Oracle Proxy User

[jondmoon]

This is not really an issue but a question. I am trying to build a REST API for our enterprise Oracle database, but one requirement is that we be able to use a proxy user so the database sees all interactions as the proxy user instead of the one whose connection information is stored in the system. I have found how it is done with the oracledb client (setting the username as MAINUSER[PROXY]), but I wasn't sure if there was a way to modify that connection string per user connection, pulling the username through a stored value on that connection. I don't have a lot of experience with feathers and have been trying out various scenarios with about 10 different API backends to try and get this to work, so right now I am a little lost in what is possible. I found a post on the knex issue board (knex/knex#2660) where they are talking about ways to add the functionality, but I wasn't sure that even if it got merged into the core of knex if this would be possible with feathers.

Thanks.

Jon

[daffl]

All database adapter are fairly strict separating Feathers from the database connector functionality. If it is possible with Knex it will be possible to use it with this module.

[jondmoon]

Thanks for responding. My question was more about trying to understand how Feathers deals with the connections. Does it make the connection when the server starts up or does it reconnect with each request? If it's the former, then what would happen to other clients if each one needed to modify the connector? Do they all share the same instance of the connector or are new instances created when needed? I was mostly wondering how doing this in an enterprise application would affect performance and reliability of the connector based on how Feathers deals with that connector. Jon

[daffl]

This is all documented in the Readme of this repository. The CLIs will put this connection code in a knex.js file. Yes they all share the same instance with the connection being established on application startup. Creating a new connection for every request would be very inefficient. Not sure I understand why a client would want to modify the connector.

[jondmoon]

One limitation my boss has placed upon me with connecting to our Oracle enterprise database is that the connection must use the permissions within the database of the user who is logged into the API. Within Oracle there is a way to give one user permission to connect as another user, so the user within my system could connect as someone else. The problem is that means that each user who is connected to the API would have to disconnect and reconnect the connector in order to have it connected as them, which means I won't be able to use Feathers for this project. I was afraid that was going to be the answer but had to work this through with someone who knew more about Feathers. Thanks for your help. Jon

[daffl]

You can set those permissions on a per-request level via params.knex. What I'm saying is that neither Feathers nor the adapter is in the way of how to use Knex. If there is a way to do it with KnexJS (or Sequelize) then it will be possible with the Feathers adapters. Like I said, reconnecting on every request will be very inefficient no matter what framework you use and probably not the intended goal design goal.