Chapter 9: Application Contexts For Security And Performance

Overview

This chapter looks at a technology that helps you to efficiently implement database security. The technology—called application context—was built to increase the performance of fine-grained access control (FGAC) implementations. The material presented here will provide the foundation for using application context as part of your security implementations. The examples are designed to be simple to allow you to focus on how the application context technology can be used.

For the discussions in this chapter, application context will be categorized into the following four different types:

• Default The USERENV namespace in which the database populates with environmental data about the user’s session

• Local The private, application-defined attributes that generally hold user specific data

• Global The sharable attributes, accessible by different database sessions, typically used in connection pool implementations

• External The private values populated by an external source, such as the Oracle Internet Directory

An application context can be used for many purposes, but their original mission was to support intra-object security (fine-grained access) implementations. The application context capability was created to enhance the performance of Virtual Private Database policies, discussed in Chapter 10.