Applications on a database server must limit access to the data. Applications are carefully coded to consider the profile of the user. For example, a Human Resources application is coded to know which users are allowed to update salary information.
The attributes that enable this coding comprise an application context. The Application Context Facility (ACF) consists of four built-in functions that provide a secure environment for data access, by allowing access rules to compare against the intrinsic values assigned to users in a session.
An application context consists of context_name, attribute_name, and attribute_value. Users define the context name, the attributes, and the values for each context. You can use the default read-only application context that Sybase provides, sys_session, to access some session-specific information. This application context is shown as Table 11-5. You can also create your own application contexts, as described in “Creating and using application contexts”.
The user profile, combined with the application profile, which is defined in a table created by the System Administrator, permits cumulative and overlapping security schemes.
ACF allows users to define, store, and retrieve:
User profiles (the roles authorized to a user and the groups to which the user belongs)
Application profiles currently in use
Any number of application contexts per session are possible, and any context can define any number of attribute/value pairs. ACF context rows are specific to a session, not persistent across sessions; however, unlike local variables, they are available across nested levels of statement execution. ACF provides built-in functions that set, get, list, and remove these context rows.
