Modul Thuc Hanh Co So Du Lieu Rieng Ao

MODUL THC HNH KIM TON

HC VIN K THUT MT M

KHOA AN TON THNG TIN

MODUL THC HNH C S D LIU RING OMC LC1I. MC TIU THC HNH

2II. KCH BN THC HNH

3III. NI DUNG THC HNH

33.1 MODUL HNG DN CI T ORACLE 10G

103.2 MODUL HNG DN NG CNH NG DNG

163.3MODUL HNG DN BO MT MC HNG

253.4 MODUL HNG DN BO MT MC CT

263.5 QUYN EXEMPT ACCESS POLICY

27IV. PH LC

274.1 CC THUC TNH TRONG NG CNH MC NH USERENV

I. MC TIU THC HNHVPD l tn vit tt ca Virtual Private Database hay cn c gi l CSDL ring o. VPD cho php bn thc hin bo mt ti mt mc thp nht trc tip trn cc bng hoc cc khung nhn. Bi v chnh sch bo mt gn trc tip vo cc bng, khung nhn v c t ng p dng bt c khi no ngi dng truy xut d liu, khng c cch no b qua s kim tra ny.Khi mt ngi dng trc tip hoc gin tip truy xut mt bng, khung nhn c bo v bng mt chnh sch VPD, my ch t iu chnh mt cch ng cu lnh SQL ca ngi s dng. S iu chnh ny da trn iu kin WHERE (v t) c tr li bi mt chc nng thc hin chnh sch bo mt. Cu lnh c iu chnh mt cch ng, trong sut vi ngi dng, s dng bt k iu kin c th c biu din bn trong, hoc c tr li bng mt chc nng. Nhng chnh sch VPD c th c p dng cho nhng cu lnh SELECT, INSERT, UPDATE, INDEX, v DELETE. Nhng chc nng m tr li nhng v t cng c th bao gm li gi n cc chc nng khc. Bn trong gi PL/SQL ca bn, bn c th nhng vo C hoc Java m c th truy xut thng tin h iu hnh, hoc tr v nhng mnh WHERE ty bin. Mt chc nng chnh sch c th tr v nhng v t khc nhau cho tng ngi dng, tng nhm hoc cho tng ng dng. S dng nhng chc nng chnh sch trn t ng ngha c th thay th cho vic duy tr mt khung nhn ring bit cho mi ngi dng hoc lp ngi dng, s lu tr trn khng ng k trong b nh v ti nguyn x l.Chnh v vy, mc tiu ca modul thc hnh ny l gip sinh vin hiu c tm quan trng ca CSDL ring o v bit c cch thc thc hin cc k thut CSDL ring o trn CSDL Oracle gm:+ Ng cnh ng dng (Application context)+Bo mt mc hng (Row-Level Security)+ Bo mt mc ct (Column Sensitive VPD)II. KCH BN THC HNHMt bng nhn vin c cu trc nh sau:

NhanVien(

MaNV varchar(10) primary key,

TenTaiKhoan varchar(30),

TenNV varchar(30),

Phong varchar(30),

ChucVu varchar(30),

Luong int);

V bao gm cc bn ghi:

Yu cu bi ton:

Vi ti khon GIM C th c th SELECT, INSERT, UPDATE, DELETE tt c cc bn ghi. Vi ti khon TRNG PHNG th c th SELECT, INSERT, UPDATE, DELETE tt c cc bn ghi thuc cng phng lm vic ca mnh. Vi ti khon NHN VIN th ch c SELECT c bn ghi ca chnh mnh. Cc ti khon ch c th xem c gi tr Lng ca bn thn m khng th xem c Lng ca ngi khc.

