another database session is used mapping the application user to the database userI'm not totally sure on what you mean by 'mapping application user to database user'.
Documentation wrote:Again, not the most versed in authentication here, so someone shoot me down when I'm wrong.
Use this attribute to enter a PL/SQL block that sets a context for the database session associated with the current "show page" or "accept page" request. The block you enter here is executed at a very early point during the page request, immediately after the APP_USER value is established. The value of APP_USER (using :APP_USER or v('APP_USER')) may be used within the block. Values of other items in session state may be referenced as well, but any such items must have been established in session state before the initiation of the current page request. Consider the following example:
It sets the value of USERPRIV in the context named CTX_USER_QRY to the value returned by the function my_function in package my_package. The function is passed the current value of APP_USER as an input argument. Presumably, the named context would be used in a VPD policy ( created within the application's parsing schema) to effect the generation of predicates appropriate to the authenticated user.
Virtual Private Database, also know as Fine-Grained Access Control or FGAC, is an Oracle database feature that provides an application programming interface (API) that enables developers to assign security policies to database tables and views. Using PL/SQL, developers can create security policies with stored procedures and bind the procedures to a table or view by means of a call to an RDBMS package. Such policies are based on the content of application data stored within the database, or based on context variables provided by Oracle database. In this way, VPD permits access security mechanisms to be removed from applications, and to be situated closer to particular schemas.
The code entered here need not pertain to VPD/FGAC and may not be related to security at all. Any code that needs to be executed at the earliest point in a page request can be placed here. For example, the following code sets the database session time zone for every page request:
BEGIN EXECUTE IMMEDIATE 'alter session set time_zone = ''Australia/Sydney'' '; END;