user 오라클 계정, 유저이름
schema 특정 유저가 소유한 모든 object를 포함하는 의미

 

유저 생성
  CREATE USER 유저이름
IDENTIFIED BY 암호
DEFAULT TABLESPACE 테이블스페이스 이름
TEMPORARY TABLESPACE 임시 테이블스페이스 이름
QUOTA unlimited ON 테이블스페이스 이름           -- 테이블스페이스 사용권한
QUOTA 1M ON 테이블스페이스 이름
PASSWORD EXPIRE                               -- 비번 만기 신규입력
ACCOUNT LOCK | UNLOCK(기본값)
PROFILE profile | DEFAULT(기본값)              -- 패스워드, 리소스 관리
유저 수정
  ALTER USER 유저이름
IDENTIFIED BY 암호
DEFAULT TABLESPACE 테이블스페이스 이름
TEMPORARY TABLESPACE 임시 테이블스페이스 이름
QUOTA unlimited ON 테이블스페이스 이름           -- 테이블스페이스 사용권한
QUOTA 1M ON 테이블스페이스 이름
PASSWORD EXPIRE                               -- 비번 만기 신규입력
ACCOUNT LOCK | UNLOCK(기본값)
PROFILE profile | DEFAULT(기본값)              -- 패스워드, 리소스 관리
유저 삭제
  # OBJECT 생성한게 없을 경우
DROP USER 유저이름;

# 유저에 속한 OBJECT가 있을 경우 유저를 삭제하면 오류 발생한다.
# OBJECT을 찾아서 삭제한 후 유저 삭제하면된다.

# CASCADE 옵션을 사용하면 유저 삭제하기 전에 그 유저가 생성한 OBJECT를 찾아서 삭제한 후 유저를 삭제한다.
DROP USER 유저이름 CASCADE;

# 잘못삭제했다면.. 불안전 복구.

 

# DEFAULT TIMESPACE
SELECT * FROM dba_tablespaces;

SELECT property_name, property_value FROM database_properties;
PROPERTY_NAME                       PROPERTY_VALUE
----------------------------------- -----------------------------------
DEFAULT_TEMP_TABLESPACE             USER_TEMP
DEFAULT_PERMANENT_TABLESPACE        USER_TBS
# default tablespace로 지정되어 있는 테이블스페이스는 삭제할 수 없다.
DROP TABLESPACE user_tbs INCLUDING CONTENTS AND DATAFILES;
-- 12919. 00000 -  "Can not drop the default permanent tablespace"

# default temporary tablespace로 지정되어 있는 테이블스페이스는 삭제할 수 없다.
DROP TABLESPACE user_temp INCLUDING CONTENTS AND DATAFILES;
-- 12906. 00000 -  "cannot drop default temporary tablespace"
# default tablespace 변경
ALTER DATABASE DEFAULT TABLESPACE users;
ALTER DATABASE DEFAULT TEMPORARY TABLESPACE temp;

SELECT property_name, property_value FROM database_properties;
PROPERTY_NAME                       PROPERTY_VALUE
----------------------------------- -----------------------------------
DEFAULT_TEMP_TABLESPACE             USERS
DEFAULT_PERMANENT_TABLESPACE        TEMP
# DROP TABLESPACE
DROP TABLESPACE user_tbs INCLUDING CONTENTS AND DATAFILES;
DROP TABLESPACE user_temp INCLUDING CONTENTS AND DATAFILES;

 


 

1. sys session
  CREATE TABLESPACE insa_dbs
DATAFILE '/u01/app/oracle/oradata/ora11g/insa_dbs01.dbf' SIZE 10M
AUTOEXTEND ON
EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M
SEGMENT SPACE MANAGEMENT AUTO;

CREATE TEMPORARY TABLESPACE insa_temp
TEMPFILE '/u01/app/oracle/oradata/ora11g/insa_temp01.dbf' SIZE 5M
AUTOEXTEND ON
EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M
SEGMENT SPACE MANAGEMENT MANUAL;    -- MANUAL : system, undo, temp

>> 업무별 분류하기위해 테이블스페이스로 구분하여 사용 많이 함 + 인덱스 테이블스페이스 포함 3종
    
SELECT * FROM dba_tablespaces;
SELECT * FROM dba_data_files;
SELECT * FROM dba_temp_files;

