| Doubt in DBMS_RLS! [message #504893] |
Thu, 28 April 2011 06:59  |
ramya29p
Messages: 146
Registered: November 2007
Location: Chennai
|
Senior Member |
|
|
Hi ,
I have tried to implement RLS policy of oracle.
I have two Schema X1 & X1_DBA.
I have created the emp table in X1_DBA
create table emp(empid number,ename varchar2(10),deptno number)
and inserted some rows into the Table. i have created the below function in X1_DBA schema & Given Select Privilege to X1.
CREATE OR REPLACE FUNCTION no_dept10(
p_schema IN VARCHAR2,
p_object IN VARCHAR2)
RETURN VARCHAR2
AS
BEGIN
RETURN 'deptno != 10';
END;
Grant select on emp to X1;
When i Add the Policy in X1_DBA.schema i am getting the Error as Table does not exist
SQL> BEGIN
2 DBMS_RLS.add_policy
3 (object_schema => 'X1',
4 object_name => 'EMP',
5 policy_name => 'quickstart',
6 policy_function => 'no_dept10');
7 END;
8 /
BEGIN
DBMS_RLS.add_policy
(object_schema => 'X1',
object_name => 'EMP',
policy_name => 'quickstart',
policy_function => 'no_dept10');
END;
ORA-00942: table or view does not exist
ORA-06512: at "SYS.DBMS_RLS", line 20
ORA-06512: at line 2
Could any one please tell me why i am Getting the Error?
|
|
|
|
|
|
| Re: Doubt in DBMS_RLS! [message #504908 is a reply to message #504901] |
Thu, 28 April 2011 07:15  |
ramya29p
Messages: 146
Registered: November 2007
Location: Chennai
|
Senior Member |
|
|
Yes. i want to Restrict Deptno 10 for X1 user. do i have to create a emp table in X1 Schema also? If i use X1_DBA as object schema then if i select emp table from X1_DBA it is restricting deptno 10.
But my concern is i want to restrict deptno 10 only for X1 schema.
|
|
|
|
| Re: Doubt in DBMS_RLS! [message #504911 is a reply to message #504908] |
Thu, 28 April 2011 07:23 |
John Watson
Messages: 8962
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
Your policy function needs to check who the user is, and generate an appropriate predicate.
I'm not going to give any more advice, because you didn't say "thank you".
|
|
|
|
|
|
| Re: Doubt in DBMS_RLS! [message #505075 is a reply to message #505069] |
Fri, 29 April 2011 03:09 |
ramya29p
Messages: 146
Registered: November 2007
Location: Chennai
|
Senior Member |
|
|
Hi,
I have changed my Policy Function as
CREATE OR REPLACE FUNCTION no_dept10(
p_schema IN VARCHAR2,
p_object IN VARCHAR2)
RETURN VARCHAR2
AS
BEGIN
if p_schema = 'X1' then
return 'deptno != 10';
else
return null;
end if;
END;
But when i login to X1 schema & run the Query
its listing all the rows including deptno=10. Could you please tell me how can i give deptno!=10 condition only to X1 Schema.?
Thanks in Advance.
|
|
|
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
