ENVIAR CORREO UTL_MAIL
The UTL_MAIL package provides a simple API to allow email to be sent from PL/SQL. In prior versions this was possible using the UTL_SMTP package, but this required knowledge of the SMTP protocol.The package is loaded by running the following scripts:
CONN sys/password AS SYSDBA @$ORACLE_HOME/rdbms/admin/utlmail.sql @$ORACLE_HOME/rdbms/admin/prvtmail.plb
SQL> grant execute on utl_mail to dbo;
In addition the SMTP_OUT_SERVER parameter must be set to identify the SMTP server:
CONN sys/password AS SYSDBA
ALTER SYSTEM SET smtp_out_server='smtp.domain.com' SCOPE=SPFILE;
ALTER SYSTEM SET smtp_out_server='WBOGEX01.telecom.esp:25' SCOPE=SPFILE;
SHUTDOWN IMMEDIATE STARTUP With the configuration complete we can now send a mail using:
BEGIN UTL_MAIL.send(sender => 'me@domain.com', recipients => 'person1@domain.com,person2@domain.com', cc => 'person3@domain.com', bcc => 'myboss@domain.com', subject => 'UTL_MAIL Test', message => 'If you get this message it worked!'); END; /
martes, 9 de septiembre de 2008
lunes, 8 de septiembre de 2008
Oracle Seguridad Script Determinar Usuario y Password Igual
Script para determinar usuarios con el password igual al username
create or replace procedure sys.find_joes as
-- Find users that have their password equal to their username
hexpw varchar2(30);
modpw varchar2(30);
un varchar2(30);
cursor c1 is select username,password from dba_users
where length(trim(password)) = 16; -- only consider db authenticated
begin
for i in c1 loop
hexpw := i.password;
un := i.username;
execute immediate 'alter user 'un' identified by 'un;
select password into modpw from dba_users where username = un;
if modpw = hexpw then
dbms_output.put_line(un);
else
-- change password back to what it was
execute immediate
'alter user 'un' identified by values '''hexpw'''';
end if;
end loop;
end;
/
Sample Output
SQL> set serveroutput on
SQL> exec sys.find_joes;
OUTLN
DBSNMP
CTXSYS
MDSYS
TEST
PL/SQL procedure successfully completed.
create or replace procedure sys.find_joes as
-- Find users that have their password equal to their username
hexpw varchar2(30);
modpw varchar2(30);
un varchar2(30);
cursor c1 is select username,password from dba_users
where length(trim(password)) = 16; -- only consider db authenticated
begin
for i in c1 loop
hexpw := i.password;
un := i.username;
execute immediate 'alter user 'un' identified by 'un;
select password into modpw from dba_users where username = un;
if modpw = hexpw then
dbms_output.put_line(un);
else
-- change password back to what it was
execute immediate
'alter user 'un' identified by values '''hexpw'''';
end if;
end loop;
end;
/
Sample Output
SQL> set serveroutput on
SQL> exec sys.find_joes;
OUTLN
DBSNMP
CTXSYS
MDSYS
TEST
PL/SQL procedure successfully completed.
Oracle Restore Point Laboratorio
select * from v$flash_recovery_area_usage;
SQL>gt; flashback table aud_sesiones to before drop;
DETERMINAR PRIMER FLASHBACK
SELECT OLDEST_FLASHBACK_SCN, to_char(OLDEST_FLASHBACK_TIME,'YYYY-MM-DD:HH24:MI:SS'),"OLDEST_FLASHBACK_TIME" FROM V$FLASHBACK_DATABASE_LOG;
LABORATORIO DE RESTORE POINT
RMAM> list restore point all;
SQL>CREATE RESTORE POINT good_data;
Punto de restauracion creado.
SQL> select descripcion from per_sexo where codigo_sexo=1;
DESCRIPCION
----------------------------------------
MASCULINO
SQL> update per_sexo set descripcion='OTRO' where codigo_sexo=1;
1 fila actualizada.
SQL> select descripcion from per_sexo where codigo_sexo=1;
DESCRIPCION
----------------------------------------
OTRO
SQL> commit;
Confirmacion terminada.
SQL> FLASHBACK TABLE PER_SEXO TO RESTORE POINT GOOD_DATA;
FLASHBACK TABLE PER_SEXO TO RESTORE POINT GOOD_DATA
*
ERROR en linea 1:
ORA-08189: no se puede realizar flashback en la tabla porque el movimiento de filas no esta activado
SQL> alter table per_sexo enable row movement;
Tabla modificada.
SQL> flashback table per_sexo to restore point good_data;
Flashback terminado.
SQL> select descripcion from per_sexo where codigo_sexo=1;
DESCRIPCION
----------------------------------------
MASCULINO
PARA VER PUNTOS DE RESTAURACION CREADOS EN LA INSTANCIA
SQL> select name, storage_size from v$restore_point;
BORRAR PUNTO DE RESTAURACION
drop restore point good_data;
SQL>gt; flashback table aud_sesiones to before drop;
DETERMINAR PRIMER FLASHBACK
SELECT OLDEST_FLASHBACK_SCN, to_char(OLDEST_FLASHBACK_TIME,'YYYY-MM-DD:HH24:MI:SS'),"OLDEST_FLASHBACK_TIME" FROM V$FLASHBACK_DATABASE_LOG;
LABORATORIO DE RESTORE POINT
RMAM> list restore point all;
SQL>CREATE RESTORE POINT good_data;
Punto de restauracion creado.
SQL> select descripcion from per_sexo where codigo_sexo=1;
DESCRIPCION
----------------------------------------
MASCULINO
SQL> update per_sexo set descripcion='OTRO' where codigo_sexo=1;
1 fila actualizada.
SQL> select descripcion from per_sexo where codigo_sexo=1;
DESCRIPCION
----------------------------------------
OTRO
SQL> commit;
Confirmacion terminada.
SQL> FLASHBACK TABLE PER_SEXO TO RESTORE POINT GOOD_DATA;
FLASHBACK TABLE PER_SEXO TO RESTORE POINT GOOD_DATA
*
ERROR en linea 1:
ORA-08189: no se puede realizar flashback en la tabla porque el movimiento de filas no esta activado
SQL> alter table per_sexo enable row movement;
Tabla modificada.
SQL> flashback table per_sexo to restore point good_data;
Flashback terminado.
SQL> select descripcion from per_sexo where codigo_sexo=1;
DESCRIPCION
----------------------------------------
MASCULINO
PARA VER PUNTOS DE RESTAURACION CREADOS EN LA INSTANCIA
SQL> select name, storage_size from v$restore_point;
BORRAR PUNTO DE RESTAURACION
drop restore point good_data;
Auditoria Oracle
PRUEBAS DE AUDITORIA DBMS_FGA
Hola a Todos
Si quieren una solución de software de Auditoría muy completa favor visitar este sitio estos locos son expertos en el tema tienen un producto excelente y muy buenos precios
www.oraconsultors.com
SQL> ALTER SYSTEM SET audit_trail=db_extended SCOPE=SPFILE;
AUDIT_SYS_OPERATIONS = TRUE
SQL> ALTER SYSTEM SET AUDIT_SYS_OPERATIONS = TRUE SCOPE =SPFILE;
SELECT * FROM ALL_AUDIT_POLICIES;
SELECT POLICY_NAME FROM ALL_AUDIT_POLICIES;
SELECT OBJECT_SCHEMA,OBJECT_NAME,POLICY_NAME,POLICY_COLUMN,SEL,INS,UPD,DEL FROM ALL_AUDIT_POLICIES
Sistema modificado.
-- Clear down the audit trail.
CONN sys/password@db10g AS SYSDBA
ALTER TABLE AUD$ MOVE TABLESPACE USERS;
TRUNCATE TABLE fga_log$;
SELECT sql_text FROM dba_fga_audit_trail;
no rows selected.
-- Apply the policy to the SAL columnof the EMP table.
BEGIN
DBMS_FGA.add_policy(
object_schema => 'SCOTT',
object_name => 'EMP',
policy_name => 'SAL_AUDIT',
audit_condition => NULL, -- Equivalent to TRUE
audit_column => 'SAL',
statement_types => 'SELECT,INSERT,UPDATE,DELETE');
END;
/
-- Test the auditing.
CONN scott/tiger@db10g
SELECT * FROM emp;
INSERT INTO emp (empno, ename, sal) VALUES (9999, 'Tim', 1);
UPDATE emp SET sal = 10 WHERE empno = 9999;
DELETE emp WHERE empno = 9999;
ROLLBACK;
-- Check the audit trail.
SELECT sql_text FROM dba_fga_audit_trail;
SQL_TEXT
--------------------------------------
SELECT * FROM emp
INSERT INTO emp (empno, ename, sal) VALUES (9999, 'Tim', 1)
UPDATE emp SET sal = 10 WHERE empno = 9999
DELETE emp WHERE empno = 9999
4 rows selected.
-- Drop the policy.
CONN sys/password@db10g AS SYSDBA
BEGIN
DBMS_FGA.drop_policy(
object_schema => 'SCOTT',
object_name => 'EMP',
policy_name => 'SAL_AUDIT');
END;
/
-- Configure extended auditing.
CONN sys/password AS SYSDBA
ALTER SYSTEM SET audit_trail=db_extended SCOPE=SPFILE;
SHUTDOWN IMMEDIATE
STARTUP
TRUNCATE TABLE aud$;
AUDIT ALL BY scott BY ACCESS;
-- Perform an auditable action.
CONN scott/tiger
UPDATE emp SET ename = ename;
-- Check the audit trail.
SELECT sql_text FROM dba_common_audit_trail;
SQL_TEXT
----------------------------
UPDATE emp SET ename = ename
1 row selected.
-- Unconfigure extended auditing.
CONN sys/password AS SYSDBA
ALTER SYSTEM SET audit_trail=none SCOPE=SPFILE;
SHUTDOWN IMMEDIATE
STARTUP
TRUNCATE TABLE aud$;
TRUNCATE TABLE fga_log$;
-- Configure extended auditing.
CONN sys/password AS SYSDBA
ALTER SYSTEM SET audit_trail=db_extended SCOPE=SPFILE;
SHUTDOWN IMMEDIATE
STARTUP
TRUNCATE TABLE aud$;
TRUNCATE TABLE fga_log$;
AUDIT ALL BY scott BY ACCESS;
-- Perform an auditable action.
CONN scott/tiger
UPDATE emp SET ename = ename;
-- Check the audit trail.
SELECT sql_text FROM dba_common_audit_trail;
SQL_TEXT
----------------------------
UPDATE emp SET ename = ename
1 row selected.
-- Unconfigure extended auditing.
CONN sys/password AS SYSDBA
ALTER SYSTEM SET audit_trail=none SCOPE=SPFILE;
SHUTDOWN IMMEDIATE
STARTUP
TRUNCATE TABLE aud$;
TRUNCATE TABLE fga_log$;
DBA_AUDIT_TRAIL - Standard auditing only (from AUD$).
DBA_FGA_AUDIT_TRAIL - Fine-grained auditing only (from FGA_LOG$).
DBA_COMMON_AUDIT_TRAIL - Both standard and fine-grained auditing.
EJEMPLO PROBADO AUDITORIA
CONNECT sys/password AS SYSDBA
CREATE USER audit_test IDENTIFIED BY password
DEFAULT TABLESPACE users
TEMPORARY TABLESPACE temp
QUOTA UNLIMITED ON users;
GRANT connect TO audit_test;
GRANT create table, create procedure TO audit_test;
CONNECT sys/password AS SYSDBA
AUDIT ALL BY audit_test BY ACCESS;
AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY audit_test BY ACCESS;
AUDIT EXECUTE PROCEDURE BY audit_test BY ACCESS;
CONN audit_test/password
CREATE TABLE test_tab (
id NUMBER
);
INSERT INTO test_tab (id) VALUES (1);
UPDATE test_tab SET id = id;
SELECT * FROM test_tab;
DELETE FROM test_tab;
DROP TABLE test_tab;
SELECT view_name
FROM dba_views
WHERE view_name LIKE 'DBA%AUDIT%'
ORDER BY view_name;
VIEW_NAME
------------------------------
DBA_AUDIT_EXISTS
DBA_AUDIT_OBJECT
DBA_AUDIT_POLICIES
DBA_AUDIT_POLICY_COLUMNS
DBA_AUDIT_SESSION
DBA_AUDIT_STATEMENT
DBA_AUDIT_TRAIL
DBA_COMMON_AUDIT_TRAIL
DBA_FGA_AUDIT_TRAIL
DBA_OBJ_AUDIT_OPTS
DBA_PRIV_AUDIT_OPTS
DBA_REPAUDIT_ATTRIBUTE
DBA_REPAUDIT_COLUMN
DBA_STMT_AUDIT_OPTS
14 rows selected.
DBA_AUDIT_TRAIL - Standard auditing only (from AUD$).