CREATE USER insa
IDENTIFIED BY oracle
DEFAULT TABLESPACE insa_dbs
TEMPORARY TABLESPACE insa_temp      -- temp는 qouta가 없다
QUOTA 1M ON insa_dbs;

>> 유저생성 시 테이블스페이스 지정하자

SELECT * FROM dba_users WHERE username = 'INSA';
COLUMNS                      VALUE
---------------------------- ------------------------------
USERNAME                     INSA
DEFAULT_TABLESPACE           INSA_DBS
TEMPORARY_TABLESPACE         INSA_TEMP
PROFILE                      DEFAULT
INITIAL_RSRC_CONSUMER_GROUP  DEFAULT_CONSUMER_GROUP
PASSWORD_VERSIONS            10G 11G     -- 10g 부터 패스워드의 대소문자 구분
...

SELECT * FROM dba_ts_quotas WHERE username = 'INSA';
COLUMNS                      VALUE
---------------------------- ------------------------------
TABLESPACE_NAME              INSA_DBS
USERNAME                     INSA
BYTES                        1048576
MAX_BYTES                    1048576
BLOCKS                       128
MAX_BLOCKS                   128
DROPPED                      NO
2. insa session
  SQL> conn insa/oracle
ORA-01045: user INSA lacks CREATE SESSION privilege; logon denied
> CREATE SESSION 권한이 없어 연결 거부
■ 권한(privilege) 관리
권한은 특정 SQL문을 실행하거나 다른 유저가 소유한 object를 액세스할 수 있는 권한

system 권한
- 데이터베이스에 영향을 줄 수 있는 권한
- 권한 관리는 sys가 한다.

object 권한
- 다른 유저가 소유한 object를 액세스할 수 있는 권한
- 권한 관리는 sys, 객체 소유자가 한다.
3. sys session
  GRANT CREATE SESSION TO insa;

SELECT * FROM dba_sys_privs WHERE grantee = 'INSA';
GRANTEE        PRIVILEGE           ADMIN_OPTION
-------------- ------------------- ---------------
INSA           CREATE SESSION      NO
4. insa session
  SELECT * FROM user_sys_privs;
GRANTEE        PRIVILEGE           ADMIN_OPTION
-------------- ------------------- ---------------
INSA           CREATE SESSION      NO

SELECT default_tablespace, temporary_tablespace FROM user_users;
DEFAULT_TABLESPACE             TEMPORARY_TABLESPACE
------------------------------ ------------------------------
INSA_DBS                       INSA_TEMP

SELECT * FROM user_ts_quotas;
TABLESPACE_NAME                     BYTES  MAX_BYTES     BLOCKS MAX_BLOCKS DROPPED
------------------------------ ---------- ---------- ---------- ---------- ----------
INSA_DBS                                0    1048576          0        128 NO

CREATE TABLE insa_tbs(id number, name varchar2(30));
ORA-01031: insufficient privileges
ㄴ CREATE TABLE 권한이 없다.
5. sys session
  GRANT CREATE TABLE TO insa;

SELECT * FROM dba_sys_privs WHERE grantee = 'INSA';
GRANTEE                        PRIVILEGE                                ADMIN_OPTION
------------------------------ ---------------------------------------- ---------------
INSA                           CREATE SESSION                           NO
INSA                           CREATE TABLE                             NO

# WITH ADMIN OPTION으로 받은 시스템 권한에 대해서는 내가 다른 유저들한테 권한을 부여하고 권한을 취소할 수 있다.
GRANT CREATE TABLE TO insa WITH ADMIN OPTION;

SELECT * FROM dba_sys_privs WHERE grantee = 'INSA';
USERNAME                       PRIVILEGE                                ADMIN_OPTION
------------------------------ ---------------------------------------- ---------------
INSA                           CREATE SESSION                           NO
INSA                           CREATE TABLE                             YES
6. insa session
  SELECT * FROM dba_sys_privs ;
USERNAME                       PRIVILEGE                                ADMIN_OPTION
------------------------------ ---------------------------------------- ---------------
INSA                           CREATE SESSION                           NO
INSA                           CREATE TABLE                             YES

