SEC_RELEVANT_COLS_OPT Forces DYNAMIC POLICY_TYPE (Doc ID 734311.1)

Last updated on JULY 23, 2009

Applies to:

Oracle Server - Enterprise Edition - Version: 10.2.0.1 to 11.1.0.7
This problem can occur on any platform.

Symptoms

A RLS policy will always be created as DYNAMIC if the parameter SEC_RELEVANT_COLS_OPT is used while adding the policy with DBMS_RLS. Parameter POLICY_TYPE specified while adding the policy is not taken into account.

 

conn / as sysdba

create user test identified by test;
grant connect, resource to test;

create table test.testtable(name varchar2(100), id number);

create or replace function test.fn_dp_policy(schema_var IN VARCHAR2,
table_var IN VARCHAR2)
return varchar2 is
begin
null;
return '1=1';
end;
/


begin
dbms_rls.drop_policy(object_schema=>'TEST',
object_name=>'testtable',policy_name => 'CP_DP');
end;
/

BEGIN
dbms_rls.add_policy(object_schema => 'TEST',
object_name => 'TESTTABLE',
policy_name => 'CP_DP',
function_schema => 'TEST',
policy_function => 'FN_DP_POLICY',
sec_relevant_cols=>'NAME',
sec_relevant_cols_opt=>dbms_rls.ALL_ROWS,
long_predicate =>FALSE,
static_policy=>true,
POLICY_TYPE => dbms_rls.context_sensitive);
END;
/

select policy_name, static_policy, policy_type, object_owner, object_name
from dba_policies
where object_owner='TEST';


POLICY_NAME STA POLICY_TYPE OBJECT_OWNER OBJECT_NAME
----------- --- ----------- ------------ -------------
CP_DP       NO  DYNAMIC     TEST         TESTTABLE


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms