尝试根据登录用户隐藏某些列并遇到策略功能问题。我试图过滤的值以这种格式存储 - “|1234|”,我需要排除它。感谢有关如何过滤上述格式的值的输入。谢谢!
BEGIN
DBMS_RLS.drop_POLICY (object_schema => 'Schema1',
object_name => 'RT_TABLE',
policy_name => 'AUDIT_DOMAINSECURE');
END;
CREATE OR REPLACE FUNCTION AUDITDOMAIN_SECURE_FNC (p_schema VARCHAR2,
p_obj VARCHAR2)
RETURN VARCHAR2
AS
l_user VARCHAR2 (20);
l_predicate VARCHAR2 (100);
BEGIN
SELECT USER INTO l_user FROM DUAL;
IF l_user NOT IN ('TOM')
THEN
l_predicate := 'DOMAIN != |3721|';
END IF;
RETURN l_predicate;
END AUDITDOMAIN_SECURE_FNC;
BEGIN
DBMS_RLS.add_policy (object_schema => 'SCHEMA1' -- specify the schema containing the object
,
object_name => 'RT_TABLE' -- specify the object name within the schema.
,
policy_name => 'AUDIT_DOMAINSECURE' -- specify the policy name. Policy name is unique for an object.
,
function_schema => 'SCHEMA1' -- specify the schema in which the policy function is created
,
policy_function => 'AUDITDOMAIN_SECURE_FNC' -- specify the name of the policy function
,
statement_Types => 'SELECT' -- Operations when this policy applies. SELECT
,
sec_relevant_cols => 'DOMAIN,TABLE_ID' -- ALL relevant columns to be hidden from users
-- ,sec_relevant_cols_opt=> dbms_rls.ALL_ROWS
);
END;
我尝试过滤的值以这种格式存储 - “|1234|”
如果它存储为字符串(看起来是这样),那么您的谓词需要将该列与字符串值进行比较;这意味着您需要将谓词中的值括在单引号中,并且由于它已经是一个字符串,因此您需要转义该值周围的引号。
所以代替:
l_predicate := 'DOMAIN != |3721|';
你可以这样做:
l_predicate := 'DOMAIN != ''|3721|''';
转义内部引号,或使用替代引用机制(q-quoting):
l_predicate := q'^DOMAIN != '|3721|'^';