7. API: EndUserSecurityContext Class
The EndUserSecurityContext class is used to define the end user security context information for an end user.
Added in version 7.0.
Note
In this release, Deep Data Security is only supported in node-oracledb Thin mode.
See Deep Data Security.
The EndUserSecurityContext object is created by using:
const security_context = new oracledb.EndUserSecurityContext(options);
The parameters of the EndUserSecurityContext method are:
Parameter |
Data Type |
Description |
|---|---|---|
|
Object |
The |
The properties of the options parameter are:
Attribute |
Data Type |
Description |
|---|---|---|
|
String |
A security token issued by an external Identity and Access Management (IAM) system such as Oracle Cloud Infrastructure (OCI) IAM or Microsoft Entra ID that authorizes an application to access Oracle Database. This can either be an On-Behalf-Of (OBO) token or a Client Credentials token. An OBO token is obtained from an IAM using the end-user token as an assertion. This access token can only be used when A Client Credentials token is obtained from an IAM using the application’s token. This access token can be used when either |
|
String |
The unique identification of an end-user managed by an external IAM system. This contains the end-user token issued by IAM systems after user authentication. This attribute should not be set when |
|
String |
The unique identification of an end-user managed by Oracle Database. This contains the name of a local database user created in Oracle Database that has the This attribute should not be set when |
|
String |
An optional lookup identifier that the database maps to stored context attributes. This attribute may be specified with |
|
Array |
The names of data roles granted to the application. These data roles are created with a For external IAM systems, these data roles are mapped to roles managed in your IAM system. For local database users, these data roles can be used to distinguish sessions for the same local user. |
|
Object |
Attribute name-value pairs provided by the application for an END USER CONTEXT declared in the database. The name-value pairs for each context must conform to the JSON schema of that END USER CONTEXT. These pairs are associated with fully qualified END USER CONTEXT names, using the format |