTER USER SYSTEM DEFAULT ROLE ALL;

-- 5 System Privileges for SYSTEM

GRANT GLOBAL QUERY REWRITE TO SYSTEM;

GRANT CREATE MATERIALIZED VIEW TO SYSTEM;

GRANT CREATE TABLE TO SYSTEM;

GRANT UNLIMITED TABLESPACE TO SYSTEM WITH ADMIN OPTION;

GRANT SELECT ANY TABLE TO SYSTEM;

CREATE USER DAVE

IDENTIFIED BY

DEFAULT TABLESPACE USERS

TEMPORARY TABLESPACE TEMP

PROFILE DEFAULT

ACCOUNT UNLOCK;

-- 2 Roles for DAVE

GRANT CONNECT TO DAVE;

GRANT RESOURCE TO DAVE;

ALTER USER DAVE DEFAULT ROLE ALL;

-- 1 System Privilege for DAVE

GRANT UNLIMITED TABLESPACE TO DAVE;

從這2個腳原本看，默認狀況下，都會對用戶賦 unlimited tablespace 的權限。這是是在建立的時候指定的，當咱們的用戶建立好以後，咱們也能夠修改用戶的配額。

有關用戶的配額的操做說明

1. 建立用戶時，指定限額

SQL> conn / as sysdba;

Connected.

SQL> create user anqing identified by anqing default tablespace users temporary tablespace temp quota 10M on users;

User created.

查詢用戶配額的信息：

SQL> select tablespace_name,username,max_bytes from DBA_TS_QUOTAS where username='ANQING';

TABLESPACE_NAME USERNAME MAX_BYTES

------------------------------ ---------- ----------

USERS ANQING 10485760

2.更改用戶的表空間限額：

不對用戶作表空間限額控制:

SQL> grant unlimited tablespace to anqing;

Grant succeeded.

這種方式是全局性的. 即修改用戶多全部表空間的配額。

若是咱們想改某個具體的,即針對用戶的某個特定的表空間，可使用以下SQL：

SQL> alter user anqing quota unlimited on users;

User altered.

查看配額：

SQL> select tablespace_name,username,max_bytes from DBA_TS_QUOTAS where username='ANQING';

TABLESPACE_NAME USERNAME MAX_BYTES

------------------------------ ---------- ----------

USERS ANQING -1

這時候max_bytes 爲-1，即不受限制。

3. 回收用戶對錶空間的配額:

一樣兩種方式，

全局：

SQL> revoke unlimited tablespace from anqing;

Revoke succeeded.

在查看配額，已經沒有了相關信息：

SQL> select tablespace_name,username,max_bytes from DBA_TS_QUOTAS where username='ANQING';

no rows selected

針對某個特定的表空間：

SQL> alter user anqing quota 0 on users;

User altered.

當你建立用戶的時候，以下：

SQL> CREATE USER user01

IDENTIFIED BY oracle

DEFAULT TABLESPACE tbs1

TEMPORARY TABLESPACE temp

PROFILE default

SQL> GRANT create session, create table TO user01;

While executing the command to create a table, the user gets the following error message and the CREATE

TABLE.. command fails.

ERROR at line 1:

ORA-01950: no privileges on tablespace

解釋： default tablespace 是定義了用戶在不寫明表空間時,使用的表空間,而因表空間管理的要求,oracle必需要能管理他(用戶)的可用大小,就有了quota子句.

