i'm having this situation whereby user are using Dbeaver to access to DB2. There is some views created. At the moment user have the ability to use the Dbeaver to see the view DDL (back end code).
Question : how/is there any way to prevent the user see the view DDL?
much appreciate you advice
Look at the Db2 Obfuscation facility.
CALL DBMS_DDL.CREATE_WRAPPED ('CREATE OR REPLACE VIEW TEST_OBFUSCATED AS SELECT TABNAME FROM SYSCAT.TABLES WHERE TABSCHEMA LIKE ''SYS%''');
SELECT TEXT
FROM SYSCAT.VIEWS
WHERE VIEWSCHEMA = CURRENT SCHEMA AND VIEWNAME = 'TEST_OBFUSCATED';
TEXT
CREATE OR REPLACE VIEW TEST_OBFUSCATED WRAPPED SQL11014 long_meaningless_string
You may use this view as any other one in the same way, but its text is not visible for everyone.
Moreover, you can use this "strange" obfuscated statement to create the view from scratch. There is a scalar function which helps you to get this obfuscated statement without creation it first.
VALUES DBMS_DDL.WRAP ('CREATE OR REPLACE VIEW TEST_OBFUSCATED AS SELECT TABNAME FROM SYSCAT.TABLES WHERE TABSCHEMA LIKE ''SYS%''')
If someone still needs to view the real view text, you may use Row and column access control (RCAC) on the SYSIBM.SYSVIEWS table.
If you want your users to be able to select from a view, they must be able to obtain the definition of that view.
You can wrap the query against the view in a set-returning user-defined function, which has all privileges of its creator, presumably a DBA, and grant other users only the EXECUTE privilege on that function. You will then be able to revoke from your users the privileges to read system catalog tables that you don't want them to read.
Details in the manual.
Related
Very noob question, but how can I create a form in APEX that is not based on a database table?
For example, I am looking to create a "Change Password" form that consists of 3 fields:
USERNAME (display only, value populated with &APP_USER. from URL)
NEW_PSWD
CONFIRM_PSWD
None of these fields will be saved to the database, so not sure how to handle the SOURCE for the underlying form. My first thought was to just use a SQL statement like this:
SELECT '' as username,
'' as new_pswd,
'' as confirm_pswd
FROM DUAL;
Is there a better / more APEX way to handle this?
UPDATE: I understand how to set up a process to handle the logic, but more asking what should I select for the SOURCE? It "yells" at me if I select a TYPE (TABLE/VIEW, SQL QUERY, PLSQL FUNCTION BODY...) and do not put something in there.
Thanks in advance.
Don't use "Form" page type. Pick "Blank" instead.
Then
create a region on it
put any number of items (3 in your case)
create a button
create a process which will fire when you press that button
it should do "smart" things in the database - insert user into a table, change their password, whatever you plan to do
I want to create a view that containt a column which refers to the owner of this view. Something like that:
create or replace view scott.owner_v
as
select something() owner from dual;
Note: something() shouldn't necessary be a function or package reference. It can be anything that gives a desired output.
So querying select owner from scott.owner_v under JEREMY user, for example, would return SCOTT and when I compile such view in HR schema I get HR in owner column.
Maybe seems dumb to query SCOTT.owner_v to get SCOTT but I need it in terms of building DWH referring to different sources which are situated in different schemas. So then I would build dynamically a new view which is on a "higher" level that collects data from all schemas with extra column like owner which shows a source of data. I can put this column when building this "higher" view but I want to keep it as simple as it can be.
Obviously, I tried to place into a view the following parameters
sys_context('USERENV','CURRENT_USER')
sys_context('USERENV','CURRENT_SCHEMA')
user
but it refers to current logged user not to owner of the view.
Any help appreciated.
