query sysman.mgmt_targets gets ORA-28112: failed to execute policy function
Hi,
Tables owned by sysman such as mgmt_targets are protected by VPD. A regular user such as 'hr' queries the table will get ORA-28112: failed to execute policy function. I do not want to grant policy exemption privilege to the user. I just need readonly access to sysman.mgmt_targets for one particular user - 'hr'. I implment a policy function and add a new policy and create policy group. 'hr' still fail to access the sysman.mgmt_targets table; even worse sysman fails to access sysman.mgmt_targets table any more. I need some help, what is missing?
--------------------------------------------------------------------
create or replace package hr.my_security as
function my_security_function
(p_schema in varchar2, p_objects in varchar2) return varchar2;
end;
/
create or replace package body hr.my_security as
function my_security_function
(p_schema in varchar2, p_objects in varchar2) return varchar2 is
begin
if (user = 'HR') then
return '';
else
return '1=2';
end if;
end;
end;
/
dbms_rls.add_policy (object_schema => 'SYSMAN',
object_name => 'MGMT_TARGETS',
policy_name => 'my_policy',
function_schema => 'HR',
policy_function => 'my_security.my_security_function',
policy_type => 'DBMS_RLS.SHARED_STATIC',
statement_type => 'SELECT,INDEX');
begin
dbms_rls.add_policy ('SYSMAN','MGMT_TARGETS','my_policy','HR','my_security.my_security_function','SELECT,INDEX');
end;
begin
DBMS_RLS.CREATE_POLICY_GROUP('SYSMAN','MGMT_TARGETS','HR_GROUP');
DBMS_RLS.ADD_GROUPED_POLICY('SYSMAN','MGMT_TARGETS','HR_GROUP','my_security_function','hr','my_policy');
end;