4. User Context Views, Logs and Configuration Backup¶

4.1. User Context Views¶

Several views are accessible to users and show information about their own SCURTY session context. This information is for example the user’s current access privileges, the session status and much more. Public synonyms provide easy access to the views.

The following table lists these public synonyms and a short description including the object name behind the synonym:

Public synonym	Object name and description
SCURTY_CTH_PRIVS	View USER_CTH_PRIVS shows the generic users (GUs) for which the current user has been granted the “connect through” privilege
SCURTY_CTX_SESSIONS	View USER_CTX_SESSIONS shows detailed session and context information
SCURTY_CTX_SESSION_DETAILS	View USER_CTX_SESSION_DETAILS shows details about current access on tenants
SCURTY_CTX_SESSION_INFO	View USER_CTX_SESSION_INFO shows user attributes of the current session
SCURTY_REP_TENANTS	View USER_REP_TENANTS shows detailed information about existing tenants
SCURTY_SCOL_ACCESS	View USER_SCOL_ACCESS shows tenant codes for tables with sensitive columns that the user has been granted access to
SCURTY_TNT_ACCESS	View USER_TNT_ACCESS shows existing tenant codes

4.2. History of SCURTY objects, access privileges and system settings¶

By default a change history for SCURTY metadata is kept for 90 days. This for example enables tracing of changes to understand the evolution of access rights. The retention period can be configured using procedure p_hst_admin.reconfig_history. The changes are visible in views starting with “H$”.

Oracle Time Travel feature is used to keep this history. Table ADM_HST_TABLES lists the tables that archiving is activated for. This list must not be changed by a user or an administrator. To illustrate the information provided by H$-views the example below lists column names and a description of view H$REP_USER_OG_ACCESS:

Table 4.1 Example view H$REP_USER_OG_ACCESS¶
Column name	Description
H$START_TIME	The validity start timestamp for this row. In other words: this row is valid between H$START_TIME and H$END_TIME
H$END_TIME	The validity end timestamp for this row. In other words: this row is valid between H$START_TIME and H$END_TIME
H$OPERATION	If data in this row resulted from an insert (I) or from an update (U) statement. If the row was deleted (D) or updated (U) column H$END_TIME shows the timestamp when this happened
OBJECT_GROUP	Data field of the historicized table as it was valid between H$START_TIME and H$END_TIME
USERNAME	Data field of the historicized table as it was valid between H$START_TIME and H$END_TIME
RW_ACCESS	Data field of the historicized table as it was valid between H$START_TIME and H$END_TIME
SCOL_ACCESS	Data field of the historicized table as it was valid between H$START_TIME and H$END_TIME
SOURCE	Data field of the historicized table as it was valid between H$START_TIME and H$END_TIME
TNT_MODE	The tenant mode (RLT or CLT)
H$SESSION_USER	The database session user that created the data in this row
H$HOST	The client host the user created the data entry from
H$OS_USER	The operating system user behind the database session user
H$ACTION	The process that created the data entry
H$MODULE	The client tool used to create the data entry

4.3. Log data¶

Table LOG_MESSAGES is the central log data store.

All changes to SCURTY meta data generate at least one entry. Therefore the table provides a detailed overview about system events and the system status. Entries to this table are generated by different sources: API usage generates a log entry, the processes that pick up the entered meta data and also the system wide refresh processes. There are six different log levels that can be used to set the level of detail for logging data.

The log levels are ordered in descending level of detail:

TRACE
DEBUG
INFO
WARN
ERROR
ALERT

Each log level in this list also logs data of all log levels below. For example log level WARN also logs data of the levels ERROR and ALERT. The default log level is “INFO”. The current value of parameter “log_level” can be viewed in table ADM_PARAMS. The value can be changed using procedure P_REP_ADMIN.SET_PARAM (see SCURTY API Reference). Data in table LOG_MESSAGES gets deleted after a configurable number of days. The default retention is 3 days. The current value of parameter “log_retention” can be viewed in table ADM_PARAMS. A new value can be set using procedure p_rep_admin.set_param.

4.4. Configuration backup¶

It is possible to export all metadata definitions from SCURTY and to import them later into another SCURTY installation. The “REG_”-Views hold all definitions (separated by admin roles) already formatted for execution at another system.