如何使用觸發器實現數據庫級守護,防止DDL操作--對于重要對象,實施DDL拒絕,防止create,drop,truncate,alter等重要操作LastUpdated:

日韩久久久精品,亚洲精品久久久久久久久久久,亚洲欧美一区二区三区国产精品 ,一区二区福利

如何使用觸發器實現數據庫級守護,防止DDL操作

系統 2411 0
<!--DWLayoutTable-->
<!--DWLayoutTable--><!--DWLayoutTable--><!--DWLayoutTable--> <!--DWLayoutTable-->
<!--DWLayoutEmptyCell-->


如何使用觸發器實現數據庫級守護,防止DDL操作

--對于重要對象,實施DDL拒絕,防止create,drop,truncate,alter等重要操作

Last Updated: <!-- #BeginDate format:wfcIS1m -->Sunday, 2004-10-31 12:06<!-- #EndDate --> Eygle

<!--DWLayoutEmptyCell-->

不管是有意還是無意的,你可能會遇到數據庫中重要的數據表等對象被drop掉的情況,這可能會給我們帶來巨大的損失.

通過觸發器,我們可以實現對于表等對象的數據庫級守護,禁止用戶drop操作.

以下是一個簡單的范例,供參考: 

                              REM this script can be used to monitor a object
REM deny any drop operation on it.
CREATE OR REPLACE TRIGGER trg_dropdeny
   BEFORE DROP ON DATABASE
BEGIN
   IF LOWER (ora_dict_obj_name ()) = 'test'
   THEN
      raise_application_error (num      => -20000,
                               msg      =>    '你瘋了,想刪除表 '
                                           || ora_dict_obj_name ()
                                           || ' ?!!!!!'
                                           || '你完了,警察已在途中.....'
                              );
   END IF;
END;
/

測試效果: 

                            SQL> connect scott/tiger
Connected.
SQL> create table test as select * from dba_users;

Table created.

SQL> connect / as sysdba
Connected.
SQL> create or replace trigger trg_dropdeny
  2     before drop on database   
  3  begin
  4        if lower(ora_dict_obj_name()) = 'test'        
  5        then
  6        raise_application_error(
  7           num => -20000,
  8           msg => '你瘋了,想刪除表 ' || ora_dict_obj_name() || ' ?!!!!!' ||'你完了,警察已在途中.....');
  9        end if;
 10     end;
 11  /

Trigger created.

SQL> connect scott/tiger
Connected.
SQL> drop table test;
drop table test
*
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-20000: 你瘋了,想刪除表 TEST ?!!!!!你完了,警察已在途中.....
ORA-06512: at line 4

Oracle從Oracle8i開始,允許實施DDL事件trigger,可是實現對于DDL的監視及控制,以下是一個進一步的例子: 

                            create or replace trigger ddl_deny
before create or alter or drop or truncate on database
declare
  l_errmsg varchar2(100):= 'You have no permission to this operation';
begin
  if ora_sysevent = 'CREATE' then
     raise_application_error(-20001, ora_dict_obj_owner || '.' || ora_dict_obj_name || ' ' || l_errmsg);
  elsif ora_sysevent = 'ALTER' then
    raise_application_error(-20001, ora_dict_obj_owner || '.' || ora_dict_obj_name || ' ' || l_errmsg);
  elsif ora_sysevent = 'DROP' then
    raise_application_error(-20001, ora_dict_obj_owner || '.' || ora_dict_obj_name || ' ' || l_errmsg);
  elsif ora_sysevent = 'TRUNCATE' then
    raise_application_error(-20001, ora_dict_obj_owner || '.' || ora_dict_obj_name || ' ' || l_errmsg);
  end if;

exception
  when no_data_found then
    null;
end;
/

我們看一下效果: 

                            
                            
                            
                              [oracle@jumper tools]$ sqlplus "/ as sysdba"

SQL*Plus: Release 9.2.0.4.0 - Production on Sun Oct 31 11:38:25 2004

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

Connected to:
Oracle9i Enterprise Edition Release 9.2.0.4.0 - Production
With the Partitioning option
JServer Release 9.2.0.4.0 - Production

