0

我有以下问题:我想对数据库中的表实施“行级安全策略”并添加了此功能:

FUNCTION app_user_is_master_owner(
    schema_in IN VARCHAR2,
    object_in IN VARCHAR
)
RETURN VARCHAR2
IS  return_value VARCHAR2(100);
BEGIN
SELECT 'OWNER_FK = ' || 
    (SELECT mo.owner_id 
    FROM MASTER_OWNER mo
    WHERE upper(mo.owner_name) = SYS_CONTEXT('USERENV', 'SESSION_USER')) ||
    ' OR OWNER_FK IS EMPTY' 
    INTO return_value
    FROM DUAL;
RETURN return_value;
END app_user_is_master_owner;

我从 DBMS_RLS 调用了 ADD_POLICY 以将其添加到其他策略中

 BEGIN
 DBMS_RLS.ADD_POLICY(
 object_schema => 'MY_SCHEMA',
 object_name => 'MASTER_DATA',
 policy_name => 'app_user_is_mo_policy',
 function_schema => 'MY_SCHEMA',
 policy_function => 'MY_RLS_POLICYS.app_user_is_master_owner',
 statement_types => 'SELECT, INSERT, UPDATE, DELETE'
 );
 END;

当我在 sql plus 中调用该函数而不将其添加为 RLS 策略时,将返回预期的“where”子句

SQL> select my_rls_policys.app_user_is_master_owner('A','A') from dual;
 MY_RLS_POLICYS.APP_USER_IS_MASTER_OWNER('A','A')
 --------------------------------------------------------------------------------
 OWNER_FK = 4000 OR OWNER_FK IS EMPTY

但如果我将其称为 VPD-Policy,则会出现此错误消息。

SQL> SELECT * FROM MASTER_DATA;
SELECT * FROM MASTER_DATA
                        *
ERROR at line 1:
ORA-00932: inconsistent datatypes: expected UDT got NUMBER

我猜这是因为结果是 Select 而不是 VARCHAR,但是将 TO_CHAR 添加到“select to_char(...) into return_value”和“return TO_CHAR(return_value)”似乎都可以解决问题。

其他政策工作得很好。

谢谢你的帮助。

马蒂亚斯

4

1 回答 1

0

尝试将所有者获取到变量,然后连接

function app_user_is_master_owner(
    schema_in in varchar2,
    object_in in varchar
) return varchar2 
is
    predicate   varchar2(100);
    owner_id    master_owner.owner_id%type;
begin
    select  owner_id 
    into    owner_id
    from    master_owner
    where   upper(owner_name) = sys_context('userenv', 'session_user');

    predicate := '(owner_fk = ' || owner_id || ' or owner_fk is null)';

    return predicate;
end app_user_is_master_owner;

PS不确定是什么is empty意思...我将其更改为is null

于 2014-06-23T13:31:16.080 回答