Skip to Main Content

Breadcrumb

Connor and Chris will both be at AI World from October 12 to October 17 , the premier Oracle conference of 2025. If you're in Vegas, please come say Hi or pop into our sessions

Question and Answer

Connor McDonald

Thanks for the question.

Asked: August 28, 2020 - 8:49 am UTC

Last updated: September 02, 2020 - 10:22 am UTC

Version: 20.1

Viewed 1000+ times

You Asked

Hello,
I'm migrating an existing web application to APEX. For some reasons I have to stick to the user authentication against accounts in the local database. Stuff works well so far, but I'm looking for a way to run select statements and execute pl/sql blocks as current user - the one who has authenticated himself through his database account.
We have used pl/sql packages largely and using application based privilege checks within these packages. As we don't want to loose this feature I don't want to grant all privileges to the standard APEX users.

I have to admit, that I'm quite new to APEX and still learning.
Looking forward to your reply.

Regards,
Andreas

and Connor said...

You could look at using APEX_UTIL.SET_PARSING_SCHEMA_FOR_REQUEST to force the parsing schema to the logged-in-user... In Security - Security Attributes, setup the initialization code to use the parsing schema as set ( set it for ALL pages) apex_util.set_parsing_schema_for_request (p_schema => :APP_USER);

This would be run on every page load, so may be some performance implications - make sure you test carefully.

Please keep in mind that the applications *default* parsing schema would still have to be a user which has all the privileges required for the application. You would use the default parsing schema during development in the Builder (Page Designer) when a developer enters SQL or PL/SQL to parse if it's valid, ... When the developer runs the app we would use the database user he specifies during application login. In addition, all privileged application users (database users) would need to be assigned as valid schemas to the workspace, otherwise the above procedure would prevent switching to that database user. The customer can use APEX_INSTANCE_ADMIN.ADD_SCHEMA to add them in a script. Obviously this would also have to be done on the production system.

Note that if you had code that referenced the function "USER", it would still not be the applications user. They would get APEX_PUBLIC_USER or the default parsing user of the app. They would have to use

SYS_CONTEXT('APEX$SESSION', 'APP_USER')

to get the name of the authenticated user.

Thanks to Michael Potter / Patrick Wolf from the APEX team for this info.


Is this answer out of date? If it is, please let us know via a Comment
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's channel and Chris's channel from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

APEX

Keep your APEX skills fresh by attending their regular Office Hours sessions.