SQL> set echo on
SQL> @ddlt
SQL> create or replace trigger ddl_deny
2 before create or alter or drop or truncate on database
3 declare
4 l_errmsg varchar2(100):= 'You have no permission to this operation';
5 begin
6 if ora_sysevent = 'CREATE' then
7 raise_application_error(-20001, ora_dict_obj_owner || '.' || ora_dict_obj_name || ' ' || l_errmsg);
8 elsif ora_sysevent = 'ALTER' then
9 raise_application_error(-20001, ora_dict_obj_owner || '.' || ora_dict_obj_name || ' ' || l_errmsg);
10 elsif ora_sysevent = 'DROP' then
11 raise_application_error(-20001, ora_dict_obj_owner || '.' || ora_dict_obj_name || ' ' || l_errmsg);
12 elsif ora_sysevent = 'TRUNCATE' then
13 raise_application_error(-20001, ora_dict_obj_owner || '.' || ora_dict_obj_name || ' ' || l_errmsg);
14 end if;
15
16 exception
17 when no_data_found then
18 null;
19 end;
20 /

Trigger created.

SQL>
SQL>
SQL> connect scott/tiger
Connected.
SQL> create table t as select * from test;
create table t as select * from test
*
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-20001: SCOTT.T You have no permission to this operation
ORA-06512: at line 5

SQL> alter table test add (id number);
alter table test add (id number)
*
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-20001: SCOTT.TEST You have no permission to this operation
ORA-06512: at line 7

SQL> drop table test;
drop table test
*
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-20001: SCOTT.TEST You have no permission to this operation
ORA-06512: at line 9

SQL> truncate table test;
truncate table test
*
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-20001: SCOTT.TEST You have no permission to this operation
ORA-06512: at line 11

我們可以看到,ddl語句都被禁止了,如果你不是禁止,可以選擇把執行這些操作的用戶及時間記錄到另外的臨時表中.以備查詢.

本文作者:
eygle,Oracle技術關注者,來自中國最大的Oracle技術論壇 itpub .
www.eygle.com 是作者的個人站點.你可通過 Guoqiang.Gai@gmail.com 來聯系作者.歡迎技術探討交流以及鏈接交換.

原文出處:

http://www.eygle.com/faq/Use.Trigger.To.implement.ddl.deny.htm

如欲轉載,請注明作者與出處.并請保留本文的連接.

回首頁

如何使用觸發器實現數據庫級守護,防止DDL操作


更多文章、技術交流、商務合作、聯系博主

微信掃碼或搜索:z360901061

微信掃一掃加我為好友

QQ號聯系: 360901061

您的支持是博主寫作最大的動力,如果您喜歡我的文章,感覺我的文章對您有幫助,請用微信掃描下面二維碼支持博主2元、5元、10元、20元等您想捐的金額吧,狠狠點擊下面給點支持吧,站長非常感激您!手機微信長按不能支付解決辦法:請將微信支付二維碼保存到相冊,切換到微信,然后點擊微信右上角掃一掃功能,選擇支付二維碼完成支付。

【本文對您有幫助就好】

您的支持是博主寫作最大的動力,如果您喜歡我的文章,感覺我的文章對您有幫助,請用微信掃描上面二維碼支持博主2元、5元、10元、自定義金額等您想捐的金額吧,站長會非常 感謝您的哦?。?!

發表我的評論
最新評論 總共0條評論
主站蜘蛛池模板: 嘉义市| 淄博市| 浦江县| 旬阳县| 余江县| 双牌县| 莱州市| 桦川县| 阿勒泰市| 安义县| 麦盖提县| 绍兴县| 吉隆县| 柯坪县| 甘孜县| 开封市| 师宗县| 开原市| 兴城市| 敦煌市| 普定县| 古丈县| 姜堰市| 河北省| 梓潼县| 东平县| 阜平县| 雷波县| 冕宁县| 炎陵县| 莱西市| 吉林省| 康保县| 潞西市| 西林县| 奉节县| 旌德县| 凉山| 哈密市| 新乐市| 广东省|