| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: FGA based on a complex join
To demonstrate what I'm attempting, I tried to simulate it with a
simple example.
Using the scott demo schema, I created the following scenario:
SQL> desc emp
Name Null? Type -------------------- ------ ------------------------- EMPNO NOT NULL NUMBER(4) ENAME VARCHAR2(10) JOB VARCHAR2(9) MGR NUMBER(4) HIREDATE DATE SAL NUMBER(7,2) COMM NUMBER(7,2) DEPTNO NUMBER(2) HOME VARCHAR2(50)
2) updated all the employees to have the same home as their dept
location
3) updated two employees to have different home values than their dept
location
When I run the following query, as scott, before any policy is created, I get:
SQL> select ename,sal,dept.deptno
2 from emp,dept
3 where dept.loc != home
4 and emp.deptno = dept.deptno;
ENAME SAL DEPTNO ---------- ---------- ---------- SMITH 800 20 KING 5000 10
As SYS, I created the following policy on the emp table using dbms_fga.add_policy:
exec dbms_fga.add_policy( -
> object_schema => 'SCOTT', -
> object_name => 'EMP', -
> policy_name => 'commuter', -
> audit_condition => 'home != dept.loc and deptno = dept.deptno', -
> enable => TRUE)
The policy was created successfully and enabled.
When I run the query again, as scott, I receive the error shown:
select ename,sal,dept.deptno
from emp,dept
where dept.loc != home
and emp.deptno = dept.deptno
SQL> /
and emp.deptno = dept.deptno
*
The udump trace file shows:
++++++++++++++++++++++++++++++++++++++++++++++++++++++*** 2006-03-08 18:45:56.995
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Of course 904 is "invalid identifier". Is it because of the use of the table references in the query or policy or lack of a schema reference? Or neither?
Any help is appreciated. Received on Wed Mar 08 2006 - 18:13:39 CST
 |
 |