When a Proxy Authentication is used, there is the impersonated user (called the client) and the impersonating user (called the proxy). So if Bob wants all the privileges of App1 and has been granted the privilege to connect as App1, then the client is App1 and the proxy is Bob. I would like a query of sessions that provides both the client and the proxy.
v$session shows schemaname as the client user. It has osuser and machine columns from which the proxy may be inferred, but it would be fragile at best.
v$session_connect_info changes the column authentication_type to proxy when proxy authentication is in use, but that only indicates that proxying is in effect, not who the proxy is.
The proxy_users table gives all the potential proxy/client combinations, which would work if there were only one match for the client, but wouldn't otherwise.
As the proxy user a selection could be done of SYS_CONTEXT with a parameter of PROXY_USER to get it, but that does not allow a session to get the proxy for other sessions.
*Update:*
MOS Doc ID 782078.1 shows how this can be done by joining dba_audit_trail with itself if auditing is turned on specifically and the user performs an audited action. It seems like a simpler solution should exist.
Asked by Leigh Riffel
(23884 rep)
Aug 3, 2016, 05:05 PM
Last activity: Aug 10, 2016, 03:33 PM
Last activity: Aug 10, 2016, 03:33 PM