vpd and column masking

From: Kumar Madduri <ksmadduri_at_gmail.com>
Date: Tue, 12 Aug 2008 18:38:39 +0530
Message-ID: <a2b1e7610808120608q7481ae80r26d9c37653c6d2ce@mail.gmail.com>

Hi
This is my first attempt to use vpd and column masking. So pardon me if this is a very stupid mistake. I am trying to do this but this is not working..

create or replace function sec_function_papf(p_object_schema IN VARCHAR2, p_object_name VARCHAR2)
return varchar2
as
p_nid varchar2(200);
whoami varchar2(100);
begin
select SYS_CONTEXT('userenv', 'SESSION_USER') into whoami from dual; if whoami = 'APPS'
then
p_nid := 'national_identifier = national_identifier'; return (p_nid);
else
p_nid := '1=2';
return (p_nid);
end if;
end;

BEGIN
DBMS_RLS.ADD_POLICY(object_schema=>'APPS', object_name=>'PER_ALL_PEOPLE_F',

                         policy_name=>'PAPF_POLICY',
function_schema=>'APPS',
                         policy_function=>'SEC_FUNCTION_PAPF',
                         sec_relevant_cols=>'national_identifier',
                         sec_relevant_cols_opt=>dbms_rls.ALL_ROWS);

END; *
ERROR at line 1:

ORA-28104: input value for sec_relevant_cols is not valid
ORA-06512: at "SYS.DBMS_RLS", line 20
ORA-06512: at line 2

The problem is not with the value that I pass to sec_relevant_cols. Even if I remove that I get the error on the other parameters.

The function is created ok. I want to display ssn for privileged user otherwise display null values for other users but display the user's own ssn.

Any pointers on what is not right here?

Thank you
- kumar

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Aug 12 2008 - 08:08:39 CDT

This message: [ Message body ]
Next message: dannorris_at_dannorris.com: "Re: hide https port"
Previous message: Peter McLarty: "Re: hide https port"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message