On Sat, Dec 23, 2017, at 21:05, Pavel Stehule wrote:
Hi2017-12-23 19:53 GMT+01:00 Timo Myyrä <timo.myyra@xxxxxxxxxxxxx>:Hi,I'm preparing migration of our asset management system database from Oracle 12c toPostgreSQL 10. I'm using ora2pg and a bit of sed to mangle the SQL ready forimport to pg but I've hit first problem:ERROR: referenced relation "..." is not a tableOur Oracle databases uses single 'admin' schema and dedicated schema for eachcustomer. For example usergroup mappings are held in admin.usergroup table. Thenadmin schema has customer-specific view on this table admin.usergroup_customer1view which limits the full view to just those of that customer. And then eachcustomers own schema has synonym to that view like customer1.usergroup. Theapplications queries use the "usergroup" table to query the group mappings.Here's hopefully a bit more detailed description of the database structure:ADMIN SCHEMA:TABLES:usergroupunituser...VIEWS:usergroup_customer1unit_customer1user_customer1...CUSTOMER1 SCHEMA:TABLES:resource...SYNONYM:usergroup (refers to admin.usergroup_customer1)user (refers to admin.user_customer1)unit (refers to admin.unit_customer1)...So it seems that postgresql doesn't support foreign keys in views like Oracle.Would you have any suggestions how the above Oracle structure would best behandled in PostgreSQL? I'm pretty new to PostgreSQL so I might overlooksomething if I try to solve this by myself.try to ask on https://github.com/darold/ora2pg/issuesRegardPavel
Timo
Well, I doubt postgresql limitations apply for ora2pg.
I looked this a bit more closely. Postgresql seems to have nice feature which would apply to this quite nicely called row-level security. I like to limit the 'admin' schema table rows so that each user sees only their own rows.
So a bit more about the table structure is needed to understand the situation.
Lets take admin.unit table, this holds the business units of each customer. The import rows are id and parent_id. Parent_id field might refer to unit id in the same unit table so units can be nested. The top-level unit doesn't have parent_id. The admin.unit.id field gives the top-level id, then theres the admin.project_unit table which has 2 fields, project_id, unit_id which gives mapping to project. Finally we have project table which has the actual project id and name which map to logged in project.
I was testing the row-level security with following query but it gives syntax error for some reason:
CREATE POLICY unit_customer1 ON admin.unit
FOR ALL
TO customer1
USING ( with recursive e(id,parent_id) as (
select id, parent_id
from admin.bg_unit
where id in (select unit_id from admin.project_unit where project_id = 'customer1')
union all
select f.id, f.parent_id
from admin.bg_unit f, e
where e.id = f.parent_id
) select id from e order by id asc
);
When I run the above query I get just:
ERROR: syntax error at or near "with"
LINE 4: USING ( with recursive e(id,parent_id) as (
Can the above policy made to work for my use-case or am I doing something fundamentally wrong?
Timo