III. NI DUNG THC HNHThc hnh c s d liu ring o c chia thnh 4 modul nh, bao gm:

Modul 1: Hng dn ci t Oracle 10g. Modul 2: Hng dn ng cnh ng dng. Modul 3: Hng dn bo mt mc hng. Modul 4: Hng dn bo v mc ct. Modul 5: Quyn Exempt Access Policy.Cc cng c s dng: Oracle 10g, Oracle 11g (bt buc) SQL Developer (ty chn)Cc ti liu cn c km theo

[1] Oracle Corporation, Oracle9iDatabase Concepts Release 2 (9.2), Part Number A96524-01, 2002.[2] Oracle Corporation, Database Security Guide 10gRelease 1 (10.1) Part Number B10773-01, 2002.[3] Adam Cecchetti Leviathan Security Group, Inc. Oracle Database Server 11g, Version 1.0.1, January 2009.Cch thc nh gi, chm im cc bi thc hnh thc hin: Mi modul thc hnh s c chm theo thang im 10, ty theo mc hon thnh ca sinh vin chm. im thc hnh ca mn hc s l im trung bnh chung ca cc modul thc hnh ny.3.1 MODUL HNG DN CI T ORACLE 10G- Mc ch: Ci t Oracle 10g- Yu cu:

+ Ti Oracle 10g

+ Ti Jdk development 7- Bc 1: Ci t JDK Development

n next

Chn hoc thay i v tr ci t Jdk, n next v ch i s ra ca s mi nh sau.

n next v ch i, sau n Close kt thc ci t JDK Development.

Bc 2: Ci t Oracle database 10g.

n next v chn I accept chp nhn cc thut ng trong license.

Chn th mc ci t Oracle 10g

in password cho ngi dng SYSTEM

Xem li nhng thit lp v n Install tin hnh ci t

Kt thc ci t Oracle Database 10g.

Nu bn cm thy to CSDL bng cu lnh trn SQL command line hay trn Database home page qu kh khan th cc bn c th ti v SQL developer thc hin CSDL bng giao din ha. V SQL developer chy trn nn ca java, nhng do trong file system 32 thiu file MSCVR100.dll, nn ta c th ti file v v t trong file system 32 hoc c th ci vcredist_x86 nh sau:n tch vo I have v Install

n Finish kt thc.

3.2 MODUL HNG DN NG CNH NG DNGMc ch: nhm gip sinh vin hiu c ng cnh ng dng l g v cch to ra n nh th no.Yu cu: ci t Oracle v ng nhp bng mt ti khon c quyn to ng cnh ng dng.

a. Gii thiu v ng cnh ng dng

Ng cnh ng dng (Application context) l mt tp cc cp thuc tnh - gi tr c lu trong b nh. N c xc nh, thit lp v ly ra bi ngi dng v cc ng dng. Cc thuc tnh lin quan c nhm li thnh mt nhm v c truy cp theo tn ca n. Bng cch lu tr cc gi tr v cc thuc tnh trong b nh, sau chia s chng da trn ng cnh s gip vic truy xut cc gi tr nhanh chng hn.Thng thng cc ng cnh ng dng cha mt s thuc tnh chng hn nh tn mt ngi dng, mt t chc, mt quy tc, hay mt tiu . Cc chnh sch bo mt c th c tham chiu ti cc thuc tnh ny khi ngi dng ang kim sot truy nhp. Vic lu tr cc gi tr trong b nh, vi cc cu truy vn ging nhau, h thng s ly cng mt gi tr trong ng cnh ng dng, nh vy s tit kim c thi gian. V vy m trong ti liu bo mt thng cha cc ng cnh ng dng. Tuy nhin khng phi tt c ng cnh ng dng c s dng trong vic thc thi bo mt hay ngc li.

Ng cnh mc nh

Oracle cung cp mt ng cnh mc nh cho mi phin s dng CSDL. N c khng gian tn l USERNV. Hu ht cc thuc tnh trong USRENV c nh sn bi CSDL. Nu ta s dng cc ng cnh mc nh ny th vn tr nn n gin v sng sa hn. Bi USERENV cung cp rt nhiu thuc tnh hu ch chng hn nh thng tin v mi trng ngi dng, a ch IP ca my khch, tn ngi dng y quyn, giao thc c s dng kt ni.

V d c php sau y tr v thng tin ca phin hin ti.