Just create local functions which returns own schemas in all schemas where do you want to create views:
create or replace function local_obj_owner return varchar2 as
begin
return $$PLSQL_UNIT_OWNER;
end;
/
Then add it into your views:
create view test_view as
select
local_obj_owner as view_owner,
dummy
from dual;
Try
select owner from all_views where view_name = 'OWNER_V';
and/or some alternatives (USER_VIEWS, DBA_VIEWS, ALL_OBJECS, ...).
I cannot seem to find a view which I created in one of my schemas within TOAD. Lets assume I don't know the exact schema in which I've created it, is there any way where I can find all the create statements which have been executed within a period of time, lets say the last days.
Thank you in advance.
If you created the view, just query ALL the views, and order by the date in which it was created.
select * from dba_objects
where object_type = 'VIEW'
order by created desc, last_ddl_time desc
We're hitting DBA_ views to make sure we look at EVERYTHING, not just the things you have PRIVS for. Switch to ALL_ views in case you lack access, and hope you didn't create the view in a schema in which your current logon can't see.
The other way to go is query the views themselves and key in on the table you think you included in the SQL behind the view.
SELECT *
FROM dba_views
WHERE UPPER (text_vc) LIKE '%EMPLOYEES%';
You might be looking for a feature called "SQL Recall" in Toad. Press F8 or View/SQL Recall. It will show you the SQL you ran in the last month or so.
How can I see and modify procedure code in another schema? Right now I'm doing
select * from all_source
where name = 'MY_PROCEDURE'
But that's awful.
I think, the simplest way is to show a screenshot:
In the connections panel expand you connection so you can see the list of object types (tables, views, etc.). Scroll to the bottom of that list and you'll see the last entry is 'Other Users'. Expand that and find the owner of the procedure in that new sub-list. Expand that and scroll down their object type list, expand the 'Procedures' list, and double-click the name of the procedure you're interested in.
That will let you see the source code. To modify it you will need your DBA to grant you the appropriate privileges, if they think it's a valid thing for you to be doing.
If you already have access to the schema you can just create a new connection using that, which would make this simpler.
This question may be Toad specific. I have no idea how Oracle stores views, so I'll explain what happens when I use Toad. If I get an answer that is Oracle specific, so much the better.
I have created a rather complex view. To make it clearer, I have formatted the code nicely, and entered some comments where needed. When I need to make changes to the view, I use Toad's "describe objects" window, where I can find a script to recreate the view. The only problem is that all my formatting is gone. Comments before the select keyword (but after "create view xxx as") will also disappear.
If I enter this script to create a view:
create or replace view TestViewFormatting as
-- Here I have a long comment explaining the role of the
-- view and certain things to be aware of if changing it.
-- Unfortunately this comment will disappear...
select
name, --This comment will be kept
accountnumber --This also
from
debtable
where
name like 'S%';
Toad will display this when I describe it later:
DROP VIEW XXX.TESTVIEWFORMATTING;
/* Formatted on 04.07.2012 09:35:45 (QP5 v5.185.11230.41888) */
CREATE OR REPLACE FORCE VIEW XXX.TESTVIEWFORMATTING
(
NAME,
ACCOUNTNUMBER
)
AS
select name, --This comment will be kept
accountnumber --This also
from debtable
where name like 'S%';
Note that the first comment has disappeared, and that the format is totally different.
I suspect that Oracle doesn't store the code of the view, just some parsed version, and when Toad brings up the script, it reverses this parsed version and generates a script on the fly.
What will I have to do to make Toad/Oracle keep the original formatting?
(PS: I know I can change the settings for Toad's code formatter, but this is not what I want to do. Due to some questionable choices in my past, this particular view has several levels of inline views, and I need a very specific formatting to make it clear what happens)
select text from user_views
where view_name = 'YOUR_VIEW_NAME';
I've tested with:
create view z_v_test as
select
-- te
--st
* from
dual;
and it keeps even the blank line.
Another way is to use DBMS_METADATA:
select dbms_metadata.get_ddl('VIEW', 'YOUR_VIEW_NAME', user) from dual
This works not only for views, but also for (nearly) all kind of database objects (tables, triggers, functions, ...).