I'm running into an oracle error,
ORA-00933: SQL command not properly ended
With the follwing.
insert into TableOne (name, description, scopeid, readonly)
Select 'access', 'Some Description', 0, 0 from dual
where not exists(SELECT * FROM Privilege WHERE name = 'access')
/
insert into TableTwo (name, uuid, description, scopeid)
Select 'Role','ROLE_UUID','Another description.', 0 from dual
where not exists(SELECT * FROM Role WHERE uuid = 'ROLE_UUID')
/
I have added semicolons at the end of each statement before the '/'.
Any suggestions where I may be wrong?
You didn't post CREATE TABLE statements so I did that myself.
SQL> create table privilege as
2 select 'some name' name from dual;
Table created.
SQL> create table role as
2 select 'some UUID' uuid from dual;
Table created.
SQL> create table tableone
2 (name varchar2(10),
3 description varchar2(20),
4 scopeid number,
5 readonly number);
Table created.
SQL> create table tabletwo
2 (name varchar2(10),
3 uuid varchar2(10),
4 description varchar2(20),
5 scopeid number);
Table created.
SQL>
Let's run insert statements you posted as exact copy/paste (I didn't change anything):
SQL> insert into TableOne (name, description, scopeid, readonly)
2 Select 'access', 'Some Description', 0, 0 from dual
3 where not exists(SELECT * FROM Privilege WHERE name = 'access')
4 /
1 row created.
SQL> insert into TableTwo (name, uuid, description, scopeid)
2 Select 'Role','ROLE_UUID','Another description.', 0 from dual
3 where not exists(SELECT * FROM Role WHERE uuid = 'ROLE_UUID')
4 /
1 row created.
SQL>
Apparently, both of them work and no ORA-00933 (SQL command not properly ended) is raised. Therefore, either you didn't post everything you should have, or you're misinterpreting reality.
Related
Is there a Oracle data dictionary table that associates a trigger with its trigger audit table?
enter image description here
You can check out DBA_DEPENDENCIES
SELECT *
FROM dba_dependencies
WHERE TYPE = 'TRIGGER' AND referenced_type = 'TABLE';
Query user_dependencies.
For example:
SQL> create or replace trigger trg_test
2 before insert on emp
3 for each row
4 begin
5 insert into dept (deptno) values (:new.deptno);
6 insert into owner (id_owner, name) values (:new.empno, :new.ename);
7 end;
8 /
Trigger created.
SQL> select referenced_name, referenced_type
2 from user_dependencies
3 where referenced_owner = user
4 and name = 'TRG_TEST';
REFERENCED_NAME REFERENCED_TYPE
-------------------- ------------------
DEPT TABLE --> trigger line #5
EMP TABLE --> trigger line #2
OWNER TABLE --> trigger line #6
SQL>
Bonus: there's that nice view called dictionary. If you query it, it reveals useful information and shows which tables (views) you could try to query to find information you need. In this very case:
SQL> select table_name, comments
2 from dictionary
3 where lower(comments) like '%dependenc%';
TABLE_NAME COMMENTS
------------------------------ ------------------------------------------------------------
ALL_DEPENDENCIES Dependencies to and from objects accessible to the user
ALL_XSC_SECURITY_CLASS_DEP All security class dependencies in the database
USER_DEPENDENCIES Dependencies to and from a users objects
SQL>
I created 1 object.
create type tab_billing as object(invoice_no number,
customername varchar2(100)
);
Now i created a table with the object as a column.
CREATE TABLE tab1 (col1 number,COL2 tab_billing);
Is there anyway I can ONLY select invoice_no from the tab1.
select col2 from tab1;
Is givng me both invoice_no and customername. Substr function is not working here.
You can query the column value's object field directly, but to avoid confusing the object name resolution steps you have to supply and use a table alias:
select t1.col2.invoice_no from tab1 t1;
This is mentioned in the documentation:
To avoid inner capture and similar problems resolving references, Oracle Database requires you to use a table alias to qualify any dot-notational reference to subprograms or attributes of objects.
Qualifying the column with the the table name isn't enough; using select tab1.col2.invoice_no from tab1 gets ORA-00904. You have to use a table alias - although, slightly bizarrely, it still works if the alias is the same as the table name, so select tab1.col2.invoice_no from tab1 tab1 (i.e. aliasing tab1 as tab1, which is normally redundant) works too.
Quick demo:
create type tab_billing as object(invoice_no number,
customername varchar2(100)
);
/
Type TAB_BILLING compiled
CREATE TABLE tab1 (col1 number,COL2 tab_billing);
Table TAB1 created.
insert into tab1 values (1, tab_billing(42, 'Test'));
1 row inserted.
select t1.col2.invoice_no from tab1 t1;
COL2.INVOICE_NO
---------------------------------------
42
You can use TREAT:
SQL> create type tab_billing as object(invoice_no number,
2 customername varchar2(100)
3 );
4 /
Type created.
