Oracle DBMS_FGA动态创建审计跟踪或策略

时间:2017-03-22 19:16:09

标签: oracle stored-procedures dynamic plsql

我的目标是对表运行select,并根据某些行动态创建审计跟踪或策略。

所以..

创建一个名为/ Looped的set_policy函数:

 create or replace 
function set_policy
       ( sch VARCHAR2 ,
         tab VARCHAR2,
         colm VARCHAR2,
         pred VARCHAR2,
         emailer VARCHAR2
         )

 return VARCHAR2 is 

 policy_sql_stmt varchar2(1000);

 BEGIN         

           policy_sql_stmt :=
            'BEGIN
              SYS.DBMS_FGA.ADD_POLICY (
              object_schema => :s,
              object_name => :t,
              policy_name => ''CHK_:s_:t'',   
              audit_column => :c,
              audit_condition => :p,
              handler_schema => ''SYSADMIN_FGA'',
              handler_module => '''||emailer||'(:s,:t,''''CHK_:s_:t'''')'',   
              enable => TRUE,
              statement_types => ''SELECT, UPDATE'',
              audit_trail => SYS.DBMS_FGA.DB + SYS.DBMS_FGA.EXTENDED);
            END;';  

            --DBMS_OUTPUT.PUT_LINE('policy_sql_stmt = :' || policy_sql_stmt);

            BEGIN
                EXECUTE IMMEDIATE policy_sql_stmt USING sch,tab,colm,pred;
                --EXECUTE IMMEDIATE policy_sql_stmt USING pred;

                EXCEPTION  
                        WHEN OTHERS THEN
                        BEGIN
                          --dbms_output.put_line('set_policy error code: '||SQLCODE);
                          --dbms_output.put_line(DBMS_UTILITY.FORMAT_CALL_STACK);
                          RETURN ('set_policy error code: '||SQLCODE);
                        END;
             END;
             RETURN 'success';
   END;

然后调用函数的过程......

CREATE OR REPLACE PROCEDURE audit_slac_tables
AS
  --DECLARE
  emailer   VARCHAR2(40):='audit_email_alert';
  isSuccess VARCHAR2(40);
  CURSOR myCursor
  IS
    SELECT SCHEMA   AS sch,
      TABLE_NAME    AS tab,
      FILTER_COLUMN AS colm,
      WHERE_COND    AS pred
    FROM SLAC_REDACTION_TABLE slac;
    --WHERE slac.table_name IN ('RECIPIENT','CARD');
BEGIN
  FOR curRec IN myCursor
  LOOP
    BEGIN
            --emailer := getEmailer(curRec.sch ,curRec.tab);
            isSuccess := set_policy(curRec.sch ,curRec.tab, curRec.colm, curRec.pred, emailer);
            DBMS_OUTPUT.PUT_LINE('Proc isSuccess = :' || isSuccess);
          EXCEPTION
          WHEN OTHERS THEN
            dbms_output.put_line('Proc error code: '||SQLCODE);
            dbms_output.put_line('Proc error msg: '||SQLERRM);
            --dbms_output.put_line(DBMS_UTILITY.FORMAT_CALL_STACK);
            --dbms_output.put_line('================================================');
            CONTINUE;
    END;
    --dbms_output.put_line('================================================');
  END LOOP;
  COMMIT;
END audit_slac_tables; 

如果我称之为......

exec AUDIT_SLAC_TABLES;

我收到以下令人困惑的错误

从命令行中的第6行开始出错 - exec AUDIT_SLAC_TABLES 错误报告 - ORA-06550:第12行,第18栏: PLS-00201:标识符' SYS.DBMS_FGA'必须申报 ORA-06550:第2行第3列: PL / SQL:语句被忽略 ORA-06512:at" GAPLITE.SET_POLICY",第51行 ORA-06512:at" GAPLITE.AUDIT_SLAC_TABLES",第27行 ORA-06512:第1行 06550. 00000 - "行%s,列%s:\ n%s" *原因:通常是PL / SQL编译错误。 *操作:

为什么脚本DBMS_FGA.ADD_POLICY从未出现问题的参考问题?

我可以运行这个脚本(上面列出的第一个)但不是动态的......它会以某种方式失去对SYS包的上下文引用?

0 个答案:

没有答案