SYS_CONTEXT('userenv', 'tn thuc tnh')

Ng cnh cc b

Khc vi USERENV nh danh ngi dng v thuc tnh khch hng u c thit lp bi ngi dng th ng cnh cc b c thit lp ring cho tng phin lm vic. Ng cnh cc b h tr kh nng xc nh khng gian tn ring da trn cc thuc tnh b sung.

b. Chun b bng v cc schema thc hnhng nhp vo SQL*Plus bng ngi dng SYS di quyn SYSDBA:

conn / as sysdba

To ti khon Congty v phn quyn:

create user congty identified by 123456;

GRANT UNLIMITED TABLESPACE TO congty;

grant create session to congty;

grant resource to congty;

Thot khi ti khon SYS v ng nhp bng ti khon Congty va to:disconnect

conn congty/123456

To bng nhn vin:

create table NhanVien(

MaNV varchar(10) primary key,

TenTaiKhoan varchar(30),

TenNV varchar(30),

Phong varchar(30),

ChucVu varchar(30),

Luong int);

Chn d liu vo bng nhn vin:

insert into NhanVien values('nv001','khanhnx','Nguyen Xuan Khanh','','Giam Doc',3000);

insert into NhanVien values('nv002','truyennt','Hoang Minh Truyen','Lap Trinh','Truong phong',2500);

insert into NhanVien values('nv003','huongnt','Nguyen Thi Thanh Huong','Ke Hoach','Truong phong',2300);

insert into NhanVien values('nv004','trangnt','Nguyen Thi Thuy Trang','Lap Trinh','Nhan Vien',1000);

insert into NhanVien values('nv005','anhtt','Tran Trung Anh','Ke Hoach','Nhan Vien',800);

insert into NhanVien values('nv006','anhnt','Nguyen Thi Van Anh','Ke Hoach','Nhan Vien',900);

insert into NhanVien values('nv007','vulv','Le Van Vu','Lap Trinh','Nhan Vien',1100);

insert into NhanVien values('nv008','chinhbv','Bui Van Chinh','Ke Hoach','Nhan Vien',850);

commit;Kim tra cc bn ghi va chn

SELECT * from NhanVien;

Quay tr li ti khon SYS to cc ti khon nhn vin khc:disconnect

conn / as sysdba

-- To ti khon gim c

create user khanhnx identified by 123456;

grant create session to khanhnx;

-- To ti khon trng phng lp trnh

create user truyenhm identified by 123456;

grant create session to truyenhm;

-- To ti khon trng phng k hoch

create user huongnt identified by 123456;

grant create session to huongnt;

-- To ti khon nhn vin

create user trangnt identified by 123456;

grant create session to trangnt;

-- To ti khon dng qun tr ng cnh ng dng, VPD

create user QuanTriVPD identified by 123456;

grant create session to QuanTriVPD;

grant create session, create any context, create procedure, create trigger, administer database trigger to QuanTriVPD;

grant execute on dbms_session to QuanTriVPD;

grant execute on dbms_rls to QuanTriVPD;ng nhp vo ti khon Congty gn quyn thao tc ln bng Nhanvien cho cc ti khon va to:

disconnect

conn congty/123456

grant select,insert,update,delete on NhanVien to khanhnx;

grant select,insert,update,delete on NhanVien to truyenhm;

grant select,insert,update,delete on NhanVien to huongnt;

grant select,insert,update,delete on NhanVien to trangnt;

grant select,insert,update,delete on NhanVien to QuanTriVPD;ng nhp vo ti khon gim c khanhnx kim tra bng nhn vin:

disconnect

conn khanhnx/123456select * from congty.nhanvien;

c. To ng cnh ng dng cc bKhi to mt ng cnh ng dng, ta cn phi cho n mt ci tn v lin kt n vi mt Package PL/SQL cha cc hm nh ngha gi tr ca cc thuc tnh.Di y l cu lnh to mt ng cnh ThongTinTaiKhoan lin kt vi PL/SQL TTTK_PKGCREATE OR REPLACE CONTEXT ThongTinTaiKhoan USING TTTK_PKG;

