You can obtain the value of a context's attribute in one of two ways:
A top-level PL/SQL function that returns the value of a specified attribute
A procedure that returns all of the attributes and values defined across all contexts in the current session
The header for the SYS_CONTEXT function is:
FUNCTION SYS_CONTEXT ( namespace VARCHAR2, attribute VARCHAR2) RETURN VARCHAR2;
It returns the value associated with attribute as defined in the specified context namespace.
In addition to your own application context information, you can retrieve information about your current connection by calling SYS_CONTEXT as follows:
SYS_CONTEXT ('USERENV', attribute)
where attribute can be any of the values listed in Table 8.3.
Attribute | Description |
---|---|
Returns the current schema name, which may be changed with an ALTER SESSION SET SCHEMA statement | |
Returns the current schema ID | |
`CURRENT_USER' | Returns the current session username, which may be different from SESSION_USER from within a stored procedure (such as an invoker rights procedure) |
Returns the current session user ID | |
Returns the IP address of the client only if the client is connected to Oracle using Net8 with the TCP protocol | |
Returns the NLS calendar used for dates | |
Returns the currency symbol | |
Returns the current date format | |
Returns the language used for days of the week, months, and so forth, in dates | |
Indicates whether the sort base is binary or linguistic | |
Returns the territory | |
`SESSION_USER' | |
`SESSION_USERID |
Use the following script to examine each of these values:
/* Filename on companion disk: showucntxt.sql */ DECLARE PROCEDURE showenv (str IN VARCHAR2) IS BEGIN DBMS_OUTPUT.PUT_LINE ( str || '=' || SYS_CONTEXT ('USERENV', str)); END; BEGIN showenv ('NLS_CURRENCY'); showenv ('NLS_CALENDAR'); showenv ('NLS_DATE_FORMAT'); showenv ('NLS_DATE_LANGUAGE'); showenv ('NLS_SORT'); showenv ('SESSION_USER'); showenv ('CURRENT_USER'); showenv ('CURRENT_SCHEMA'); showenv ('CURRENT_SCHEMAID'); showenv ('SESSION_USERID'); showenv ('CURRENT_USERID'); showenv ('IP_ADDRESS'); END; /
The DBMS_SESSION built-in package provides a procedure that retrieves the list of defined attributes and values for all contexts in your session. Here is the header of that procedure:
PROCEDURE DBMS_SESSION.LIST_CONTEXT ( list OUT DBMS_SESSION.AppCtxTabTyp, lsize OUT number);
where lsize is the number of elements in list, and list is an index-by table of records. Each record has this format:
TYPE DBMS_SESSSION.AppCtxRecTyp IS RECORD ( namespace VARCHAR2(30), attribute VARCHAR2(30), value VARCHAR2(4000));
where namespace and attribute have the meanings described for SYS_CONTEXT.
Here is a program that utilizes this procedure to retrieve and display all defined context attributes:
/* Filename on companion disk: showcntxt.sp */ CREATE OR REPLACE PROCEDURE show_context_info IS context_info DBMS_SESSION.AppCtxTabTyp; info_count PLS_INTEGER; indx PLS_INTEGER; BEGIN DBMS_SESSION.LIST_CONTEXT ( context_info, info_count); indx := context_info.FIRST; LOOP EXIT WHEN indx IS NULL; DBMS_OUTPUT.PUT_LINE ( context_info(indx).namespace || '.' || context_info(indx).attribute || ' = ' || context_info(indx).value); indx := context_info.NEXT (indx); END LOOP; END; /
Here is a script and output that demonstrates the use of this procedure (building upon contexts and packages defined by first running the earth.pkg and prison.pkg scripts):
/* Filename on companion disk: showcntxt.tst */ BEGIN /* Set context information.*/ earth_pkg.set_contexts; prison_pkg.set_contexts; show_context_info; END; / INCARCERATION_FACTORS.CLASS = poor POLLUTION_INDICATORS.SMOG = dense INCARCERATION_FACTORS.EDUCATION = minimal POLLUTION_INDICATORS.ACIDRAIN = corrosive
Oracle provides the data dictionary views listed in Table 8.4, which you can query to obtain information about policies defined in or accessible to your schema.
View | Description |
---|---|
All policies owned by the current schema. | |
All policies owned or accessible by the current schema. | |
DBA_POLICIES | All policies regardless of whether they are defined in or accessible in the current schema. Special privileges are required to access this view. |
All active context namespaces defined in the session. This view is based on the v$context virtual table. | |
DBA_CONTEXT | All context namespace information (active and inactive). Special privileges are required to access this view. |
The columns for the *_POLICIES views are described in Table 8.5. These values are set through calls to the DBMS_RLS programs ADD_POLICY and ENABLE_POLICY, described in Chapter 7.
Column Name | Datatype | Description |
---|---|---|
VARCHAR2(30) | Owner of the object for which the policy is defined; only present in ALL_POLICIES and DBA_POLICIES. | |
VARCHAR2(30) | Name of the object for which the policy is defined. | |
VARCHAR2(30) | Name of the policy. | |
VARCHAR2(30) | Owner of the packaged function. | |
VARCHAR2(30) | Name of the package that contains the function. | |
VARCHAR2(30) | Name of the function used to generate dynamic predicate. | |
VARCHAR2(3) | `YES' or `NO' -- Is this policy applied to SELECT statements? | |
VARCHAR2(3) | `YES' or `NO' -- Is this policy applied to INSERT statements? | |
VARCHAR2(3) | `YES' or `NO' -- Is this policy applied to UPDATE statements? | |
DEL | VARCHAR2(3) | `YES' or `NO' -- Is this policy applied to DELETE statements? |
VARCHAR2(3) | `YES' or `NO' -- Is check option enforced for this policy? | |
VARCHAR2(3) | 'YES' or `NO' -- Is the policy checked against the value after insert or update? |
The columns for the *_CONTEXT views are described in Table 8.6.
Column Name | Datatype | Description |
---|---|---|
VARCHAR2(30) | Name of the namespace or context | |
VARCHAR2(30) | The schema that owns the namepace | |
VARCHAR2(30) | The package associated with the namespace |
You can, of course, write queries and stored programs to access this information. Here is a procedure that you can use to drop one or all of your policies:
/* Filename on companion disk: droppol.sp */ CREATE OR REPLACE PROCEDURE drop_policies ( objname IN VARCHAR2, polname IN VARCHAR2 := '%', objschema IN VARCHAR2 := NULL) AUTHID CURRENT_USER IS BEGIN FOR rec IN ( SELECT object_owner, object_name, policy_name FROM ALL_POLICIES WHERE object_owner LIKE NVL (objschema, USER) AND object_name LIKE objname AND policy_name LIKE polname) LOOP DBMS_RLS.DROP_POLICY ( rec.object_owner, rec.object_name, rec.policy_name); END LOOP; END; /
Notice that I use AUTHID CURRENT_USER to make sure that the procedure will only drop policies for the tables and views for which the CURRENT_USER has the right access privileges, regardless of who owns the procedure itself. The WHERE clause will further limit the policies to those created for the objects owned by the CURRENT_USER.
You can also use the DDL statement DROP CONTEXT to drop a context or policy directly within a SQL execution environment (or via dynamic SQL).
Copyright (c) 2000 O'Reilly & Associates. All rights reserved.