You execute an application context function in a select statement. The owner of the function is the System Administrator of the server. You can create, set, retrieve, and remove application contexts using built-in functions.
The data used in the built-in functions is defined in a table created by the System Administrator, containing all logins for all tables. For more information about this table, see “Using login triggers”.
set_appcontext() stores:
select set_appcontext ("titles", "rlac", "1")
get_appcontext() supplies two parts of a context in a session, and retrieves the third:
select get_appcontext ("titles", "rlac")
------------------------
1
For more information on these functions and on list_appcontext and rm_appcontext, see “Creating and using application contexts”.
You can grant and revoke privileges to users, roles, and groups in a given database to access objects in that database. The only exceptions are create database, set session authorization, and connect. A user granted these privileges should be a valid user in the master database. To use other privileges, the user must be a valid user in the database where the object is located.
The use of built-in functions means that unless special arrangements are made, any logged-in user can reset the profiles of the session. Although Adaptive Server audits built-in functions, security may be compromised before the problem is noticed. To restrict access to these built-in functions, use grant and revoke privileges. Only users with the sa_role can grant or revoke privileges on the built-in functions. Only the select privilege is checked as part of the server-enforced data access control checks performed by the functions.
Built-in functions do not have an object ID and they do not have a home database. Therefore, each Database Owner must grant the select privilege for the functions to the appropriate user. Adaptive Server finds the user’s default database and checks the permissions against this database. With this approach, only the owner of the users’ default database needs to grant the select privilege. If other databases should be restricted, the owner of those databases must explicitly revoke permission from the user in those databases.
Only the application context built-in functions perform data access control checks on the user when you grant and revoke privileges on them. Granting or revoking privileges for other functions has no effect in Adaptive Server.
Privileges granted to public only affect users named in the table created by the System Administrator. For information about the table, see “Using login triggers”. Guest users have privileges only if the sa_role specifically grants it by adding them to the table.
A System Administrator can execute the following commands to grant or revoke select privileges on specific application context functions:
grant select on set_appcontext to user_role
grant select on set_appcontext to joe_user
revoke select on set_appcontext from joe_user