Cc gi tr trong ng cnh ng dng c thit lp bng cch gi th tc DBMS_SESION.SET_CONTEXT t trnh qun l khng gian tn. Trong ng cnh ng dng ta to mt cp thuc tnh - gi tr lin quan ti ng dng ca chng ta.DBMS_SESSION.set_context('Tn NCD','Tn Thuc Tnh',Gi tr thuc tnh);

Thc hnh:ng nhp vo ti khon QuanTriVPD:

disconnect

conn QuanTriVPD/123456

Khi to ng cnh ng dng

CREATE OR REPLACE CONTEXT ThongTinTaiKhoan USING TTTK_PKG;

Cu hnh package TTTK_PKG

CREATE OR REPLACE PACKAGE TTTK_PKG IS

PROCEDURE GetTTTK;

END;

CREATE OR REPLACE PACKAGE BODY TTTK_PKG IS

PROCEDURE GetTTTK

AS

TaiKhoan varchar(30);

tenPhong varchar(30);

tenChucVu varchar(30);

tenMaNV varchar(10);

BEGIN

-- S dng ng cnh mc nh USERENV ly ra tn ti khon ang kt ni ti CSDL

TaiKhoan := LOWER(SYS_CONTEXT('USERENV','SESSION_USER'));

-- To NCD ThongTinTaiKhoan c thuc tnh GetTaiKhoan cha tn ti khon

DBMS_SESSION.set_context('ThongTinTaiKhoan','GetTaiKhoan',TaiKhoan);

-- Nu l khanhnx th thuc tnh GetChucVu c gi tr l gim c

if (TaiKhoan = 'khanhnx') then DBMS_SESSION.set_context('ThongTinTaiKhoan','GetChucVu','Giam Doc');

else

-- Nu l truyenhm th l trng phng lp trnh

if (TaiKhoan = 'truyenhm') then

DBMS_SESSION.set_context('ThongTinTaiKhoan','GetChucVu','Truong phong');

DBMS_SESSION.set_context('ThongTinTaiKhoan','GetPhong','Lap Trinh');

else

-- Nu l huongnt th l trng phng k hoch

if (TaiKhoan = 'huongnt') then

DBMS_SESSION.set_context('ThongTinTaiKhoan','GetChucVu','Truong phong');

DBMS_SESSION.set_context('ThongTinTaiKhoan','GetPhong','Ke Hoach');

-- Cn li l nhn vin

else

DBMS_SESSION.set_context('ThongTinTaiKhoan','GetChucVu','Nhan Vien');

end if;

end if;

end if;

EXCEPTION

WHEN NO_DATA_FOUND THEN NULL;

END GetTTTK;

END; ng cnh ng dng t ng th phi thm mt TRIGGER rng buc sau khi ng nhp vo CSDL:CREATE OR REPLACE TRIGGER RangBuocTTTK AFTER LOGON ON DATABASE

BEGIN QuanTriVPD.TTTK_PKG.GetTTTK;

EXCEPTION

WHEN NO_DATA_FOUND

THEN

NULL;

END;ng nhp vo ti khon gim c khanhnx kim tra ng cnh ng dng va to:disconnect

conn khanhnx/123456

select SYS_CONTEXT('ThongTinTaiKhoan','GetChucVu') from DUAL;

ng nhp vo ti khon trng phng lp trnh truyenhm:

disconnect

conn truyenhm/123456

select SYS_CONTEXT('ThongTinTaiKhoan','GetChucVu') from DUAL;

select SYS_CONTEXT('ThongTinTaiKhoan','GetPhong') from DUAL;

select SYS_CONTEXT('ThongTinTaiKhoan','GetTaiKhoan') from DUAL;

