是否可以在RLS谓词中增加oracle替换变量值长度?

时间:2014-08-08 14:36:27

标签: oracle security plsql oracle11gr2

oracle朋友们!

今天,我发现我的RLS工作不正常.. 我有一个观点 - HR_V_EMPLOYEE_ALPHABET。 在这个视图中,我有带谓词的RLS策略函数 NUMDEPTID具有不同的长度,具体取决于oracle用户,它在HR_V_EMPLOYEE_ALPHABET视图上执行查询。 我有一个用户,他对此观点有很长的预测:

NUMDEPTID IN (17923354,3412,20680619,3455,25203933,3470,3487,3487,18903226,3520,17923246,3564,17923436,732603,3409,16404471,3556,17458291,17458301,17458301,17862534,17862534,6296438,17862616,17923013,17923013,3401,17949231,3423,17975096,17975101,17975101,18197184,18197184,18903152,18903152,3490,20308150)

长度为290个符号(我使用1个字节的字符集,因此这个谓词的长度为290个字节)。

我发现,该用户未在视图中看到某些数据。我已经完成了实验并将我的谓词从NUMBER数据类型转换为VARCHAR2数据类型:

NUMDEPTID IN ('17923354','3412','20680619','3455','25203933','3470','3487','3487','18903226','3520','17923246','3564','17923436','732603','3409','16404471','3556','17458291','17458301','17458301','17862534','17862534','6296438','17862616','17923013','17923013','3401','17949231','3423','17975096','17975101','17975101','18197184','18197184','18903152','18903152','3490','20308150')

我运行一个查询:

SELECT* FROM HR_V_EMPLOYEE_ALPHABET;

哎哟,我收到错误ORA-28113(政策谓词有错误)。 我看到了一个跟踪文件,发现了以下内容:

*** 2014-08-08 17:09:55.762
-------------------------------------------------------------
Error information for ORA-28113:
Logon user     : GULKINA_IF
Table/View     : APPROOT.HR_V_EMPLOYEE_ALPHABET
Policy name    : RLS_HRWATCHER_HR_V_EMP_ALPHAB
Policy function: CONTEXT_OWNER.PKG_HRWATCHER_SEC_FUNC.F_HRWATCHER_RLS
RLS view  :
SELECT  "ID","EMPLOYEEID","CITEZENID","ALPATATUS","ARCHIVEDATE","DESCR","DESCR2","OLD_DCODE","OLD_TABNUMB","OLD_PROD","STRUCTUREID","STATUSID","INDATE","DCODE","CONDCODE","DNAME","TABNUMB","LASTNAME","NAME","FATHERSHIP","JOBTITLE","JOBTITLE_FULL","JOBTITL_CUT","CATEGORYNUMB","CATEGCODE","WORKCODE","WORKTYPE","INN","INSURANCE","SALARY_HOUR","QUAL_NUMB","SALARY_MONTH","DISMISSDATE","SALARY_CODE","ADDITIONHARM","ADDITIONSECRET","ADDITIONOTHER","EXPA_ALL","EXPA_LOCAL","EXPA_DEPT","POL","BIRTHDATE","BRIGADE","D_GROUP","OLD_TAB","GEN_UNIT","NUMDEPTID","FINDATE","BIRTH_HOLIDAY","CHILD_HOLIDAY","CHANGESTATUSDATE","WORKGRAFF","ORDERBILL","INSTATE","DEPTID","OLDDCODE","GRAFID","SCHEDULENAME","OUTDATE" FROM "APPROOT"."HR_V_EMPLOYEE_ALPHABET"   "HR_V_EMPLOYEE_ALPHABET" WHERE (NUMDEPTID IN ('17923354','3412','20680619','3455','25203933','3470','3487','3487','18903226','3520','17923246','3564','17923436','732603','3409','16404471','3556','17458291','17458301','17458301','17862534','17862534','6296438','17862616','17923013','17923013','3401','1)) 
ORA-01756: quoted string not properly terminated

所以,Oracle修剪谓词。 我发现,oracle对256字节的替换变量值有限制。

http://docs.oracle.com/cd/E12825_01/epm.111/esb_dbag/frameset.htm?limits.htm

嗯,我不确定,我的问题确实有这个原因.. 如何为我的RLS谓词增加oracle替换变量值长度?有可能吗?

最好的问候,谢尔盖

0 个答案:

没有答案
相关问题
最新问题