|
开发A在测试环境操作时有时会遇到阻塞问题,需要找DBA帮忙查看阻塞会话及kill session,后来觉得太麻烦想要个kill会话的权限,查了下Oracle授予普通用户kill session权限的方法。
1. 授予alter system权限
官方文档查到,kill session需要ALTER SYSTEM权限,但是这个权限非常大,不能直接给
GRANT ALTER SYSTEM TO <username>;
2. 创建存储过程
后来查到了可以自己创建存储过程实现,简单的实现方法如下:
-- sys执行
create or replace procedure kill_session
( v_sid number, v_serial number )
as
v_varchar2 varchar2(100);
begin
execute immediate 'ALTER SYSTEM KILL SESSION '''
|| v_sid || ',' || v_serial || '''';
end;
/
-- 授权:
grant execute on kill_session to username;
-- 普通用户使用:
exec sys.kill_session(161,14502); 还能加各种限制条件,例如写入日志,记录是谁在什么时候发起的、kill了谁,视需要而定。
创建审计表
CREATE TABLE action_audit (
id NUMBER GENERATED ALWAYS AS IDENTITY,
operator_name VARCHAR2(50) NOT NULL,
action_time TIMESTAMP NOT NULL,
session_id NUMBER(10) NOT NULL,
serial_id NUMBER(10) NOT NULL,
sql_id VARCHAR2(13),
CONSTRAINT action_audit_pk PRIMARY KEY (id)
);
创建存储过程
CREATE OR REPLACE PROCEDURE kill_session (
p_session_id NUMBER,
p_serial_id NUMBER
) AS
v_sql_id VARCHAR2(13);
BEGIN
SELECT s.sql_id INTO v_sql_id FROM v$session s WHERE s.sid = p_session_id AND s.serial# = p_serial_id;
EXECUTE IMMEDIATE 'ALTER SYSTEM KILL SESSION ''' || p_session_id || ',' || p_serial_id || ''' IMMEDIATE';
INSERT INTO action_audit (
operator_name,
action_time,
session_id,
serial_id,
sql_id
) VALUES (
sys_context('userenv','os_user'),
CURRENT_TIMESTAMP,
p_session_id,
p_serial_id,
v_sql_id
);
commit;
EXCEPTION
WHEN OTHERS THEN
RAISE_APPLICATION_ERROR(-20001, 'Error in killing session: ' || SQLERRM);
END;
/运行方法同上~ |
发表于 2025-10-16 10:16:47