GRANT create session, create table TO user01 是指user01擁有了建表的權限 ,oracle 也知道了他也有了默認的表空間,但默認的表空間沒有給他分配空間,因此出錯。你能夠在建用戶時加上quota 200M on tbs1 (給他200M 空間) 或直接 alter user user01 unlimited on tbs1 (讓他隨意使用tbs1表空間)。因此在建用戶的過程當中，須要讓默認的表空間給該用戶分配空間（也能夠分配無限使用），當此用戶用到表空間的配額後，不再能使用空間，除非再次申請。

表空間quota概述

Oracle 官網對quota的定義以下： A limit on a resource, such as a limit on the amount of database storage used by a database user. A database administrator can set tablespace quotas for each Oracle Database username

quota的平常管理

常見問題

ORA-01536: space quota exceeded for table space 'CYYD'

ORA-01950: no privileges on tablespace

解決辦法：

alter user USERNAME quota 100M on TABLESPACENAME;

alter user USERNAME quota unlimited on TABLESPACENAME;

grant unlimited tablespace to USERNAME;

注：quota是爲了限制用戶對錶空間的使用,好比你限制用戶Guotu在tablespace CYYD中的quota爲10m，當用戶Guotu在tablespace CYYD中的數據量達到10m後，不管你的tablespace CYYD中有多少空間，Guotu都沒法再使用tablespace CYYD了。

因此你須要：

alter user aGuotu quota 1000M on CYYD;

alter user Guotu quota unlimited on CYYD;

grant unlimited tablespace to Guotu

dba_ts_quotas

與quota相關的數據字典視圖爲dba_ts_quotas，如下是相關的信息

Assigning a Tablespace Quota for the User

You can assign each user a tablespace quota for any tablespace (except a temporary tablespace). Assigning a quota accomplishes the following:

Users with privileges to create certain types of objects can create those objects in the specified tablespace.

Oracle Database limits the amount of space that can be allocated for storage of a user's objects within the specified tablespace to the amount of the quota.

可使用下列語句來建立用戶

CREATE USER jward

IDENTIFIED BY password

DEFAULT TABLESPACE data_ts

QUOTA 100M ON test_ts

QUOTA 500K ON data_ts

TEMPORARY TABLESPACE temp_ts

PROFILE clerk;

配額的指定能夠禁止用戶的對象使用過多的表空間

You can assign quotas to a user tablespace when you create the user, or add or change quotas later. (You can find existing user quotas by querying the USER_TS_QUOTAS view.) 。

If a new quota is less than the old one, then the following conditions remain true:

Restricting the Quota Limits for User Objects in a Tablespace

You can restrict the quota limits for user objects in a tablespace by using the ALTER USER SQL statement to change the current quota of the user to zero.

After a quota of zero is assigned, the objects of the user in the tablespace remain, and the user can still create new objects, but the existing objects will not be allocated any new space.

For example, you could not insert data into one of this user's exiting tables. The operation will fail with an ORA-1536 space quota exceeded for tables error.

Granting Users the UNLIMITED TABLESPACE System Privilege

Before granting the UNLIMITED TABLESPACE system privilege, you must consider the consequences of doing so.

Advantage:

You can grant a user unlimited access to all tablespaces of a database with one statement.

Disadvantages:

（1）The privilege overrides all explicit tablespace quotas for the user.

（2）You cannot selectively revoke tablespace access from a user with the UNLIMITED TABLESPACE privilege. You can grant selective or restricted access only after revoking the privilege.

Listing All Tablespace Quotas

Use the DBA_TS_QUOTAS view to list all tablespace quotas specifically assigned to each user. For example:

SELECT * FROM DBA_TS_QUOTAS;

TABLESPACE USERNAME BYTES MAX_BYTES BLOCKS MAX_BLOCKS

---------- --------- -------- ---------- ------- ----------

USERS JFEE 0 512000 0 250

USERS DCRANNEY 0 -1 0 -1

When specific quotas are assigned, the exact number is indicated in the MAX_BYTES column . This number is always a multiple of the database block size, so if you specify a tablespace quota that is not a multiple of the database block size, then it is rounded up accordingly. Unlimited quotas are indicated by -1.

注意當對用戶賦予resource角色時將同時賦予unlimited tablespace的系統權限。詳情見下文

建立用戶

SQL> create user test_privs identified by test_privs default tablespace users;

User created.