SQL> CREATE TABLE tab1 (col1 number,COL2 tab_billing);
Table created.
SQL> insert into tab1 values (1, tab_billing(10, 'ten')) ;
1 row created.
SQL> select col1,
2 TREAT(col2 AS tab_billing).invoice_no as invoice_no,
3 TREAT(col2 AS tab_billing).customername as customername
4 from tab1;
COL1 INVOICE_NO CUSTOMERNAME
------ ---------- --------------------
1 10 ten
Using Oracle VPD, after adding a policy and creating a function, I was able to hide a column from unauthorized users.
But instead of (null) how can i show something like 'xxxxxx'
Also in the function I am validation for the user login, like
if sys_context( 'userenv', 'session_user' ) = 'USER1'
what is the best approach to remove this hard coding in the function?
Thanks in advance.
in order to return text in the place of not null, you'd have to create a view over top of the table to change null into the static literal you wanted, as the only option in VPD would be to hide the rows or set the secret columns to NULL.
for your second part of your question, if you are using that check to determine who has access to the sensitive columns, you can use a role instead and have the VPD function check this like:
return 'exists (select null from session_roles where role = ''XXXXXX'')';
i.e. whomever has the role XXXXXX (just create an appropriate role and grant it to your privileged users) set in their session can see the data. That way you don't need to hard code a bunch of user ids.
e.g:
if we create a role and grant it to a test user:
SQL> create role ACCESS_TABLEA_SEC_COL;
Role created.
SQL> grant ACCESS_TABLEA_SEC_COL to test;
Grant succeeded.
for my set up ive created a simple test table + a policy that stops people reading the your_sec_col column.
SQL> create or replace package pkg_security_control
2 as
3 function apply_access(p_owner in varchar2, p_obj_name in varchar2) return varchar2;
4 end;
5 /
Package created.
SQL> create or replace package body pkg_security_control
2 as
3 function apply_access(p_owner in varchar2, p_obj_name in varchar2)
4 return varchar2
5 is
6 begin
7 return 'exists (select null from session_roles where role = ''ACCESS_TABLEA_SEC_COL'')';
8 end;
9 end;
10 /
Package body created.
SQL> create table TABLEA
2 (
3 id number primary key,
4 your_sec_col varchar2(30)
5 );
Table created.
SQL> insert into tablea values (1, 'secret text1');
1 row created.
SQL> insert into tablea values (2, 'secret text2');
1 row created.
now if we select from that table and we don't have the ACCESS_TABLEA_SEC_COL role, we'd get:
SQL> select *
2 from tablea;
ID YOUR_SEC_COL
---------- ------------------------------
1
2
but you want a string like xxxxx. VPD itself cannot do this, but a view could decode NULL to that string.
SQL> create view v_tablea
2 as
3 select id, case when your_sec_col is null then 'xxxxxx' else your_sec_col end your_sec_col
4 from TABLEA;
View created.
now selecting from the view will , depending on whether the role is set:
SQL> set role none;
Role set.
SQL> select *
2 from tablea;
ID YOUR_SEC_COL
---------- ------------------------------
1
2
SQL> select *
2 from v_tablea;
ID YOUR_SEC_COL
---------- ------------------------------
1 xxxxxx
2 xxxxxx
SQL> set role all;
Role set.
SQL> select *
2 from v_tablea;
ID YOUR_SEC_COL
---------- ------------------------------
1 secret text1
2 secret text2
SQL> select *
2 from tablea;
ID YOUR_SEC_COL
---------- ------------------------------
1 secret text1
2 secret text2
so VPD still protects your table against anyone selecting from it, but you'd have clients select from the view to get the literal string instead. If your protected strings can contain NULL, and you want to differentiate those from no access, you can put the role check in the view instead.
