require the applications to set client_id. WebLogic can actually do this for you automatically, or your code that gets the connection from the pool can do it: http://download.oracle.com/docs/cd/E15523_01/apirefs.1111/e13952/taskhelp/jdbc/jdbc_datasources/EnableCredentialMapping.html If Set Client ID On Connection is selected on a data source, when an application requests a database connection from the data source, WebLogic Server determines the current WebLogic Server user ID and then sets the mapped database ID as a light-weight client ID on the database connection. If not, than: have the application do: DBMS_SESSION.SET_IDENTIFIER(v_user_identifier); and than Audit records and policies can audit/show who the "real" user is: --- On Tue, 2/16/10, Dunbar, Norman <norman.dunbar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > From: Dunbar, Norman <norman.dunbar@xxxxxxxxxxxxxxxxxxxxxxxxx> > Subject: Auditing and WebLogic applications. > To: "ORACLE-L" <oracle-l@xxxxxxxxxxxxx> > Date: Tuesday, February 16, 2010, 9:44 AM > I'm wondering how you all manage your > WebLogic applications from an > Oracle auditing point of view. > > The system in question connects using a connection pool to > a specific > user in the database. The users connect to the system as > themselves > (they have a row in a "users" table) as far as the > application is > concerned, but as far as auditing is concerned, the changes > to data are > being made by the user that weblogic is connected to. > > This isn't very suitable as far as auditing is concerned. > Unless the > applications does lots of auditing internally, is there a > way to > determine who did what and when - when running applications > under > WebLogic? > > Thanks. > Norm. > > > > Information in this message may be confidential and may be > legally privileged. If you have received this message by > mistake, please notify the sender immediately, delete it and > do not copy it to anyone else. We have > checked this email and its attachments for viruses. But you > should still check any attachment before opening it. We may > have to make this message and any reply to it public if > asked to under the Freedom of Information Act, Data > Protection Act or for litigation. Email messages and > attachments sent to or from any Environment Agency address > may also be accessed by someone other than the sender or > recipient, for business purposes. If we have sent you > information and you wish to use it please read our terms and > conditions which you can get by calling us on 08708 506 > 506. Find out more about the Environment Agency at > www.environment-agency.gov.uk > > Information in this message may be confidential and may be > legally privileged. If you have received this message by > mistake, please notify the sender immediately, delete it and > do not copy it to anyone else. > > We have checked this email and its attachments for viruses. > But you should still check any attachment before opening > it. > We may have to make this message and any reply to it public > if asked to under the Freedom of Information Act, Data > Protection Act or for litigation. Email messages and > attachments sent to or from any Environment Agency address > may also be accessed by someone other than the sender or > recipient, for business purposes. > > If we have sent you information and you wish to use it > please read our terms and conditions which you can get by > calling us on 08708 506 506. Find out more about the > Environment Agency at www.environment-agency.gov.uk > -- > //www.freelists.org/webpage/oracle-l > > > -- //www.freelists.org/webpage/oracle-l