A simple example of "Secure Application Role"
2012-05-16 18:36
267 查看
During the invesigation of the implementation of "Secure Application User" in our system, I noticed it turned out to be implemented using "Secure Application Role".
So I'd like to have a simple test ---
(1) Create two users --
(3) Test in test_b
Note:
The package used for secure application role should be created using invoker's right (authid current_user)
"
http://docs.oracle.com/cd/B14117_01/network.101/b10773/apdvntro.htm
The PL/SQL package DBMS_SESSION.SET_ROLE is functionally equivalent to the SET ROLE statement in SQL.
Roles are not supported in definer's rights procedures, so the DBMS_SESSION.SET_ROLE command cannot be called from them.
However, the DBMS_SESSION.SET_ROLE command can be called from the following:
Anonymous PL/SQL blocks
Invoker's rights stored procedures (except those invoked from within definer's rights procedures)
"
So I'd like to have a simple test ---
(1) Create two users --
SQL> conn test_a/a@orcl Connected. SQL> create role role_ro identified using test_a.pack_authentication; Role created. SQL> create role role_rw identified using test_a.pack_authentication; Role created. SQL> create table test(id int); Table created. SQL> grant select on test to role_ro; Grant succeeded. SQL> grant select, update, delete on test to role_rw; Grant succeeded. SQL> SQL> create or replace package pack_authentication authid current_user as 2 procedure grant_roles(p_token IN varchar2); 3 end pack_authentication; 4 / Package created. SQL> SQL> SQL> SQL> create or replace package body pack_authentication as 2 procedure grant_roles(p_token IN varchar2) 3 as 4 begin 5 if p_token = 'B' then 6 dbms_session.set_role('ROLE_RO'); 7 elsif p_token = 'A' then 8 dbms_session.set_role('ROLE_RW'); 9 else 10 execute immediate 'set role none'; 11 end if; 12 end; 13 end pack_authentication; 14 / Package body created. SQL> SQL> grant execute on pack_authentication to test_b; Grant succeeded.
(3) Test in test_b
SQL> alter session set current_schema=test_a; Session altered. SQL> select * from test; select * from test * ERROR at line 1: ORA-00942: table or view does not exist SQL> exec test_a.pack_authentication.grant_roles('B'); PL/SQL procedure successfully completed. SQL> select * from test; no rows selected SQL> delete from test; delete from test * ERROR at line 1: ORA-01031: insufficient privileges SQL> exec test_a.pack_authentication.grant_roles('A'); PL/SQL procedure successfully completed. SQL> select * from session_roles; ROLE ------------------------------ ROLE_RW SQL> select * from test; no rows selected SQL> delete from test; 0 rows deleted. SQL> rollback; Rollback complete. SQL> exec test_a.pack_authentication.grant_roles('C'); PL/SQL procedure successfully completed. SQL> select * from test; select * from test * ERROR at line 1: ORA-00942: table or view does not exist SQL> select * from test_a.test; select * from test_a.test * ERROR at line 1: ORA-00942: table or view does not exist SQL>
Note:
The package used for secure application role should be created using invoker's right (authid current_user)
"
http://docs.oracle.com/cd/B14117_01/network.101/b10773/apdvntro.htm
The PL/SQL package DBMS_SESSION.SET_ROLE is functionally equivalent to the SET ROLE statement in SQL.
Roles are not supported in definer's rights procedures, so the DBMS_SESSION.SET_ROLE command cannot be called from them.
However, the DBMS_SESSION.SET_ROLE command can be called from the following:
Anonymous PL/SQL blocks
Invoker's rights stored procedures (except those invoked from within definer's rights procedures)
"
相关文章推荐
- Example uses of the command "more"
- [Windows Azure] Building worker role B (email sender) for the Windows Azure Email Service application - 5 of 5.
- A simple Example of data processing from Excel as the datasource
- A Simple Example of Weak Ref Cursor
- Unable to cast COM object of type 'Word.ApplicationClass' to interface type 'Word._Application'"
- a simple example of Ado.net
- An Example of OpenHaptics Application
- Can I get rid of the "This page contains both secure and nonsecure items" warning?
- Dead simple example of using Multiprocessing Queue, Pool and Locking
- Example of "Negative lookahead and lookbehind"
- A simple example of exceptional handing in function
- Example of ApplicationContextAware in Spring--转
- Simple example of using the Java Native Interface
- How to: How to disable Java Security Warning "The application requires an earlier version of Java."
- An Example of Software Application made by Delphi XE
- Error 47 "xxxxxxx"is an invalid value for the "InputManifest" parameter of the "GenerateApplicationM
- A simple Example of using Video Textures in Managed DirectX (C#)
- You've implemented -[<UIApplicationDelegate> application:didReceiveRemoteNotification:fetchCompletionHandler:], but you still need to add "remote-notification" to the list of your supported UIBackgrou
- How to: How to disable Java Security Warning "The application requires an earlier version of Java."
- AFNetworking 提示"The resource could not be loaded because the App Transport Security policy requires the use of a secure connection" 解决办法