实验：用视图加同义词实现数据安全

需求：test01用户需要访问test02用户的a表中的userid和password列：

1，不使用视图

conn / as sysdba;
drop user test01 cascade;
drop user test02 cascade;

create user test01 account unlock identified by test01;
grant create session,create synonym to test01;
create user test02 account unlock identified by test02 quota 100m on users;
grant create session,create table to test02;

conn test02/test02
create table a(userid number,password varchar2(20),salary varchar2(20));
insert into a values(1,'abc','3000');
insert into a values(2,'edf','6000');
commit;
select * from a;
grant select on a to test01;

conn test01/test01
create synonym a for test02.a;
select userid,password from a;
select * from a;
结果 select * from a;用户看到了不该看到的其他列，这对DBA来说是一个重大失误。

2，使用视图

conn / as sysdba;
drop user test01 cascade;
drop user test02 cascade;

create user test01 account unlock identified by test01;
grant create session,create synonym to test01;
create user test02 account unlock identified by test02 quota 100m on users;
grant create session,create table,create view to test02;

conn test02/test02
create table a(userid number,password varchar2(20),salary varchar2(20));
insert into a values(1,'abc','3000');
insert into a values(2,'edf','6000');
commit;
select * from a;
create view a_vw as select userid,password from a;
grant select on a_vw to test01;

conn test01/test01
create synonym a for test02.a_vw;
select * from a;
结果：用户只能看到视图中指定的两列，既满足了需求同时也实现了数据安全性。