oracle vpd 虚拟专用数据库
2013-08-27 23:57
357 查看
CREATEORREPLACEfunction func_vpd(p_owner
varchar2,p_objectname
varchar2)
RETURNVARCHAR2
AS
v_predicate varchar2(4000);
BEGIN
v_predicate :='last_name=initcap(sys_context(''userenv'',''session_user''))';
RETURN v_predicate;
end;
select a.object_name,a.status
from dba_objects a
where a.object_name='FUNC_VPD'
SELECT *
FROM USER_ERRORS
BEGIN
DBMS_RLS.ADD_POLICY (object_schema => 'hr',
object_name => 'employees',
policy_name => 'sp_job',
function_schema => 'sys',
policy_function => 'FUNC_VPD',
statement_types=>'select,insert',
sec_relevant_cols =>'salary,commission_pct'
);
END;
SQL> update employees setlast_name='King2' where employee_id=100;
1 row updated.
SQL> commit;
SQL> create user king identified byoracle;
User created.
SQL> grant connect to king;
Grant succeeded.
SQL> grant select on hr.employees toking;
SQL> select count(last_name) fromhr.employees;
COUNT(LAST_NAME)
----------------
107
Grant succeeded.
SQL> select last_name,salary from hr.employees;
LAST_NAME SALARY
-------------------------------------------------------------------------------------
King 10000
SQL> selectlast_name,commission_pct fromhr.employees;
LAST_NAME COMMISSION_PCT
-----------------------------------------------------------------------------------------
King .35
由于受到policy的影响,一旦查询到salary 或者是commissi_pct 时,查询
条件(谓语)会自动带有where last_name=
下面演示如何从策略中豁免
SQL> conn / as sysdba
Connected.
SQL> grant exempt access policy to king;
Grant succeeded.
SQL> conn king/oracle
Connected.
SQL> select last_name,commission_pct from hr.employees;
.
.
.
Everett
McCain
Jones
Walsh
Feeney
107 rows selected.
varchar2,p_objectname
varchar2)
RETURNVARCHAR2
AS
v_predicate varchar2(4000);
BEGIN
v_predicate :='last_name=initcap(sys_context(''userenv'',''session_user''))';
RETURN v_predicate;
end;
select a.object_name,a.status
from dba_objects a
where a.object_name='FUNC_VPD'
SELECT *
FROM USER_ERRORS
BEGIN
DBMS_RLS.ADD_POLICY (object_schema => 'hr',
object_name => 'employees',
policy_name => 'sp_job',
function_schema => 'sys',
policy_function => 'FUNC_VPD',
statement_types=>'select,insert',
sec_relevant_cols =>'salary,commission_pct'
);
END;
SQL> update employees setlast_name='King2' where employee_id=100;
1 row updated.
SQL> commit;
SQL> create user king identified byoracle;
User created.
SQL> grant connect to king;
Grant succeeded.
SQL> grant select on hr.employees toking;
SQL> select count(last_name) fromhr.employees;
COUNT(LAST_NAME)
----------------
107
Grant succeeded.
SQL> select last_name,salary from hr.employees;
LAST_NAME SALARY
-------------------------------------------------------------------------------------
King 10000
SQL> selectlast_name,commission_pct fromhr.employees;
LAST_NAME COMMISSION_PCT
-----------------------------------------------------------------------------------------
King .35
由于受到policy的影响,一旦查询到salary 或者是commissi_pct 时,查询
条件(谓语)会自动带有where last_name=
下面演示如何从策略中豁免
SQL> conn / as sysdba
Connected.
SQL> grant exempt access policy to king;
Grant succeeded.
SQL> conn king/oracle
Connected.
SQL> select last_name,commission_pct from hr.employees;
.
.
.
Everett
McCain
Jones
Walsh
Feeney
107 rows selected.
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 利用Oracle VPD(虚拟专用数据库)实现类似EBS R12里的多OU屏蔽
- 利用Oracle VPD(虚拟专用数据库)实现类似EBS R12里的多OU屏蔽
- [精]Oracle VPD详解(虚拟专用数据库)
- oracle 虚拟专用数据库详细介绍
- 什么是Oracle10g中的虚拟专用数据库(VPD)
- 数据库安全 Oracle之虚拟私有数据库VPD
- Oracle 10g特性之虚拟专用数据库
- Oracle中的虚拟私有数据库(VPD)
- Oracle 10g特性之虚拟专用数据库
- [Oracle] 数据库安全之 - 虚拟私有数据库 (VPD)
- Windows下虚拟ASM磁盘搭建基于ASM的Oracle 10g数据库系统(3)
- 数据库树结构 oracle的专用方法
- 数据库树结构 oracle的专用方法
- Oracle 11g 数据库的新特性--虚拟列
- 利用Oracle虚拟私有数据库进行整合
- oracle 数据库中dual虚拟表的介绍
- 在windows中搭建虚拟ASM环境创建Oracle 10G数据库
- Oracle sql 调优:使用虚拟索引在生产环境测试创建索引对数据库性能的影响
- Oracle sql 调优:使用虚拟索引在生产环境测试创建索引对数据库性能的影响
- Oracle 11g 数据库的新特性 —— 虚拟列