1 Reply Latest reply on Apr 24, 2018 9:14 AM by Tomas Albinsson

    ORDS and vpd/rls and current session

    Tomas Albinsson

      Hi!

       

      (I'm not sure whet version of ords I'm running, it came with Apex 4. I don't think the version is very important.)

       

      I've previously sometimes used direct procedure calls using ords/apex listener, of the form /server/something/schema.procedure to fetch some data.

      That call would have sys_context('userenv','session_user') set to APEX_PUBLIC_USER.

      This value is used in a table policy (vpd/rls) to determine the output.

       

      As far as I understand, setting up something similar using the ORDS package gives me a procedure call where sys_context('userenv','session_user') is the schema that created the service.

      If this schema is the master schema my vpd is effectively disabled, as the policy makes an exception for the master.

      I have also found that there is a variable :current_user that can be used in the service source, but this is NULL if unauthorized users are allowed (and they are for me).

       

      The only solution (besides from changing my policies) seems to be to set up a new schema that just owns the ords services.

      When the new schema calls the master schema procedures, the vpd will work again.

       

      Any thoughts? Have I missed/misunderstood something?

       

      Kind regards

       

      Tomas