Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/oracle/10.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Oracle触发器禁用从toad直接更新和删除_Oracle_Security_Plsql - Fatal编程技术网
Fatal编程技术网
  • oracle/
  • Oracle触发器禁用从toad直接更新和删除

Oracle触发器禁用从toad直接更新和删除

oracle security plsql

Oracle触发器禁用从toad直接更新和删除,oracle,security,plsql,Oracle,Security,Plsql,我有一个带有存储过程的Oracle数据库。现在,我只能通过存储过程插入、更新和删除,并防止直接从toad插入、更新和删除。似乎您希望将表上的DML限制为一组已定义的排序过程。让我们假设您允许DML操作,不管如何调用该过程,但仅当调用该过程时才允许。下面给出了这样做的框架 Create a package that: 1. Define in the SPEC the DML routines. 2. Define in the SPEC a function that returns

我有一个带有存储过程的Oracle数据库。现在,我只能通过存储过程插入、更新和删除,并防止直接从toad插入、更新和删除。似乎您希望将表上的DML限制为一组已定义的排序过程。让我们假设您允许DML操作,不管如何调用该过程,但仅当调用该过程时才允许。下面给出了这样做的框架

Create a package that: 
  1. Define in the SPEC the DML routines. 
  2. Define in the SPEC a function that returns a value indicating whether the DML in allowed or not.
  3. Create in the BODY the DML procedures and the DML Validation function.
  4. Define in the BODY a package level control variable indicating DML Allowed or not.
  5. In the DML routines set he DML Allowed variable to allow the operation.
  7. In the DML routines always set the DML control variable to disallow the operation completes AND when any exception occurs.
  8. (optional) Define in the SPEC a user defined error number and message. 

Create a trigger which validates the control variable and throws exception if it's not allowed.
上面的框架:假设表名=>'My_Special_table'

Create or Replace package My_Special_Table_DML as 
  Invalid_DML_Requested_num constant number := -20199; --Used define Error
  Invalid_DML_Requested_msg constant varchar2(80) :=
          'DML on My_Special_Table only allowed through DML routines in Package';

  Function  Is_DML_Allowed return boolean ;
  Procedure Delete_My_Special_Table (*parameter list as needed*);
  Procedure Update_My_Special_Table (*parameter list as needed)*;
  Procedure Insert_My_Special_Table (*parameter list as needed*);
end My_Special_Table_DML; 

Create or Replace package My_Special_Table_DML BODY as 
  DML_OK    boolean := false;      -- do not allow DML opperation 

  Function Is_DML_allowed return boolean is
  begin 
     return DML_OK; 
  end Is_DML_Valid ; 

  Procedure Delete_My_Special_Table (*parameter list as needed*) is
  -- declare local variables
  Begin 
      DML_OK := true ;
      ... other code as needed 

      Delete from My_Special_Table .... 

      DML_OK := false ; 
  exception 
     when <expected errors> 
          then
              DML_OK := false; 
              <code to handle expected errors>
     when others 
          then 
              DML_OK := false. 
              raise ;
  end Delete_My_Special_Table;

  -- *Code for Update and Insert similar to above Delete.*

end My_Special_Table;

Create or Replace Trigger My_Special_Table_DML_BIUD
    before insert or update or delete on My_Special_Table
is
begin 
    if not(My_Special_Table_DML.Is_DML_Alloewd)
    then 
        raise_application_error(Invalid_DML_Requested_num,
                               ,Invalid_DML_Requested_msg
                               ); 
    end if; 
end My_Special_Table_DML_BIUD;
我将留给你们去弄清楚这其中的逻辑以及它为什么会起作用。
但请记住APC的问题:如果有人从蟾蜍那里运行程序,会发生什么。在这种情况下,如果用户对包具有执行权限,则允许从任何DB连接使用DML。包括但不限于蟾蜍

如果有人从TOAD运行您的存储过程,会发生什么情况?更一般地说,请解释您试图解决的业务问题。实现这一点有多种方法,一些是彻底的预防,另一些只是障碍。所以你需要给我们更多的细节。另外:Oracle的哪个版本和哪个版本Enterprise/Standard/Express?