Monday, December 10, 2012

0 Proxy User

Proxy user allow user to use its own username and password connect to the oracle database but change the user context after login.

Here is the example:

create user PO
identified by oracle
default tablespace POTS1
temporary tablespace tempts
quota 10M ON POTS1
profile default;
grant create session,create table to PO;
create user APPUSER identified by app;
grant create session to APPUSER;


I create 2 users, PO and APPUSER. I only grant the create table permission to PO.image

Let APPUSER can impersonate PO.

alter user PO grant connect through appuser;


Connect as PO and create the test table t1.

create table t1( a number);
insert into t1 values( 1);


APPUSER connect normally. As we expect, the appuser does not have permission on PO.t1 table.

sqlplus appuser/app
show user
select * from po.t1;


APPUSER connect through PO.

sqlplus appuser[po]/app
show user
select * from po.t1;
select * from t1;
create table t2( a number);
insert into t1 values( 1);


And it is shows APPUSER as PO.



Post a Comment


SQL Panda Copyright © 2011 - |- Template created by O Pregador - |- Powered by Blogger Templates