Hi,
I have a Oracle Label security in my system, and I have a policy that I apply in some tables. Among this tables only one generate the ORA-28113 error. In the trace file I have the following :
*** SESSION ID:(15.1323) 2004-10-25 11:43:29.343
*** 2004-10-25 11:43:29.343
-------------------------------------------------------------
Error information for ORA-28113:
Logon user : USUARIO_SCOMPS
Table/View : DM_EXDP.DOTACOES
Policy name : LBAC_RLSRC
Policy function: LBACSYS.LBAC_RLS.READ_FILTER
RLS predicate :
COLUNA_LABEL = sys_context('LBAC$0_LAB','LBAC$MINLABEL')
ORA-00904: "SYS_C00025_04100516:04:06$": invalid identifier
The function that I created is very simple :
CREATE OR REPLACE FUNCTION ATRIBUI_LABEL (
V_AN_CRED IN NUMBER,
V_UO IN NUMBER,
V_GESTAO IN NUMBER)
RETURN LBACSYS.LBAC_LABEL AS
v_label VARCHAR2(80) ;
BEGIN
IF (V_AN_CRED = 1989 AND V_UO IN (1010,1616,1717,2222) AND V_GESTAO = 1) OR
(V_AN_CRED = 1989 AND V_GESTAO IN (3,7,13,14,20,21,23,24,28)) THEN
v_label := 'LDM:RE:SCM';
END IF;
IF V_AN_CRED >= 2002 AND V_UO = 701 AND V_GESTAO = 1 THEN
v_label := 'LDM:RE:BEP';
END IF;
IF (V_AN_CRED = 1990 AND V_UO IN (700,1000,1100,1200,1700) AND V_GESTAO = 1)
OR (V_AN_CRED = 1990 AND V_GESTAO IN (6,17,18,19,22,26,27,29)) THEN
v_label := 'LDM:RE:SCO';
END IF;
RETURN TO_LBAC_DATA_LABEL('POLITICA_DISCOVERER',v_label);
END;
/
The labels in the table are correct, including in the problematic one.
Is anyone can help me , please?
Rodrigo.
ORA-28113: policy predicate has error
Moderator: Tim...
5 posts
• Page 1 of 1
RE:ORA-28113: policy predicate has error
by Guest » Mon Nov 01, 2004 6:09 pm
Hello,
Can you tell me about the GRANTs of your users?
Regards.
Can you tell me about the GRANTs of your users?
Regards.
- Guest
RE:ORA-28113: policy predicate has error
by Guest » Mon Nov 01, 2004 6:09 pm
Spilleto,
There is a diference beteween the GRANTs!
In the "problematic" table, the users who can access it have the ALL privillege, and in the others only SELECT one.
Is this a clue?
Thanks.
There is a diference beteween the GRANTs!
In the "problematic" table, the users who can access it have the ALL privillege, and in the others only SELECT one.
Is this a clue?
Thanks.
- Guest
RE:ORA-28113: policy predicate has error
by Guest » Mon Nov 01, 2004 6:09 pm
Hi,
I was experienced the same problem :
In my policy definition, users can only read (select) the data on the tables.
But I had grant the ALL priv. to them.
I solve the problem with REVOKE ALL on tables from the users and GRANT (only)SELECT.And so, the job was done.
I dont know exactly what was wrong,but ...
Hope this help you.
Regards.
I was experienced the same problem :
In my policy definition, users can only read (select) the data on the tables.
But I had grant the ALL priv. to them.
I solve the problem with REVOKE ALL on tables from the users and GRANT (only)SELECT.And so, the job was done.
I dont know exactly what was wrong,but ...
Hope this help you.
Regards.
- Guest
RE:ORA-28113: policy predicate has error
by Guest » Mon Nov 01, 2004 6:09 pm
Spilleto,
That solve my problems too.
Thank you so much!
That solve my problems too.
Thank you so much!
- Guest
5 posts
• Page 1 of 1
Return to Oracle Database Administration
Who is online
Users browsing this forum: No registered users and 1 guest