检查 SQL 服务器的谓词过滤器中是否存在表
[英]Check if Table exists in Predicate Filter in SQL Server
问题描述
I have written a security policy which contains a predicate filter to apply row level security in SQL Server.
我编写了一个包含谓词过滤器的安全策略,以在 SQL 服务器中应用行级安全性。 But, I want to apply the filter predicate only if the table exists in the database.但是,我只想在表存在于数据库中时应用过滤谓词。 Can anyone please suggest anyway I can to it?任何人都可以请我建议吗? Below is the security policy:以下是安全策略:
IF OBJECT_ID('s.policyName') IS NOT NULL
BEGIN
DROP SECURITY POLICY s.policyName
END
GO
CREATE SECURITY POLICY s.policyName
ADD FILTER PREDICATE s.policyName(ColA) ON TableA
WITH (STATE = ON)
GO
I did try adding an if condition before and after the Filter predicate, but its not working.我确实尝试在 Filter 谓词之前和之后添加一个if条件,但它不起作用。 Any help is really appreciated.非常感谢任何帮助。
2 个解决方案
解决方案1
0 2022-01-13 00:36:16
Wouldn't you just want to make sure the table (and column!) exists before creating the policy, rather than making the policy check for the table every time?您是否只想在创建策略之前确保表(和列!)存在,而不是每次都对表进行策略检查? I don't know that you can drop a table that has a policy associated with it (you certainly can't if the policy function, which has to be schema-bound, references the table), but I think if people can drop tables after the policy is created there is a bigger issue.我不知道您可以删除具有关联策略的表(如果必须是模式绑定的策略 function 引用该表,您当然不能),但我认为如果人们可以删除表政策制定后,还有一个更大的问题。
IF EXISTS
(
SELECT 1 FROM sys.tables AS t
INNER JOIN sys.columns AS c
ON t.[object_id] = c.[object_id]
WHERE t.name = N'TableA'
-- AND t.[schema_id] = SCHEMA_ID(N's') -- 'dbo', 'other' ???
AND c.name = N'ColA'
)
BEGIN
CREATE SECURITY POLICY s.policyName
ADD FILTER PREDICATE s.policyFunctionName(ColA) ON TableA
WITH (STATE = ON);
END
And of course you can't create the policy in the first place if the table doesn't exist.当然,如果表不存在,您一开始就无法创建策略。 It will fail with:它将失败:
Msg 33268, Level 16, State 1
Cannot find the object "TableA" because it does not exist or you do not have permissions.
So you can use the IF EXISTS for nice behavior (you could put a friendly error message in an ELSE ) or you could just wrap in TRY/CATCH and hope for the best.因此,您可以使用IF EXISTS来获得良好的行为(您可以在ELSE中放置友好的错误消息),或者您可以只包装TRY/CATCH并希望获得最好的结果。
You might also want to make sure that the function s.policyFunctionName exists for a similar reason (and of course you can't call the policy the same as the function), or just let it fail.您可能还想确保 function s.policyFunctionName存在出于类似的原因(当然您不能将策略称为与函数相同的策略),或者让它失败。
解决方案2
0 2022-01-13 00:40:07
SQL checks if the table exists, true the result is 1, if the table does not exist the result is zero. SQL 检查表是否存在,true 结果为 1,如果表不存在结果为零。 For Example:例如:
IF EXISTS ( USE TableA
SELECT 1
FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_TYPE='VIEW'
AND TABLE_NAME='TableA')
SELECT 1 AS res ELSE SELECT 0 AS res;
IF OBJECT_ID ('TableA.s.policyName') IS NOT NULL
SELECT 1 AS res ELSE SELECT 0 AS res;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.