Checking the Query Rewrite
During debugging, it may be necessary to see the exact SQL statement rewritten by Oracle when an RLS policy is applied. In this way, you will leave nothing to chance or interpretation. You can see the rewritten statement either via a data dictionary view or by setting an event.
Data dictionary view
One option is to use the V$VPD_POLICY dictionary view . VPD in the name stands for Virtual Private Database, another name for row-level security. This view shows all the query transformations made by the RLS policy.
SQL>SELECT sql_text, predicate, policy, object_name2FROM v$sqlarea , v$vpd_policy3WHERE hash_value = sql_hash4/SQL_TEXT PREDICATE ----------------------------- -------------------------------- POLICY OBJECT_NAME ----------------------------- ------------------------------ select count(*) from hr.emp DEPTNO = 10 EMP_DEPT_POLICY EMP
The column SQL_TEXT shows the exact SQL statement issued by the user, while the column PREDICATE shows the predicate generated by the policy function and applied to the query. Using this view, you can identify the statements issued by the users and the predicates applied to them.
Event-based tracing
The other option is to set an event in the session and examine the trace file . When Martin issues the query, he specifies an additional command to set the event before issuing the query.
SQL>ALTER SESSION SET EVENTS '10730 trace name context forever, level 12';Session altered. SQL>SELECT COUNT(*) FROM hr.emp;
After the ...