Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: how to determine the osuser of a session

Re: how to determine the osuser of a session

From: Billy <vslabs_at_onwe.co.za>
Date: 21 Jun 2005 00:28:21 -0700
Message-ID: <1119338901.234266.179680@f14g2000cwb.googlegroups.com>


Andreas Mosmann wrote:

> It would be easier to handle, if such a record also contains the osuser
> or the terminal he sits on, so that you differentiate between the users
> (in our case we implemented an own user management, so that "SELECT
> userid FROM DUAL" is useless).

Well, irrespective of how you implement your application security model, the app establishes a client session with Oracle.

>From an Oracle instance perspective, all that you have in that regard
is the following data of the client session (from the V$SESSION virtual view):

OSUSER 	        VARCHAR2(30) 	Operating system client user name
PROCESS 	VARCHAR2(12) 	Operating system client process ID
MACHINE 	VARCHAR2(64) 	Operating system machine name
TERMINAL 	VARCHAR2(30) 	Operating system terminal name
PROGRAM 	VARCHAR2(48) 	Operating system program name

The client's IP address:
SQL> select SYS_CONTEXT('USERENV','IP_ADDRESS') from dual;

>From V$PROCESS, the process id of the client application - e.g.
thread/process handle of a Windows client: SPID VARCHAR2(12) Operating system process identifier

You can dig around the Oracle Reference Guide for additional details about the client. But what is listed in this guide is all that is essentially there from an Oracle server perspective.

Also keep in mind that much of this detailed is supplied via the client driver used by the client session - e.g. JDBC drivers may not always provide the same info as OCI drivers. And as this is from the client, it can be spoofed by the client. So none of this data is to be trusted - which makes it essentially useless for security or FGAC, and puts a questionmark over just how valid this data is when getting into the legal side of auditing.

--
Billy
Received on Tue Jun 21 2005 - 02:28:21 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US