RBAC question

["avi" <avis () bll co il>]

Hello,

 This is my first time I am trying to ask the list,  so please bear with me... 

  According to my understanding of the Role Base Access Control (RBAC) model,
   the identified end user is checked against predefined role and then, 
   the process is running under the context of another predefined "generic" user
  (that defined for that specific role) that  is actually access
   the end resource (a table in DB for example).

 

  This means that the end user is not recorded in the DB log and that impose
   a problem from audit perspective.  
  Another concern is that monitoring and debugging tools will display the 
   "generic" user name so it will be a challenge to tie this process to the
   end user activity.

 

  My questions to the list:
    - Did I misunderstand the model ? 

    - Any solutions ?

    - Anyone else implement this model ? if so how ?

 

  Thank you in advance

 

  Avi Shvartz
<<<< "Children", I say plainly, "watch out for the baobabs!"  >>>>
<<<<       The Little prince by Antoine de Saint Exupery.     >>>>