An Oracle blog – Amardeep Sidhu

June 19, 2009

DBMS_SCHEDULER, DBMS_RLS and SYS_CONTEXT

Filed under: PL/SQL,Troubleshooting — Sidhu @ 11:42 pm
Tags: , , ,

Today one of my colleague was working on development of a screen in Oracle Forms to give the end user an option to schedule a job using dbms_scheduler. With the hope that i would be able to explain it properly, the whole scenario is like this:

  1. User will log in to the application with his username (Lets say USER01) and password (basically every application user is a database user).
  2. He is provided with a screen where he can enter details about the job and the code behind the button calls a PL/SQL procedure in the main application schema (lets say APP1) which in turn uses DBMS_SCHEDULER.CREATE_JOB to schedule the new job.
  3. The ultimate task of the job is to move data from one table in the first database to a table in the second database using a DB Link.
  4. There is a VPD policy applied on all the application users to restrict the view of data. Policy function uses SYS_CONTEXT to fetch some information about the logged in user. The main application user APP1 is exempted from policy and can see the whole data.

Things seem to work fine till the schedule part. But when the job runs it hits ORA-02070: database does not support operator SYS_CONTEXT in this context as SYS_CONTEXT and DB link doesn’t go together.

I did a bit of troubleshooting and came to know that the job gets created with JOB_CREATOR (a field in DBA_SCHEDULER_JOBS) as the user who is logged in (ie USER001). Now when the job runs from USER001, there is a VPD policy which is going to append a where clause to the query and there is a DB link being used, hence ORA-02070.

So the way out would be to schedule and run the job from some user that has no VPD policy applied to it. The best choice would obviously be the main application user; APP1 but as the user logs in with his own username so the job would always be created with JOB_CREATOR as USER001. After a bit of thought provoking an idea hit me:

Create a table in the APP1 schema. Now when the user schedules the job, insert the values of the parameters required to schedule the job in the table. Schedule one master job in APP1 schema which would read this table and in turn call DBMS_SCHEDULER.CREATE_JOB to schedule the job required by the user. Now as there is no policy applied on the APP1 database user so the job is not going to hit ORA-02070. The frequency of the master job can be set as per the requirements. To identify which entries in the table have been processed either keep a flag which can be updated or delete the record from the table after scheduling.

That is how it clicked in my mind at that time. Suggestions about any other better (or worse 😉 ) methods are welcome 🙂

PS: About the title: Nothing really was coming into my mind so i picked up the all three words and titled it DBMS_SCHEDULER, DBMS_RLS and SYS_CONTEXT 🙂

June 14, 2009

Take care of a slash in a SQL script

Filed under: Troubleshooting — Sidhu @ 5:31 pm
Tags: ,

Since long time i have almost been writing useless posts only. Now, i guess my blog doesn’t even look like an Oracle blog. So thought about posting something related to Oracle 😉

Day before yesterday a colleague at my workplace asked that she was running an SQL script (which contained a simple DBMS_MVIEW.REFRESH() statement to refresh an MVIEW), it ran successfully but after completion re-ran the last command run in the session. I was also puzzled and checked the SQL script but it contained simple DBMS_MVIEW.REFRESH() statement. Next try revealed that the script actually had a / (slash) in the second line (with no semi-colon at the end of the first line). Something like this (I used dbms_stats instead of dbms_mview):

exec dbms_stats.gather_table_stats(user,'EMP')
/

Now this thing, when run in SQL* Plus session can be confusing:

[email protected] >
[email protected] >delete emp1;
delete emp1
*
ERROR at line 1:
ORA-00942: table or view does not exist

[email protected] >@c:\test

PL/SQL procedure successfully completed.

delete emp1
*
ERROR at line 1:
ORA-00942: table or view does not exist

[email protected] >

There is no semicolon at the end of the first statement but it executes without that also. So the slash in the 2nd line simply re-executes the last SQL, as expected 🙂 . But it does get confusing !

Theme: Rubric. Get a free blog at WordPress.com

%d bloggers like this: