Oracle触发器禁用从toad直接更新和删除
我有一个带有存储过程的Oracle数据库。现在,我只能通过存储过程插入、更新和删除,并防止直接从toad插入、更新和删除。似乎您希望将表上的DML限制为一组已定义的排序过程。让我们假设您允许DML操作,不管如何调用该过程,但仅当调用该过程时才允许。下面给出了这样做的框架Oracle触发器禁用从toad直接更新和删除,oracle,security,plsql,Oracle,Security,Plsql,我有一个带有存储过程的Oracle数据库。现在,我只能通过存储过程插入、更新和删除,并防止直接从toad插入、更新和删除。似乎您希望将表上的DML限制为一组已定义的排序过程。让我们假设您允许DML操作,不管如何调用该过程,但仅当调用该过程时才允许。下面给出了这样做的框架 Create a package that: 1. Define in the SPEC the DML routines. 2. Define in the SPEC a function that returns
Create a package that:
1. Define in the SPEC the DML routines.
2. Define in the SPEC a function that returns a value indicating whether the DML in allowed or not.
3. Create in the BODY the DML procedures and the DML Validation function.
4. Define in the BODY a package level control variable indicating DML Allowed or not.
5. In the DML routines set he DML Allowed variable to allow the operation.
7. In the DML routines always set the DML control variable to disallow the operation completes AND when any exception occurs.
8. (optional) Define in the SPEC a user defined error number and message.
Create a trigger which validates the control variable and throws exception if it's not allowed.
上面的框架:假设表名=>'My_Special_table'
Create or Replace package My_Special_Table_DML as
Invalid_DML_Requested_num constant number := -20199; --Used define Error
Invalid_DML_Requested_msg constant varchar2(80) :=
'DML on My_Special_Table only allowed through DML routines in Package';
Function Is_DML_Allowed return boolean ;
Procedure Delete_My_Special_Table (*parameter list as needed*);
Procedure Update_My_Special_Table (*parameter list as needed)*;
Procedure Insert_My_Special_Table (*parameter list as needed*);
end My_Special_Table_DML;
Create or Replace package My_Special_Table_DML BODY as
DML_OK boolean := false; -- do not allow DML opperation
Function Is_DML_allowed return boolean is
begin
return DML_OK;
end Is_DML_Valid ;
Procedure Delete_My_Special_Table (*parameter list as needed*) is
-- declare local variables
Begin
DML_OK := true ;
... other code as needed
Delete from My_Special_Table ....
DML_OK := false ;
exception
when <expected errors>
then
DML_OK := false;
<code to handle expected errors>
when others
then
DML_OK := false.
raise ;
end Delete_My_Special_Table;
-- *Code for Update and Insert similar to above Delete.*
end My_Special_Table;
Create or Replace Trigger My_Special_Table_DML_BIUD
before insert or update or delete on My_Special_Table
is
begin
if not(My_Special_Table_DML.Is_DML_Alloewd)
then
raise_application_error(Invalid_DML_Requested_num,
,Invalid_DML_Requested_msg
);
end if;
end My_Special_Table_DML_BIUD;
我将留给你们去弄清楚这其中的逻辑以及它为什么会起作用。
但请记住APC的问题:如果有人从蟾蜍那里运行程序,会发生什么。在这种情况下,如果用户对包具有执行权限,则允许从任何DB连接使用DML。包括但不限于蟾蜍 如果有人从TOAD运行您的存储过程,会发生什么情况?更一般地说,请解释您试图解决的业务问题。实现这一点有多种方法,一些是彻底的预防,另一些只是障碍。所以你需要给我们更多的细节。另外:Oracle的哪个版本和哪个版本Enterprise/Standard/Express?