Nh vy ng cnh ng dng c to thnh cng. Tuy cng mt cu lnh nhng vi nhng ti khon khc nhau th ng cnh ng dng s tr v nhng kt qu khc nhau. Do chng ta c th ly ra c chc v, phng lm vic ca ti khon ang kt ni ti CSDL tip tc s dng cho modul tip theo.3.3MODUL HNG DN BO MT MC HNGMc ch:

p dng c chnh sch bo mt mc hng ln cc cu lnh SELECT, INSERT, UPDATE, DELETE Xa b cc chnh sch bo mt va to.Yu cu:

ci t Oracle 10g trn my.

c ng cnh ng dng t modul thc hnh trc.L thuyt:

RLS (Row Level Security - Bo mt mc hng) l mt chnh sch bo mt mc hng cho php gii hn vic truy xut cc hng da trn mt chnh sch bo mt c hin thc bng PL/SQL. Mt chnh sch bo mt m t cc quy nh qun l vic truy xut cc dng d liu. thc hin RLS, u tin ta to 1 hm PL/SQL tr v mt chui String. String ny cha cc iu kin ca chnh sch bo mt m ta mun hin thc. Hm PL/SQL va c to trn sau c ng k cho cc bng, khung nhn m ta mun bo v bng cch dng package PL/SQL DBMS_RLS. Khi c mt cu truy vn ca bt k user no trn i tng c bo v, Oracle s ni chui c tr v t hm nu trn vo mnh WHERE ca cu lnh SQL ban u, nh s lc c cc hng d liu theo cc iu kin ca chnh sch bo mt. Vy ta c th tm lc c ch lm vic ca LRS gm 3 bc sau: Bc 1: To Function PL/SQL tr v String A. Bc 2: To chnh sch bo mt p dng vo table, view m mun bo v. Bc 3: Khi User thc hin mt cu truy vn SQL. H thng s gn String A vo sau mnh WHERE.

Mt u im ca RLS l ta c th thay i ni dung ca chnh sch bo mt bng cch vit li function hin thc chnh sch (Bc 1) m khng cn phi ng k li chnh sch cho i tng cn bo v (Bc 2).

a. Cu lnh SELECT

Chng ta s to ra mt RLS :

Khi gim c SELECT bng nhn vin th s b qua khng thm v t no c Khi trng phng SELECT th t ng thm v t WHERE Phong = Lap Trinh hoc WHERE Phong = Ke Hoach ch c th ly c cc bn ghi thuc cng phng lm vic ca mnh. Khi nhn vin SELECT th t ng thm v t WHERE TaiTaiKhoan = Tn ti khon ch c th ly ra c mi bn ghi ca bn thn.

ng nhp vo ti khon QuanTriVPDdisconnect

conn QuanTriVPD/123456

To Function PL/SQL tr v String

CREATE OR REPLACE FUNCTION Select_Nhanvien(schema_p IN VARCHAR2,table_p IN VARCHAR2)RETURN VARCHAR2ASgetChucVu varchar(50);trave varchar2(1000);BEGINSELECT SYS_CONTEXT('ThongTinTaiKhoan', 'GetChucVu') into getChucVu FROM DUAL;trave := '1=2';if (getChucVu = 'Giam Doc') then

trave := NULL;elseif (getChucVu = 'Truong phong') thentrave := 'Phong = (SELECT SYS_CONTEXT(''ThongTinTaiKhoan'', ''GetPhong'') FROM DUAL)';elsetrave := 'TenTaiKhoan = (SELECT SYS_CONTEXT(''ThongTinTaiKhoan'', ''GetTaiKhoan'') FROM DUAL)';end if;end if;RETURN trave;

END;To chnh sch bo mtBEGIN

DBMS_RLS.ADD_POLICY (

object_schema => 'CongTy',

-- Tn schema s hu i tng object_name => 'NhanVien',

-- i tng c gn chnh sch bo mt policy_name => 'VPD_Select_Nhanvien',

-- Tn chnh sch function_schema => 'QuanTriVPD',

-- Schema to chnh sch ny policy_function => 'Select_Nhanvien',

-- Function ca chnh sch statement_types => 'SELECT'

-- Cu lnh b nh hng bi chnh sch);

