oracle - DBMS_PARALLEL_EXECUTE 和间接授予对过程的授权
问题描述
我刚刚遇到了一些奇怪的 DBMS_PARALLEL_EXECUTE 行为(至少对我而言)。查看我的预设(作为 SYS 执行):
-- Preset
drop user usr1 cascade;
create user usr1 identified by usr1;
create or replace procedure usr1.do_stuff(p1 in number, p2 in number)
is
begin
dbms_output.put_line('I did stuff!');
end;
/
drop user usr2 cascade;
create user usr2 identified by usr2;
grant connect to usr2;
grant create job to usr2;
drop role stuff_doer cascade;
create role stuff_doer;
grant execute on usr1.do_stuff to stuff_doer;
grant stuff_doer to usr2;
所以我创建了 2 个用户,第一个用户有一个赋予stuff_doer
角色的过程。后来这个角色被赋予了usr2
。
然后我将其检查为usr2
:
SQL*Plus: Release 11.2.0.4.0 Production on Fri May 22 12:14:10 2020
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Enter user-name: usr2@db
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> set serveroutput on
SQL> set linesize 400
SQL> exec usr1.do_stuff(1,1);
I did stuff!
PL/SQL procedure successfully completed.
SQL> DECLARE
2 l_task_name VARCHAR2(100) := 'task_name';
3 l_splitter VARCHAR2(4000) := 'select 1, 1 from dual';
4 l_exec_stmt VARCHAR2(1000) := 'begin usr1.do_stuff(:start_id, :end_id); end;';
5 BEGIN
6 FOR line IN (SELECT d.task_name
7 FROM user_parallel_execute_tasks d
8 WHERE d.task_name = l_task_name)
9 LOOP
10 dbms_parallel_execute.drop_task(task_name => line.task_name);
11 END LOOP;
12
13 dbms_parallel_execute.create_task(l_task_name);
14 dbms_parallel_execute.create_chunks_by_sql(task_name => l_task_name
15 ,sql_stmt => l_splitter
16 ,by_rowid => FALSE);
17
18 dbms_parallel_execute.run_task(l_task_name
19 ,l_exec_stmt
20 ,dbms_sql.native);
21
22 COMMIT;
23
24 END;
25 /
PL/SQL procedure successfully completed.
SQL> column status format A20
SQL> select status from user_parallel_execute_tasks where task_name = 'task_name';
STATUS
--------------------
FINISHED_WITH_ERROR
SQL> column status format A20
SQL> column error_code format 900000
SQL> column error_message format A60
SQL> select status, ERROR_CODE, ERROR_MESSAGE from user_parallel_execute_chunks e where e.TASK_NAME = 'task_name';
STATUS ERROR_CODE ERROR_MESSAGE
-------------------- ---------- ------------------------------------------------------------
PROCESSED_WITH_ERROR -06550 ORA-06550: line 1, column 7:
PLS-00201: identifier 'USR1.DO_STUFF' must be declared
ORA-06550: line 1, column 7:
PL/SQL: Statement ignored
SQL>
请参阅:当我do_stuff
直接执行程序时 - 它按预期完成。但是当我使用DBMS_PARALLEL_EXECUTE
我得到identifier must be declared
错误。我在授予特权时遗漏了什么?
我在这里找到了这句话:The CHUNK_BY_SQL, RUN_TASK, and RESUME_TASK subprograms require a query, and are executed using DBMS_SQL.
我试图明确dbms_sql.parse
我的陈述,但它也完成了。
任何帮助将不胜感激,因为我没有得到目前的情况。是的,我可以直接授予特权,但这对我来说仍然很棘手。
解决方案
默认情况下,在 PL/SQL 存储单元中不激活角色(使用 Oracle 19 进行测试,但很长时间以来在旧版本中的行为相同):
SQL> set serveroutput on
SQL> select banner from v$version where rownum=1;
BANNER
--------------------------------------------------------------------------------
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
SQL> show user;
USER is "USR2"
SQL> select * from session_roles;
ROLE
--------------------------------------------------------------------------------
CONNECT
SELECT_CATALOG_ROLE
HS_ADMIN_SELECT_ROLE
STUFF_DOER
SQL> --
SQL> begin
2 for r in (select role from session_roles)
3 loop
4 dbms_output.put_line('role=' || r.role);
5 end loop;
6 end;
7 /
role=CONNECT
role=SELECT_CATALOG_ROLE
role=HS_ADMIN_SELECT_ROLE
role=STUFF_DOER
PL/SQL procedure successfully completed.
SQL> show errors
No errors.
SQL> create or replace procedure sr is
2 begin
3 for r in (select role from session_roles)
4 loop
5 dbms_output.put_line('role=' || r.role);
6 end loop;
7 end;
8 /
Procedure created.
SQL> show errors
No errors.
SQL>
SQL> exec sr;
PL/SQL procedure successfully completed.
SQL>
请注意匿名 PL/SQL(不存储在数据库中)和存储单元(存储在数据库中的过程/函数)之间的区别。
推荐阅读
- powerbi - Power BI Dax 量价量组合效应计算方法
- javascript - 三星S21在轨道停止期间冻结问题
- ios - 这是否可以在 iOS 中集成没有 SDK 的 Paytm 集成?
- json - 应用程序脚本 - 从电子表格中导出 JSON 文件并替换旧文件
- npm - 安装 npm install --global expo-cli 时出错
- c++ - 如何获取 Visual Studio 2015 Update 3 的编译器版本 19.0.24234?
- mysql - MySQL 替代 PostgreSQL 的自定义数据类型(和域)
- python - 当输入时我只有一个 ID 为 512 维向量的 json 文件时,如何处理三元组丢失?
- java - 将 javax.json.JsonObject 转换为 jakarta.json.JsonObject 的任何直接方法?
- highcharts - 高图表如果从数据库获取配置并包含函数,如何处理配置?