CREATE TABLE insa_tbs(id number, name varchar2(30));
ㄴ 테이블을 생성하면 그 순간은 딕셔너리에 정보만 저장한다. (바로 지울 수 있으니)
ㄴ 설계도만 가지고 있다. -> 실제 segment는 생성되지 않았다.
ㄴ 최초 insert 후 segment가 생성된다.(10g)

SELECT tablespace_name FROM user_tables WHERE table_name = 'INSA_TBS';
TABLESPACE_NAME
------------------------------
INSA_DBS
7. sys session
  SELECT * FROM dba_segments WHERE owner = 'INSA' AND segment_name = 'INSA_TBS';
SELECT * FROM dba_extents WHERE owner = 'INSA' AND segment_name = 'INSA_TBS';
ㄴ 테이블 조회안됨 : CREATE TABLE  -> 딕셔너리에 정보만 저장 -> 세그먼트 미생성 상태
8. insa session
  INSERT INTO insa_tbs(id, name) VALUES (1,'JAMES');
ㄴ segment가 생성된다.
9. sys session
  SELECT * FROM dba_segments WHERE owner = 'INSA' AND segment_name = 'INSA_TBS';
SELECT * FROM dba_extents WHERE owner = 'INSA' AND segment_name = 'INSA_TBS';
ㄴ segment 조회 가능
10. insa session
  ROLLBACK;

SELECT * FROM insa_tbs;
ㄴ 데이터 없다.
11. sys session
  SELECT * FROM dba_segments WHERE owner = 'INSA' AND segment_name = 'INSA_TBS';
SELECT * FROM dba_extents WHERE owner = 'INSA' AND segment_name = 'INSA_TBS';
ㄴ segment 조회 가능

CREATE USER insa_buha
IDENTIFIED BY oracle
DEFAULT TABLESPACE insa_dbs
TEMPORARY TABLESPACE insa_temp
QUOTA 1M ON insa_dbs
PASSWORD EXPIRE;

GRANT CREATE SESSION TO insa_buha;

SELECT * FROM dba_users WHERE username = 'INSA_BUHA';
SELECT * FROM dba_ts_quotas WHERE username = 'INSA_BUHA';
SELECT * FROM dba_sys_privs WHERE grantee = 'INSA_BUHA';
12. insa_buha session
  sqlplus insa_buha/oracle
conn insa_buha/oracle
ㄴ 계정 접속

ORA-28001: the password has expired
Changing password for insa_buha
New password:
Retype new password:
Password changed
Connected.
ㄴ 비밀번호를 갱신하면 된다.

SELECT * FROM user_sys_privs;
USERNAME                       PRIVILEGE            ADMIN_OPTION
------------------------------ -------------------- ---------------
INSA_BUHA                      CREATE SESSION       NO

SELECT * FROM user_users;
SELECT * FROM user_ts_quotas;
13. insa session
  SELECT * FROM  user_sys_privs;
USERNAME        PRIVILEGE            ADMIN_OPTION
--------------- -------------------- ---------------
INSA            CREATE SESSION       NO
INSA            CREATE TABLE         YES

GRANT CREATE TABLE TO insa_buha;
ㄴ 권한을 줘도 로그가 없다 -> 별도 기록 필수
14. insa_buha session
  SELECT * FROM user_sys_privs;
USERNAME        PRIVILEGE            ADMIN_OPTION
--------------- -------------------- ---------------
INSA_BUHA       CREATE SESSION       NO
INSA_BUHA       CREATE TABLE         NO

CREATE TABLE buha(id number, name varchar2(30), day date);

INSERT INTO buha(id,name,day) VALUES (1,'SCOTT', sysdate);

COMMIT;

SELECT * FROM buha;
15. insa session
  REVOKE CREATE TABLE FROM insa_buha;
16. insa_buha session
  SELECT * FROM user_sys_privs;
USERNAME        PRIVILEGE            ADMIN_OPTION
--------------- -------------------- ---------------
INSA_BUHA       CREATE SESSION       NO
17. sys session
  GRANT CREATE SEQUENCE TO insa WITH ADMIN OPTION;

SELECT * FROM dba_sys_privs WHERE grantee = 'INSA';
18. insa session
  SELECT * FROM user_sys_privs;
USERNAME        PRIVILEGE            ADMIN_OPTION
--------------- -------------------- ---------------
INSA            CREATE SESSION       NO
INSA            CREATE SEQUENCE      YES
INSA            CREATE TABLE         YES

CREATE SEQUENCE  id_seq
start with 1    -- 기본값 1부터 시작
maxvalue 10     -- 기본값 10^27 = POWER(10,27)
increment by 1  -- 기본값 1씩 증가
nocycle         -- 기본값
nocache;        -- 기본값 20

SELECT * FROM user_sequences WHERE sequence_name = 'ID_SEQ';

SELECT * FROM tab;      -- 내가 생성한 테이블,뷰 목록
SELECT * FROM insa_tbs;

INSERT INTO insa_tbs (id,name) VALUES (id_seq.nextval, 'sophia');
INSERT INTO insa_tbs (id,name) VALUES (id_seq.nextval, 'liam');
INSERT INTO insa_tbs (id,name) VALUES (id_seq.nextval, 'noah');
COMMIT;

SELECT * FROM insa_tbs;
        ID NAME
---------- ------------------------------
         1 sophia
         2 liam
         3 noah

GRANT CREATE SEQUENCE TO insa_buha;
19. insa_buha session
  SELECT * FROM user_sys_privs;
USERNAME        PRIVILEGE            ADMIN_OPTION
--------------- -------------------- ---------------
INSA_BUHA       CREATE SESSION       NO
INSA_BUHA       CREATE SEQUENCE      NO

SELECT * FROM buha;
        ID NAME                           DAY
---------- ------------------------------ ---------
         1 SCOTT                          20-DEC-23

CREATE SEQUENCE buha_seq START WITH 2;
ㄴ 데이터가 1개 있어서 2부터 시작

SELECT * FROM user_sequences WHERE sequence_name = 'BUHA_SEQ';
MIN_VALUE : 1   -- 최소값은 1부터 시작한다는 기준값
LAST_NUMBER : 2 -- 2 사용할 예정

INSERT INTO buha (id,name,day) values(buha_seq.nextval,'emma',sysdate);
INSERT INTO buha (id,name,day) values(buha_seq.nextval,'james',sysdate);
INSERT INTO buha (id,name,day) values(buha_seq.nextval,'elijah',sysdate);
COMMIT;

SELECT * FROM buha;
        ID NAME                           DAY
---------- ------------------------------ ---------
         1 SCOTT                          20-DEC-23
         2 emma                           20-DEC-23
         3 james                          20-DEC-23
         4 elijah                         20-DEC-23
20. sys session
  SELECT * FROM dba_sys_privs WHERE grantee = ('INSA','INSA_BUHA');
GRANTEE                        PRIVILEGE                                ADMIN_OPTION
------------------------------ ---------------------------------------- -------------
INSA                           CREATE SESSION                           NO
INSA                           CREATE TABLE                             YES
INSA                           CREATE SEQUENCE                          YES
INSA_BUHA                      CREATE SESSION                           NO
INSA_BUHA                      CREATE SEQUENCE                          NO
ㄴ 기록 상 누가 부여했는지는 알 수 없다.

REVOKE CREATE SEQUENCE FROM insa;

SELECT * FROM dba_sys_privs WHERE grantee = ('INSA','INSA_BUHA');
GRANTEE                        PRIVILEGE                                ADMIN_OPTION
------------------------------ ---------------------------------------- -------------
INSA                           CREATE SESSION                           NO
INSA                           CREATE TABLE                             YES
INSA_BUHA                      CREATE SESSION                           NO
INSA_BUHA                      CREATE SEQUENCE                          NO
ㄴ insa가 직접 부여한 CREATE SEQUENCE 권한은 회수가 안된다.

REVOKE CREATE SEQUENCE FROM insa_buha;

SELECT * FROM dba_sys_privs WHERE grantee = ('INSA','INSA_BUHA');
GRANTEE                        PRIVILEGE                                ADMIN_OPTION
------------------------------ ---------------------------------------- -------------
INSA                           CREATE SESSION                           NO
INSA                           CREATE TABLE                             YES
INSA_BUHA                      CREATE SESSION                           NO

>> 권한만 회수된거라 이미 생성된 객체는 계속 사용이 가능하다.
■ 객체 권한
- 객체를 ACCESS 할 수 있는 권한
- 객체 권한은 sys, 객체 소유자가 권한을 부여, 취소할 수 있다.