SQL> select * from dba_sys_privs where GRANTEE='TEST_PRIVS';

no rows selected

賦予resource角色

SQL> grant resource to TEST_PRIVS;

Grant succeeded.

查詢resource角色所具備的系統權限

SQL> select * from dba_sys_privs where GRANTEE='RESOURCE';

GRANTEE PRIVILEGE ADM

------------------------------ ---------------------------------------- ---

RESOURCE CREATE TRIGGER NO

RESOURCE CREATE SEQUENCE NO

RESOURCE CREATE TYPE NO

RESOURCE CREATE PROCEDURE NO

RESOURCE CREATE CLUSTER NO

RESOURCE CREATE OPERATOR NO

RESOURCE CREATE INDEXTYPE NO

RESOURCE CREATE TABLE NO

查看用戶所具備的角色

SQL> select * from dba_role_privs where GRANTEE='TEST_PRIVS';

GRANTEE GRANTED_ROLE ADM DEF

------------------------------ ------------------------------ --- ---

TEST_PRIVS RESOURCE NO YES

查詢用戶所具備的系統權限

SQL> select * from dba_sys_privs where GRANTEE='TEST_PRIVS';

GRANTEE PRIVILEGE ADM

------------------------------ ---------------------------------------- ---

TEST_PRIVS UNLIMITED TABLESPACE NO

能夠看到，Oracle默認的把unlimited tablespace的系統權限賦予了用戶

查詢表空間

SQL> select TABLESPACE_NAME,USERNAME,BYTES,MAX_BYTES from dba_ts_quotas;

TABLESPACE_NAME USERNAME BYTES MAX_BYTES

------------------------------ ---------- ---------- ----------

INDX HR 65536 10485760

SYSAUX OLAPSYS 16318464 -1

USERS HR 196608 -1

SYSAUX SYSMAN 54460416 -1

SYSAUX DMSYS 262144 209715200

TRANS TRANS 0 10485760

能夠看到對於具備unlimited tablespace系統權限的用戶，在dba_ts_quota上沒有體現。

這裏補充說一句，通常建立用戶時，若是沒有特殊需求只要將resource和connect角色賦予用戶便可。

SQL> select * from dba_sys_privs where GRANTEE= 'CONNECT';

ROLE PRIVILEGE ADM

------------------------------ ---------------------------------------- ---

CONNECT CREATE SESSION NO

SQL> grant resource,connect to test_privs;

Grant succeeded.

About Me

...............................................................................................................................

● 本文整理自網絡

● 本文在itpub（http://blog.itpub.net/26736162）、博客園（http://www.cnblogs.com/lhrbest）和我的微信公衆號（xiaomaimiaolhr）上有同步更新

● 本文itpub地址：http://blog.itpub.net/26736162/abstract/1/

● 本文博客園地址：http://www.cnblogs.com/lhrbest

● 本文pdf版及小麥苗雲盤地址：http://blog.itpub.net/26736162/viewspace-1624453/

● 數據庫筆試面試題庫及解答：http://blog.itpub.net/26736162/viewspace-2134706/

● QQ羣：230161599 微信羣：私聊

● 聯繫我請加QQ好友(646634621)，註明添加原因

● 於 2017-06-02 09:00 ~ 2017-06-30 22:00 在魔都完成

● 文章內容來源於小麥苗的學習筆記，部分整理自網絡，如有侵權或不當之處還請諒解

● 版權全部，歡迎分享本文，轉載請保留出處

...............................................................................................................................

拿起手機使用微信客戶端掃描下邊的左邊圖片來關注小麥苗的微信公衆號：xiaomaimiaolhr，掃描右邊的二維碼加入小麥苗的QQ羣，學習最實用的數據庫技術。

來自「 ITPUB博客」，連接：http://blog.itpub.net/26736162/viewspace-2140868/，如需轉載，請註明出處，不然將追究法律責任。

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。