VPD+DBLINK

Hi, I am trying VPD functionality, Can any one guide me?
I have 2 schema in one database
shema are 1.bdev 2.hdev
I have customer table in hdev schema like
Table CUSTOMERS -
COD_ENTITY VARCHAR2(20)
CUST_ID NUMBER
CUST_NAME VARCHAR2(20)
create table customers
(cod_entity varchar2(20),
cust_id number,
cust_name varchar2(20));
Customer table Data
COD_ENTITY CUST_ID CUST_NAME
MARK 123 Tom
SALES 456 Wim Patel
MARK 124 George
SALES 789 Smith
There is a view in bdev schema which is based on CUSTOMERS table of hdev schema.
view
CREATE OR REPLACE VIEW CUSTOMERS
(COD_ENTITY, CUST_ID, CUST_NAME) AS
SELECT COD_ENTITY, CUST_ID, CUST_NAME FROM CUSTOMERS@dllink
here dllink is a database link which points to hdev. That means CUSTOMERS view in bdev retrieves data from hdev and shows when I query select * from customers at dhev
Now here problem comes, I want to apply VPD policy on CUSTOMER table at hdev
Policy function at hdev
create or replace function vpd_func_customers
p_schema in varchar2,
p_table in varchar2
return varchar2
as
l_retstr varchar2(2000);
l_ctr number;
begin
if (SYS_CONTEXT ('USERENV', 'CLIENT_INFO') = 'ALL') then
l_retstr := null;
else
l_retstr := '(cod_entity = SYS_CONTEXT (''USERENV'', ''CLIENT_INFO'')) OR (cod_entity = ''ALL'')';
end if;
return l_retstr;
end;
Applied Policy at hdev on Customer table
begin
dbms_rls.add_policy (
object_schema => 'hdev',
object_name => 'CUSTOMERS',
policy_name => 'vpd_customers_policy',
function_schema => 'hdev',
policy_function => 'vpd_func_customers',
statement_types => 'SELECT,INSERT,UPDATE,DELETE',
update_check => TRUE
end;
Now tested policy function at hdev
call DBMS_APPLICATION_INFO.SET_CLIENT_INFO ('MARK')
select * from customers
it gave me two rows
1 MARK 123 Tom
2 MARK 124 George
upto this is ok
but when I logon to bdev and fires query
call DBMS_APPLICATION_INFO.SET_CLIENT_INFO ('MARK')
select * from customers
it gives me zero rows.
PLEASE HELP ME OUT HOW TO USE VPD with DBLINK. I NEED IT URGENT FOR MY PROJECT.
Thanks in Advance
Santosh

Santhosh,
you are posting to the wrong forum. Its a database related question and should be posted on a database forum.
Frank

Similar Messages

Oracle VPD on Remote database using DBLINk

Hi All,
How can i apply row level security on a table that is available in another database using DBlink
we have two databases PDSSM and EVTA, and i would like to apply row level security on a table in EVTA from a schema in PDSSM using dblink. MXODSADM IS A SCHEMA IN EVTA AND MXEMBARGO IS A SCHEMA IN PDSSM. there is a dblink(EVTA.GMM.COM) between mxembargo and mxodsadm.
begin
dbms_rls.add_policy (
object_schema => 'MXODSADM',
object_name => 'vehicle_retail_sale',
policy_name => ' MXEMBARGO_EVTA_POLICY',
function_schema =>'MXEMBARGO',
policy_type => dbms_rls.SHARED_CONTEXT_SENSITIVE,
--policy_type => dbms_rls.STATIC,
policy_function => ' MXEMBARGO_EVTA_POLICY.MXEMBARGO_EVTA_PREDICATE',
statement_types => 'select, insert,update,delete',
update_check => TRUE,
enable => TRUE,
static_policy => TRUE
end;
I am a complete Database person and i need to do this in my application, can anyone provide me how can i do this using dblink.

wojpik wrote:
hello
I have one short question to you.
Is that possible to create view at remote database using dblink? Following syntax returns error
create view ViewName@DbLinkDame (ColumnName) as
(select 1 from dual )
"ORA-00905:missing keyword"
Is that possible at all?
And particulary - is that possible when remote database is MSSQL and I am using heterogeneous services?
I really appreciate your help
best regards
Wojtek
Edited by: wojpik on Oct 21, 2009 3:59 AMI doubt you would be able to fire any ddl through database link. You have to connect to remote database to run any ddl even if it is Oracle or some other database.
Regards
Anurag