· DBA_FGA_AUDIT_TRAIL - Fine-grained auditing only (from FGA_LOG$).
· DBA_COMMON_AUDIT_TRAIL - Both standard and fine-grained auditing.
COLUMN username FORMAT A10
COLUMN owner FORMAT A10
COLUMN obj_name FORMAT A10
COLUMN extended_timestamp FORMAT A35
SELECT username,
extended_timestamp,
owner,
obj_name,
action_name
FROM dba_audit_trail
WHERE owner = 'AUDIT_TEST'
ORDER BY timestamp;
USERNAME EXTENDED_TIMESTAMP OWNER OBJ_NAME ACTION_NAME
---------- ----------------------------------- ---------- ---------- ----------------------------
AUDIT_TEST 16-FEB-2006 14:16:55.435000 +00:00 AUDIT_TEST TEST_TAB CREATE TABLE
AUDIT_TEST 16-FEB-2006 14:16:55.514000 +00:00 AUDIT_TEST TEST_TAB INSERT
AUDIT_TEST 16-FEB-2006 14:16:55.545000 +00:00 AUDIT_TEST TEST_TAB UPDATE
AUDIT_TEST 16-FEB-2006 14:16:55.592000 +00:00 AUDIT_TEST TEST_TAB SELECT
AUDIT_TEST 16-FEB-2006 14:16:55.670000 +00:00 AUDIT_TEST TEST_TAB DELETE
AUDIT_TEST 16-FEB-2006 14:17:00.045000 +00:00 AUDIT_TEST TEST_TAB DROP TABLE
OLUMN db_user FORMAT A10
COLUMN object_schema FORMAT A10
COLUMN object_name FORMAT A10
COLUMN extended_timestamp FORMAT A35
SELECT db_user,
extended_timestamp,
object_schema,
object_name,
action
FROM v$xml_audit_trail
WHERE object_schema = 'AUDIT_TEST'
ORDER BY extended_timestamp;
DB_USER EXTENDED_TIMESTAMP OBJECT_SCH OBJECT_NAM ACTION
---------- ----------------------------------- ---------- ---------- ----------
AUDIT_TEST 16-FEB-2006 14:14:33.417000 +00:00 AUDIT_TEST TEST_TAB 1
AUDIT_TEST 16-FEB-2006 14:14:33.464000 +00:00 AUDIT_TEST TEST_TAB 2
AUDIT_TEST 16-FEB-2006 14:14:33.511000 +00:00 AUDIT_TEST TEST_TAB 6
AUDIT_TEST 16-FEB-2006 14:14:33.542000 +00:00 AUDIT_TEST TEST_TAB 3
AUDIT_TEST 16-FEB-2006 14:14:33.605000 +00:00 AUDIT_TEST TEST_TAB 7
AUDIT_TEST 16-FEB-2006 14:14:34.917000 +00:00 AUDIT_TEST TEST_TAB 12
6 rows selected.
SQL>NOAUDIT ALL BY DBO;
SQL>NOAUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY DBO;
MOVER AUDITORIA AUD$
ALTER TABLE AUD$ MOVE TABLESPACE USERS;
ALTER TABLE AUD$ MOVE TABLESPACE AUDITORIA;
drop table system.aud$_bu;
create table system.aud$_bu
tablespace tools
as (select * from sys.aud$ where 1=2);
drop table system.aud$_prev_quarter;
create table system.aud$_prev_quarter
tablespace tools
as (select * from sys.aud$ where 1=2);
CHEQUEAR TAMAÑO AUD$SIZE
Create procedure
keep_size_in_check
is
rowCount number;
begin
select count(*) into rowCount from sys.aud$ ;
if rowCount > 50000
then
commit;
set transaction use rollback segment rbs_bulk;
insert into system.aud$_bu (select * from sys.aud$);
delete from sys.aud$ ;
commit;
sys.dbms_system.ksdwrt (3,'ORA-AUDIT TRAIL: POSSIBLE DOS
ATTACK!!!! AUD$ rows moved to AUD$_BU');
end if;
end keep_size_in_check;
BEGIN
DBMS_SCHEDULER.CREATE_JOB(
job_name => 'CHECK_SIZE_AUD$',
job_type => 'STORED_PROCEDURE',
job_action => ' keep_size_in_check',
start_date => SYSDATE,
repeat_interval => 'FREQ = WEEKLY');
END;
/
BEGIN
DBMS_SCHEDULER.ENABLE('CHECK_SIZE_AUD$');
END;
/
BEGIN
DBMS_SCHEDULER.RUN_JOB('CHECK_SIZE_AUD$',FALSE);
END;
/
BEGIN
DBMS_SCHEDULER.DROP_JOB('CHECK_SIZE_AUD$',FALSE);
END;
/
procedure quarterly_rotation
is
/* Procedure quarterly_rotation
* Cleans out table system.aud$_prev_quarter
* and repopulates it with the previous quarter's worth of audit info
* Should be scheduled to run every quarter
*/
begin
commit;
set transaction use rollback segment rbs_bulk;
delete from system.aud$_prev_quarter;
insert into system.aud$_prev_quarter
( select * from sys.aud$ au
where au.timestamp# < what =""> ‘manage_aud$.keep_size_in_check;’,
interval => ‘trunc(sysdate)+1/96’);
End;
Examples
Stop Auditing of SQL Statements Related to Roles: Example If you have chosen auditing for every SQL statement that creates or drops a role, then you can stop auditing of such statements by issuing the following statement:
NOAUDIT ROLE;
Stop Auditing of Updates or Queries on Objects Owned by a Particular User: Example If you have chosen auditing for any statement that queries or updates any table issued by the users hr and oe, then you can stop auditing for queries by hr by issuing the following statement:
NOAUDIT SELECT TABLE BY hr;
The preceding statement stops auditing only queries by hr, so the database continues to audit queries and updates by oe as well as updates by hr.
