在oracle中更改或删除重新创建表会影响在其上定义的策略

时间:2010-08-19 11:24:06

标签: oracle row-level-security

如果我有一个表和一个已定义的策略,那么如果我删除并重新创建表或更改它,我是否需要重新定义策略,前提是表的更改或重新创建不会改变函数的元素需要看看吗?

1 个答案:

答案 0 :(得分:1)

  如果我,我是否需要重新定义政策?   删除并重新创建表“

是。让我们创建一个政策。

SQL> exec dbms_rls.add_policy('APC', 'T23', 'DEPTPOL', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> select count(*) from user_policies;

  COUNT(*)
----------
         1

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
         6

SQL>

这样才行。但是如果我们放弃并重新创建表(使用我之前准备的备份)...... 

SQL> drop table t23
  2  /

Table dropped.

SQL> create table t23 as select * from t23a
  2  /

Table created.

SQL> select count(*) from t23;

  COUNT(*)
----------
        11

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
        11

SQL> SQL> select count(*) from user_policies;

  COUNT(*)
----------
         0

SQL>
  

“所以问题是我是否必须重新定义   即使我不改变,政策也是如此   定义中的任何内容。“

没有。提供更改不会使生成的谓词无效,更改表不会丢弃策略:

SQL> exec dbms_rls.add_policy('APC', 'T23', 'DEPTPOL', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> alter table t23 modify deptno number(3,0)
  2
SQL> desc t23
 Name                                      Null?    Type
 ----------------------------------------- -------- ----------------------------
 NAME                                               VARCHAR2(12 CHAR)
 ID                                                 NUMBER
 AGE                                                NUMBER(4)
 DEPTNO                                             NUMBER(2)

SQL> alter table t23 modify deptno number(3,0)
  2  /

Table altered.

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
         6

SQL>

请注意,更改修改了谓词测试的列,策略仍然有效。

  

“做'创建或替换视图'   语句丢弃并重新创建它或   它改变了吗?“

我们试一试:

SQL> create view v23 as select * from t23;

View created.

SQL> exec dbms_rls.add_policy('APC', 'V23', 'DEPTPOLV', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> exec security_policies.set_deptno(10)

PL/SQL procedure successfully completed.

SQL> select count(*) from v23;

  COUNT(*)
----------
         5

SQL> create or replace view v23 as select name, age from t23;

View created.

SQL> select count(*) from v23;
select count(*) from v23
                     *
ERROR at line 1:
ORA-28113: policy predicate has error


SQL>

好的,这是一个错误,因为视图的新投影不包含谓词中的列。但它表明,plo picy仍然存在。所以让我们解决这个错误:

SQL> create or replace view v23 as select name, age, deptno from t23;

View created.

SQL> select count(*) from v23;

  COUNT(*)
----------
         5

SQL>
相关问题
最新问题