oracle 用户下建表进行加密(redact)实验
来源:互联网 发布:修改ssh命令默认端口 编辑:程序博客网 时间:2024/05/29 16:51
实验准备:oracle scott用户下建表进行加密(redact)实验
1. 加密准备工作:
REVOKE dba FROM SCOTT;
GRANT CONNECT, resource, unlimited tablespace TO SCOTT;
GRANT SELECT ON sys.redaction_policies TO SCOTT;
GRANT SELECT ON sys.redaction_columns TO SCOTT;
GRANT EXECUTE ONdbms_redact TO SCOTT;
查询约束和加密策略
SQL> selectpolicy_name from redaction_policies;
2. scott用户下创建2张表,并设置了主外键约束
create tablestudents(name varchar2(10) primary key not null,age varchar2(10),countvarchar2(10));
insert intostudents (name,age,count) values ('xxxxxx','vvvvvv','nnnnnn');
create tableclass(aa varchar2(10),name varchar2(10),cc varchar2(10));
insert intoclass (aa,name,cc) values ('zzzzzz','xxxxxx','cccccc');
alter tableclass ADD CONSTRAINT FK_name FOREIGN KEY(name) references students(name);
开始加密:
对scott用户下class表的name列进行加密:
BEGIN
DBMS_REDACT.ADD_POLICY (
object_schema =>'SCOTT',
object_name =>'CLASS',
policy_name =>'REDACT_EMP',
column_name =>'NAME',
function_type =>DBMS_REDACT.PARTIAL,
function_parameters =>'VVVVVV,VVVVVV,*,3,6',
expression =>'1=1',
enable => TRUE
);
END;
/
添加一列policy,对class表的AA列进行加密
BEGIN
DBMS_REDACT.ALTER_POLICY(
object_schema => 'SCOTT',
object_name => 'CLASS',
policy_name =>'REDACT_EMP',
action =>DBMS_REDACT.ADD_COLUMN,
column_name => 'AA',
function_type =>DBMS_REDACT.PARTIAL,
function_parameters =>'VVVVVV,VVVVVV,*,1,6'
);
END;
/
指定只对hr用户有效
BEGIN
DBMS_REDACT.ALTER_POLICY (
object_schema =>'SCOTT',
object_name =>'CLASS',
policy_name =>'REDACT_EMP',
column_name => 'AA',
action =>DBMS_REDACT.MODIFY_EXPRESSION,
expression => 'SYS_CONTEXT (''USERENV'',''SESSION_USER'' ) =''HR'''
);
END;
/
实验一:加密前查询下面语句,可以正常返回结果:
select distinct name from class order byname;
SQL>select distinct name from class order by name;
NAME
----------
xxxxxx
加密后错误,报错not a SELECTed expression:
SQL> select distinct name from class order by name;
select distinct name from class order by name
*
ERROR at line 1:
ORA-01791:not a SELECTed expression
加密后正确语法:
SQL> select name from (select distinct name fromclass order by name);
NAME
----------
xxxxxx
实验二:加密前查询下面语句,可以正常返回结果:
select distinctclass.name,class.aa,students.age
from class,students
where students.name=class.name
andclass.name<>'13'
andclass.cc='cccccc'
order by name asc;
SQL> select distinctclass.name,class.aa,students.age
fromclass,students
wherestudents.name=class.name
andclass.name<>'13'
andclass.cc='cccccc'
order by nameasc;
2 3 4 5 6
NAME AA AGE
---------- ---------- ----------
xxxxxx zzzzzz vvvvvv
加密后错误,报错not a SELECTed expression:
SQL> select distinctclass.name,class.aa,students.age
fromclass,students
wherestudents.name=class.name
andclass.name<>'13'
andclass.cc='cccccc'
order by nameasc;
2 3 4 5 6 selectdistinct class.name,class.aa,students.age
*
ERROR at line 1:
ORA-01791:not a SELECTed expression
加密后正确语法:
SQL> select name,aa,age
from (selectdistinct class.name,class.aa,students.age
fromclass,students
wherestudents.name=class.name
andclass.name<>'13'
andclass.cc='cccccc')
order by nameasc;
2 3 4 5 6 7
NAME AA AGE
---------- ---------- ----------
xxxxxx zzzzzz vvvvvv
删除编写策略(包括policy本身)
BEGIN
DBMS_REDACT.DROP_POLICY (
object_schema => 'SCOTT',
object_name => 'CLASS',
policy_name =>'REDACT_EMP');
END;
/
完。
- oracle 用户下建表进行加密(redact)实验
- oracle redact加密介绍和详细步骤
- 对用户的密码进行加密
- 用户登录对密码进行加密
- Oracle 对用户进行解锁
- 用RMAN进行Oracle的加密备份
- oracle中针对字段进行md5加密
- oracle redact数据编译后 查询报错 不是selected表达式
- 对用户输入的密码进行MD5加密
- php用户注册对密码进行MD5加密
- Telegram用户可使用TeleX AI进行加密货币交易
- 在命令行下进行Oracle用户解锁
- 对Oracle 11用户进行解锁
- 命令行下进行Oracle用户解锁
- 在命令行下进行Oracle用户解锁
- oracle使用触发器进行用户部门同步
- 在命令行下进行Oracle用户解锁
- 在命令行下进行Oracle用户解锁
- ajax获取当前城市天气情况
- UNITY 单例模式的模板
- ShareSDK使用中出现,WBMFPRSA闪退问题
- 【ASP.NET】--静态网页/动态HTML/动态网页/伪静态网页
- (无监督学习&&视频预测)所读论文[2]:Generating Videos with Scene Dynamics
- oracle 用户下建表进行加密(redact)实验
- SDN原理解析-转控分离的SDN架构—学习笔记一
- 阻塞队列ArrayBlockingQueue
- python 文件目录操作
- 解决iscroll5的上拉下拉的回弹问题
- python多进程、多线程详解
- 判断质数
- 读写锁和互斥锁的区别
- SIP交互流程及路由机制