END;

ng nhp vo ti khon gim c khanhnx:disconnect

conn khanhnx/123456

SELECT * FROM Congty.Nhanvien;

Gim c c th thy c tt c cc bn ghi.

ng nhp vo ti khon trng phng lp trnh truyenhm:disconnect

conn truyenhm/123456


Trng phng lp trnh ch c th thy cc bn ghi phng lp trnh

ng nhp vo ti khon trng phng k hoch huongnt:disconnect

conn huongnt/123456


Trng phng k hoch ch c th thy cc bn ghi phng k hoch

ng nhp vo ti khon nhn vin trangnt:disconnect

conn trangnt/123456


Nhn vin ch c th thy c mi bn ghi ca bn thnb. Cu lnh INSERT, UPDATE, DELETE

Chng ta s to ra mt RLS :

Khi gim c INSERT, UPDATE, DELETE bng nhn vin th s b qua khng thm v t no c Khi trng phng INSERT, UPDATE, DELETE th t ng thm v t WHERE Phong = Lap Trinh hoc WHERE Phong = Ke Hoach ch nhng bn ghi thuc cng phng lm vic mi b nh hng Khi nhn vin INSERT, UPDATE, DELETE th t ng thm v t WHERE 1=2. Bi v 1=2 lun sai nn cu lnh lun tr v 0 bn ghi, do nhn vin khng th INSERT, UPDATE, DELETE bn ghi ca bn thn mnh.

ng nhp vo ti khon QuanTriVPD

CREATE OR REPLACE FUNCTION INSERTUPDATEDELETE_Nhanvien(schema_p IN VARCHAR2,table_p IN VARCHAR2)RETURN VARCHAR2ASgetChucVu varchar(50);trave varchar2(1000);BEGINSELECT SYS_CONTEXT('ThongTinTaiKhoan', 'GetChucVu') into getChucVu FROM DUAL;trave := '1=2';if (getChucVu = 'Giam Doc') thentrave := NULL;elseif (getChucVu = 'Truong phong') thentrave := 'Phong = (SELECT SYS_CONTEXT(''ThongTinTaiKhoan'', ''GetPhong'') FROM DUAL)';elsetrave := '1=2';end if;end if;RETURN trave;

END;

BEGIN

DBMS_RLS.ADD_POLICY (


object_name => 'NhanVien',

policy_name => 'VPD_IDD_Nhanvien',

function_schema => 'QuanTriVPD',

policy_function => 'INSERTUPDATEDELETE_Nhanvien',

statement_types => 'INSERT,UPDATE,DELETE',

update_check => TRUE

);

END;ng nhp ti khon trng phng lp trnh truyenhm:

UPDATE congty.nhanvien SET luong = luong +10000;

commit;

Ta thy ch c 3 bn ghi c update.Th insert 2 bn ghi:

insert into Congty.NhanVien values('nv009','thietph','Pham Huu Thiet','Lap Trinh','Nhan Vien',800);

Commit;

insert into Congty.NhanVien values('nv010','trongtv','Tran Viet Trong','Ke Hoach','Nhan Vien',800);

Trng phng lp trnh ch c th INSERT c bn ghi thuc phng lp trnh ch khng th INSERT c bn ghi thuc phng k hoch.Kim tra cc li cc bn ghi:select * from congty.nhanvien;

ng nhp ti khon trng phng k hoch huongnt:

UPDATE congty.nhanvien SET luong = luong - 400;

commit;

Ch c 4 bn ghi c update.

Th insert 2 bn ghi:

insert into Congty.NhanVien values('nv010','trongtv','Tran Viet Trong','Ke Hoach','Nhan Vien',800);

Commit;

insert into Congty.NhanVien values('nv011','phongnx','Nguyen Xuan Phong','Lap Trinh','Nhan Vien',800);

Trng phng k hoch khng th INSERT bn ghi nhn vin phng lp trnh.

