forked from dlee0113/oracle_pl_sql_programming
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path11g_frc_vpd.sql
158 lines (126 loc) · 3.33 KB
/
11g_frc_vpd.sql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
/*
Let's examine the impact of fine-grained access or
virtual private database on the result cache.
*/
CONNECT hr/hr@oracle11
DROP PACKAGE emplu11g
/
DROP TABLE employees_for_11g
/
CREATE TABLE employees_for_11g
AS SELECT * FROM employees
/
CREATE OR REPLACE PACKAGE emplu11g
IS
FUNCTION last_name (employee_id_in IN employees_for_11g.employee_id%TYPE)
RETURN employees_for_11g.last_name%TYPE
result_cache;
FUNCTION restrict_employees_for_11g (schema_in VARCHAR2, NAME_IN VARCHAR2)
RETURN VARCHAR2;
END;
/
CREATE OR REPLACE PACKAGE BODY emplu11g
IS
FUNCTION last_name (employee_id_in IN employees_for_11g.employee_id%TYPE)
RETURN employees_for_11g.last_name%TYPE
result_cache relies_on (employees_for_11g)
IS
onerow_rec employees_for_11g%ROWTYPE;
BEGIN
DBMS_OUTPUT.PUT_LINE ( 'Looking up last name for employee ID ' || employee_id_in );
SELECT *
INTO onerow_rec
FROM employees_for_11g
WHERE employee_id = employee_id_in;
RETURN onerow_rec.last_name;
END;
FUNCTION restrict_employees_for_11g (schema_in VARCHAR2, NAME_IN VARCHAR2)
RETURN VARCHAR2
IS
BEGIN
RETURN (CASE USER
WHEN 'HR'
THEN '1 = 1'
ELSE '1 = 2'
END
);
END restrict_employees_for_11g;
END;
/
GRANT SELECT ON employees_for_11g TO scott
/
GRANT EXECUTE ON emplu11g TO scott
/
BEGIN
BEGIN
DBMS_RLS.drop_policy ('HR', 'employees_for_11g', 'rls_and_rc');
EXCEPTION
WHEN OTHERS
THEN
IF SQLCODE = -28102
THEN
NULL;
ELSE
RAISE;
END IF;
END;
DBMS_RLS.add_policy
(object_schema => 'HR'
, object_name => 'employees_for_11g'
, policy_name => 'rls_and_rc'
, function_schema => 'HR'
, policy_function => 'emplu11g.restrict_employees_for_11g'
, statement_types => 'SELECT,UPDATE,DELETE,INSERT'
, update_check => TRUE
);
END;
/
/*
First demonstrate basic effect of VPD.
*/
CONNECT hr/hr@oracle11
SELECT last_name
FROM employees_for_11g
WHERE employee_id = 198
/
CONNECT scott/tiger@oracle11
SELECT last_name
FROM hr.employees_for_11g
WHERE employee_id = 198
/
CONNECT hr/hr@oracle11
SET SERVEROUTPUT ON
BEGIN
/* Should see OConnell */
DBMS_OUTPUT.put_line (emplu11g.last_name (198));
END;
/
CONNECT scott/tiger@oracle11
SET SERVEROUTPUT ON
BEGIN
/* Should raise NO_DATA_FOUND but instead.... */
DBMS_OUTPUT.put_line (hr.emplu11g.last_name (198));
END;
/
CONNECT hr/hr@oracle11
SET SERVEROUTPUT ON
BEGIN
/* Flush the cache */
UPDATE employees_for_11g
SET last_name = SUBSTR (last_name, 1, 500);
COMMIT;
END;
/
CONNECT scott/tiger@oracle11
SET SERVEROUTPUT ON
BEGIN
/* Should raise NO_DATA_FOUND */
DBMS_OUTPUT.put_line (hr.emplu11g.last_name (198));
END;
/
/*======================================================================
| Supplement to the fifth edition of Oracle PL/SQL Programming by Steven
| Feuerstein with Bill Pribyl, Copyright (c) 1997-2009 O'Reilly Media, Inc.
| To submit corrections or find more code samples visit
| http://oreilly.com/catalog/9780596514464/
*/