Stop Auditing of Statements Authorized by a Particular Object Privilege: Example To stop auditing on all statements that are authorized by DELETE ANY TABLE system privilege, issue the following statement:
NOAUDIT DELETE ANY TABLE;
Stop Auditing of Queries on a Particular Object: Example If you have chosen auditing for every SQL statement that queries the employees table in the schema hr, then you can stop auditing for such queries by issuing the following statement:
NOAUDIT SELECT
ON hr.employees;
Stop Auditing of Queries that Complete Successfully: Example You can stop auditing for queries that complete successfully by issuing the following statement:
NOAUDIT SELECT
ON hr.employees
WHENEVER SUCCESSFUL;
VER TODAS LAS POLITICAS
SELECT * FROM ALL_AUDIT_POLICIES;
SELECT OBJECT_SCHEMA,OBJECT_NAME,POLICY_NAME,POLICY_COLUMN,SEL,INS,UPD,DEL FROM ALL_AUDIT_POLICIES
execute dbms_fga.drop_policy('DBO','PER_PERSONA','A_PER_PERSONA_TOTAL_DEVENGADO');
dbms_fga.enable_policy('DBO','PER_PERSONA','A_PER_PERSONA_TOTAL_DEVENGADO',TRUE);
dbms_fga.disable_policy('DBO','PER_PERSONA','A_PER_PERSONA_TOTAL_DEVENGADO');
PERFORMANCE QUERYS
SQL> EXPLAIN PLAN FOR SELECT * FROM PER_PERSONA WHERE ESTADO=1;
SQL> SELECT * FROM PLAN_TABLE
OTRA FORMA DE HACERLO ES
SQL> SET AUTOTRACE ON;
SQL> SELECT * FROM PER_PERSONA;
SALE RESULTADO Y PLAN DE EJECUCION
SQL> SET AUTOTRACE TRACEONLY;
SQL> SELECT * FROM PER_PERSONA;
PERFORMANCE
SQL> SHOW PARAMETER CURSOR;
PARAMETR CURSOR_SHARING
SQL> SHOW PARAMETER PGA_AGGREGATE_TARGET;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
pga_aggregate_target big integer 16M
SQL> show parameter optimizer_mode
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
optimizer_mode string ALL_ROWS
per_persona_tuning_task
EJEMPLO DE VIRTUAL PRIVATE DATABASE
l Virtual Private Database (VPD) with Oracle
_uacct = "UA-221075-1";urchinTracker();
Virtual Private Database is also known as fine graind access control (FGAC). It allows to define which rows users may have access to.
� A simple example
In this example, it is assumed that a company consists of different departments (with each having an entry in the departments table). An employee belongs to exactly on department. A department can have secrets that go into the department_secrets table.
create table department (
dep_id int primary key,
name varchar2(30)
);
create table employee (
dep_id references department,
name varchar2(30)
);
create table department_secrets (
dep_id references department,
secret varchar2(30)
);
Filling in some truly confidential secrets:
insert into department values (1, 'Research and Development');
insert into department values (2, 'Sales' );
insert into department values (3, 'Human Resources' );
insert into employee values (2, 'Peter');
insert into employee values (3, 'Julia');
insert into employee values (3, 'Sandy');
insert into employee values (1, 'Frank');
insert into employee values (2, 'Eric' );
insert into employee values (1, 'Joel' );
insert into department_secrets values (1, 'R+D Secret #1' );
insert into department_secrets values (1, 'R+D Secret #2' );
insert into department_secrets values (2, 'Sales Secret #1');
insert into department_secrets values (2, 'Sales Secret #2');
insert into department_secrets values (3, 'HR Secret #1' );
insert into department_secrets values (3, 'HR Secret #2' );
For any employee, it must be possible to see all secrets of his department, but no secret of another department.
In order to make that happen with Oracle, we need to create a package, a trigger, and set a policy.
First, the package is created.
create or replace package pck_vpd
as
p_dep_id department.dep_id%type;
procedure set_dep_id(v_dep_id department.dep_id%type);
function predicate (obj_schema varchar2, obj_name varchar2) return varchar2;
end pck_vpd;
/
create or replace package body pck_vpd as
procedure set_dep_id(v_dep_id department.dep_id%type) is
begin
p_dep_id := v_dep_id;
end set_dep_id;
function predicate (obj_schema varchar2, obj_name varchar2) return varchar2 is
begin
return 'dep_id = ' p_dep_id;
end predicate;
end pck_vpd;
/
Then the trigger is defined. This trigger fires whenever someone log on to the database. It finds the user's departement id (dep_id) and calls set_dep_id in the package.
create or replace trigger trg_vpd
after logon on database
declare
v_dep_id department.dep_id%type;
begin
select dep_id into v_dep_id
from employee where upper(name) = user;
pck_vpd.set_dep_id(v_dep_id);
end;
/
Finally, the policy is defined. The policy states which procedure is used to add a where clause part to the where clause if someone executes a select statement.
begin
dbms_rls.add_policy (
user,
'department_secrets',
'choosable policy name',
user,
'pck_vpd.predicate',
'select,update,delete');
end;
/
To test the setup, some users are created.
create user frank identified by frank default tablespace users temporary tablespace temp;
create user peter identified by peter default tablespace users temporary tablespace temp;
create user julia identified by julia default tablespace users temporary tablespace temp;
The necessary privileges are granted.
grant all on department_secrets to frank;
grant all on department_secrets to peter;
grant all on department_secrets to julia;
grant create session to frank;
grant create session to peter;
grant create session to julia;
A public synonym is created.
create public synonym department_secrets for department_secrets;
Frank (belonging to R+D) executes a query....
connect frank/frank;
select * from department_secrets;
DEP_ID SECRET
---------- ------------------------------
1 R+D Secret #1
1 R+D Secret #2
Peter (belonging to Sales) executes a query....
connect peter/peter;
select * from department_secrets;
DEP_ID SECRET
---------- ------------------------------
2 Sales Secret #1
2 Sales Secret #2
script ORACLE
SQL> connect dbo/power
Conectado.
SQL>
SQL> create table department (
dep_id int primary key,
name varchar2(30)
); 2 3 4
Tabla creada.
SQL> create table employee (
dep_id references department,
name varchar2(30)
); 2 3 4
Tabla creada.
SQL> create table department_secrets (
dep_id references department,
secret varchar2(30)
); 2 3 4
Tabla creada.
SQL> insert into department values (1, 'Research and Development');
insert into department values (2, 'Sales' );
insert into department values (3, 'Human Resources' );
1 fila creada.
SQL>
1 fila creada.
SQL> rollback;
insert into department values (3, 'Human Resources' );rollback
*
ERROR en linea 1:
ORA-00911: caracter no valido
SQL> rollback;
Rollback terminado.
SQL> insert into department values (1, 'Research and Development');
1 fila creada.
SQL> insert into department values (2, 'Sales' );
1 fila creada.
SQL> insert into department values (3, 'Human Resources' );
1 fila creada.
SQL> insert into employee values (2, 'Peter');
1 fila creada.
SQL> insert into employee values (3, 'Julia');
1 fila creada.
SQL> insert into employee values (3, 'Sandy');
1 fila creada.
SQL> insert into employee values (1, 'Frank');
1 fila creada.