- TABLE : SELECT, INSERT, UPDATE, DELETE, ALTER, INDEX, REFERENCES
- VIEW : SELECT, INSERT, UPDATE, DELETE
- SEQUENCE : SELECT, ALTER
- PROCEDURE, FUNCTION, PACKAGE : EXECUTE

# WITH GRANT OPTION 옵션으로 받은 객체권한 만큼은 다른 유저들에게 권한을 부여하고 취소할 수 있다.

GRANT SELECT ON hr.employees TO insa WITH GRANT OPTION;
GRANT SELECT ON hr.departments TO insa WITH GRANT OPTION;

SELECT * FROM dba_tab_privs WHERE  grantee = 'INSA';
GRANTEE    OWNER      TABLE_NAME                     GRANTOR    PRIVILEGE  GRANTABLE  HIERARCHY
---------- ---------- ------------------------------ ---------- ---------- ---------- ----------
INSA       HR         EMPLOYEES                      HR         SELECT     YES        NO
INSA       HR         DEPARTMENTS                    HR         SELECT     YES        NO
21. insa session
  SELECT * FROM user_tab_privs;
GRANTEE    OWNER      TABLE_NAME                   GRANTOR    PRIVILEGE  GRANTABLE  HIERARCHY
---------- ---------- ---------------------------- ---------- ---------- ---------- ----------
INSA       HR         EMPLOYEES                    HR         SELECT     YES        NO
INSA       HR         DEPARTMENTS                  HR         SELECT     YES        NO

SELECT * FROM hr.employees;
SELECT * FROM hr.departments;
ㄴ 조회 가능

GRANT SELECT ON hr.employees TO  insa_buha;
GRANT SELECT ON hr.departments TO  insa_buha;

SELECT * FROM user_tab_privs;
GRANTEE    OWNER      TABLE_NAME                   GRANTOR    PRIVILEGE  GRANTABLE  HIERARCHY
---------- ---------- ---------------------------- ---------- ---------- ---------- ----------
INSA_BUHA  HR         EMPLOYEES                    INSA       SELECT     NO         NO
INSA_BUHA  HR         DEPARTMENTS                  INSA       SELECT     NO         NO
INSA       HR         EMPLOYEES                    HR         SELECT     YES        NO
INSA       HR         DEPARTMENTS                  HR         SELECT     YES        NO
22. insa_buha session
  SELECT * FROM user_tab_privs;
GRANTEE    OWNER      TABLE_NAME                   GRANTOR    PRIVILEGE  GRANTABLE  HIERARCHY
---------- ---------- ---------------------------- ---------- ---------- ---------- ----------
INSA_BUHA  HR         EMPLOYEES                    INSA       SELECT     NO         NO
INSA_BUHA  HR         DEPARTMENTS                  INSA       SELECT     NO         NO

SELECT * FROM hr.employees;
SELECT * FROM hr.departments;
ㄴ 조회 가능
23. insa session
  SELECT * FROM user_tab_privs;
GRANTEE    OWNER      TABLE_NAME                   GRANTOR    PRIVILEGE  GRANTABLE  HIERARCHY
---------- ---------- ---------------------------- ---------- ---------- ---------- ----------
INSA_BUHA  HR         DEPARTMENTS                  INSA       SELECT     NO         NO
INSA       HR         DEPARTMENTS                  HR         SELECT     YES        NO
INSA_BUHA  HR         EMPLOYEES                    INSA       SELECT     NO         NO
INSA       HR         EMPLOYEES                    HR         SELECT     YES        NO

REVOKE SELECT ON hr.employees FROM insa_buha;

SELECT * FROM user_tab_privs;
GRANTEE    OWNER      TABLE_NAME                   GRANTOR    PRIVILEGE  GRANTABLE  HIERARCHY
---------- ---------- ---------------------------- ---------- ---------- ---------- ----------
INSA_BUHA  HR         DEPARTMENTS                  INSA       SELECT     NO         NO
INSA       HR         DEPARTMENTS                  HR         SELECT     YES        NO
INSA       HR         EMPLOYEES                    HR         SELECT     YES        NO

24. insa_buha session
  SELECT * FROM hr.employees;
ORA-00942: table or view does not exist

