A simple example of "Secure Application Role"
2012-05-16 18:36
267 查看
During the invesigation of the implementation of "Secure Application User" in our system, I noticed it turned out to be implemented using "Secure Application Role".
So I'd like to have a simple test ---
(1) Create two users --
(3) Test in test_b
Note:
The package used for secure application role should be created using invoker's right (authid current_user)
"
http://docs.oracle.com/cd/B14117_01/network.101/b10773/apdvntro.htm
The PL/SQL package DBMS_SESSION.SET_ROLE is functionally equivalent to the SET ROLE statement in SQL.
Roles are not supported in definer's rights procedures, so the DBMS_SESSION.SET_ROLE command cannot be called from them.
However, the DBMS_SESSION.SET_ROLE command can be called from the following:
Anonymous PL/SQL blocks
Invoker's rights stored procedures (except those invoked from within definer's rights procedures)
"
So I'd like to have a simple test ---
(1) Create two users --
SQL> conn test_a/a@orcl
Connected.
SQL> create role role_ro identified using test_a.pack_authentication;
Role created.
SQL> create role role_rw identified using test_a.pack_authentication;
Role created.
SQL> create table test(id int);
Table created.
SQL> grant select on test to role_ro;
Grant succeeded.
SQL> grant select, update, delete on test to role_rw;
Grant succeeded.
SQL>
SQL> create or replace package pack_authentication authid current_user as
2 procedure grant_roles(p_token IN varchar2);
3 end pack_authentication;
4 /
Package created.
SQL>
SQL>
SQL>
SQL> create or replace package body pack_authentication as
2 procedure grant_roles(p_token IN varchar2)
3 as
4 begin
5 if p_token = 'B' then
6 dbms_session.set_role('ROLE_RO');
7 elsif p_token = 'A' then
8 dbms_session.set_role('ROLE_RW');
9 else
10 execute immediate 'set role none';
11 end if;
12 end;
13 end pack_authentication;
14 /
Package body created.
SQL>
SQL> grant execute on pack_authentication to test_b;
Grant succeeded.(3) Test in test_b
SQL> alter session set current_schema=test_a;
Session altered.
SQL> select * from test;
select * from test
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> exec test_a.pack_authentication.grant_roles('B');
PL/SQL procedure successfully completed.
SQL> select * from test;
no rows selected
SQL> delete from test;
delete from test
*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> exec test_a.pack_authentication.grant_roles('A');
PL/SQL procedure successfully completed.
SQL> select * from session_roles;
ROLE
------------------------------
ROLE_RW
SQL> select * from test;
no rows selected
SQL> delete from test;
0 rows deleted.
SQL> rollback;
Rollback complete.
SQL> exec test_a.pack_authentication.grant_roles('C');
PL/SQL procedure successfully completed.
SQL> select * from test;
select * from test
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> select * from test_a.test;
select * from test_a.test
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL>Note:
The package used for secure application role should be created using invoker's right (authid current_user)
"
http://docs.oracle.com/cd/B14117_01/network.101/b10773/apdvntro.htm
The PL/SQL package DBMS_SESSION.SET_ROLE is functionally equivalent to the SET ROLE statement in SQL.
Roles are not supported in definer's rights procedures, so the DBMS_SESSION.SET_ROLE command cannot be called from them.
However, the DBMS_SESSION.SET_ROLE command can be called from the following:
Anonymous PL/SQL blocks
Invoker's rights stored procedures (except those invoked from within definer's rights procedures)
"
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Example uses of the command "more"
- [Windows Azure] Building worker role B (email sender) for the Windows Azure Email Service application - 5 of 5.
- A simple Example of data processing from Excel as the datasource
- A Simple Example of Weak Ref Cursor
- Unable to cast COM object of type 'Word.ApplicationClass' to interface type 'Word._Application'"
- a simple example of Ado.net
- An Example of OpenHaptics Application
- Can I get rid of the "This page contains both secure and nonsecure items" warning?
- Dead simple example of using Multiprocessing Queue, Pool and Locking
- Example of "Negative lookahead and lookbehind"
- A simple example of exceptional handing in function
- Example of ApplicationContextAware in Spring--转
- Simple example of using the Java Native Interface
- How to: How to disable Java Security Warning "The application requires an earlier version of Java."
- An Example of Software Application made by Delphi XE
- Error 47 "xxxxxxx"is an invalid value for the "InputManifest" parameter of the "GenerateApplicationM
- A simple Example of using Video Textures in Managed DirectX (C#)
- You've implemented -[<UIApplicationDelegate> application:didReceiveRemoteNotification:fetchCompletionHandler:], but you still need to add "remote-notification" to the list of your supported UIBackgrou
- How to: How to disable Java Security Warning "The application requires an earlier version of Java."
- AFNetworking 提示"The resource could not be loaded because the App Transport Security policy requires the use of a secure connection" 解决办法