R12 Multi Org Design For Custom Tables.
Steps:
1. Create a Table in Custom Schema for multi org data.
Ex: CREATE TABLE XX_TABLENAME_ALL
(
num NUMBER,
name VARCHAR2 (100),
org_id NUMBER
);
Insert some data with different org_id’s
2. Give the Grants to Apps Schema for above created table
GRANT ALL ON XX.XX_TABLENAME_ALL TO APPS
3. Connect to APPS Schema
Create a synonym named XX_TABLENAME_ALL in APPS schema, referring to XX.XX_TABLENAME_ALL.
CREATE OR REPLACE SYNONYM APPS.XX_TABLENAME_ALL FOR PO.XX_TABLENAME_ALL;
Create another synonym named XX_TABLENAME in APPS, referring to XX.XX_TABLENAME_ALL.
CREATE OR REPLACE SYNONYM APPS.XX_TABLENAME FOR PO.XX_TABLENAME_ALL;
4. Now we can apply Row Level security to XX_TABLENAME, using function MO_GLOBAL.ORG_SECURITY.
Oracle RLS will dynamically append WHERE CLAUSE similar to below
SELECT * FROM XX_TABLENAME WHERE EXISTS (SELECT 1 FROM mo_glob_org_access_tmp oa WHERE oa.organization_id = org_id)
For Applying RLS we can add policy for XX_TABLENAME synonym by using DBMS_RLS.ADD_POLICY API.
Example for add Policy with ADD_POLICY API
BEGIN
dbms_rls.add_policy ('apps', -- Schema Name
'XX_TABLENAME', -- synonym name
'ORG_SEC',-- use policy_name 'ORG_SEC' –standard policy
'apps', --function_schem
'MO_GLOBAL.ORG_SECURITY',--Standard MO VPD policy fun
'SELECT, INSERT, UPDATE, DELETE', -- statement_type
TRUE, -- update_check
TRUE -- Policy enable
);
END;
After creating policy for the synonym we can get data only for which org_id initialized in the back end by using
MO_GLOBAL.SET_POLICY_CONTEXT('S',’Org_id’);
Example for Testing:
Run the query
SELECT * FROM XX_TABLENAME
(The query returns no data)
Initialize the org_id
BEGIN
MO_GLOBAL.SET_POLICY_CONTEXT('S',12);
END;
Rerun the query
You will get the data for org_id 12 only.
Steps:
1. Create a Table in Custom Schema for multi org data.
Ex: CREATE TABLE XX_TABLENAME_ALL
(
num NUMBER,
name VARCHAR2 (100),
org_id NUMBER
);
Insert some data with different org_id’s
2. Give the Grants to Apps Schema for above created table
GRANT ALL ON XX.XX_TABLENAME_ALL TO APPS
3. Connect to APPS Schema
Create a synonym named XX_TABLENAME_ALL in APPS schema, referring to XX.XX_TABLENAME_ALL.
CREATE OR REPLACE SYNONYM APPS.XX_TABLENAME_ALL FOR PO.XX_TABLENAME_ALL;
Create another synonym named XX_TABLENAME in APPS, referring to XX.XX_TABLENAME_ALL.
CREATE OR REPLACE SYNONYM APPS.XX_TABLENAME FOR PO.XX_TABLENAME_ALL;
4. Now we can apply Row Level security to XX_TABLENAME, using function MO_GLOBAL.ORG_SECURITY.
Oracle RLS will dynamically append WHERE CLAUSE similar to below
SELECT * FROM XX_TABLENAME WHERE EXISTS (SELECT 1 FROM mo_glob_org_access_tmp oa WHERE oa.organization_id = org_id)
For Applying RLS we can add policy for XX_TABLENAME synonym by using DBMS_RLS.ADD_POLICY API.
Example for add Policy with ADD_POLICY API
BEGIN
dbms_rls.add_policy ('apps', -- Schema Name
'XX_TABLENAME', -- synonym name
'ORG_SEC',-- use policy_name 'ORG_SEC' –standard policy
'apps', --function_schem
'MO_GLOBAL.ORG_SECURITY',--Standard MO VPD policy fun
'SELECT, INSERT, UPDATE, DELETE', -- statement_type
TRUE, -- update_check
TRUE -- Policy enable
);
END;
After creating policy for the synonym we can get data only for which org_id initialized in the back end by using
MO_GLOBAL.SET_POLICY_CONTEXT('S',’Org_id’);
Example for Testing:
Run the query
SELECT * FROM XX_TABLENAME
(The query returns no data)
Initialize the org_id
BEGIN
MO_GLOBAL.SET_POLICY_CONTEXT('S',12);
END;
Rerun the query
You will get the data for org_id 12 only.
No comments:
Post a Comment