From oracle-l-bounce@freelists.org Mon May 9 14:43:12 2005 Return-Path: Received: from air891.startdedicated.com (root@localhost) by orafaq.com (8.12.10/8.12.10) with ESMTP id j49JhCM7007203 for ; Mon, 9 May 2005 14:43:12 -0500 X-ClientAddr: 206.53.239.180 Received: from turing.freelists.org (freelists-180.iquest.net [206.53.239.180]) by air891.startdedicated.com (8.12.10/8.12.10) with ESMTP id j49JhB4Z007198 for ; Mon, 9 May 2005 14:43:11 -0500 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 0C2B0191777; Mon, 9 May 2005 13:40:31 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01589-02; Mon, 9 May 2005 13:40:30 -0500 (EST) Received: from turing (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 853F9191B59; Mon, 9 May 2005 13:40:30 -0500 (EST) Message-Id: <200505091838.j49IcfL20752@cadre5.com> From: "Vlado Barun" To: , Subject: RE: Auditing original user in an n-tier environment Date: Mon, 9 May 2005 14:38:39 -0400 MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcVUv7RrBORH/wpnTcmw1Qblm/DCygABLU7Q X-archive-position: 19467 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-To: oracle-l-bounce@freelists.org X-original-sender: vlado@cadre5.com Precedence: normal Reply-To: vlado@cadre5.com X-list: oracle-l X-Virus-Scanned: by amavisd-new-20030616-p9 (Debian) at avenirtech.net X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on air891.startdedicated.com X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=ham version=2.63 Option 1: Use oracle n-tier proxy authentication, see http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96582/authuse r.htm#1006671 Option 2: Use session context variables to identify the user that is using the current connection. This assumes that the presentation layer knows the identity of the user. If so, you can use the sys_context function to add an attribute to the session identifying the "real" user. This attribute can then be used in any function/procedure/package/trigger/sql to populate the appropriate fields in the audit logs... See http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:616200296 2892 for more details... Vlado Barun, M.Sc. Senior Data Architect, Cadre5 www.cadre5.com Office: 865 690 4442 Mobile: 865 335 7652 e-mail: vlado@cadre5.com AIM: vbarun2 -----Original Message----- From: oracle-l-bounce@freelists.org [mailto:oracle-l-bounce@freelists.org] On Behalf Of Rusnak, George A. (SEC-Lee) CTR Sent: Monday, May 09, 2005 1:51 PM To: oracle-l@freelists.org Subject: Auditing original user in an n-tier environment GURUS, Oracle EE: 9.2.0.5 Hardware: HP-UX 3 tier architecture: Presentation, Application and Database. Language: Cold Fusion Challenge: How do we capture the user logging into the Presentation layer and pass that original user id through the Application layer to the database layer and be able to capture that original user id in the audit logs. The Application layer always connects to the database as the SAME user NOT as the original user. We need to know what code goes in what tier. I have read and searched but cannot find a doc on how to do this. With all the multi-tier architectures out there I was hoping to find a ton of information on this subject. THANK YOU, Al Rusnak * 804-734-8210 * george.rusnak@deca.mil -- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-l