SQL> insert into employee values (2, 'Eric' );
1 fila creada.
SQL> insert into employee values (1, 'Joel' );
1 fila creada.
SQL> insert into department_secrets values (1, 'R+D Secret #1' );
1 fila creada.
SQL> insert into department_secrets values (1, 'R+D Secret #2' );
1 fila creada.
SQL> insert into department_secrets values (2, 'Sales Secret #1');
1 fila creada.
SQL> insert into department_secrets values (2, 'Sales Secret #2');
1 fila creada.
SQL> insert into department_secrets values (3, 'HR Secret #1' );
1 fila creada.
SQL> insert into department_secrets values (3, 'HR Secret #2' );
1 fila creada.
SQL> commit;
Confirmacion terminada.
SQL> create or replace package pck_vpd
as
p_dep_id department.dep_id%type;
procedure set_dep_id(v_dep_id department.dep_id%type);
function predicate (obj_schema varchar2, obj_name varchar2) return varchar2;
end pck_vpd;
/ 2 3 4 5 6 7 8 9
Paquete creado.
SQL> create or replace package body pck_vpd as
procedure set_dep_id(v_dep_id department.dep_id%type) is
begin
p_dep_id := v_dep_id;
end set_dep_id;
function predicate (obj_schema varchar2, obj_name varchar2) return varchar2 is
begin
return 'dep_id = ' p_dep_id;
end predicate;
end pck_vpd;
/ 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Cuerpo del paquete creado.
SQL> create or replace trigger trg_vpd
after logon on database
declare
v_dep_id department.dep_id%type;
begin
select dep_id into v_dep_id
from employee where upper(name) = user;
pck_vpd.set_dep_id(v_dep_id);
end;
/ 2 3 4 5 6 7 8 9 10 11
Disparador creado.
SQL> begin
dbms_rls.add_policy (
user,
'department_secrets',
'choosable policy name',
user,
'pck_vpd.predicate',
'select,update,delete');
end;
/
2 3 4 5 6 7 8 9 10
Procedimiento PL/SQL terminado correctamente.
SQL> SQL> create user frank identified by frank default tablespace users temporary tablespace temp;
Usuario creado.
SQL> create user peter identified by peter default tablespace users temporary tablespace temp;
Usuario creado.
SQL> create user julia identified by julia default tablespace users temporary tablespace temp;
Usuario creado.
SQL> grant all on department_secrets to frank;
Concesion terminada correctamente.
SQL> grant all on department_secrets to peter;
Concesion terminada correctamente.
SQL> grant all on department_secrets to julia;
Concesion terminada correctamente.
SQL> grant create session to frank;
Concesion terminada correctamente.
SQL> grant create session to peter;
Concesion terminada correctamente.
SQL> grant create session to julia;
Concesion terminada correctamente.
SQL> create public synonym department_secrets for department_secrets;
Sinonimo creado.
SQL> connect frank/frank;
Conectado.
SQL> select * from department_secrets;
DEP_ID SECRET
---------- ------------------------------
1 R+D Secret #1
1 R+D Secret #2
SQL> connect peter/peter;
Conectado.
SQL> select * from department_secrets;
DEP_ID SECRET
---------- ------------------------------
2 Sales Secret #1
2 Sales Secret #2
SQL> EXECUTE DBMS_RLS.DROP_POLICY('DBO','department_secrets','choosable policy name');
Hola a Todos
Si quieren una solución de software de Auditoría muy completa favor visitar este sitio estos locos son expertos en el tema tienen un producto excelente y muy buenos precios
www.oraconsultors.com
SQL> ALTER SYSTEM SET audit_trail=db_extended SCOPE=SPFILE;
AUDIT_SYS_OPERATIONS = TRUE
SQL> ALTER SYSTEM SET AUDIT_SYS_OPERATIONS = TRUE SCOPE =SPFILE;
SELECT * FROM ALL_AUDIT_POLICIES;
SELECT POLICY_NAME FROM ALL_AUDIT_POLICIES;
SELECT OBJECT_SCHEMA,OBJECT_NAME,POLICY_NAME,POLICY_COLUMN,SEL,INS,UPD,DEL FROM ALL_AUDIT_POLICIES
Sistema modificado.
-- Clear down the audit trail.
CONN sys/password@db10g AS SYSDBA
ALTER TABLE AUD$ MOVE TABLESPACE USERS;
TRUNCATE TABLE fga_log$;
SELECT sql_text FROM dba_fga_audit_trail;
no rows selected.
-- Apply the policy to the SAL columnof the EMP table.
BEGIN
DBMS_FGA.add_policy(
object_schema => 'SCOTT',
object_name => 'EMP',
policy_name => 'SAL_AUDIT',
audit_condition => NULL, -- Equivalent to TRUE
audit_column => 'SAL',
statement_types => 'SELECT,INSERT,UPDATE,DELETE');
END;
/
-- Test the auditing.
CONN scott/tiger@db10g
SELECT * FROM emp;
INSERT INTO emp (empno, ename, sal) VALUES (9999, 'Tim', 1);
UPDATE emp SET sal = 10 WHERE empno = 9999;
DELETE emp WHERE empno = 9999;
ROLLBACK;
-- Check the audit trail.
SELECT sql_text FROM dba_fga_audit_trail;
SQL_TEXT
--------------------------------------
SELECT * FROM emp
INSERT INTO emp (empno, ename, sal) VALUES (9999, 'Tim', 1)
UPDATE emp SET sal = 10 WHERE empno = 9999
DELETE emp WHERE empno = 9999
4 rows selected.
-- Drop the policy.
CONN sys/password@db10g AS SYSDBA
BEGIN
DBMS_FGA.drop_policy(
object_schema => 'SCOTT',
object_name => 'EMP',
policy_name => 'SAL_AUDIT');
END;
/
-- Configure extended auditing.
CONN sys/password AS SYSDBA
ALTER SYSTEM SET audit_trail=db_extended SCOPE=SPFILE;
SHUTDOWN IMMEDIATE
STARTUP
TRUNCATE TABLE aud$;
AUDIT ALL BY scott BY ACCESS;
-- Perform an auditable action.
CONN scott/tiger
UPDATE emp SET ename = ename;
-- Check the audit trail.
SELECT sql_text FROM dba_common_audit_trail;
SQL_TEXT
----------------------------
UPDATE emp SET ename = ename
1 row selected.
-- Unconfigure extended auditing.
