Re: fga policy on oracle 10.2.0.4 enterprise windows 2003
Date: Fri, 1 Oct 2010 05:19:06 -0700 (PDT)
Message-ID: <a6dc9ce6-bef1-4168-ad73-53885fe3f0db_at_f25g2000yqc.googlegroups.com>
On Sep 30, 11:53 am, dba cjb <chris.br..._at_providentinsurance.co.uk> wrote:
> I would like to create a policy that checks on selects on an
> object ...but restrict entries for a particular user
>
> eg audit selects on octopus.claim but only for user NTSERVER\BSD-
> CHRISB
>
> Is this OS_USER restriction do-able?
>
> I have tried following code without success
>
> BEGIN
> DBMS_FGA.ADD_POLICY(
> object_schema => 'OCTOPUS',
> object_name => 'claim',
> policy_name => 'new_os',
> audit_condition => 'SYS_CONTEXT(USERENV,OS_USER) = NTSERVER\BSD-
> CHRISB',
> statement_types => 'SELECT');
> END;
> /
>
> cheers
> Chris B
If above is not due to typos and you've tried use this literally, then this audit_condition: audit_condition => 'SYS_CONTEXT(USERENV,OS_USER) = NTSERVER\BSD-CHRISB' won't do it, it it missing a lot of quote characters. Something like this is at least syntactically correct:
audit_condition => 'SYS_CONTEXT(''USERENV'',''OS_USER'') = ''NTSERVER \BSD-CHRISB''' or using the new quotes introduced with 10g:
audit_condition => q'[SYS_CONTEXT('USERENV','OS_USER') = 'NTSERVER\BSDCHRISB']'
You've mentioned "without success" - the actual error that you got or any other more detailed description might be helpful.
Regards,
Randolf
Oracle related stuff blog:
http://oracle-randolf.blogspot.com/
Co-author of the "OakTable Expert Oracle Practices" book: http://www.apress.com/book/view/1430226684 http://www.amazon.com/Expert-Oracle-Practices-Database-Administration/dp/1430226684 Received on Fri Oct 01 2010 - 07:19:06 CDT