Lock-ups while inserting to a remote database using a dblink

Our application runs across multiple instances of Oracle 8i - 8.1.6.
Throughout the day we run some batch processes to transfer data across these instances using dblinks. Ocassionally the process locks up and further investigation shows that the server from which we are pushing information out seems to have executed an insert statement on a remote instance (insert into test_table@tst_dblink select * from local_table) and is waiting for a return from the remote server while the remote instance seems to be hanging too. Oracle does not return any error but simply waits forever for the statement to finish.
If anybody has experienced this before can you please share any information you may have on 1. how to prevent this from happening or 2. How to make oracle give up on the transaction, roll it back and raise an error?
Thanks a lot....

Well, certainly we need more info to fix the problem! couple of "system states" on both the machines when the job is hanging would help. couple of "stack trace" of the shadow process will also help. please call local oracle support with the system state and stack trace.
Sounds like the job is hanging on some resource (lock,enque,latch,io...). oracle doesn't give up for few resources, like waiting on ST,latch, io etc. we have to kill the offending process if we want!!
just my 2 cents :)
G

ORA-01653 error while executing a select query over DBLINK

Hi,
We have a query that is running to extract some data from a remote DB over DBLINK.
The query is failing by throwing the error "ORA-01653 -- Unable to extend.........".
Is this a problem with the "temp" tablespace of local database or is this with the "temp" tablespace of remote DB.
As far as my knowledge goes, I guess any statement , selecting data over dblink where the query is being fired actually in remote db over dblink uses the temp tablespace of that DB only and hence the problem should be with the temp tablespace of remote db only but I am not very sure about this.
Is there any chance that it can be problem with "temp" tablespace of local DB from where the query is being fired over dblink.
It would be really helpful if anyone can throw some light on this.
Thanks

The error stack will normally tell you if the exception is raised in the remote database.
You might try using the driving_site hint (see performance guide) to push work to the remote site or pull it local. It all depends on your particular query and explain plan.
Remember to use { code } (without the embedded spaces) tags to frame your code and explain plan so it remains formatted, if you post it here.

Best practice for VPD and remote tables

Not specifically an HTMLDB question, but here goes...
HTMLDB 1.6 on 9.2.0.4 connecting over database link (fixed username/password) to 9.2.0.4
I've currently "wrapped" access to the remote tables in views, i.e. view "T" in the HTMLDB parsing schema LOCAL_USER is defined as "SELECT * FROM T@remote"
I'd like to put VPD controls on my backend tables, but I don't get how v('APP_USER') (or even APP_USER put into an application context) would be seen by the remote database.
Should I just put VPD policies on LOCAL_USER's views and call it a day?
Thanks for input!
-John

If you implemented the VPD in the remote database, what would your VPD be restricting? All queries would apply the policy based on the DB link fixed username resulting in all users of the HTML DB application having same policy restrictions.
The policy in the remote database does not has access to the value of v('APP_USER'). That value is only available in the database that has HTML DB. You would have to write APIs in the remote database in PL/SQL functions/procedures to pass in the V('APP_USER') value to the remote database. This is doable, but cumbersome.
If you want to have your policy modify your WHERE clause on the fly based on your HTML DB user account, then I would implement the VPD in the database which has your HTML DB repository. I am not sure which of the two scenarios below occur when doing a SELECT * FROM T.
1.) The query goes across the database link, gets all the data out of table T in the remote database, passes back to the HTML DB database, and applies the policy WHERE clause modification in the HTML DB database.
2.) The query applies the policy WHERE clause modification to the view, goes across the database link with the WHERE clause modified, and gets only the data allowed based on the policy from the remote database.
You should test this out to find out for performance purposes what query is actually performed on the remote database.
As always if anyone sees anything inaccurate in what I have written, please correct me.
Mike