CONN sys/password AS SYSDBA
ALTER SYSTEM SET audit_trail=none SCOPE=SPFILE;
SHUTDOWN IMMEDIATE
STARTUP
TRUNCATE TABLE aud$;
TRUNCATE TABLE fga_log$;
-- Configure extended auditing.
CONN sys/password AS SYSDBA
ALTER SYSTEM SET audit_trail=db_extended SCOPE=SPFILE;
SHUTDOWN IMMEDIATE
STARTUP
TRUNCATE TABLE aud$;
TRUNCATE TABLE fga_log$;
AUDIT ALL BY scott BY ACCESS;
-- Perform an auditable action.
CONN scott/tiger
UPDATE emp SET ename = ename;
-- Check the audit trail.
SELECT sql_text FROM dba_common_audit_trail;
SQL_TEXT
----------------------------
UPDATE emp SET ename = ename
1 row selected.
-- Unconfigure extended auditing.
CONN sys/password AS SYSDBA
ALTER SYSTEM SET audit_trail=none SCOPE=SPFILE;
SHUTDOWN IMMEDIATE
STARTUP
TRUNCATE TABLE aud$;
TRUNCATE TABLE fga_log$;
DBA_AUDIT_TRAIL - Standard auditing only (from AUD$).
DBA_FGA_AUDIT_TRAIL - Fine-grained auditing only (from FGA_LOG$).
DBA_COMMON_AUDIT_TRAIL - Both standard and fine-grained auditing.
EJEMPLO PROBADO AUDITORIA
CONNECT sys/password AS SYSDBA
CREATE USER audit_test IDENTIFIED BY password
DEFAULT TABLESPACE users
TEMPORARY TABLESPACE temp
QUOTA UNLIMITED ON users;
GRANT connect TO audit_test;
GRANT create table, create procedure TO audit_test;
CONNECT sys/password AS SYSDBA
AUDIT ALL BY audit_test BY ACCESS;
AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY audit_test BY ACCESS;
AUDIT EXECUTE PROCEDURE BY audit_test BY ACCESS;
CONN audit_test/password
CREATE TABLE test_tab (
id NUMBER
);
INSERT INTO test_tab (id) VALUES (1);
UPDATE test_tab SET id = id;
SELECT * FROM test_tab;
DELETE FROM test_tab;
DROP TABLE test_tab;
SELECT view_name
FROM dba_views
WHERE view_name LIKE 'DBA%AUDIT%'
ORDER BY view_name;
VIEW_NAME
------------------------------
DBA_AUDIT_EXISTS
DBA_AUDIT_OBJECT
DBA_AUDIT_POLICIES
DBA_AUDIT_POLICY_COLUMNS
DBA_AUDIT_SESSION
DBA_AUDIT_STATEMENT
DBA_AUDIT_TRAIL
DBA_COMMON_AUDIT_TRAIL
DBA_FGA_AUDIT_TRAIL
DBA_OBJ_AUDIT_OPTS
DBA_PRIV_AUDIT_OPTS
DBA_REPAUDIT_ATTRIBUTE
DBA_REPAUDIT_COLUMN
DBA_STMT_AUDIT_OPTS
14 rows selected.
DBA_AUDIT_TRAIL - Standard auditing only (from AUD$).
· DBA_FGA_AUDIT_TRAIL - Fine-grained auditing only (from FGA_LOG$).
· DBA_COMMON_AUDIT_TRAIL - Both standard and fine-grained auditing.
COLUMN username FORMAT A10
COLUMN owner FORMAT A10
COLUMN obj_name FORMAT A10
COLUMN extended_timestamp FORMAT A35
SELECT username,
extended_timestamp,
owner,
obj_name,
action_name
FROM dba_audit_trail
WHERE owner = 'AUDIT_TEST'
ORDER BY timestamp;
USERNAME EXTENDED_TIMESTAMP OWNER OBJ_NAME ACTION_NAME
---------- ----------------------------------- ---------- ---------- ----------------------------
AUDIT_TEST 16-FEB-2006 14:16:55.435000 +00:00 AUDIT_TEST TEST_TAB CREATE TABLE
AUDIT_TEST 16-FEB-2006 14:16:55.514000 +00:00 AUDIT_TEST TEST_TAB INSERT
AUDIT_TEST 16-FEB-2006 14:16:55.545000 +00:00 AUDIT_TEST TEST_TAB UPDATE
AUDIT_TEST 16-FEB-2006 14:16:55.592000 +00:00 AUDIT_TEST TEST_TAB SELECT
AUDIT_TEST 16-FEB-2006 14:16:55.670000 +00:00 AUDIT_TEST TEST_TAB DELETE
AUDIT_TEST 16-FEB-2006 14:17:00.045000 +00:00 AUDIT_TEST TEST_TAB DROP TABLE
OLUMN db_user FORMAT A10
COLUMN object_schema FORMAT A10
COLUMN object_name FORMAT A10
COLUMN extended_timestamp FORMAT A35
SELECT db_user,
extended_timestamp,
object_schema,
object_name,
action
FROM v$xml_audit_trail
WHERE object_schema = 'AUDIT_TEST'
ORDER BY extended_timestamp;
DB_USER EXTENDED_TIMESTAMP OBJECT_SCH OBJECT_NAM ACTION
---------- ----------------------------------- ---------- ---------- ----------
AUDIT_TEST 16-FEB-2006 14:14:33.417000 +00:00 AUDIT_TEST TEST_TAB 1
AUDIT_TEST 16-FEB-2006 14:14:33.464000 +00:00 AUDIT_TEST TEST_TAB 2
AUDIT_TEST 16-FEB-2006 14:14:33.511000 +00:00 AUDIT_TEST TEST_TAB 6
AUDIT_TEST 16-FEB-2006 14:14:33.542000 +00:00 AUDIT_TEST TEST_TAB 3
AUDIT_TEST 16-FEB-2006 14:14:33.605000 +00:00 AUDIT_TEST TEST_TAB 7
AUDIT_TEST 16-FEB-2006 14:14:34.917000 +00:00 AUDIT_TEST TEST_TAB 12
6 rows selected.
