Company_ID = 90에 속하는 JAdmin, PAdmin 및 Company_ID = 91에 속한 FAdmin, KAdmin과 같은 관리자 사용자가있을 경우 VPD를 작성했습니다. Employee에 다른 직원이 있습니다 두 회사에 속한 테이블. 거기에는 Timesheet, Payroll_Period 등과 같은 두 회사의 정보가있는 다른 테이블이 있습니다. Admin_ 및 Company_ID의 목록을 보유하는 Company_Administrators라는 테이블도 있습니다. 목표는 Set_Context를 사용하여 로그인 할 때 Admins의 company_ID를 가져 와서 회사의 정보 만 표시하는 것입니다. 코드 : 나는 관리자의로 로그인 선택 쿼리를 수행 할 때Oracle VPD 'Set_Context'가 작동하지 않습니다.
CREATE USER JAdmin IDENTIFIED BY JAdmin
DEFAULT TABLESPACE IA643_TBS
TEMPORARY TABLESPACE TEMP
ACCOUNT UNLOCK;
CREATE USER FAdmin IDENTIFIED BY FAdmin
DEFAULT TABLESPACE IA643_TBS
TEMPORARY TABLESPACE TEMP
ACCOUNT UNLOCK;
CREATE USER PAdmin IDENTIFIED BY PAdmin
DEFAULT TABLESPACE IA643_TBS
TEMPORARY TABLESPACE TEMP
ACCOUNT UNLOCK;
CREATE USER KAdmin IDENTIFIED BY KAdmin
DEFAULT TABLESPACE IA643_TBS
TEMPORARY TABLESPACE TEMP
ACCOUNT UNLOCK;
GRANT CONNECT, RESOURCE TO JAdmin;
GRANT CONNECT, RESOURCE TO FAdmin;
GRANT CONNECT, RESOURCE TO PAdmin;
GRANT CONNECT, RESOURCE TO KAdmin;
CREATE OR REPLACE PUBLIC SYNONYM COMPANY
FOR DBA643.COMPANY;
GRANT INSERT, SELECT, UPDATE, DELETE ON COMPANY
TO FAdmin, JAdmin, PAdmin, KAdmin;
CREATE OR REPLACE PUBLIC SYNONYM EMPLOYEE
FOR DBA643.EMPLOYEE;
GRANT INSERT, SELECT, UPDATE, DELETE ON EMPLOYEE
TO FAdmin, JAdmin, PAdmin, KAdmin;
CREATE OR REPLACE PUBLIC SYNONYM TIMESHEET
FOR DBA643.TIMESHEET;
GRANT INSERT, SELECT, UPDATE, DELETE ON TIMESHEET
TO FAdmin, JAdmin, PAdmin, KAdmin;
CREATE OR REPLACE PUBLIC SYNONYM PAYROLL_PERIOD
FOR DBA643.PAYROLL_PERIOD;
GRANT INSERT, SELECT, UPDATE, DELETE ON PAYROLL_PERIOD
TO FAdmin, JAdmin, PAdmin, KAdmin;
CREATE OR REPLACE PUBLIC SYNONYM DAILY_WORK_HOURS
FOR DBA643.DAILY_WORK_HOURS;
GRANT INSERT, SELECT, UPDATE, DELETE ON DAILY_WORK_HOURS
TO FAdmin, JAdmin, PAdmin, KAdmin;
Conn sys as sysdba
CREATE USER sysadmin_ctx IDENTIFIED BY secAdmin;
GRANT CREATE SESSION, CREATE ANY CONTEXT, CREATE PROCEDURE, CREATE TRIGGER, ADMINISTER
DATABASE TRIGGER TO sysadmin_ctx IDENTIFIED BY secAdmin;
GRANT EXECUTE ON DBMS_SESSION TO sysadmin_ctx;
GRANT EXECUTE ON DBMS_RLS TO sysadmin_ctx;
GRANT RESOURCE TO sysadmin_ctx;
GRANT SELECT ON Company_Administrators TO sysadmin_ctx;
CREATE OR REPLACE CONTEXT Company_Admin USING PKG_Comp_Admin;
CREATE OR REPLACE PACKAGE PKG_Comp_Admin IS
PROCEDURE Get_Company_ID;
END;
/
CREATE OR REPLACE PACKAGE BODY PKG_Comp_Admin IS
PROCEDURE Get_Company_ID IS
V_Company_ID NUMBER;
BEGIN
SELECT Company_ID
INTO V_Company_ID
FROM DBA643.Company_Administrators
WHERE System_Username = SYS_CONTEXT('USERENV', 'SESSION_USER');
DBMS_SESSION.SET_CONTEXT('COMPANY_ADMIN', 'CompanyID', 'V_Company_ID');
EXCEPTION
WHEN NO_DATA_FOUND THEN NULL;
END;
END;
/
SHOW ERROR;
CREATE OR REPLACE FUNCTION Company_Admin_fun (P_schema_name IN varchar2,
P_object_name IN varchar2) RETURN varchar2 IS
V_where varchar2(300);
BEGIN
IF User = 'DBA643' then
V_where := '';
ELSE
V_where := 'Company_ID = '||NVL(SYS_CONTEXT('Company_Admin', 'CompanyID'),0);
END IF;
RETURN V_where;
END;
/
EXEC DBMS_RLS.DROP_Policy ('DBA643','COMPANY','COMPANY_POLICY');
EXEC DBMS_RLS.DROP_Policy ('DBA643','EMPLOYEE','EMPLOYEE_POLICY');
EXEC DBMS_RLS.DROP_Policy ('DBA643','TIMESHEET','TIMESHEET_POLICY');
EXEC DBMS_RLS.DROP_Policy ('DBA643','DAILY_WORK_HOURS','DAILY_WORK_HOURS_POLICY');
EXEC DBMS_RLS.ADD_Policy ('DBA643','COMPANY','COMPANY_POLICY','sysadmin_ctx','Company_Admin_fun','SELECT, UPDATE, DELETE, INSERT', TRUE);
EXEC DBMS_RLS.ADD_Policy ('DBA643','EMPLOYEE','EMPLOYEE_POLICY','sysadmin_ctx','Company_Admin_fun','SELECT, UPDATE, DELETE, INSERT', TRUE);
EXEC DBMS_RLS.ADD_Policy ('DBA643','TIMESHEET','TIMESHEET_POLICY','sysadmin_ctx','Company_Admin_fun','SELECT, UPDATE, DELETE, INSERT', TRUE);
EXEC DBMS_RLS.ADD_Policy ('DBA643','DAILY_WORK_HOURS','DAILY_WORK_HOURS_POLICY','sysadmin_ctx','Company_Admin_fun','SELECT, UPDATE, DELETE, INSERT', TRUE);
CREATE OR REPLACE TRIGGER After_Logon_Trigger
AFTER LOGON
ON DATABASE
BEGIN
sysadmin_ctx.PKG_Comp_Admin.Get_Company_ID;
END;
/
, 내가 '선택 행이'수 없습니다. 관리자 중 하나로 로그인 한 후 다음 명령을 사용하면 관리자의 회사 ID가되어야하는 Company_Admin 컨텍스트의 업데이트 된 값이 표시되지 않기 때문에 Set_context 부분에 대한 문제를 줄였습니다.
select SYS_CONTEXT('Company_Admin', 'CompanyID') from dual
어떤 도움을 주시면 감사하겠습니다. 고맙습니다.
Pls가 태그로 VPD를 추가합니다. Oracle VPD는 Oracle의 Virtual Private Database를 참조합니다. – pahariayogi