Monday, December 10, 2012

0 Proxy User

Proxy user allow user to use its own username and password connect to the oracle database but change the user context after login.

Here is the example:

create user PO
identified by oracle
default tablespace POTS1
temporary tablespace tempts
quota 10M ON POTS1
profile default;
grant create session,create table to PO;
 
create user APPUSER identified by app;
grant create session to APPUSER;

 

I create 2 users, PO and APPUSER. I only grant the create table permission to PO.image

Let APPUSER can impersonate PO.

alter user PO grant connect through appuser;

image

Connect as PO and create the test table t1.

create table t1( a number);
insert into t1 values( 1);
commit;

image

APPUSER connect normally. As we expect, the appuser does not have permission on PO.t1 table.

sqlplus appuser/app
show user
select * from po.t1;

image

APPUSER connect through PO.

sqlplus appuser[po]/app
show user
select * from po.t1;
select * from t1;
 
create table t2( a number);
insert into t1 values( 1);
commit;

 

And it is shows APPUSER as PO.

image

0 comments:

Post a Comment

 

SQL Panda Copyright © 2011 - |- Template created by O Pregador - |- Powered by Blogger Templates