Skip to Main Content

Database Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Validate and update a XML document with rules

872710Jul 2 2011 — edited Jul 5 2011
Hi,
In my project work, I am thinking about using oracle rules BRMS (business rule management system) to validate certain rules on xml document.
Since I am new to the oracle rules, I want to know the feasibility of doing this with oracle rules.
I have a specific question...
I have XML documents that are in different schema versions. these schema are fixed but can add them in future as well.

I have two things to do:
1. transform a given XML document (in a one version) to another version
2. Validate the new XML document against the rules defined in the oracle business rules.

1.I can do the 1st task using XSLT transformation. But there is one challenge. Assume that there are new tags are added in the target schema compared to the source schema of the XML document.
If there are optional tags to be added, I want to know if oracle rules can be used for that. Because I want to make these things done without changing the code (java) or the application internals.

2. I have few questions on the 2nd issue. They are:
a) can I create rules in oracle BRMS based on target schemas. (or to all of them. If so, what needs to be done if I add a new schema in future. How to update the rules?)
b) is it possible to group the rules created above in oracle BRMS.
Lets say
R1, R2 rules are created against schema1 (version 1)
R3, R4, R5 rules are created against schema2 (version 2)
R6, R7 rules are created against schema3(version 3)

Can I create group R1, R2 and R6 rules in to a one group (G1) and R1, R2 and R7 rules in to another group (G2).

What are the APIs available in oracle BRMS to retrieve above defined groups at run time? (because business user can define any rules, ad group them at run time)
Once I have the groups, How can I validate a XML document against a group created above? What are the APIs available for this.

c) is it possible to add/update/delete tags to a XML document based on rules in oracle BRMS? if so, how?

appreciate your valuable feedback on this..

Edited by: 869707 on Jul 2, 2011 5:06 AM

Edited by: 869707 on Jul 3, 2011 8:48 PM

Comments

MaxOrgiyan-Oracle

Sorry for the late reply, just saw this. I am from the SODA team at Oracle. We don't have this capability at the moment. You can only order by values in the JSON content, and not the document components that SODA maintain such as createdOn or lastModified. We can look into adding this functionality to SODA. Do you have any timeframe requirements by when you'd need this?

martv

Hi,Ca

Would be nice to have this functionality, we now have  a workaround which doesn't use QBE.

Other question: can "label security" be used with SODA?

MaxOrgiyan-Oracle

Not sure offhand - let me check and get back to you. Are you asking re SODA REST only or is using SODA Java a possibility? Both SODA REST and SODA Java work with VPD, that I do know. 

MaxOrgiyan-Oracle

Btw, as far as the original question, as a workaround you can of course always add a timestamp to the JSON document itself, and then use it from the QBE (including the orderby).

MaxOrgiyan-Oracle

I checked... I am not an expert on "Label Security", but at least so far I don't see why "Label Security" can't be used with SODA. Under the covers, SODA issues SQL against regular tables.

Some thing to be aware of:

1) Seems you'd need to setup a labeling function to populate the label column on insert (since you won't be able to change the inserts that SODA issues)

2) Typically "Label Security" works with database users, but with SODA REST app you'd typically have one or more collections in *single* DB schema (aka user), accessed by different web (i.e. ORDS) users. It looks like "Label Security" provides some mechanisms to work with such application level users. This would need to be investigated more. I see the following in the "Label Security" white paper:

<start quote>

Mapping Application Users to Database Users Oracle

Label Security supports common application architectures including situations where the middle-tier connects to the database using a single database account. To accomplish this, Oracle Label Security provides the ability for an authorized user to assume the label authorization profile of another user. The PROFILE_ACCESS authorization is required to execute the SET_ACCESS_PROFILE procedure. Oracle Label Security does not enforce a mapping between a physical database account and the user name specified when establishing user labels. For example, user labels and Oracle Label Security privileges can be assigned to a database user named SCOTT who happens to have a database account or an application user such as JSMITH who is only known to the application layer and doesn’t have a real account in the database. The only difference is that when the user SCOTT logs into the database Oracle Label Security will automatically establish an active session label based on levels, compartments and groups assigned to SCOTT. In order for the active session label to be established for application user JSMITH, a call to the Oracle Label Security function set_access_profile is required. This function acts as a proxy for Oracle Label Security and accepts an Oracle Label Security policy name along with an application user name. Applications can use one of the many Oracle SYS_CONTEXT variables in combination with the SET_ACCESS_PROFILE command. Applications using Oracle Enterprise User Security can pass the EXTERNAL_NAME SYS_CONTEXT value to the SET_ACCESS_PROFILE command.

<end quote>

Such API to setup application user info can be invoked via ORDS pre hook mechanism.

Anyway, hope this is of some help. The bottom line is that it looks like "Label Security" can be used with SODA, but it would need to be tried out to say for sure. Knowing more about your use-case would help as well. Feel free to PM me here if you need more info/assistance, and we can also reach out to the team that owns "Label Security" if needed.

martv

Hi MaxOrgiyan,

Thanks for the useful info.

MaxOrgiyan-Oracle

My pleasure. I added you as a friend here, so we can PM each other. If you'd like to take it further, PM me and we can help setting it up if needed.

martv

Hi,

Maybe you could have a look at this one:

run SODA in package problem

Greetings.

1 - 8
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Aug 2 2011
Added on Jul 2 2011
2 comments
154 views