909127 wrote:What application layer are you using? How are these credentials hardcoded?
We have created one application. If USER1* runs this application, then it will execute some set of procedures,packages with the hardcoded USER2_ credentials in that application. Due to this process execution few tables(let us say TABLE1*) is getting updated.
Now my problem is, I want to know the details of USER1. i.e who ran the application.
For this I have tried the below option,
1. Created a trigger on table TABLE1
2. by using 'user' keyword I tried to capture the user credentials.
But, since that updation of table is taking place with the help of hard-coded USER2 credentials, i am getting ouptut as USER2.
But in the reality I have to get USER1 as output.
909127 wrote:Ok, so it's a .net application.
Thanks for your quick response.
Actually we are using 3rd party application and this was developed by .NET
909127 wrote:So USER1 executes "+sqlplus USER2/USER2password @procedure+" to run the required procedure?
--> Both User1&2 are database users.
--> in the application they might be executing the procedure with the help of USER2 credentials.
This is something like below in our Oracle SQL commands.
Sqlplus USER2/USER2password @procedure
USER2 allows USER1 to execute the procedure. E.g.
create or replace procedure ... authid definer is ..
USER1 executes that procedure using his credentials. E.g.
grant execute on <procedure> to USER1
Look at the AUTHID concept in the PL/SQL Reference Guide (manuals available via http://tahiti.oracle.com).
sqlplus USER1/USER1 @USER2.<procedure>