撤销用户角色失败

Question

在 Oracle Sql Developer 中，我运行 GRANT MyRole TO MyUser; 命令将 MyRole 授予 MyUser，然后运行 ​​REVOKE MyRole FROM MyUser; 命令从 MyUser 撤消 MyRole，但出现错误：

Error starting at line 50 in command:
REVOKE MyRole FROM MyUser
Error report:
SQL Error: ORA-01932: ADMIN option not granted for role 'MyRole'
01932. 00000 -  "ADMIN option not granted for role '%s'"
*Cause:    The operation requires the admin option on the role.
*Action:   Obtain the grant option and re-try.

请告诉我应该怎么做才能从 MyUser 撤消 MyRole。

Answer 1

documentation 和错误信息一样清晰：

“要撤消角色，您必须已被授予具有 ADMIN OPTION 的角色。”

这意味着您的用户必须被授予这样的角色：

grant myrole to you WITH ADMIN OPTION ;

当然，您还需要它来授予角色...

SQL> conn db_admin/db_admin
Connected.
SQL> create role myrole;

Role created.

SQL> grant myrole to a; 

Grant succeeded.

SQL> conn a/a
Connected.
SQL> grant myrole to b;
grant myrole to b
*
ERROR at line 1:
ORA-01932: ADMIN option not granted for role 'MYROLE'

SQL> conn db_admin/db_admin
Connected.
SQL> grant myrole to a with admin option;

Grant succeeded.

SQL> conn a/a
Connected.
SQL> grant myrole to b;

Grant succeeded.

SQL> revoke myrole from b;

Revoke succeeded.

SQL>