在oracle中更改或删除重新创建表是否会影响其上定义的策略

发布于 2024-09-14 21:13:48 字数 80 浏览 9 评论 0原文

如果我有一个表并在其上定义了策略,那么如果我删除并重新创建表或更改它,我是否需要重新定义策略,前提是表的更改或重新创建不会更改函数需要查看的元素?

If i have a table and a defined policy on it then do I need to redefine the policy if I drop and recreate the table or alter it, provided that the alteration or the recreation of the table does not alter elements that the function needs to see?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

把昨日还给我 2024-09-21 21:13:48

“如果我
删除并重新创建表”

是的。让我们创建一个策略。

SQL> exec dbms_rls.add_policy('APC', 'T23', 'DEPTPOL', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> select count(*) from user_policies;

  COUNT(*)
----------
         1

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
         6

SQL>  

这样就可以了。但是如果我们删除并重新创建表(使用我之前准备的备份)...

SQL> drop table t23
  2  /

Table dropped.

SQL> create table t23 as select * from t23a
  2  /

Table created.

SQL> select count(*) from t23;

  COUNT(*)
----------
        11

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
        11

SQL> SQL> select count(*) from user_policies;

  COUNT(*)
----------
         0

SQL>  

“所以问题是我是否必须重新定义
即使我不会改变政策
定义中的任何内容。”

不。提供更改不会使生成的谓词无效,更改表不会删除策略:

SQL> exec dbms_rls.add_policy('APC', 'T23', 'DEPTPOL', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> alter table t23 modify deptno number(3,0)
  2
SQL> desc t23
 Name                                      Null?    Type
 ----------------------------------------- -------- ----------------------------
 NAME                                               VARCHAR2(12 CHAR)
 ID                                                 NUMBER
 AGE                                                NUMBER(4)
 DEPTNO                                             NUMBER(2)

SQL> alter table t23 modify deptno number(3,0)
  2  /

Table altered.

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
         6

SQL> 

请注意,更改修改了由谓词测试的列,并且策略仍然有效。


“执行“创建或替换视图”
语句删除并重新创建它或者
它会改变它吗?”

让我们尝试一下:

SQL> create view v23 as select * from t23;

View created.

SQL> exec dbms_rls.add_policy('APC', 'V23', 'DEPTPOLV', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> exec security_policies.set_deptno(10)

PL/SQL procedure successfully completed.

SQL> select count(*) from v23;

  COUNT(*)
----------
         5

SQL> create or replace view v23 as select name, age from t23;

View created.

SQL> select count(*) from v23;
select count(*) from v23
                     *
ERROR at line 1:
ORA-28113: policy predicate has error


SQL>

好的,这是一个错误,因为视图的新投影不包括谓词中的列。但它表明策略仍然存在。所以让我们修复该错误:

SQL> create or replace view v23 as select name, age, deptno from t23;

View created.

SQL> select count(*) from v23;

  COUNT(*)
----------
         5

SQL>

"do I need to redefine the policy if I
drop and recreate the table"

Yes. Let's create a policy.

SQL> exec dbms_rls.add_policy('APC', 'T23', 'DEPTPOL', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> select count(*) from user_policies;

  COUNT(*)
----------
         1

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
         6

SQL>  

so that works. But if we drop and re-create the table (using a backup I prepared earlier) ...

SQL> drop table t23
  2  /

Table dropped.

SQL> create table t23 as select * from t23a
  2  /

Table created.

SQL> select count(*) from t23;

  COUNT(*)
----------
        11

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
        11

SQL> SQL> select count(*) from user_policies;

  COUNT(*)
----------
         0

SQL>  

"So the question is if I must redefine
the policy even if I will not change
anything in the definition."

No. Providing the change doesn't invalidate the generated predicate altering a table doesn't drop the policy:

SQL> exec dbms_rls.add_policy('APC', 'T23', 'DEPTPOL', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> alter table t23 modify deptno number(3,0)
  2
SQL> desc t23
 Name                                      Null?    Type
 ----------------------------------------- -------- ----------------------------
 NAME                                               VARCHAR2(12 CHAR)
 ID                                                 NUMBER
 AGE                                                NUMBER(4)
 DEPTNO                                             NUMBER(2)

SQL> alter table t23 modify deptno number(3,0)
  2  /

Table altered.

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
         6

SQL> 

Note that the change modified the column which is tested by the predicate and the policy still remains in force.


"does a 'CREATE OR REPLACE VIEW'
statement drops and recreates it or
does it alter it?"

Let's try it:

SQL> create view v23 as select * from t23;

View created.

SQL> exec dbms_rls.add_policy('APC', 'V23', 'DEPTPOLV', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> exec security_policies.set_deptno(10)

PL/SQL procedure successfully completed.

SQL> select count(*) from v23;

  COUNT(*)
----------
         5

SQL> create or replace view v23 as select name, age from t23;

View created.

SQL> select count(*) from v23;
select count(*) from v23
                     *
ERROR at line 1:
ORA-28113: policy predicate has error


SQL>

Okay, so that's an error because the view's new projection doesn't include the column in the predicate. But it suggests teh ploicy is still in place. So let's fix that error:

SQL> create or replace view v23 as select name, age, deptno from t23;

View created.

SQL> select count(*) from v23;

  COUNT(*)
----------
         5

SQL>
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文