Can not insert through dblink in procedure

I have created one procedure which is selecting,inserting and updating data to another database on same server using dblink. it select and update data successfully but when it is going to insert using dblink it gives following error.
ORA-02019: connection description FOR remote DATABASE NOT FOUND
ORA-02063: preceding line FROM PAS
But when i executed same insert statement on sql prompt it is exeuted successfully.
insert into tab1@dblink values('blah','blah','blah');
I have dropped all my dblink and recreate it again i have given priveleges externally means insert any table,select any table,update any table to username.
but still i have recieved same error. Please guide me.
Global name of database is same as dblink name.
Thanks in advance
dhaval

1. select * from global_name
PAS and RATEPAS
I have created two database on same server.
named pas and ratepas.
I can not send procedure's code. but actual logic of procedure is selecting a record from temporary table and check whether it is a valid record on the basis of time_stamp and it is inserting a record to base table and update time_stamp to other two tables. and it is giving error only when
SELECT * FROM dba_db_links;
OWNER
DB_LINK
USERNAME
HOST
CREATED
PUBLIC
PAS
PASUSER
OWNER
DB_LINK
USERNAME
HOST
CREATED
pas125
13-OCT-05

Insert / update data to a table through DBLINK (oracle)

I try to insert / update a table from one instance of oracle database to another one through oracle dblink, get following error:
java.sql.SQLException: ORA-01008: not all variables bound
ORA-02063: preceding line from MYLINK
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134)
at oracle.jdbc.ttc7.TTIoer.processError(TTIoer.java:289)
at oracle.jdbc.ttc7.Oall7.receive(Oall7.java:582)
at oracle.jdbc.ttc7.TTC7Protocol.doOall7(TTC7Protocol.java:1986)
at oracle.jdbc.ttc7.TTC7Protocol.parseExecuteFetch(TTC7Protocol.java:1144)
at oracle.jdbc.driver.OracleStatement.executeNonQuery(OracleStatement.java:2152)
at oracle.jdbc.driver.OracleStatement.doExecuteOther(OracleStatement.java:2035)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:2876)
at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:609)
The same code to insert / update the exact same table in local instance works fine.No any binding problem. So i am pretty sure all ? mark in SQL are set with some value before sending to Oracle.
Someone please advise what is possible problem. Db link is not set correctly? or we can not update remote table by dblink.
By the way i can do insert / update from TOAD to the remote table through DBLINK. Problem happens only in Java code.
thanks!
Gary

dblink links from one database instance to another.
So it is certainly a source of possible problems when it works on one database and not another.
You should start by looking at the dblink and it possible testing it in the database not via java.
Note as well that that error suggests that it is coming from the Oracle database. I believe if you had a bind parameter problem in your java code that the error would come from the driver. But that is a guess on my part.

How can I access a database remote without using dblink, synonyms,aliases?

My store procedure access a remote tables using dblink, synonyms, alias, but by business company requirenments I nedd to use another data base access method. My PL/SQL statement looks like
select c.cus_id, c.cus_name, p.bankaccno
into v_cus_id, v_cus_name, v_bankaccno
from customer c, payment@finantial p
where c.cus_id = p.cus_id
Are any method else to connect to several remote databases concurrently?
If Yes, plase say me how is it, or tell me where do I obtain some examples, or any documentation.
Edited by: user518321 on Apr 21, 2009 1:58 PM
Ok, But I must not use any of these data base access method, metioned: dbliks, aliases, synonyms.
Edited by: user518321 on Apr 21, 2009 2:05 PM
Ok, It is enough for now, I am surprised for the response time and for their arguments, thanks a lot.
Edited by: user518321 on Apr 21, 2009 2:50 PM

If you want to access a table in a remote database using SQL, you will need a database link. It would be exceptionally odd for the business to require that you access a remote database and to prohibit the use of database links. What is the business reason for that combination?
If you want to look into rather more esoteric solutions, you could load a JDBC driver for the remote database, write a Java stored procedure that queries the remote table using that JDBC driver, and then cobble together some PL/SQL that joins the two result sets. You won't be able to reference the remote table in SQL and the solution won't scale well as data volumes increase and you'll be writing a whole lot of code to manually join tables together, but it does avoid database links. Of course, whatever concerns lead to the ban on database links would probably apply to loading a JDBC driver into the database and writing Java stored procedures to access the remote database, but since you haven't explained the reasoning behind the restrictions, we're just guessing.
Justin