create view v_tablea
as
select id,
case (select 'A' from session_roles where role = 'ACCESS_TABLEA_SEC_COL')
when 'A' then your_sec_col else 'xxxxxxxx' end your_sec_col
from TABLEA;
I am using an oracle 11 table with interval partitioning and list subpartitioning like this (simplified):
CREATE TABLE LOG
(
ID NUMBER(15, 0) NOT NULL PRIMARY KEY
, MSG_TIME DATE NOT NULL
, MSG_NR VARCHAR2(16 BYTE)
) PARTITION BY RANGE (MSG_TIME) INTERVAL (NUMTOYMINTERVAL (1,'MONTH'))
SUBPARTITION BY LIST (MSG_NR)
SUBPARTITION TEMPLATE (
SUBPARTITION login VALUES ('FOO')
, SUBPARTITION others VALUES (DEFAULT)
)
(PARTITION oldvalues VALUES LESS THAN (TO_DATE('01-01-2010','DD-MM-YYYY')));
How do I drop a specific subpartitition for a specific month without knowing the (system generated) name of the subpartition? There is a syntax "alter table ... drop subpartition for (subpartition_key_value , ...)" but I don't see a way to specify the month for which I am deleting the subpartition. The partition administration guide does not give any examples, either. 8-}
You can use the metadata tables to get the specific subpartition name:
SQL> insert into log values (1, sysdate, 'FOO');
1 row(s) inserted.
SQL> SELECT p.partition_name, s.subpartition_name, p.high_value, s.high_value
2 FROM user_tab_partitions p
3 JOIN
4 user_tab_subpartitions s
5 ON s.table_name = p.table_name
6 AND s.partition_name = p.partition_name
7 AND p.table_name = 'LOG';
PARTITION_NAME SUBPARTITION_NAME HIGH_VALUE HIGH_VALUE
--------------- ------------------ ------------ ----------
OLDVALUES OLDVALUES_OTHERS 2010-01-01 DEFAULT
OLDVALUES OLDVALUES_LOGIN 2010-01-01 'FOO'
SYS_P469754 SYS_SUBP469753 2012-10-01 DEFAULT
SYS_P469754 SYS_SUBP469752 2012-10-01 'FOO'
SQL> alter table log drop subpartition SYS_SUBP469752;
Table altered.
If you want to drop a partition dynamically, it can be tricky to find it with the ALL_TAB_SUBPARTITIONS view because the HIGH_VALUE column may not be simple to query. In that case you could use DBMS_ROWID to find the subpartition object_id of a given row:
SQL> insert into log values (4, sysdate, 'FOO');
1 row(s) inserted.
SQL> DECLARE
2 l_rowid_in ROWID;
3 l_rowid_type NUMBER;
4 l_object_number NUMBER;
5 l_relative_fno NUMBER;
6 l_block_number NUMBER;
7 l_row_number NUMBER;
8 BEGIN
9 SELECT rowid INTO l_rowid_in FROM log WHERE id = 4;
10 dbms_rowid.rowid_info(rowid_in =>l_rowid_in ,
11 rowid_type =>l_rowid_type ,
12 object_number =>l_object_number,
13 relative_fno =>l_relative_fno ,
14 block_number =>l_block_number ,
15 row_number =>l_row_number );
16 dbms_output.put_line('object_number ='||l_object_number);
17 END;
18 /
object_number =15838049
SQL> select object_name, subobject_name, object_type
2 from all_objects where object_id = '15838049';
OBJECT_NAME SUBOBJECT_NAME OBJECT_TYPE
--------------- --------------- ------------------
LOG SYS_SUBP469757 TABLE SUBPARTITION
As it turns out, the "subpartition for" syntax does indeed work, though that seems to be a secret Oracle does not want to tell you about. :-)
ALTER TABLE TB_LOG_MESSAGE DROP SUBPARTITION FOR
(TO_DATE('01.02.2010','DD.MM.YYYY'), 'FOO')
This deletes the subpartition that would contain MSG_TIME 2010/02/01 and MSG_NR FOO. (It is not necessary that there is an actual row with this exact MSG_TIME and MSG_NR. It throws an error if there is no such subpartition, though.)
Thanks for the post - it was very useful for me.
One observation though on the above script to identify the partition and delete it:
The object_id returned by dbms_rowid.rowid_info is not the object_id of the all_objects table. It is actually the data_object_id. It is observed that usually these ids match. However, after truncating the partitioned table several times, these ids diverged in my database. Hence it might be reasonable to instead use the data_object_id to find out the name of the partition:
select object_name, subobject_name, object_type
from all_objects where data_object_id = '15838049';
From the table description of ALL_OBJECTS:
OBJECT_ID Object number of the object
DATA_OBJECT_ID Object number of the segment which contains the object
http://docs.oracle.com/cd/B19306_01/appdev.102/b14258/d_rowid.htm
In the sample code provided in the above link, DBMS_ROWID.ROWID_OBJECT(row_id) is used instead to derive the same information that is given by dbms_rowid.rowid_info. However, the documentation around this sample mentions that it is a data object number from the ROWID.
