create table owners(owner_id int primary key
, owner_name varchar2(10));
create table tasks(task_id int primary key
, owner_id int
, description varchar2(20)
, completion number);
insert into owners(owner_id, owner_name) values (1, 'Mat');
insert into owners(owner_id, owner_name) values (2, 'Mark');
insert into tasks(task_id, owner_id, description, completion)
values (100, 1, 'Task for Mat', 0);
insert into tasks(task_id, owner_id, description, completion)
values (200, 2, 'Task for Mark', 0);
commit;
策略函数:
create or replace
function tasks_update_policy(schema varchar2, tab varchar2)
return varchar2
is
owner_id number;
begin
select owner_id into owner_id
from owners
where lower(owner_name) = lower(sys_context('userenv','session_user'));
return 'owner_id = ' || owner_id;
exception
when no_data_found then
return '1=2'; -- deny unregistered users
end;
SQL> select * from mat.tasks;
TASK_ID OWNER_ID DESCRIPTION COMPLETION
---------- ---------- -------------------- ----------
100 1 Task for Mat 0
200 2 Task for Mark 0
SQL> update mat.tasks set completion = 20 where task_id = 100 ;
1 row updated.
SQL> update mat.tasks set completion = 20 where task_id = 200 ;
0 rows updated.
当连接为“标记”时:
SQL> insert into mat.tasks values (101, 1, 'More work for Mat', 0);
insert into mat.tasks values (101, 1, 'More work for Mat', 0)
*
ERROR at line 1:
ORA-28115: policy with check option violation
您可以使用行级安全策略,
statement_type限制为update(或者更可能是update和delete,也可能insert是)。有关详细信息,请参阅DMBS_RLS.ADD_POLICY文档。虚拟场景:任务列表,只有任务所有者可以修改他们的任务。
策略函数:
执行政策:
以我自己身份登录时:
当连接为“标记”时: