11.5.2.4 Referencing Other Context Information

In addition to calling APEX_AUTHORIZATION.IS_AUTHORIZED, your data security policy function can use other useful information to decide what WHERE clause to return.

To access the current APEX:

• Username – use SYS_CONTEXT('APEX$SESSION','APP_USER')
• Application ID – use SYS_CONTEXT('APEX$SESSION','APP_ID')
• Session ID – use SYS_CONTEXT('APEX$SESSION','APP_SESSION')
• Tenant ID – use SYS_CONTEXT('APEX$SESSION','APP_TENANT_ID')

It can also access the list of APEX ACL roles assigned to the user with the query:

select role_name
  from apex_appl_acl_user_roles
 where user_name = sys_context('APEX$SESSION','APP_USER')
   and application_id = sys_context('APEX$SESSION','APP_ID')

When using dynamic groups with an external identity provider, it can access the list of dynamic groups the user belongs to with the query:

select group_name
  from apex_workspace_session_groups
 where apex_session_id = sys_context('APEX$SESSION','APP_SESSION')
   and user_name = sys_context('APEX$SESSION','APP_USER')

Tip:

The Tenant ID is a context value you can assign in an After Authentication application process or a post-authentication procedure using the SET_TENANT_ID procedure in the APEX_SESSION package. In a multi-tenant app – where users from different customer companies access it – the value represents the unique id of the current user's company. Your data security policies can use it to ensure users only see data pertaining to their own company. However, you can set and use the value in any way that proves useful to you.