SQL>NOAUDIT ALL BY DBO;
SQL>NOAUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY DBO;
MOVER AUDITORIA AUD$
ALTER TABLE AUD$ MOVE TABLESPACE USERS;
ALTER TABLE AUD$ MOVE TABLESPACE AUDITORIA;
drop table system.aud$_bu;
create table system.aud$_bu
tablespace tools
as (select * from sys.aud$ where 1=2);
drop table system.aud$_prev_quarter;
create table system.aud$_prev_quarter
tablespace tools
as (select * from sys.aud$ where 1=2);
CHEQUEAR TAMAÑO AUD$SIZE
Create procedure
keep_size_in_check
is
rowCount number;
begin
select count(*) into rowCount from sys.aud$ ;
if rowCount > 50000
then
commit;
set transaction use rollback segment rbs_bulk;
insert into system.aud$_bu (select * from sys.aud$);
delete from sys.aud$ ;
commit;
sys.dbms_system.ksdwrt (3,'ORA-AUDIT TRAIL: POSSIBLE DOS
ATTACK!!!! AUD$ rows moved to AUD$_BU');
end if;
end keep_size_in_check;
BEGIN
DBMS_SCHEDULER.CREATE_JOB(
job_name => 'CHECK_SIZE_AUD$',
job_type => 'STORED_PROCEDURE',
job_action => ' keep_size_in_check',
start_date => SYSDATE,
repeat_interval => 'FREQ = WEEKLY');
END;
/
BEGIN
DBMS_SCHEDULER.ENABLE('CHECK_SIZE_AUD$');
END;
/
BEGIN
DBMS_SCHEDULER.RUN_JOB('CHECK_SIZE_AUD$',FALSE);
END;
/
BEGIN
DBMS_SCHEDULER.DROP_JOB('CHECK_SIZE_AUD$',FALSE);
END;
/
procedure quarterly_rotation
is
/* Procedure quarterly_rotation
* Cleans out table system.aud$_prev_quarter
* and repopulates it with the previous quarter's worth of audit info
* Should be scheduled to run every quarter
*/
begin
commit;
set transaction use rollback segment rbs_bulk;
delete from system.aud$_prev_quarter;
insert into system.aud$_prev_quarter
( select * from sys.aud$ au
where au.timestamp# < what =""> ‘manage_aud$.keep_size_in_check;’,
interval => ‘trunc(sysdate)+1/96’);
End;
Examples
Stop Auditing of SQL Statements Related to Roles: Example If you have chosen auditing for every SQL statement that creates or drops a role, then you can stop auditing of such statements by issuing the following statement:
NOAUDIT ROLE;
Stop Auditing of Updates or Queries on Objects Owned by a Particular User: Example If you have chosen auditing for any statement that queries or updates any table issued by the users hr and oe, then you can stop auditing for queries by hr by issuing the following statement:
NOAUDIT SELECT TABLE BY hr;
The preceding statement stops auditing only queries by hr, so the database continues to audit queries and updates by oe as well as updates by hr.
Stop Auditing of Statements Authorized by a Particular Object Privilege: Example To stop auditing on all statements that are authorized by DELETE ANY TABLE system privilege, issue the following statement:
NOAUDIT DELETE ANY TABLE;
Stop Auditing of Queries on a Particular Object: Example If you have chosen auditing for every SQL statement that queries the employees table in the schema hr, then you can stop auditing for such queries by issuing the following statement:
NOAUDIT SELECT
ON hr.employees;
Stop Auditing of Queries that Complete Successfully: Example You can stop auditing for queries that complete successfully by issuing the following statement:
NOAUDIT SELECT
ON hr.employees
WHENEVER SUCCESSFUL;
VER TODAS LAS POLITICAS
SELECT * FROM ALL_AUDIT_POLICIES;
SELECT OBJECT_SCHEMA,OBJECT_NAME,POLICY_NAME,POLICY_COLUMN,SEL,INS,UPD,DEL FROM ALL_AUDIT_POLICIES
execute dbms_fga.drop_policy('DBO','PER_PERSONA','A_PER_PERSONA_TOTAL_DEVENGADO');
dbms_fga.enable_policy('DBO','PER_PERSONA','A_PER_PERSONA_TOTAL_DEVENGADO',TRUE);
dbms_fga.disable_policy('DBO','PER_PERSONA','A_PER_PERSONA_TOTAL_DEVENGADO');
PERFORMANCE QUERYS
SQL> EXPLAIN PLAN FOR SELECT * FROM PER_PERSONA WHERE ESTADO=1;
SQL> SELECT * FROM PLAN_TABLE
OTRA FORMA DE HACERLO ES
SQL> SET AUTOTRACE ON;
SQL> SELECT * FROM PER_PERSONA;
SALE RESULTADO Y PLAN DE EJECUCION
SQL> SET AUTOTRACE TRACEONLY;
SQL> SELECT * FROM PER_PERSONA;
PERFORMANCE
SQL> SHOW PARAMETER CURSOR;
PARAMETR CURSOR_SHARING
SQL> SHOW PARAMETER PGA_AGGREGATE_TARGET;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
pga_aggregate_target big integer 16M
SQL> show parameter optimizer_mode
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
optimizer_mode string ALL_ROWS
per_persona_tuning_task
EJEMPLO DE VIRTUAL PRIVATE DATABASE
l Virtual Private Database (VPD) with Oracle
_uacct = "UA-221075-1";urchinTracker();
Virtual Private Database is also known as fine graind access control (FGAC). It allows to define which rows users may have access to.
� A simple example
In this example, it is assumed that a company consists of different departments (with each having an entry in the departments table). An employee belongs to exactly on department. A department can have secrets that go into the department_secrets table.
create table department (
dep_id int primary key,
name varchar2(30)
);
create table employee (
dep_id references department,
name varchar2(30)
);
create table department_secrets (
dep_id references department,
secret varchar2(30)
);
Filling in some truly confidential secrets:
insert into department values (1, 'Research and Development');
insert into department values (2, 'Sales' );
insert into department values (3, 'Human Resources' );
insert into employee values (2, 'Peter');
insert into employee values (3, 'Julia');
insert into employee values (3, 'Sandy');
insert into employee values (1, 'Frank');
insert into employee values (2, 'Eric' );
insert into employee values (1, 'Joel' );
insert into department_secrets values (1, 'R+D Secret #1' );
insert into department_secrets values (1, 'R+D Secret #2' );
insert into department_secrets values (2, 'Sales Secret #1');
insert into department_secrets values (2, 'Sales Secret #2');
insert into department_secrets values (3, 'HR Secret #1' );
insert into department_secrets values (3, 'HR Secret #2' );
For any employee, it must be possible to see all secrets of his department, but no secret of another department.
In order to make that happen with Oracle, we need to create a package, a trigger, and set a policy.