Kim tra li cc bn ghi:select * from congty.nhanvien;

ng nhp ti khon nhn vin trangnt:

UPDATE congty.nhanvien SET luong = luong +10000;

Khng th update thay i lng.

insert into Congty.NhanVien values('nv011','phongnx','Nguyen Xuan Phong','Lap Trinh','Nhan Vien',800);

Khng th INSERT.DELETE FROM congty.nhanvien;

Khng th delete bt k nhn vin no.

ng nhp ti khon gim c kim tra li cc thay i ln cui:

select * from congty.nhanvien;

c. Xa b cc chnh sch bo mtBEGIN

DBMS_RLS.DROP_POLICY (



policy_name => 'VPD_Select_Nhanvien'

);

END;

BEGIN

DBMS_RLS.DROP_POLICY (



policy_name => 'VPD_IDD_Nhanvien'

);

END;

3.4 MODUL HNG DN BO MT MC CTMc ch: p dng c chnh sch bo mt mc hng ln bng nhn vinYu cu: Ci t Oracle 10g. thc hnh c cc modul trc.ng nhp vo ti khon QuanTriVPD:

CREATE OR REPLACE FUNCTION only_view_salary (p_schema IN VARCHAR2 DEFAULT NULL,p_object IN VARCHAR2 DEFAULT NULL)RETURN VARCHAR2ASBEGIN RETURN 'TenTaiKhoan = (SELECT SYS_CONTEXT(''ThongTinTaiKhoan'', ''GetTaiKhoan'') FROM DUAL)';

END;

BEGIN

DBMS_RLS.add_policy

(object_schema => 'CongTy',


policy_name => 'VPD_only_view_salary',

function_schema => 'QuanTriVPD',

policy_function => 'only_view_salary',

statement_types => 'SELECT',

sec_relevant_cols => 'Luong',

sec_relevant_cols_opt => DBMS_RLS.all_rows);

END;

ng nhp vo ti khon gim c khanhnx:

ng nhp vo ti khon trng phng lp trnh truyenhm:

ng nhp vo ti khon trng phng k hoch huonght:

3.5 QUYN EXEMPT ACCESS POLICY

Tuy RLS cung cp mt k thut bo mt rt tt, nhng n cng dn n mt s kh chu khi thc hin cc tc v qun tr CSDL (V d: Backup d liu). Nh bit, ngay c cc DBA v ngi ch ca cc i tng cng khng th trnh c cc chnh sch bo mt. Nu ngi ch ca mt bng no thc hin backup d liu ca bng trong khi cc chnh sch bo mt trn n vn c tc dng, rt c th file backup s khng c d liu no ht. V l do ny, Oracle cung cp quyn EXEMPT ACCESS POLICY. Ngi c cp quyn ny s c min khi tt c cc chnh sch. Ngi qun tr c nhim v thc hin backup cn c quyn ny m bo rng tt c cc d liu s c backup li.GRANT EXEMPT ACCESS POLICY TO Backup_CSDL;

Do y l quyn rt mnh, khng ch nh trn c th mt schema hay object no nn ta cn cn trng trong vic qun l xem ai c php nm gi quyn ny. Mc nh, nhng user c cc quyn SYSDBA s c quyn ny (account SYS).

IV. PH LC

4.1 CC THUC TNH TRONG NG CNH MC NH USERENV

Tn thuc tnhGi tr tr v

ACTIONID v tr trong module (application name) v c thit lp thng quaDBMS_APPLICATION_INFOpackage hoc OCI.

AUDITED_CURSORIDTr v ID cursor ca phin m Triggered bi kim ton. Tham s ny khng hp l trong mt mi trng kim ton mc mn.

AUTHENTICATED_IDENTITYTr v ID ngi dng c s dng trong xc thc.

AUTHENTICATION_DATAD liu ang c s dng xc thc ngi dng ng nhp.

AUTHENTICATION_METHODTr v phng thc xc thc.

BG_JOB_IDID cng vic ca phin hin ti nu n c thnh lp bi mt tin trnh nn.

