Showing posts with label SYS_CONTEXT. Show all posts
Showing posts with label SYS_CONTEXT. Show all posts

Mar 9, 2010

ContexT

Application contexts provides e the implementation of fine-grained access control. They allow you to implement security policies. Users are not allowed to arbitrarily change their context (for example, through SQL*Plus).

The SYS_CONTEXT function can be used to retrieve information about the Oracle environment.

The syntax for the SYS_CONTEXT function is:

SYS_CONTEXT( namespace, parameter, [ length ] )

Namespace is an Oracle namespace which is name of that context.

What is Namespace

A namespace is an abstract container or environment created to hold a logical grouping of unique identifiers or symbols (i.e., names). An identifier defined in that namespace is associated with it. The same identifier can be independently defined in multiple namespaces. That is, the meaning associated with an identifier defined in one namespace may or may not have the same meaning in another namespace.

For example, Bill works for company X and his employee ID is 123. John works for company Y and his employee ID is also 123. The reason Bill and John can be identified by the same ID number is because they work for different companies. The different companies in this case would symbolize different namespaces. There would be serious confusion if the two men worked for the same company, and still had the same employee ID. For instance, a pay-cheque issued to employee ID 123 would not identify which man should receive the cheque.

USERENV is an Oracle provided namespace that describes the current session ; It have so many parameters.

Eg: SELECT SYS_CONTEXT('USERENV', 'IP_ADDRESS', 15) ipaddr,SYS_CONTEXT('USERENV', 'HOST', 16) host,SYS_CONTEXT('USERENV', 'NETWORK_PROTOCOL', 8) netprtc
,SYS_CONTEXT('USERENV', 'CURRENT_USER', 8) curruser,SYS_CONTEXT('USERENV', 'CURRENT_SCHEMA', 8) currschema FROM DUAL;

To set Grant
GRANT CREATE ANY CONTEXT TO schema_name;

Context is of two types Normal and Accessed Globally .
In Normal context is connection based; is not valid across sessions;Accessed globally context is visible across sessions.

create context some_context using some_package; (NORMAL)
create context global_context using global_package accessed globally;

Eg: (NORMAL)

create or replace context cntx_test using pk_test;

create or replace package pk_test as
procedure set_value_in_context(some_value in varchar2);
end pk_test;


create or replace package body pk_test as
procedure set_value_in_context(some_value in varchar2) is
begin
dbms_session.set_context('cntx_test', 'test_attribute', some_value);
end set_value_in_context;
end pk_test;


exec pk_test.set_value_in_context('PLSQL');

select sys_context('cntx_test', 'test_attribute') from dual;


Globally Accessed

create context global_context using global_package accessed globally;

create or replace package global_package as
procedure set_value_in_context(global_value in varchar2);
end global_package;


create or replace package body global_package as
procedure set_value_in_context(global_value in varchar2) is
begin
dbms_session.set_context('global_context', 'global_attribute', global_value);
end set_value_in_context;
end global_package;


exec global_package.set_value_in_context('valid accross sessions');

select sys_context('global_context', 'global_attribute') from dual;


One main Benefit of Context is parametrizing views with contexts

For parametrizing views Normal context are to be created because which is session dependent .

Example

conn scott/scott


create context ctx_vw_emp using pk_ctx_vw_emp;


create or replace view vw_emp as select * from emp where deptno =sys_context('ctx_vw_emp','dept');


create package pk_ctx_vw_emp as
procedure set_department (depno in number);
end;
/


create package body pk_ctx_vw_emp as
procedure set_department(depno in number) is
begin
dbms_session.set_context('ctx_vw_emp', 'dept', depno);
end set_department;
end pk_ctx_vw_emp;
/


exec pk_ctx_vw_emp.set_department('10');

select * from vw_emp;

exec pk_ctx_vw_emp.set_department('30');

select * from vw_emp;
---------------------------