当前位置：文江博客话题详情

在oracle中更改或删除重新创建表是否会影响其上定义的策略

发布于 2024-09-14 21:13:48 字数 80 浏览 5 评论 0原文

如果我有一个表并在其上定义了策略，那么如果我删除并重新创建表或更改它，我是否需要重新定义策略，前提是表的更改或重新创建不会更改函数需要查看的元素？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

把昨日还给我 2024-09-21 21:13:48

“如果我
删除并重新创建表”

是的。让我们创建一个策略。

SQL> exec dbms_rls.add_policy('APC', 'T23', 'DEPTPOL', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> select count(*) from user_policies;

  COUNT(*)
----------
         1

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
         6

SQL>

这样就可以了。但是如果我们删除并重新创建表（使用我之前准备的备份）...

SQL> drop table t23
  2  /

Table dropped.

SQL> create table t23 as select * from t23a
  2  /

Table created.

SQL> select count(*) from t23;

  COUNT(*)
----------
        11

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
        11

SQL> SQL> select count(*) from user_policies;

  COUNT(*)
----------
         0

SQL>

“所以问题是我是否必须重新定义
即使我不会改变政策
定义中的任何内容。”

不。提供更改不会使生成的谓词无效，更改表不会删除策略：

SQL> exec dbms_rls.add_policy('APC', 'T23', 'DEPTPOL', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> alter table t23 modify deptno number(3,0)
  2
SQL> desc t23
 Name                                      Null?    Type
 ----------------------------------------- -------- ----------------------------
 NAME                                               VARCHAR2(12 CHAR)
 ID                                                 NUMBER
 AGE                                                NUMBER(4)
 DEPTNO                                             NUMBER(2)

SQL> alter table t23 modify deptno number(3,0)
  2  /

Table altered.

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
         6

SQL>

请注意，更改修改了由谓词测试的列，并且策略仍然有效。

“执行“创建或替换视图”
语句删除并重新创建它或者
它会改变它吗？”

让我们尝试一下：

SQL> create view v23 as select * from t23;

View created.

SQL> exec dbms_rls.add_policy('APC', 'V23', 'DEPTPOLV', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> exec security_policies.set_deptno(10)

PL/SQL procedure successfully completed.

SQL> select count(*) from v23;

  COUNT(*)
----------
         5

SQL> create or replace view v23 as select name, age from t23;

View created.

SQL> select count(*) from v23;
select count(*) from v23
                     *
ERROR at line 1:
ORA-28113: policy predicate has error


SQL>

好的，这是一个错误，因为视图的新投影不包括谓词中的列。但它表明策略仍然存在。所以让我们修复该错误：

SQL> create or replace view v23 as select name, age, deptno from t23;

View created.

SQL> select count(*) from v23;

  COUNT(*)
----------
         5

SQL>

"do I need to redefine the policy if I
drop and recreate the table"

Yes. Let's create a policy.

SQL> exec dbms_rls.add_policy('APC', 'T23', 'DEPTPOL', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> select count(*) from user_policies;

  COUNT(*)
----------
         1

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
         6

SQL>

so that works. But if we drop and re-create the table (using a backup I prepared earlier) ...

SQL> drop table t23
  2  /

Table dropped.

SQL> create table t23 as select * from t23a
  2  /

Table created.

SQL> select count(*) from t23;

  COUNT(*)
----------
        11

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
        11

SQL> SQL> select count(*) from user_policies;

  COUNT(*)
----------
         0

SQL>

"So the question is if I must redefine
the policy even if I will not change
anything in the definition."

No. Providing the change doesn't invalidate the generated predicate altering a table doesn't drop the policy:

SQL> exec dbms_rls.add_policy('APC', 'T23', 'DEPTPOL', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> alter table t23 modify deptno number(3,0)
  2
SQL> desc t23
 Name                                      Null?    Type
 ----------------------------------------- -------- ----------------------------
 NAME                                               VARCHAR2(12 CHAR)
 ID                                                 NUMBER
 AGE                                                NUMBER(4)
 DEPTNO                                             NUMBER(2)

SQL> alter table t23 modify deptno number(3,0)
  2  /

Table altered.

SQL> exec security_policies.set_deptno(20)

PL/SQL procedure successfully completed.

SQL> select count(*) from t23;

  COUNT(*)
----------
         6

SQL>

Note that the change modified the column which is tested by the predicate and the policy still remains in force.

"does a 'CREATE OR REPLACE VIEW'
statement drops and recreates it or
does it alter it?"

Let's try it:

SQL> create view v23 as select * from t23;

View created.

SQL> exec dbms_rls.add_policy('APC', 'V23', 'DEPTPOLV', 'APC', 'security_policies.get_deptno_predicate')

PL/SQL procedure successfully completed.

SQL> exec security_policies.set_deptno(10)

PL/SQL procedure successfully completed.

SQL> select count(*) from v23;

  COUNT(*)
----------
         5

SQL> create or replace view v23 as select name, age from t23;

View created.

SQL> select count(*) from v23;
select count(*) from v23
                     *
ERROR at line 1:
ORA-28113: policy predicate has error


SQL>

Okay, so that's an error because the view's new projection doesn't include the column in the predicate. But it suggests teh ploicy is still in place. So let's fix that error:

SQL> create or replace view v23 as select name, age, deptno from t23;

View created.

SQL> select count(*) from v23;

  COUNT(*)
----------
         5

SQL>

回复收藏 0 原文

~没有更多了~