| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Re: Row level security and latch waits
Jack,
You are right, app context is treated as a bind variable, but someone may
decide not to use it in RLS policy function. Example (maybe a little unreal
but valid):
CREATE OR REPLACE PACKAGE BODY Oe_security AS
FUNCTION Custnum_sec (D1 VARCHAR2, D2 VARCHAR2) RETURN VARCHAR2 IS
D_predicate VARCHAR2 (2000)
BEGIN
D_predicate = 'create_date > '''||to_char(sysdate-1)||'''';
RETURN D_predicate;
Hence hard parses.
Vadim
-----Original Message-----
[mailto:JApplewhite_at_austin.isd.tenet.edu]
Sent: Tuesday, August 19, 2003 3:14 PM
To: Multiple recipients of list ORACLE-L
OK, I went and looked in the 8i Concepts manual. It seems pretty clear that Application Context variables are used as bind variables. It may have changed for 9i, but I can't see how or why.
"Application Context
Application context facilitates the implementation of fine-grained access control. It allows you to implement security policies with functions and then associate those security policies with applications. Each application can have its own application-specific context. Users are not allowed to arbitrarily change their context (for example, through SQL*Plus).
Application contexts permit flexible, parameter-based access control, based on attributes of interest to an application. For example, context attributes for a human resources application could include "position", "organizational unit", and "country" while attributes for an order-entry control might be "customer number" and "sales region".
You can:
- Base predicates on context values
- Use context values within predicates, as bind variables <<<< NOTE THIS
LINE.>>>>>
- Set user attributes
- Access user attributes "
Jack C. Applewhite
Database Administrator
Austin Independent School District
Austin, Texas
512.414.9715 (wk)
512.935.5929 (pager)
JApplewhite_at_austin.isd.tenet.edu
<rgaffuri_at_cox.net
> To: Multiple recipients
of list ORACLE-L <ORACLE-L_at_fatcity.com>
Sent by: cc:
ml-errors_at_fatcity Subject: Re: Re: Row level
security and latch waits
.com
08/19/2003 01:39
PM
Please respond to
ORACLE-L
its just appending a where clause. its not binding it.
im not familiar with contexts. never worked with them. someone correct me if im wrong here? Could have sworn i read that somewhere.
i looked up application contexts. they appear to be handled differently.
am i wrong?
>
> From: JApplewhite_at_austin.isd.tenet.edu
> Date: 2003/08/19 Tue PM 02:14:25 EDT
> To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
> Subject: Re: Row level security and latch waits
>
>
> RLS doesn't use bind variables? How then does Oracle treat the
Application
> Context variables that you include in the predicates generated by the
> Security Policy functions? If those aren't bind variables then I guess I
> don't know what bind variables are.
>
> Please refer me to the documentation on which your assertion is based.
>
> Thanks.
>
> Jack C. Applewhite
> Database Administrator
> Austin Independent School District
> Austin, Texas
> 512.414.9715 (wk)
> 512.935.5929 (pager)
> JApplewhite_at_austin.isd.tenet.edu
>
>
>
>
> <rgaffuri_at_cox.net
> > To: Multiple
recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
> Sent by: cc:
> ml-errors_at_fatcity Subject: Re: Row level
security and latch waits
> .com
>
>
> 08/19/2003 10:44
> AM
> Please respond to
> ORACLE-L
>
>
>
>
>
>
> row level security doesnt use bind variables.
>
> dont know if there is a way to get it to use them. thats probably your
> problem.
> >
> > From: "Jamadagni, Rajendra" <Rajendra.Jamadagni_at_espn.com>
> > Date: 2003/08/19 Tue AM 11:19:24 EDT
> > To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
> > Subject: Row level security and latch waits
> >
> > hi all,
> >
> > in the latest code release, a group implemented RLS and since then
> spotlight
> > is constantly flagging 'latch waits' in the system. Yesterday the latch
> > waits were upwards of 90%.
> >
> > Most active sessions seem to run the policy function defined as part of
> RLS.
> > The worst part was all this wait was only on one node, the other node
was
> > healthy.
> >
> > While we are trying to capture more information, anything else that we
> can
> > do? Any ideas? TIA
> >
> > Raj
> >
>
>
> > ----
> > Rajendra dot Jamadagni at nospamespn dot com
>
>
> >
> hi all,
>
>
> in the latest code release, a group implemented RLS and since then
> spotlight is constantly flagging 'latch waits' in the system. Yesterday
the
> latch waits were upwards of 90%.
>
>
> Most active sessions seem to run the policy function defined as part of
> RLS. The worst part was all this wait was only on one node, the other
node
> was healthy.
>
>
> While we are trying to capture more information, anything else that we
can
> do? Any ideas? TIA
>
>
> Raj
>
>
> Rajendra dot Jamadagni at nospamespn dot com
>
>
>
>
>
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author:
> INET: JApplewhite_at_austin.isd.tenet.edu
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
-- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: <rgaffuri_at_cox.net INET: rgaffuri_at_cox.net Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: INET: JApplewhite_at_austin.isd.tenet.edu Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Gorbounov,Vadim INET: vadim.gorbounov_at_liberate.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Tue Aug 19 2003 - 15:24:26 CDT
 |
 |