ORA-28113: policy predicate has error

All posts relating to Oracle database administration.

Moderator: Tim...

ORA-28113: policy predicate has error

Postby Guest » Mon Nov 01, 2004 6:09 pm

Hi,

I have a Oracle Label security in my system, and I have a policy that I apply in some tables. Among this tables only one generate the ORA-28113 error. In the trace file I have the following :

*** SESSION ID:(15.1323) 2004-10-25 11:43:29.343
*** 2004-10-25 11:43:29.343
-------------------------------------------------------------
Error information for ORA-28113:
Logon user : USUARIO_SCOMPS
Table/View : DM_EXDP.DOTACOES
Policy name : LBAC_RLSRC
Policy function: LBACSYS.LBAC_RLS.READ_FILTER
RLS predicate :
COLUNA_LABEL = sys_context('LBAC$0_LAB','LBAC$MINLABEL')
ORA-00904: "SYS_C00025_04100516:04:06$": invalid identifier

The function that I created is very simple :

CREATE OR REPLACE FUNCTION ATRIBUI_LABEL (
V_AN_CRED IN NUMBER,
V_UO IN NUMBER,
V_GESTAO IN NUMBER)

RETURN LBACSYS.LBAC_LABEL AS
v_label VARCHAR2(80) ;
BEGIN

IF (V_AN_CRED = 1989 AND V_UO IN (1010,1616,1717,2222) AND V_GESTAO = 1) OR
(V_AN_CRED = 1989 AND V_GESTAO IN (3,7,13,14,20,21,23,24,28)) THEN

v_label := 'LDM:RE:SCM';

END IF;

IF V_AN_CRED >= 2002 AND V_UO = 701 AND V_GESTAO = 1 THEN

v_label := 'LDM:RE:BEP';


END IF;

IF (V_AN_CRED = 1990 AND V_UO IN (700,1000,1100,1200,1700) AND V_GESTAO = 1)
OR (V_AN_CRED = 1990 AND V_GESTAO IN (6,17,18,19,22,26,27,29)) THEN

v_label := 'LDM:RE:SCO';

END IF;
RETURN TO_LBAC_DATA_LABEL('POLITICA_DISCOVERER',v_label);

END;
/

The labels in the table are correct, including in the problematic one.
Is anyone can help me , please?

Rodrigo.
Guest
 

RE:ORA-28113: policy predicate has error

Postby Guest » Mon Nov 01, 2004 6:09 pm

Hello,

Can you tell me about the GRANTs of your users?

Regards.
Guest
 

RE:ORA-28113: policy predicate has error

Postby Guest » Mon Nov 01, 2004 6:09 pm

Spilleto,

There is a diference beteween the GRANTs!
In the "problematic" table, the users who can access it have the ALL privillege, and in the others only SELECT one.

Is this a clue?

Thanks.
Guest
 

RE:ORA-28113: policy predicate has error

Postby Guest » Mon Nov 01, 2004 6:09 pm

Hi,

I was experienced the same problem :

In my policy definition, users can only read (select) the data on the tables.
But I had grant the ALL priv. to them.
I solve the problem with REVOKE ALL on tables from the users and GRANT (only)SELECT.And so, the job was done.
I dont know exactly what was wrong,but ...

Hope this help you.

Regards.
Guest
 

RE:ORA-28113: policy predicate has error

Postby Guest » Mon Nov 01, 2004 6:09 pm

Spilleto,


That solve my problems too.


Thank you so much!
Guest
 


Return to Oracle Database Administration

Who is online

Users browsing this forum: No registered users and 1 guest

cron