To be able to add a Tenant, a Tenant Group has to exist beforehand. Therefore the chapter about adding a Tenant Group from the following HowTo Guide should be followed before returning to this HowTo Guide:
¶ 1 Adding a Tenant
A tenant can be added using the API_SCURTY.ADD_TENANT script. Providing the name of the tenant group the tenant should belong to, and which was added using the Howto Guide mentioned above, is mandatory as well as a name for the new tenant. Another parameter that needs to be set is the priority. As tenants are added via regular expression search rules (without the use of '^' and '$'), the different rules need different priorities so the database knows in which order the rules should be applied. Therefore, each priority can only be given once per tenant group and it has to be a positive integer or a zero. Smaller numbers signal a higher priority. The data type of the column that should be found using the search rules as mentioned above is another variable that needs to be set. Possible data types are 'TEXT', 'BOOLEAN' and 'NUMBER'. In the example case we will look for a column of the type 'TEXT'. While the inclusive patterns have to be set as well, the exclusive patterns are optional. This is especially important as all inclusive patterns default to '.*', which means each and every schema, object and comment is included by default. Therefore, setting these parameters correctly is important to be able to select only what is needed. Adding a description to the tenant is optional.
¶ Example
EXECUTE SCRIPT API_SCURTY.ADD_TENANT (
'TEST_TENANT' -- p_tnt_group
,'Tenant1_Test' -- p_tnt_name
,1 -- p_tnt_match_prio
,'Testing purposes' -- p_tnt_desc
,'TEXT' -- p_tnt_data_type
,'BDOMAIN' -- p_tnt_col_incl_pattern
,null -- p_tnt_col_excl_pattern
,'PSV_TEST_.*' -- p_tnt_schema_incl_pattern
,null -- p_tnt_schema_excl_pattern
,'.*_TAB' -- p_tnt_object_incl_pattern
,null -- p_tnt_object_excl_pattern
,'.*' -- p_tnt_comment_incl_pattern
,null -- p_tnt_comment_excl_pattern
);
The newly created tenant can be found in the table SCURTY.REP_TENANTS.
| TNT_ GROUP | TNT_ NAME | TNT_ MATCH_ PRIO | TNT_DESC | TNT_ DATA_ TYPE | TNT_ COL_ INCL_ PATTERN | TNT_ COL_ EXCL_ PATTERN | TNT_ SCHEMA_ INCL_ PATTERN | TNT_ SCHEMA_ EXCL_ PATTERN | TNT_ OBJECT_ INCL_ PATTERN | TNT_ OBJECT_ EXCL_ PATTERN | TNT_ COMMENT_ INCL_ PATTERN | TNT_ COMMENT_ EXCL_ PATTERN |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TEST_TENANT | TENANT1_TEST | 1 | Testing purposes | TEXT | BDOMAIN | (null) | PSV_TEST_.* | (null) | .*_TAB | (null) | .* | (null) |
¶ 2 Changing a Tenant
A tenant can be changed using the script API_SCURTY.CHANGE_TENANT. The only two parameters that need to be set are the tenant group and the name of the tenant that should be changed. All of the other parameters are optional and by providing a 'null' value for any of those parameters, the value that is already set for that parameter will be kept. To change any of the parameters, a new value needs to be provided for that parameter.
In the example below, one can see that except for the two mandatory variables, tenant group and tenant name, nearly all of the other parameters are set to null, indicating that the values assigned during creation in the step above should be kept. However, a new value was provided for the schema exclusive pattern, meaning some of the priviously included schemas should be excluded now.
¶ Example
EXECUTE SCRIPT API_SCURTY.CHANGE_TENANT (
'TEST_TENANT' -- p_tnt_group
,'Tenant1_Test' -- p_tnt_name
,null -- p_tnt_match_prio
,null -- p_tnt_desc
,null -- p_tnt_data_type
,null -- p_tnt_col_incl_pattern
,null -- p_tnt_col_excl_pattern
,null -- p_tnt_schema_incl_pattern
,'.*_DR' -- p_tnt_schema_excl_pattern
,null -- p_tnt_object_incl_pattern
,null -- p_tnt_object_excl_pattern
,null -- p_tnt_comment_incl_pattern
,null -- p_tnt_comment_excl_pattern
);
The changes made using the call above can be seen in the table SCURTY.REP_TENANTS.
| TNT_ GROUP | TNT_ NAME | TNT_ MATCH_ PRIO | TNT_DESC | TNT_ DATA_ TYPE | TNT_ COL_ INCL_ PATTERN | TNT_ COL_ EXCL_ PATTERN | TNT_ SCHEMA_ INCL_ PATTERN | TNT_ SCHEMA_ EXCL_ PATTERN | TNT_ OBJECT_ INCL_ PATTERN | TNT_ OBJECT_ EXCL_ PATTERN | TNT_ COMMENT_ INCL_ PATTERN | TNT_ COMMENT_ EXCL_ PATTERN |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TEST_TENANT | TENANT1_TEST | 1 | Testing purposes | TEXT | BDOMAIN | (null) | PSV_TEST_.* | .*_DR | .*_TAB | (null) | .* | (null) |
¶ 3 Removing a Tenant
To be able to remove a tenant, one only has to provide the exact names of the tenant group the tenant which should be deleted belongs to as well as the name of the tenant itself to the script API_SCURTY.REMOVE_TENANT.
¶ Example
EXECUTE SCRIPT API_SCURTY.REMOVE_TENANT (
'TEST_TENANT' -- p_tnt_group
,'TENANT1_TEST' -- p_tnt_name
);
After successfully running the script above, there should be no entry with the tenant name 'TENANT1_TEST' in the table SCURTY.REP_TENANTS anymore.