Using Database Session-Based Application Contexts
The data the attributes access is stored in the tables behind the applications. For example, the order entry application uses a table called OE.CUSTOMERS, which contains the CUSTOMER_NUMBER column, which provides data for the CUSTOMER_ NUMBER attribute. In each case, you can adapt the application context to your precise security needs.
Creating a PL/SQL Package to Set the Database Session-Based Application Context This section describes the following topics: ■
About the Package That Manages the Database Session-Based Application Context
■
Using SYS_CONTEXT to Retrieve Session Information
■
Using Dynamic SQL with SYS_CONTEXT
■
Using SYS_CONTEXT in a Parallel Query
■
Using SYS_CONTEXT with Database Links
■
Using DBMS_SESSION.SET_CONTEXT to Set Session Information
About the Package That Manages the Database Session-Based Application Context The PL/SQL package, usually created in the schema of the security administrator, defines procedures that manage the session data represented by the application context. It must perform the following tasks: ■
■
■
Retrieve session information. To retrieve the user session information, you can use the SYS_CONTEXT SQL function. The SYS_CONTEXT function returns the value of parameter associated with the context namespace. You can use this function in both SQL and PL/SQL statements. Typically, you will use the built-in USERENV namespace to retrieve the session information of a user. Set the name-value attributes of the application context you created with CREATE CONTEXT. You can use the DBMS_SESSION.SET_CONTEXT procedure to set the name-value attributes of the application context. The name-value attributes can hold information such as the user ID, IP address, authentication mode, the name of the application, and so on. The values of the attributes you set remain either until you reset them, or until the user ends the session. Be executed by users. After you create the package, the user will need to execute the package when he or she logs on. You can create a logon trigger to execute the package automatically when the user logs on, or you can embed this functionality in your applications. Remember that the application context session values are cleared automatically when the user ends the session, so you do not need to manually remove the session data.
It is important to remember that the procedure is a trusted procedure: It is designed to prevent the user from setting his or her own application context attribute values. The user runs the procedure, but the procedure sets the application context values, not the user. "Example of Creating and Using a Database Session-Based Application Context" on page 7-11 shows how to create a database session-based application context.
Using SYS_CONTEXT to Retrieve Session Information The syntax for the PL/SQL function SYS_CONTEXT is as follows: SYS_CONTEXT ('namespace','parameter'[,length])
7-6
Oracle Database Security Guide