我有以下问题: 我想对我的数据库中的表实施“行级安全策略”并添加此功能:
FUNCTION app_user_is_master_owner(
schema_in IN VARCHAR2,
object_in IN VARCHAR
)
RETURN VARCHAR2
IS return_value VARCHAR2(100);
BEGIN
SELECT 'OWNER_FK = ' ||
(SELECT mo.owner_id
FROM MASTER_OWNER mo
WHERE upper(mo.owner_name) = SYS_CONTEXT('USERENV', 'SESSION_USER')) ||
' OR OWNER_FK IS EMPTY'
INTO return_value
FROM DUAL;
RETURN return_value;
END app_user_is_master_owner;
我从DBMS_RLS调用ADD_POLICY将其添加到其他政策
BEGIN
DBMS_RLS.ADD_POLICY(
object_schema => 'MY_SCHEMA',
object_name => 'MASTER_DATA',
policy_name => 'app_user_is_mo_policy',
function_schema => 'MY_SCHEMA',
policy_function => 'MY_RLS_POLICYS.app_user_is_master_owner',
statement_types => 'SELECT, INSERT, UPDATE, DELETE'
);
END;
当我在sql plus中调用该函数而不将其添加为RLS Policy时,会返回预期的'where'子句
SQL> select my_rls_policys.app_user_is_master_owner('A','A') from dual;
MY_RLS_POLICYS.APP_USER_IS_MASTER_OWNER('A','A')
--------------------------------------------------------------------------------
OWNER_FK = 4000 OR OWNER_FK IS EMPTY
但如果我将其称为VPD-Policy,则会出现此错误消息。
SQL> SELECT * FROM MASTER_DATA;
SELECT * FROM MASTER_DATA
*
ERROR at line 1:
ORA-00932: inconsistent datatypes: expected UDT got NUMBER
我想这是因为结果是Select而不是VARCHAR,但是既没有将“select to_char(...)添加到return_value”也没有“返回TO_CHAR(return_value)”似乎解决了这个问题。
其他政策工作得很好。
感谢您的帮助。
的Matthias
答案 0 :(得分:0)
尝试将所有者提取到变量然后连接
function app_user_is_master_owner(
schema_in in varchar2,
object_in in varchar
) return varchar2
is
predicate varchar2(100);
owner_id master_owner.owner_id%type;
begin
select owner_id
into owner_id
from master_owner
where upper(owner_name) = sys_context('userenv', 'session_user');
predicate := '(owner_fk = ' || owner_id || ' or owner_fk is null)';
return predicate;
end app_user_is_master_owner;
P.S不确定is empty的含义...我将其更改为is null。