限制用户级别的oracle触发器
Restrict on the user level oracle trigger
此触发器工作正常并限制 os_users
create or replace trigger TRG_Restrict
before create on database
DECLARE
v_osuser varchar(500);
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
select sys_context('userenv', 'os_user') into v_osuser from dual;
if (lower(v_osuser) not in ( 'alex','hales')) then
insert into TEMP_AUDIT_users
(ddl_date,
user_name,
ddl_type,
object_type,
object_name,
owner,
osuser,
host,
terminal,
IP_address)
VALUES
(sysdate,
ora_login_user,
ora_sysevent,
ora_dict_obj_type,
ora_dict_obj_name,
ora_dict_obj_owner,
v_osuser,
sys_context('USERENV', 'HOST'),
sys_context('USERENV', 'TERMINAL'),
SYS_CONTEXT('USERENV','IP_ADDRESS'));
commit;
begin
RAISE_APPLICATION_ERROR
(-20000,'Stop You Are Not Authorized To Make Any Change. Thank You :(
');
end;
end if;
end;
但是这个触发器应用于整个数据库,我想将它应用于选定的用户,请分享一些有用的东西。
假设您想以相同的方式向连接到该更改的数据库的用户添加约束,您将执行类似的触发器,并在其之上添加条件:
create or replace trigger TRG_Restrict
before create on database
DECLARE
v_osuser varchar(500);
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
v_osuser := sys_context('userenv', 'os_user') ;
-- condition on OS user
if (lower(v_osuser) not in ( 'alex','hales')) then
-- condition on user connected to Oracle
if (ora_login_user not in ('SYS', 'OKTOMODIFY_USER1', 'OKTOMODIFY_USER2') ) then
INSERT into TEMP_AUDIT_users
(ddl_date, user_name, ddl_type, object_type,
object_name, owner, osuser, host, terminal,
IP_address)
VALUES
(sysdate, ora_login_user, ora_sysevent, ora_dict_obj_type,
ora_dict_obj_name, ora_dict_obj_owner, v_osuser, sys_context('USERENV', 'HOST'), sys_context('USERENV', 'TERMINAL'),
SYS_CONTEXT('USERENV','IP_ADDRESS'));
commit;
begin
RAISE_APPLICATION_ERROR (-20000,'Stop You Are Not Authorized To Make Any Change. Thank You :( ');
end;
end if;
end if;
END;
(此处假设仅连接到 Oracle 进行修改 OK 为 'SYS'、'OKTOMODIFY_USER1' 和 'OKTOMODIFY_USER2' ,来自 OS 用户 Alex 和 Hales).
此触发器工作正常并限制 os_users
create or replace trigger TRG_Restrict
before create on database
DECLARE
v_osuser varchar(500);
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
select sys_context('userenv', 'os_user') into v_osuser from dual;
if (lower(v_osuser) not in ( 'alex','hales')) then
insert into TEMP_AUDIT_users
(ddl_date,
user_name,
ddl_type,
object_type,
object_name,
owner,
osuser,
host,
terminal,
IP_address)
VALUES
(sysdate,
ora_login_user,
ora_sysevent,
ora_dict_obj_type,
ora_dict_obj_name,
ora_dict_obj_owner,
v_osuser,
sys_context('USERENV', 'HOST'),
sys_context('USERENV', 'TERMINAL'),
SYS_CONTEXT('USERENV','IP_ADDRESS'));
commit;
begin
RAISE_APPLICATION_ERROR
(-20000,'Stop You Are Not Authorized To Make Any Change. Thank You :(
');
end;
end if;
end;
但是这个触发器应用于整个数据库,我想将它应用于选定的用户,请分享一些有用的东西。
假设您想以相同的方式向连接到该更改的数据库的用户添加约束,您将执行类似的触发器,并在其之上添加条件:
create or replace trigger TRG_Restrict
before create on database
DECLARE
v_osuser varchar(500);
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
v_osuser := sys_context('userenv', 'os_user') ;
-- condition on OS user
if (lower(v_osuser) not in ( 'alex','hales')) then
-- condition on user connected to Oracle
if (ora_login_user not in ('SYS', 'OKTOMODIFY_USER1', 'OKTOMODIFY_USER2') ) then
INSERT into TEMP_AUDIT_users
(ddl_date, user_name, ddl_type, object_type,
object_name, owner, osuser, host, terminal,
IP_address)
VALUES
(sysdate, ora_login_user, ora_sysevent, ora_dict_obj_type,
ora_dict_obj_name, ora_dict_obj_owner, v_osuser, sys_context('USERENV', 'HOST'), sys_context('USERENV', 'TERMINAL'),
SYS_CONTEXT('USERENV','IP_ADDRESS'));
commit;
begin
RAISE_APPLICATION_ERROR (-20000,'Stop You Are Not Authorized To Make Any Change. Thank You :( ');
end;
end if;
end if;
END;
(此处假设仅连接到 Oracle 进行修改 OK 为 'SYS'、'OKTOMODIFY_USER1' 和 'OKTOMODIFY_USER2' ,来自 OS 用户 Alex 和 Hales).