您可以使用statement_type仅限于update(或更可能是update和delete,也许insert也是)的行级安全策略。有关详细信息,请参阅DMBS_RLS.ADD_POLICY文档。
虚拟场景:任务列表,只有任务所有者可以修改他们的任务。
create table owners(owner_id int primary key
, owner_name varchar2(10));
create table tasks(task_id int primary key
, owner_id int
, description varchar2(20)
, completion number);
insert into owners(owner_id, owner_name) values (1, 'Mat');
insert into owners(owner_id, owner_name) values (2, 'Mark');
insert into tasks(task_id, owner_id, description, completion)
values (100, 1, 'Task for Mat', 0);
insert into tasks(task_id, owner_id, description, completion)
values (200, 2, 'Task for Mark', 0);
commit;
政策功能:
create or replace
function tasks_update_policy(schema varchar2, tab varchar2)
return varchar2
is
owner_id number;
begin
select owner_id into owner_id
from owners
where lower(owner_name) = lower(sys_context('userenv','session_user'));
return 'owner_id = ' || owner_id;
exception
when no_data_found then
return '1=2'; -- deny unregistered users
end;
政策实施:
begin
dbms_rls.add_policy(object_schema => 'MAT'
, object_name => 'TASKS'
, policy_name => 'Tasks_update_policy'
, policy_function => 'tasks_update_policy'
, statement_types => 'update,delete,insert' -- policy restriction
, update_check => true);
end;
/
以我自己的身份登录时:
SQL> select * from mat.tasks;
TASK_ID OWNER_ID DESCRIPTION COMPLETION
---------- ---------- -------------------- ----------
100 1 Task for Mat 0
200 2 Task for Mark 0
SQL> update mat.tasks set completion = 20 where task_id = 100 ;
1 row updated.
SQL> update mat.tasks set completion = 20 where task_id = 200 ;
0 rows updated.
当连接为“标记”时:
SQL> insert into mat.tasks values (101, 1, 'More work for Mat', 0);
insert into mat.tasks values (101, 1, 'More work for Mat', 0)
*
ERROR at line 1:
ORA-28115: policy with check option violation