Examples
This example returns the ROWID for a row in the EMP table, extracts
the data object number from the ROWID, using the ROWID_OBJECT function
in the DBMS_ROWID package, then displays the object number:
DECLARE object_no INTEGER; row_id ROWID; ... BEGIN
SELECT ROWID INTO row_id FROM emp
WHERE empno = 7499; object_no := DBMS_ROWID.ROWID_OBJECT(row_id); DBMS_OUTPUT.PUT_LINE('The obj. # is
'|| object_no); ...
I need to create a sequence and a trigger to auto-increment the primary key on a table but I have no idea on how to do it.
Create the table and the sequence
SQL> create table staff (
2 emp_id number primary key,
3 staff_name varchar2(100)
4 );
Table created.
SQL> create sequence emp_id_seq;
Sequence created.
Now, you can create a trigger that uses the sequence to populate the primary key
SQL> create trigger trg_emp_id
2 before insert on staff
3 for each row
4 begin
5 select emp_id_seq.nextval
6 into :new.emp_id
7 from dual;
8 end;
9 /
Trigger created.
Now, when you insert data, you woon't need to specify the EMP_ID column-- it will automatically be populated by the trigger
SQL> insert into staff( staff_name ) values ('Justin');
1 row created.
SQL> select * from staff;
EMP_ID STAFF_NAME
---------- --------------------
1 Justin
Read this, Beautiful article.
how sequence [auto increment in oracle]
syntax
Create sequence sequence_name
start with value
increment by value
minvalue value
maxvalue value;
example
SQL> create table emp (
emp_id number(10),
fname varchar2(25),
lname varchar2(25),
constraint pk_emp_id PRIMARY KEY(emp_id)
);
SQL> Create sequence emp_sequence
start with 1
increment by 1
minvalue 1
maxvalue 10000;
SQL> insert into emp (emp_id,fname,lname) values(emp_sequence.nextval,'Darvin','Johnson');
SQL> insert into emp (emp_id,fname,lname) values(emp_sequence.nextval,'Mig','Andrews');
SQL> insert into emp (emp_id,fname,lname) values(emp_sequence.nextval,'Alex','Martin');
SQL> insert into emp (emp_id,fname,lname) values(emp_sequence.nextval,'Jon','paul');
SQL> insert into emp (emp_id,fname,lname) values(emp_sequence.nextval,'Yatin','Bones');
in emp_sequence.nextval where emp_sequence is the name of sequence we created above and nextval is a function that is used to assign the next number from emp_sequence to emp_id column in emp table.
SQL> select * from emp;
EMP_ID FNAME LNAME
---------- ------------------------- -------------------------
1 Darvin Johnson
2 Mig Andrews
3 Alex Martin
4 Jon paul
5 Yatin Bones
Try this:
create sequence seq_EmpID start with 1 increment by 1
insert into Emp_Table values(seq_EmpID.nextval,'Ram')
I am not sure which version of Oracle you are using, but the following will work in 19c:
create table staff (
emp_id NUMBER GENERATED BY DEFAULT ON NULL AS IDENTITY PRIMARY KEY,
staff_name varchar2(100)
);
https://docs.oracle.com/en/database/other-databases/nosql-database/19.3/java-driver-table/creating-tables-identity-column.html
The command above creates a system sequence that is automatically employed to populate the key value. you cannot drop the sequence created as it is a system sequence, but because of the dependency on the column when the table is dropped and the recycle bin purged it is removed.
Very good question!!
Probably sequence can be used in this way - also, I am not sure if there really is a difference :
CREATE SEQUENCE emp_id_seq MINVALUE 1 START WITH 1 INCREMENT BY 1 CACHE 10;
First creating the table :
sql-> create table item(id int primary key, name varchar(25),qty int, price int);
Now we want to make auto increment sequence to the first column i.e. id
sql-> CREATE SEQUENCE id MINVALUE 1 START WITH 1 CACHE 10; //system saves the last 10 items in temp memory
This will create auto increment.
Now we are inserting data:
sql-> insert into item VALUES(id.nextval,'ddcd',2,4);
sql-> insert into item VALUES(id.nextval,'ddcd',676,4);
Finally Displaying the table :
SQL> select * from item;
ID NAME QTY PRICE
1 ddcd 2 4
2 ddcd 676 4
If you use a sequence for several tables, because the value of the sequence is inconsistent example:
we have two tables emp and depeartement:
If I use the sequence on emp I would have: ID_dept = 6 because the 5 is already used in the other table.
example :
SQL> insert into emp values(masequence.nextval,'aaa');
1 ligne crÚÚe.
SQL> insert into departement values(masequence.nextval,'aaa');
1 ligne crÚÚe.
SQL> select * from emp;
ID_EMP NOM_EMP
---------- -------------------------
5 aaa
SQL> select * from departement;
ID_DEPT NOM_DEPT
---------- ----------
6 aaa
SQL>