14 Configure the Security Context

The end-user security context is the mechanism through which the database enforces per-user security policies at runtime. When an end-user security context is active, it replaces the security domain of the shared connection pool user account with the individual end user's identity, roles, and context attributes, ensuring that every SQL operation is authorized against the actual requesting user, and not the application's database user account.

Learn how an end-user security context is established in Oracle AI Database with the integrated Oracle Deep Data Security (Deep Sec) feature.

This chapter outlines the database and application configurations required for establishing end-user security contexts. It also details the two supported establishment methods (token-based for IAM-managed users and local for database-managed users), and explains how the database server creates, caches, and attaches these security contexts at runtime.

Topics:

• About the End-User Security Context

• Prerequisites for Establishing a Token-Based Security Context

• Prerequisites for Establishing a Local Security Context

• How the Database Server Manages an End-User Security Context

See also:

End-User Security Context in Part I: Oracle Deep Data Security Fundamentals.