2

如果我有一个表和一个已定义的策略,那么如果我删除并重新创建表或更改它,我是否需要重新定义策略,前提是更改或重新创建表不会更改函数需要查看的元素?

4

1 回答 1

1

“如果我删除并重新创建表,是否需要重新定义策略”

是的。让我们创建一个策略。

SQL> exec dbms_rls.add_policy('APC', 'T23', 'DEPTPOL', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> select count(*) from user_policies;

  COUNT(*)
----------
         1

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
         6

SQL>

这样就可以了。但是如果我们删除并重新创建表(使用我之前准备的备份)......

SQL> drop table t23
  2  /

Table dropped.

SQL> create table t23 as select * from t23a
  2  /

Table created.

SQL> select count(*) from t23;

  COUNT(*)
----------
        11

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
        11

SQL> SQL> select count(*) from user_policies;

  COUNT(*)
----------
         0

SQL>

“所以问题是我是否必须重新定义政策,即使我不会改变定义中的任何内容。”

不,如果更改不会使生成的谓词更改表无效,则不会删除策略:

SQL> exec dbms_rls.add_policy('APC', 'T23', 'DEPTPOL', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> alter table t23 modify deptno number(3,0)
  2
SQL> desc t23
 Name                                      Null?    Type
 ----------------------------------------- -------- ----------------------------
 NAME                                               VARCHAR2(12 CHAR)
 ID                                                 NUMBER
 AGE                                                NUMBER(4)
 DEPTNO                                             NUMBER(2)

SQL> alter table t23 modify deptno number(3,0)
  2  /

Table altered.

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
         6

SQL>

请注意,更改修改了谓词测试的列,并且策略仍然有效。

“'CREATE OR REPLACE VIEW'语句是删除并重新创建它还是改变它?”

让我们尝试一下:

SQL> create view v23 as select * from t23;

View created.

SQL> exec dbms_rls.add_policy('APC', 'V23', 'DEPTPOLV', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> exec security_policies.set_deptno(10)

PL/SQL procedure successfully completed.

SQL> select count(*) from v23;

  COUNT(*)
----------
         5

SQL> create or replace view v23 as select name, age from t23;

View created.

SQL> select count(*) from v23;
select count(*) from v23
                     *
ERROR at line 1:
ORA-28113: policy predicate has error


SQL>

好的,这是一个错误,因为视图的新投影不包括谓词中的列。但这表明策略仍然存在。所以让我们修复这个错误: 

SQL> create or replace view v23 as select name, age, deptno from t23;

View created.

SQL> select count(*) from v23;

  COUNT(*)
----------
         5

SQL>
于 2010-08-19T12:09:34.343 回答