@@ -123,6 +123,7 @@ limitations under the License.
12312314 . [ Statement Caching] ( #stmtcache )
12412415 . [ External Configuration] ( #oraaccess )
12512516 . [ Globalization and National Language Support (NLS)] ( #nls )
126+ 17 . [ End-to-end Tracing, Mid-tier Authentication, and Auditing] ( #endtoend )
126127
127128## <a name =" intro " ></a > 1. Introduction
128129
@@ -953,6 +954,8 @@ writeonly String action
953954The [ action] ( https://docs.oracle.com/database/121/LNOCI/oci08sca.htm#sthref1434 )
954955attribute for end-to-end application tracing. This is a write-only property.
955956
957+ See [ End-to-end Tracing, Mid-tier Authentication, and Auditing] ( #endtoend ) .
958+
956959#### <a name =" propconnclientid " ></a > 4.1.2 clientId
957960
958961```
@@ -965,6 +968,8 @@ for end-to-end application tracing, use with mid-tier authentication,
965968and with [ Virtual Private Databases] ( http://docs.oracle.com/database/121/CNCPT/cmntopc.htm#CNCPT62345 ) .
966969This is a write-only property.
967970
971+ See [ End-to-end Tracing, Mid-tier Authentication, and Auditing] ( #endtoend ) .
972+
968973#### <a name =" propconnmodule " ></a > 4.1.3 module
969974
970975```
@@ -974,6 +979,8 @@ writeonly String module
974979The [ module] ( https://docs.oracle.com/database/121/LNOCI/oci08sca.htm#sthref1433 )
975980attribute for end-to-end application tracing. This is a write-only property.
976981
982+ See [ End-to-end Tracing, Mid-tier Authentication, and Auditing] ( #endtoend ) .
983+
977984#### <a name =" propconnstmtcachesize " ></a > 4.1.4 stmtCacheSize
978985
979986```
@@ -2624,12 +2631,12 @@ connection.execute(
26242631 if (lob === null ) { console .log (" CLOB was NULL" return ; }
26252632
26262633 lob .setEncoding (' utf8' // we want text, not binary output
2627- lob .on (' error' function (err ) { console .error (err); });
2634+ lob .on (' error' function (err ) { console .error (err); });
26282635
2629- console .log (' Writing to ' + outFileName);
2630- var outStream = fs .createWriteStream (outFileName);
2631- outStream .on (' error' function (err ) { console .error (err); });
2632- lob .pipe (outStream);
2636+ console .log (' Writing to ' + outFileName);
2637+ var outStream = fs .createWriteStream (outFileName);
2638+ outStream .on (' error' function (err ) { console .error (err); });
2639+ lob .pipe (outStream);
26332640 });
26342641` ` `
26352642
@@ -3118,3 +3125,75 @@ Oracle NLS environment variables, or statements like `ALTER SESSION`,
31183125can be used to configure further aspects of node-oracledb data access
31193126globalization. Refer to
31203127[NLS Documentation](https://docs.oracle.com/database/121/NLSPG/ch3globenv.htm#g1028448).
3128+
3129+ ## <a name="endtoend"></a> 17. End-to-end Tracing, Mid-tier Authentication, and Auditing
3130+
3131+ The Connection properties [action](#propconnaction),
3132+ [module](#propconnmodule), and [clientId](#propconnclientid) set
3133+ metadata for
3134+ [end-to-end tracing](http://docs.oracle.com/database/121/TGSQL/tgsql_trace.htm#CHDBDGIJ).
3135+ The values can be tracked in database views, shown in audit trails,
3136+ and seen in tools such as Enterprise Manager.
3137+
3138+ The ` clientId` property can also be used by applications that do their
3139+ own mid-tier authentication but connect to the database using the one
3140+ database schema. By setting ` clientId` to the application's
3141+ authenticated username, the database is aware of who the actual end
3142+ user is. This can, for example, be used by Oracle
3143+ [Virtual Private Databases](http://docs.oracle.com/database/121/CNCPT/cmntopc.htm#CNCPT62345)
3144+ policies to automatically restrict data access by that user.
3145+
3146+ Applications should set the properties because they can greatly help
3147+ to identify and resolve unnecessary database resource usage, or
3148+ improper access.
3149+
3150+ The attributes are set on a [connection](#propdbconclass) object and
3151+ sent to the database on the next 'round-trip' from node-oracledb, for
3152+ example, with ` execute ()` :
3153+
3154+ ` ` `
3155+ oracledb .getConnection (
3156+ {
3157+ user : " hr"
3158+ password : " welcome"
3159+ connectString : " localhost/orcl"
3160+ },
3161+ function (err , connection )
3162+ {
3163+ if (err) { console .error (err .message ); return ; }
3164+
3165+ connection .clientId = " Chris"
3166+ connection .module = " End-to-end example"
3167+ connection .action = " Query departments"
3168+
3169+ connection .execute (" SELECT . . ."
3170+ function (err , result )
3171+ {
3172+ . . .
3173+ ` ` `
3174+
3175+ While the connection is open the attribute values can be seen, for example with SQL*Plus:
3176+
3177+ ` ` `
3178+ SQL > SELECT username, client_identifier, action, module FROM v$session WHERE username = ' HR'
3179+
3180+ USERNAME CLIENT_IDENTIFIER ACTION MODULE
3181+ ---------- -------------------- -------------------- --------------------
3182+ HR Chris Query departments End- to- end example
3183+ ` ` `
3184+
3185+ The values can also be manually set by calling
3186+ [` DBMS_APPLICATION_INFO ` ](http://docs.oracle.com/cd/B19306_01/appdev.102/b14258/d_appinf.htm#CHECEIEB)
3187+ procedures or
3188+ [` DBMS_SESSION .SET_IDENTIFIER ` ](http://docs.oracle.com/cd/B19306_01/appdev.102/b14258/d_sessio.htm#SET_IDENTIFIER),
3189+ however these require explicit round-trips, reducing scalability.
3190+
3191+ Idle connections released back to a connection pool will retain the
3192+ previous attribute values of that connection. This avoids the
3193+ overhead of a round-trip to reset the values. After calling
3194+ ` pool .getConnection ()` , the application should be consistent about
3195+ setting appropriate values to ensure any previous values are updated.
3196+ The Oracle design assumption is that pools are actively used and have
3197+ few idle connections. However, if desired, the application can set
3198+ the properties to empty strings and force a round-trip prior to
3199+ connection release. This reduces efficiency.
0 commit comments