限制用户级别的oracle触发器

时间:2018-08-29 07:08:51

标签: database oracle plsql triggers database-trigger

此触发器可以正常工作并限制os_users 

create or replace trigger TRG_Restrict
before create on database
DECLARE
v_osuser varchar(500);
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
select sys_context('userenv', 'os_user') into v_osuser from dual;
if (lower(v_osuser) not in ( 'alex','hales')) then
insert into TEMP_AUDIT_users
  (ddl_date,
   user_name,
   ddl_type,
   object_type,
   object_name,
   owner,
   osuser,
   host,
   terminal,
   IP_address)
   VALUES
  (sysdate,
   ora_login_user,
   ora_sysevent,
   ora_dict_obj_type,
   ora_dict_obj_name,
   ora_dict_obj_owner,
   v_osuser,
   sys_context('USERENV', 'HOST'),
   sys_context('USERENV', 'TERMINAL'),
   SYS_CONTEXT('USERENV','IP_ADDRESS'));
commit;
begin
  RAISE_APPLICATION_ERROR
   (-20000,'Stop You Are Not Authorized To Make Any Change. Thank You :( 
   ');
end;
end if;
end;

但是此触发器应用于整个数据库,我想将此应用于选定的用户,请分享一些有帮助的东西。

1 个答案:

答案 0 :(得分:2)

假设您要以相同的方式向连接到数据库的用户添加约束以进行更改,您将执行类似的触发器,并在其之上添加条件:

create or replace trigger TRG_Restrict
before create on database
DECLARE
  v_osuser varchar(500);
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
  v_osuser := sys_context('userenv', 'os_user') ;
  -- condition on OS user
  if (lower(v_osuser) not in ( 'alex','hales')) then
    -- condition on user connected to Oracle
    if (ora_login_user not in ('SYS', 'OKTOMODIFY_USER1', 'OKTOMODIFY_USER2') ) then 
      INSERT into TEMP_AUDIT_users
        (ddl_date,          user_name,          ddl_type,          object_type,
         object_name,          owner,          osuser,          host,          terminal,
         IP_address)
      VALUES
        (sysdate,          ora_login_user,     ora_sysevent,     ora_dict_obj_type,
         ora_dict_obj_name,  ora_dict_obj_owner,  v_osuser,   sys_context('USERENV', 'HOST'),  sys_context('USERENV', 'TERMINAL'),
         SYS_CONTEXT('USERENV','IP_ADDRESS'));
      commit;    
      begin
        RAISE_APPLICATION_ERROR (-20000,'Stop You Are Not Authorized To Make Any Change. Thank You :( ');
      end;
    end if;
  end if;
END;

(这里假设仅以与Oracle相关的方式进行修改是 'SYS','OKTOMODIFY_USER1'和'OKTOMODIFY_USER2',来自操作系统用户AlexHales)。

相关问题
最新问题