SELECT * FROM user_tab_privs;
GRANTEE    OWNER      TABLE_NAME                   GRANTOR    PRIVILEGE  GRANTABLE  HIERARCHY
---------- ---------- ---------------------------- ---------- ---------- ---------- ----------
INSA_BUHA  HR         DEPARTMENTS                  INSA       SELECT     NO         NO
25. sys session
  SELECT * FROM  dba_tab_privs WHERE grantee IN ('INSA','INSA_BUHA');
GRANTEE    OWNER      TABLE_NAME                   GRANTOR    PRIVILEGE  GRANTABLE  HIERARCHY
---------- ---------- ---------------------------- ---------- ---------- ---------- ----------
INSA_BUHA  HR         DEPARTMENTS                  INSA       SELECT     NO         NO
INSA       HR         DEPARTMENTS                  HR         SELECT     YES        NO
INSA       HR         EMPLOYEES                    HR         SELECT     YES        NO

# with grant option 을 사용하여 부여한 객체권한을 취소하면 연쇄적으로 취소를 수행한다.

REVOKE SELECT ON hr.departments FROM insa;

SELECT * FROM  dba_tab_privs WHERE  grantee IN  ('INSA','INSA_BUHA');
GRANTEE    OWNER      TABLE_NAME                   GRANTOR    PRIVILEGE  GRANTABLE  HIERARCHY
---------- ---------- ---------------------------- ---------- ---------- ---------- ----------
INSA       HR         EMPLOYEES                    HR         SELECT     YES        NO
■ ROLE
- 롤이란 관련성이 있는 권한들을 하나로 묶어서 관리하는 객체이다.
- 관리의 편의성

예) 프로그래머들에게 부여할 시스템 권한
    create procedure (procedure,function,package)
    create trigger
    create view

CREATE ROLE prog;

SELECT * FROM dba_roles;

# 롤에 시스템 권한 부여
GRANT CREATE VIEW, CREATE PROCEDURE, CREATE TRIGGER TO prog;

SELECT * FROM dba_sys_privs WHERE grantee = 'PROG';
GRANTEE                        PRIVILEGE            ADMIN_OPTION
------------------------------ -------------------- ---------------
PROG                           CREATE TRIGGER       NO
PROG                           CREATE VIEW          NO
PROG                           CREATE PROCEDURE     NO

# 롤에 객체 권한 부여
GRANT SELECT ON hr.departments TO prog;

SELECT * FROM dba_tab_privs WHERE grantee = 'PROG';
GRANTEE    OWNER      TABLE_NAME           GRANTOR    PRIVILEGE  GRANTABLE  HIERARCHY
---------- ---------- -------------------- ---------- ---------- ---------- ----------
PROG       HR         DEPARTMENTS          HR         SELECT     NO         NO

# 롤을 유저한테 부여
GRANT prog TO insa;

SELECT * FROM dba_role_privs WHERE grantee = 'INSA';
GRANTEE              GRANTED_ROLE                   ADMIN_OPTION    DEF
-------------------- ------------------------------ --------------- ---
INSA                 PROG                           NO              YES
26. insa session
  SELECT * FROM session_roles;
> no rows selected

conn insa/oracle
ㄴ 롤은 세션을 재접속해야 부여된다.

SELECT * FROM session_roles;
ROLE
------------------------------
PROG

SELECT * FROM role_sys_privs;
ROLE                           PRIVILEGE                                ADMIN_OPTION
------------------------------ ---------------------------------------- ---------------
PROG                           CREATE TRIGGER                           NO
PROG                           CREATE VIEW                              NO
PROG                           CREATE PROCEDURE                         NO

SELECT * FROM role_tab_privs;
ROLE                OWNER      TABLE_NAME                     COLUMN_NAME PRIVILEGE GRANTABLE
------------------- ---------- ------------------------------ ----------- --------- ---------
PROG                HR         DEPARTMENTS                                SELECT    NO

SQL> SELECT * FROM hr.departments;
ㄴ 조회가능






★ temporary 삭제 시 간혹 지울 때 가끔 멈춤(hang) 문제 발생
- db 재부팅 : shutdown immediate - startup
- vm linux 설정저장이 아닌 종료 후 재실행 - 리스너체크 - db체크
- create은 tempfile, drop은 datafile


- WITH ADMIN OPTION : 개별회수해야한다

- WITH GRANT OPTION : 연쇄회수가능