vpd and column masking
Date: Tue, 12 Aug 2008 18:38:39 +0530
Message-ID: <a2b1e7610808120608q7481ae80r26d9c37653c6d2ce@mail.gmail.com>
Hi
This is my first attempt to use vpd and column masking. So pardon me if this
is a very stupid mistake. I am trying to do this but this is not working..
create or replace function sec_function_papf(p_object_schema IN VARCHAR2,
p_object_name VARCHAR2)
return varchar2
as
p_nid varchar2(200);
whoami varchar2(100);
begin
select SYS_CONTEXT('userenv', 'SESSION_USER') into whoami from dual;
if whoami = 'APPS'
then
p_nid := 'national_identifier = national_identifier';
return (p_nid);
else
p_nid := '1=2';
return (p_nid);
end if;
end;
BEGIN
DBMS_RLS.ADD_POLICY(object_schema=>'APPS',
object_name=>'PER_ALL_PEOPLE_F',
policy_name=>'PAPF_POLICY', function_schema=>'APPS', policy_function=>'SEC_FUNCTION_PAPF', sec_relevant_cols=>'national_identifier', sec_relevant_cols_opt=>dbms_rls.ALL_ROWS);END; *
ERROR at line 1:
ORA-28104: input value for sec_relevant_cols is not valid ORA-06512: at "SYS.DBMS_RLS", line 20 ORA-06512: at line 2
The problem is not with the value that I pass to sec_relevant_cols. Even if I remove that I get the error on the other parameters.
The function is created ok. I want to display ssn for privileged user otherwise display null values for other users but display the user's own ssn.
Any pointers on what is not right here?
Thank you
- kumar
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Aug 12 2008 - 08:08:39 CDT