CLIENT_IDENTIFIERTr v ID c thit lp bi ng dng thng quath tc DBMS_SESSION.SET_IDENTIFIER, thuc tnh OCI_ATTR_CLIENT_IDENTIFIER ca OCI, hoc lp Java Oracle.jdbc.OracleConnection.setClientIdentifier.

CLIENT_INFOTr v kch thc ln ti 64 byte thng tin phin ngi dng c lu tr bi DBMS_APPLICATION_INFOpackage.

CURRENT_BINDCc bin rng buc i vi kim ton mc mn.

CURRENT_SCHEMATn ca schema hin ti.

CURRENT_SCHEMAIDID schema hin ti.

CURRENT_SQL

CURRENT_SQLnCURRENT_SQLtr v 4K byte du tin ca SQL Triggered kim ton mc mn hin ti.

CURRENT_SQLntr v 4K byte tip theo.

CURRENT_SQL_LENGTH di ca SQL Triggered kim ton mc mn hin ti.

DB_DOMAINTn min ca CSDL.

DB_NAMETn ca CSDL.

DB_UNIQUE_NAMETn duy nht ca CSDL.

ENTRYIDS Entry kim ton hin ti.

ENTERPRISE_IDENTITYTr v ID ngi dng doanh nghip.

FG_JOB_IDID cng vic ca phin hin ti nu n c thnh lp bi mt tin trnh ni bt.

GLOBAL_CONTEXT_MEMORYTr v s ang c s dng System Global Area.

GLOBAL_UIDTr v ID ngi dng ton cc t Oracle Internet Directory for Enterprise User Security.

HOSTTn my ch m Client kt ni ti.

IDENTIFICATION_TYPETr v cch m schema c to trong CSDL.

INSTANCES ID ca Instance hin ti.

INSTANCE_NAMETn ca Instance hin ti.

IP_ADDRESSa ch IP ca my ch m Client kt ni ti.

ISDBATr v TRUEnu ngi dng xc thc c c quyn DBA.

LANGCh vit tt ISO cho tn ngn ng.

LANGUAGENgn ng v lnh th ang c s dng bi phin ngi dng.

MODULETn ng dng c thit lp thng qua OCI hoc DBMS_APPLICATION_INFO.

NETWORK_PROTOCOLGiao thc mng c s dng lin lc.

NLS_CALENDARLch ca phin hin ti.

NLS_CURRENCYn v tin t ca phin hin ti.

NLS_DATE_FORMATnh dng ngy ca phin.

NLS_DATE_LANGUAGENgn ng c s dng din t ngy.

NLS_SORTBINARY hoc linguistic.

NLS_TERRITORYLnh th ca phin hin ti.

OS_USERTn ti khon OS bt u phin.

POLICY_INVOKERInvoker ca RLS policy functions.

PROXY_ENTERPRISE_IDENTITYTr v Oracle Internet Directory DN khi ti khon proxy l ti khon doanh nghip.

PROXY_GLOBAL_UIDID ti khon ton cc t Oracle Internet Directory for Enterprise User Security. NULLcho tt c ti khon proxy khc.

PROXY_USERTn ca ngi dng m phin hin ti trn danh ngha ca SESSION_USER.

PROXY_USERIDID ca ngi dng m phin hin ti trn danh ngha ca SESSION_USER.

SERVER_HOSTTn my ch ang chy.

SERVICE_NAMETn dch v m phin kt ni.

SESSION_USERi vi ti khon doanh nghip th tr v schema. i vi ngi dng khc, tr v tn ti khon CSDL m ngi dng hin ti xc thc.

SESSION_USERIDID ca ngi dng CSDL m ngi dng hin ti c xc thc.

SESSIONIDID phin kim ton.

SIDS phin (khc vi sessionID).

STATEMENTIDnh danh bo co kim ton. STATEMENTIDtr v s lng cc cu SQL c kim ton trong phin c th.

TERMINALnh danh OS ca client trong phin hin ti.

PAGE 19

Modul Thuc Hanh Co So Du Lieu Rieng Ao

Documents

Transcript of Modul Thuc Hanh Co So Du Lieu Rieng Ao