Insert a blob in remote database using dblink

i have a view (it has a BLOB column) from where i need to select the records. After selecting i need to insert it into a synonym in the remote database through a db link.
if i execute the procedure i get error; ora-22992--cannot use LOB locators selected from remote table. My code is
INSERT INTO [email protected]
SELECT PID,RNO, PTYPE,blob_field
FROM view;
I dont wish to creat a temporary table and still wish to perform the above function.
So is there any method to do this. I tried with DBMS_LOB.APPEND but it didnt work out. Any solution will be greatly appreciated.
Thanks,
-Nitin

i have a view (it has a BLOB column) from where i need to select the records. After selecting i need to insert it into a synonym in the remote database through a db link.
if i execute the procedure i get error; ora-22992--cannot use LOB locators selected from remote table. My code is
INSERT INTO [email protected]
SELECT PID,RNO, PTYPE,blob_field
FROM view;
I dont wish to creat a temporary table and still wish to perform the above function.
So is there any method to do this. I tried with DBMS_LOB.APPEND but it didnt work out. Any solution will be greatly appreciated.
Thanks,
-Nitin

Help on VPD

I am trying to use VPD in our application. It works fine if I directly use SQL select statement. However I can not get the right reocrd set if the SQL statement in stored procedures, functions, or package. Your kind reply will be highly appreciated.

Find the issue.
If I logon into system use sys as sysdba and then grant exempt access policy to one user, then i get the problem. If I logon the current schema using one user with DBA roles, and then grant exempt access policy to one user, the whole system works fine now.
Thanks a lot.

Single Sign-On and VPDs

Hi - we're trying to implement a VPD on our company database at the moment and were wondering if a single sign-on architecture on our middle tier could be successfully tied to a VPD on the database tier. We have a number of clients, both internal and external, who will be accessing the database via the web and we need to control who sees what. Could you advise on the feasibility of this approach? Thanks

Hi Derick,
I want to make our discussion into 2 parts
1) Sign on
2) Viewing data based on the Heirarchy
1)Before discussing about the Sign on i want to know which connectivity you are using ? Live offcie or QaaWS.
2) We can make the second point possible in two ways One is with providing restriction at universe level
and the other one is through the use of flash variables.
Using flash variables:
The main idea of using flash variables is reading the User ID from BO authentication and based on that we fetch the Heirarchy level of that user. Then we use some excel logic to hide the data from Low level heirarchy(Here we use Dynamic Visibility for components).
I hope this is what you ar looking for....
If so i have more points to acheive such scenario.
Please provide the your BO environment details, such that it will be easy to identify the better best wat to acheve it.
Regards,
AnjaniKumar C.A.

How to get Win NT userid for setting VPD application context?

We are planning to implement row-level security using VPD. For that to happen, we need to capture the Windows NT userid since all the applications connect through a generic Oracle userid which will not help us.
Has anyone done this before? Your responses are appreciated.
Thanks.

SELECT osuser
FROM v$session
WHERE audsid = (SELECT USERENV ('sessionid') FROM dual)

How to copy a table with LONG and CLOB datatype over a dblink?

Hi All,
I need to copy a table from an external database into a local one. Note that this table has both LONG and CLOB datatypes included.
I have taken 2 approaches to do this:
1. Use the CREATE TABLE AS....
SQL> create table XXXX_TEST as select * from XXXX_INDV_DOCS@ext_db;
create table XXXX_TEST as select * from XXXX_INDV_DOCS@ext_db
ERROR at line 1:
ORA-00997: illegal use of LONG datatype
2. After reading some threads I tried to use the COPY command:
SQL> COPY FROM xxxx/pass@ext_db TO xxxx/pass@target_db REPLACE XXXX_INDV_DOCS USING SELECT * FROM XXXX_INDV_DOCS;
Array fetch/bind size is 15. (arraysize is 15)
Will commit when done. (copycommit is 0)
Maximum long size is 80. (long is 80)
CPY-0012: Datatype cannot be copied
If my understanding is correct the 1st statement fails because there is a LONG datatype in XXXX_INDV_DOCS table and 2nd one fails because there is a CLOB datatype.
Is there a way to copy the entire table (all columns including both LONG and CLOB) over a dblink?
Would greatelly appriciate any workaround or ideas!
Regards,
Pawel.

