ORACLE AUTHID DEFINER與AUTHID CURRENT

分類:編程 時間:2016-11-04

在編寫PLSQL程序時,對於授權的考慮很重要。Oracle PLSQL中提供兩種授權選擇:

--AUTHID DEFINER (定義者權限):指編譯存儲對象的所有者。也是默認權限模式。

--AUTHID CURRENT_USER(調用者權限):指擁有當前會話權限的模式,這可能和當前登錄用戶相同或不同(alter session set current_schema 可以改變調用者Schema)

來看下官方的解釋:

By default, stored procedures and SQL methods execute with the privileges of their owner, not their current user. Suchdefiner's rights subprograms are bound to the schema in which they reside, allowing you to refer to objects in the same schema without qualifying their names. For example, if schemas HR and OEboth have a table called departments, a procedure owned by HR can refer to departments rather than HR.departments. If user OE calls HR's procedure, the procedure still accesses the departments table owned by HR.

A more maintainable way is to use the AUTHID clause, which makes stored procedures and SQL methods execute with the privileges and schema context of the calling user. You can create one instance of the procedure, and many users can call it to access their own data.

默認情況,程序以其擁有者身份(定義者)執行。定義者權限的程序與其所在模式綁定,調用對象不需要加上模式完整名稱。例如,假如模式HR和OE都有deparments表,HR擁有的程序可直接調用departments而不用HR.departments.而如果OE調用HR的程序,程序仍然調用的是HR的departments.

如果希望不同模式(schema)調用相同的程序卻可以操作各自擁有的對象,就可以在定義程序的時候加上AUTHID CURRENT_USER。

\ \

下面舉例說明2中授權機制:

---------------------------------------------------------------

C:\Users\Administrator>sqlplus sys/oracle@orcl as sysdba
查看一下sys模式下user_tables表記錄數:
sys@ORCL> select count(*) from user_tables;

  COUNT(*)
----------
       972
創建2個對比函數:

get_count is default auth mode. When another user calls this function it will use SYS's user_tables

sys@ORCL> CREATE OR REPLACE FUNCTION get_count RETURN NUMBER AUTHID DEFINER IS
  2      table_count NUMBER;
  3    BEGIN
  4      SELECT COUNT(*) INTO table_count FROM user_tables;
  5
  6      RETURN table_count;
  7    END;
  8    /

函數已創建。

get_count2 is CURRENT_USER auth mode. When another user calls this function it will use its user_tables 

sys@ORCL>  CREATE OR REPLACE FUNCTION get_count2 RETURN NUMBER AUTHID CURRE
NT_USER IS
  2      table_count NUMBER;
  3    BEGIN
  4      SELECT COUNT(*) INTO table_count FROM user_tables;
  5
  6      RETURN table_count;
  7    END;
  8    /

函數已創建。

下面進行授權操作: 

sys@ORCL> grant execute on get_count to hr;

授權成功。

sys@ORCL> grant execute on get_count2 to hr;

授權成功。


sys@ORCL> conn hr/hr;
已連接。
hr@ORCL> SELECT sys.get_count FROM dual;

 GET_COUNT
----------
       972

hr@ORCL> SELECT sys.get_count2 FROM dual;

GET_COUNT2
----------
         7

結果一目了然。

定義者權限模式確保我們能控制對集中式DML操作。
而調用者權限模式則確保我們能控制對分布式數據的DML操作。

詳細信息請參考資料:點擊打開鏈接http://download.csdn.net/detail/indexman/6642375

-----------------------------------

Dylan presents.


Tags:

文章來源:

ads
ads
相關文章
ads

相關文章

ad