Oracle 创建安全策略函数以允许用户查看特定用户拥有的行
如何修改该函数,以便用户(HR1)可以查看CTL_UPD_用户为VPD_CLERK1或VPD_CLERK2的行 我对Oracle和pl/sql非常陌生Oracle 创建安全策略函数以允许用户查看特定用户拥有的行,oracle,plsql,conditional-statements,access-control,vpd,Oracle,Plsql,Conditional Statements,Access Control,Vpd,如何修改该函数,以便用户(HR1)可以查看CTL_UPD_用户为VPD_CLERK1或VPD_CLERK2的行 我对Oracle和pl/sql非常陌生 RETURN VARCHAR2 AS con VARCHAR2 (200); BEGIN IF USER ='HR1' THEN con := 'CTL_UPD_USER=' ||'''VPD_CLERK1'''; else con:= 'CTL_UPD_USER=USER'; end if; RETURN (con);
RETURN VARCHAR2 AS
con VARCHAR2 (200);
BEGIN
IF USER ='HR1' THEN
con := 'CTL_UPD_USER=' ||'''VPD_CLERK1''';
else
con:= 'CTL_UPD_USER=USER';
end if;
RETURN (con);
END;
我尝试了OR的各种用法,但出现了一个编译错误:pl/sql语句被忽略,表达式的类型错误:
Con := 'CTL_UPD_USER=' ||'''VPD_CLERK1''' OR
'CTL_UPD_USER='||'''VPD_CLERK3''';
工作代码:
CREATE TABLE CUSTOMERS (
SALES_REP_ID NUMBER(4),
CUSTOMER_ID NUMBER(8),
CTL_UPD_DTTM DATE,
CTL_UPD_USER VARCHAR2(30),
CTL_REC_STAT CHAR(1),
primary key (sales_rep_id, customer_id)
);
insert into customers values (1000, 90000,NULL, 'VPD_CLERK1','1');
insert into customers values (1000, 90001,NULL, 'VPD_CLERK1','2');
insert into customers values (1000, 90002,NULL, 'VPD_CLERK2','3');
insert into customers values (1000, 90003,NULL, 'VPD_CLERK2','4');
insert into customers values (1000, 90004,NULL, 'VPD_CLERK3','5');
CREATE OR REPLACE FUNCTION
DBSEC_ROW_OWNER_WHERE(
P_SCHEMA_NAME IN VARCHAR2,
P_OBJECT_NAME IN VARCHAR2)
RETURN VARCHAR2 AS
con VARCHAR2 (200);
BEGIN
IF USER ='HR1' THEN
con := 'CTL_UPD_USER=' ||'''VPD_CLERK1''';
else
con:= 'CTL_UPD_USER=USER';
end if;
RETURN (con);
END;
exec dbms_rls.add_policy(object_schema =>'DBSEC',object_name =>
'CUSTOMERS',policy_name => 'dbsec_row_onwer_policy', function_schema =>
'SYS',
policy_function =>'DBSEC_ROW_OWNER_WHERE', enable => true);
我希望能够以HR1身份登录并查看CTL_UPD_用户为VPD_CLERK1或VPD_CLERK2或用户为HR1的行。IN子句如何
SQL> CREATE TABLE scott.CUSTOMERS (
2 SALES_REP_ID NUMBER(4),
3 CUSTOMER_ID NUMBER(8),
4 CTL_UPD_DTTM DATE,
5 CTL_UPD_USER VARCHAR2(30),
6 CTL_REC_STAT CHAR(1),
7 primary key (sales_rep_id, customer_id)
8 );
Table created.
SQL>
SQL> grant select on scott.CUSTOMERS to hr;
Grant succeeded.
SQL>
SQL> insert into scott.customers values (1000, 90000,NULL, 'VPD_CLERK1','1');
1 row created.
SQL> insert into scott.customers values (1000, 90001,NULL, 'VPD_CLERK1','2');
1 row created.
SQL> insert into scott.customers values (1000, 90002,NULL, 'VPD_CLERK2','3');
1 row created.
SQL> insert into scott.customers values (1000, 90003,NULL, 'VPD_CLERK2','4');
1 row created.
SQL> insert into scott.customers values (1000, 90004,NULL, 'VPD_CLERK3','5');
1 row created.
SQL>
SQL> CREATE OR REPLACE FUNCTION
2 scott.DBSEC_ROW_OWNER_WHERE(
3 P_SCHEMA_NAME IN VARCHAR2,
4 P_OBJECT_NAME IN VARCHAR2)
5 RETURN VARCHAR2 AS
6 con VARCHAR2 (200);
7 BEGIN
8 IF USER ='HR' THEN
9 con := 'CTL_UPD_USER in (' ||'''VPD_CLERK1'',''VPD_CLERK2'')';
10 else
11 con:= 'CTL_UPD_USER=USER';
12 end if;
13 RETURN (con);
14 END;
15 /
Function created.
SQL>
SQL> begin
2 dbms_rls.add_policy(
3 object_schema =>'SCOTT',
4 object_name =>'CUSTOMERS',
5 policy_name => 'dbsec_row_onwer_policy',
6 function_schema => 'SCOTT',
7 policy_function =>'DBSEC_ROW_OWNER_WHERE',
8 enable => true);
9 end;
10 /
PL/SQL procedure successfully completed.
SQL>
SQL> conn hr/hr
Connected.
SQL>
SQL> select * from scott.customers;
SALES_REP_ID CUSTOMER_ID CTL_UPD_D CTL_UPD_USER C
------------ ----------- --------- ------------------------------ -
1000 90000 VPD_CLERK1 1
1000 90001 VPD_CLERK1 2
1000 90002 VPD_CLERK2 3
1000 90003 VPD_CLERK2 4
4 rows selected.