Hi Nicolas,
There is a reason I am not using export/import:
- I would like to have a one-script solution for this problem (meaning execute one script on one machine)
- I am not able to make an SSH connection from the target DB to the local one (although the otherway it works fine) which means I cannot copy the dump file from target server to local one.
- with export/import I need to have an SSH connection on the target DB in order to issue the exp command...
Therefore, I am looking for a solution (or a workaround) which will work over a DBLINK.
Regards,
Pawel.

Effect of RLS policy (VPD) on execution plan of a query

Hi
I have been working on tuning of few queries. A RLS policy is defined on most of the tables which appends an extra where condition (something like AREA_CODE=1). I am not able to understand the effect of this extra where clause on the execution plan of the query. In the execution plan there is no mention of the clause added by VPD. In 10046 trace it does show the policy function being executed but nothing after that.
Can someone shed some light on the issue that has VPD any effect on the execution plan of the query ? Also would it matter whether the column on which VPD is applied, was indexed or non-indexed ?
Regards,
Amardeep Sidhu

Amardeep Sidhu wrote:
I have been working on tuning of few queries. A RLS policy is defined on most of the tables which appends an extra where condition (something like AREA_CODE=1). I am not able to understand the effect of this extra where clause on the execution plan of the query. In the execution plan there is no mention of the clause added by VPD. In 10046 trace it does show the policy function being executed but nothing after that.
VPD is supposed to be invisible - which is why you get minimal information about security predicates in the standard trace file. However, if you reference a table with a security preidcate in your query, the table is effectively replaced by an inline view of the form: "select * from original_table where {security_predicate}", and the result is then optimised. So the effects of the security predicate is just the same as you writing the predicate into the query.
Apart from your use of v$sql_plan to show the change in plan and the new predicates, you can see the effects of the predicates by setting event 10730 with 10046. In current versions of Oracle this causes the substitute view being printed in the trace file.
Bear in mind that security predicates can be very complex - including subqueries - so the effect isn't just that of including the selectivity of "another simple predicate".
Can someone shed some light on the issue that has VPD any effect on the execution plan of the query ? Also would it matter whether the column on which VPD is applied, was indexed or non-indexed ?
Think of the effect of changing the SQL by hand - and how you would need to optimise the resultant query. Sometimes you do need to modify your indexing to help the security predicates, sometimes it won't make enough difference to matter.
Regards
Jonathan Lewis
http://jonathanlewis.wordpress.com
http://www.jlcomp.demon.co.uk
"Science is more than a body of knowledge; it is a way of thinking"
Carl Sagan
To post code, statspack/AWR report, execution plans or trace files, start and end the section with the tag {noformat}{noformat} (lowercase, curly brackets, no spaces) so that the text appears in fixed format.

Error with Bind Variable for dblink

Good morning,
I am attempting to implement some code in a pre-page process but having problems with it. I need to query a value from the database using a dblink that points at a different database depending upon the session. I have tried the following two approaches...
SELECT COALESCE(Attribute20,'PENDING')
INTO str_Import_Status
FROM GL_JE_LINES@&P0_INSTANCE.
WHERE JE_HEADER_ID = :P430_JE_HEADER
AND JE_LINE_NUM = :P430_JE_LINE;
as well as...
str_SQL_Statement := 'SELECT COALESCE(Attribute20,''PENDING'') '||
'INTO str_Import_Status '||
'FROM GL_JE_LINES@'||:P0_INSTANCE||' '||
'WHERE JE_HEADER_ID = '||:P430_JE_HEADER||' '||
'AND JE_LINE_NUM = '||:P430_JE_LINE||';';
EXECUTE IMMEDIATE str_SQL_Statement;
I am boggled because I completely expected the first approach to work. I have a similar statement in a post submit process which works fine. That statement is...
SELECT COUNT(*)
INTO num_Collector_Count
FROM XXMC_GL_TSG2FIMS_CROSSREF@&P0_INSTANCE.
WHERE Collector_Code = :P915_Collector_Code;
Any help or pointers on this would be greatly appreciated.
--Adam Cumming

Never mind....
After I posted this I realized I had a bad variable name. Syntax error

VPD+DBLINK

Similar Messages

Maybe you are looking for