8.2 CREATE CONTEXT: Creating Contexts

Team-Fly    

 
Oracle PL/SQL Programming Guide to Oracle 8 i Features
By Steven Feuerstein
Table of Contents
Chapter 8.  Deploying Fine-Grained Access Control

8.2 CREATE CONTEXT: Creating Contexts

Application contexts facilitate the implementation of fine-grained access control. They allow you to implement security policies with functions and then associate those security policies with applications. Each application can have its own application-specific context. Users are not allowed to arbitrarily change their context (for example, through SQL*Plus).

A context is a named set of attribute/value pairs associated with a PL/SQL package. A context is attached to, and is global within, a session. Your application can use a context to set values that are then accessed from within your code and, specifically , from within code that is used to generate WHERE clause predicates for fine-grained access control.

Suppose you are building a human resources application. You might create a context called HRINFO and define the following attributes for that context:

 position organizational_unit country 

You can then set values for each of these attributes from within your PL/SQL programs.

Oracle provides a Data Definition Language (DDL) statement to create the context used to validate and secure an application. The format of this statement is as follows :

 CREATE [OR REPLACE] CONTEXT  namespace  USING [  schema  .]  plsql_package  ; 

You may deduce from this statement that a context has two attributes. Parameters are summarized in Table 8.1.

Table 8.1. CREATE_CONTEXT Parameters

Parameter

Description

namespace

The name of the context. Context namespaces are always stored in the schema SYS.

schema

Name of the schema owning the PL/SQL package. If this name is not included, Oracle uses the currently connected schema.

plsql_package

A package that can be used to set or modify the attributes of the associated context.

To create a context namespace, you must have the CREATE ANY CONTEXT system privilege. Here is the format for this grant:

 GRANT CREATE ANY CONTEXT TO  schema_name  ; 

To make it easier for you to construct contexts and the code to support them, Oracle does not verify the existence of the schema or the validity of the package at the time you create the context.

By the way, you do not have to use contexts only with the FGAC feature; they can be used simply to give you a more general and flexible way of setting and obtaining attributes for a session. I'll explore that capability in the later section, Section 8.4.


Team-Fly    
Top


Oracle PL. SQL Programming. Guide to Oracle8i Features
Oracle PL/SQL Programming: Guide to Oracle8i Features
ISBN: B000H2MK2W
EAN: N/A
Year: 1998
Pages: 107

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net