First, the package is created.
create or replace package pck_vpd
as
p_dep_id department.dep_id%type;
procedure set_dep_id(v_dep_id department.dep_id%type);
function predicate (obj_schema varchar2, obj_name varchar2) return varchar2;
end pck_vpd;
/
create or replace package body pck_vpd as
procedure set_dep_id(v_dep_id department.dep_id%type) is
begin
p_dep_id := v_dep_id;
end set_dep_id;
function predicate (obj_schema varchar2, obj_name varchar2) return varchar2 is
begin
return 'dep_id = ' p_dep_id;
end predicate;
end pck_vpd;
/
Then the trigger is defined. This trigger fires whenever someone log on to the database. It finds the user's departement id (dep_id) and calls set_dep_id in the package.
create or replace trigger trg_vpd
after logon on database
declare
v_dep_id department.dep_id%type;
begin
select dep_id into v_dep_id
from employee where upper(name) = user;
pck_vpd.set_dep_id(v_dep_id);
end;
/
Finally, the policy is defined. The policy states which procedure is used to add a where clause part to the where clause if someone executes a select statement.
begin
dbms_rls.add_policy (
user,
'department_secrets',
'choosable policy name',
user,
'pck_vpd.predicate',
'select,update,delete');
end;
/
To test the setup, some users are created.
create user frank identified by frank default tablespace users temporary tablespace temp;
create user peter identified by peter default tablespace users temporary tablespace temp;
create user julia identified by julia default tablespace users temporary tablespace temp;
The necessary privileges are granted.
grant all on department_secrets to frank;
grant all on department_secrets to peter;
grant all on department_secrets to julia;
grant create session to frank;
grant create session to peter;
grant create session to julia;
A public synonym is created.
create public synonym department_secrets for department_secrets;
Frank (belonging to R+D) executes a query....
connect frank/frank;
select * from department_secrets;
DEP_ID SECRET
---------- ------------------------------
1 R+D Secret #1
1 R+D Secret #2
Peter (belonging to Sales) executes a query....
connect peter/peter;
select * from department_secrets;
DEP_ID SECRET
---------- ------------------------------
2 Sales Secret #1
2 Sales Secret #2
script ORACLE
SQL> connect dbo/power
Conectado.
SQL>
SQL> create table department (
dep_id int primary key,
name varchar2(30)
); 2 3 4
Tabla creada.
SQL> create table employee (
dep_id references department,
name varchar2(30)
); 2 3 4
Tabla creada.
SQL> create table department_secrets (
dep_id references department,
secret varchar2(30)
); 2 3 4
Tabla creada.
SQL> insert into department values (1, 'Research and Development');
insert into department values (2, 'Sales' );
insert into department values (3, 'Human Resources' );
1 fila creada.
SQL>
1 fila creada.
SQL> rollback;
insert into department values (3, 'Human Resources' );rollback
*
ERROR en linea 1:
ORA-00911: caracter no valido
SQL> rollback;
Rollback terminado.
SQL> insert into department values (1, 'Research and Development');
1 fila creada.
SQL> insert into department values (2, 'Sales' );
1 fila creada.
SQL> insert into department values (3, 'Human Resources' );
1 fila creada.
SQL> insert into employee values (2, 'Peter');
1 fila creada.
SQL> insert into employee values (3, 'Julia');
1 fila creada.
SQL> insert into employee values (3, 'Sandy');
1 fila creada.
SQL> insert into employee values (1, 'Frank');
1 fila creada.
SQL> insert into employee values (2, 'Eric' );
1 fila creada.
SQL> insert into employee values (1, 'Joel' );
1 fila creada.
SQL> insert into department_secrets values (1, 'R+D Secret #1' );
1 fila creada.
SQL> insert into department_secrets values (1, 'R+D Secret #2' );
1 fila creada.
SQL> insert into department_secrets values (2, 'Sales Secret #1');
1 fila creada.
SQL> insert into department_secrets values (2, 'Sales Secret #2');
1 fila creada.
SQL> insert into department_secrets values (3, 'HR Secret #1' );
1 fila creada.
SQL> insert into department_secrets values (3, 'HR Secret #2' );
1 fila creada.
SQL> commit;
Confirmacion terminada.
SQL> create or replace package pck_vpd
as
p_dep_id department.dep_id%type;
procedure set_dep_id(v_dep_id department.dep_id%type);
function predicate (obj_schema varchar2, obj_name varchar2) return varchar2;
end pck_vpd;
/ 2 3 4 5 6 7 8 9
Paquete creado.
SQL> create or replace package body pck_vpd as
procedure set_dep_id(v_dep_id department.dep_id%type) is
begin
p_dep_id := v_dep_id;
end set_dep_id;
function predicate (obj_schema varchar2, obj_name varchar2) return varchar2 is
begin
return 'dep_id = ' p_dep_id;
end predicate;
end pck_vpd;
/ 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Cuerpo del paquete creado.
SQL> create or replace trigger trg_vpd
after logon on database
declare
v_dep_id department.dep_id%type;
begin
select dep_id into v_dep_id
from employee where upper(name) = user;
pck_vpd.set_dep_id(v_dep_id);
end;
/ 2 3 4 5 6 7 8 9 10 11
Disparador creado.
SQL> begin
dbms_rls.add_policy (
user,
'department_secrets',
'choosable policy name',
user,
'pck_vpd.predicate',
'select,update,delete');
end;
/
2 3 4 5 6 7 8 9 10
Procedimiento PL/SQL terminado correctamente.
SQL> SQL> create user frank identified by frank default tablespace users temporary tablespace temp;
Usuario creado.
SQL> create user peter identified by peter default tablespace users temporary tablespace temp;
Usuario creado.
SQL> create user julia identified by julia default tablespace users temporary tablespace temp;
Usuario creado.
SQL> grant all on department_secrets to frank;
Concesion terminada correctamente.
SQL> grant all on department_secrets to peter;
Concesion terminada correctamente.
SQL> grant all on department_secrets to julia;
Concesion terminada correctamente.
SQL> grant create session to frank;
Concesion terminada correctamente.
SQL> grant create session to peter;
Concesion terminada correctamente.
SQL> grant create session to julia;
Concesion terminada correctamente.
SQL> create public synonym department_secrets for department_secrets;
Sinonimo creado.
SQL> connect frank/frank;
Conectado.
SQL> select * from department_secrets;
DEP_ID SECRET
---------- ------------------------------
1 R+D Secret #1
1 R+D Secret #2
SQL> connect peter/peter;
Conectado.
SQL> select * from department_secrets;
DEP_ID SECRET
---------- ------------------------------
2 Sales Secret #1
2 Sales Secret #2
SQL> EXECUTE DBMS_RLS.DROP_POLICY('DBO','department_secrets','choosable policy name');
Suscribirse a:
Entradas (Atom)