Commit b64304c0 authored by Stanley Clark's avatar Stanley Clark
Browse files

Update

parent ce3b6534
......@@ -25,5 +25,5 @@ We can now run experiments by querying the two databases as normal and logging i
as different users.
```shell
docker-compose exec oracle ./run.sh
docker-compose exec ibm su -c "/home/app/comparison/ibm/run.sh" - db2inst1
docker-compose exec ibm su -c "/home/app/comparison/ibm/run.sh 0" - db2inst1
```
......@@ -8,8 +8,8 @@ services:
volumes:
- DB2Data:/database
- ./ibm:/home/app/comparison/ibm
- ./queries:/home/app/queries
- ./../tpc-ds:/home/app/tpc-ds
- ./../queries:/home/app/queries
environment:
- LICENSE=accept
- DB2INST1_PASSWORD=password
......@@ -25,8 +25,8 @@ services:
volumes:
- OracleDBData:/ORCL
- ./oracle:/home/app/comparison/oracle
- ./queries:/home/app/queries
- ./../tpc-ds:/home/app/tpc-ds
- ./../queries:/home/app/queries
environment:
- ORACLE_SID=ORCLCDB
- ORACLE_PDB=ORCLPDB1
......
#!/usr/bin/env sh
for query in /home/app/queries/*.sql
query="/home/app/queries/query$1.sql"
for i in $(seq 1 10);
do
for i in $(seq 1 10);
do
db2 CONNECT TO testdb user "user$i" using passwd1
db2 SET schema=db2inst1
db2 -t -f "$query"
done
db2 CONNECT TO testdb user "user$i" using passwd1
db2 SET schema=db2inst1
db2 -t -f "$query"
done
......@@ -65,7 +65,7 @@ ALTER TABLE inventory ACTIVATE COLUMN ACCESS CONTROL;
CREATE OR REPLACE MASK i_brand_id_COL_MASK ON item FOR
COLUMN i_brand_id RETURN CASE WHEN (
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (1000000 = i_brand_id) AND employee.e_name = SYSTEM_USER)
SYSTEM_USER = 'DB2INST1' OR NOT EXISTS (SELECT 1 FROM employee WHERE (1000000 < i_brand_id AND i_brand_id < 2000000) AND employee.e_name = SYSTEM_USER)
) THEN i_brand_id
ELSE NULL END ENABLE;
ALTER TABLE item ACTIVATE COLUMN ACCESS CONTROL;
......
......@@ -2,17 +2,17 @@
. /home/oracle/.bashrc;
## Create TPC-DS schema and users
echo @sql/users.sql | sqlplus sys/Oradoc_db1@ORCLCDB as sysdba
echo @sql/clean.sql | sqlplus admin1/admin1@ORCLCDB
echo @sql/employee.sql | sqlplus admin1/admin1@ORCLCDB
echo @sql/tpcds.sql | sqlplus admin1/admin1@ORCLCDB
# Import generated data to instance
for tableScript in ctl/*.ctl
do
sqlldr admin1/admin1@ORCLCDB control="$tableScript" log="log/$(basename "$tableScript" .ctl).log" direct=true
done
### Create TPC-DS schema and users
#echo @sql/users.sql | sqlplus sys/Oradoc_db1@ORCLCDB as sysdba
#echo @sql/clean.sql | sqlplus admin1/admin1@ORCLCDB
#echo @sql/employee.sql | sqlplus admin1/admin1@ORCLCDB
#echo @sql/tpcds.sql | sqlplus admin1/admin1@ORCLCDB
#
## Import generated data to instance
#for tableScript in ctl/*.ctl
#do
# sqlldr admin1/admin1@ORCLCDB control="$tableScript" log="log/$(basename "$tableScript" .ctl).log" direct=true
#done
# Attach policies
echo @sql/policies.sql | sqlplus admin1/admin1@ORCLCDB
......@@ -331,7 +331,7 @@ CREATE OR REPLACE FUNCTION item_i_brand_id_CELL_ACCESS(
AS
return_val VARCHAR2 (400);
BEGIN
return_val := '((SYS_CONTEXT(''USERENV'', ''SESSION_USER'') = ''ADMIN1'') OR NOT (EXISTS (SELECT 1 FROM employee WHERE (1000000 = i_brand_id) AND (employee.e_name = SYS_CONTEXT(''USERENV'', ''SESSION_USER'')))))';
return_val := '((SYS_CONTEXT(''USERENV'', ''SESSION_USER'') = ''ADMIN1'') OR NOT (EXISTS (SELECT 1 FROM employee WHERE (1000000 < i_brand_id AND i_brand_id < 2000000) AND (employee.e_name = SYS_CONTEXT(''USERENV'', ''SESSION_USER'')))))';
RETURN return_val;
END;
/
......@@ -1433,7 +1433,7 @@ CREATE OR REPLACE FUNCTION web_site_ROW_ACCESS(
AS
return_val VARCHAR2 (400);
BEGIN
return_val := '((SYS_CONTEXT(''USERENV'', ''SESSION_USER'') = ''ADMIN1'') OR (EXISTS (SELECT 1 FROM employee WHERE (web_country = ''United States'') AND (employee.e_name = SYS_CONTEXT(''USERENV'', ''SESSION_USER'')))))';
return_val := '1 IN (SELECT 1 FROM (1,2))';
RETURN return_val;
END;
/
......
SELECT COUNT(*)
FROM (
SELECT *
FROM item
WHERE i_current_price > 1
AND i_brand_id = 1001001
);
\ No newline at end of file
......@@ -8,7 +8,7 @@ customer_demographics|cd_credit_rating|customer.c_birth_country = 'UNITED KINGDO
household_demographics|hd_vehicle_count|110000 < income_band.ib_upper_bound AND hd_income_band_sk = income_band.ib_income_band_sk|deny|Mask the vehicle count of customers in an income band with an 'ib_upper_bound > 110000'
income_band|ib_lower_bound|employee.e_role = 'manager'|permit|Deny access to lower income band if not a manager
inventory|inv_quantity_on_hand|warehouse.w_warehouse_sk = inv_warehouse_sk AND 'United States' = warehouse.w_country|deny|Mask quantities from warehouses in a specific country
item|i_brand_id|1000000 = i_brand_id|deny|
item|i_brand_id|1000000 < i_brand_id AND i_brand_id < 2000000|deny|
reason|r_reason_desc|employee.e_role = 'support'|deny|Deny access to support staff
store_returns|sr_fee|0 <= sr_reason_sk|deny|Deny access to the fee when there was a specific reason for returning
store_sales|ss_quantity|13 < ss_quantity|deny|store_sales.ss_quantity > 13
......
SELECT *
FROM item
WHERE i_current_price > 1
AND i_brand_id = 1001001;
\ No newline at end of file
select COUNT(*) FROM (select dt.d_year
select dt.d_year
, item.i_brand_id
, item.i_brand
from date_dim dt
......@@ -7,6 +7,6 @@ from date_dim dt
where dt.d_date_sk = store_sales.ss_sold_date_sk
and store_sales.ss_item_sk = item.i_item_sk
and item.i_manufact_id = 436
and dt.d_moy=12)
and dt.d_moy=12
;
SELECT COUNT(*) FROM (select i_item_id,
select i_item_id,
ss_quantity,
ss_list_price,
ss_coupon_amt,
......@@ -16,4 +16,4 @@ where ss_sold_date_sk = d_date_sk
and cd_marital_status = 'W'
and cd_education_status = 'Primary'
and (p_channel_email = 'N' or p_channel_event = 'N')
and d_year = 1998);
and d_year = 1998;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment