Proxy user allow user to use its own username and password connect to the oracle database but change the user context after login.
Here is the example:
create user PO
identified by oracle
default tablespace POTS1
temporary tablespace tempts
quota 10M ON POTS1
profile default;
grant create session,create table to PO;
create user APPUSER identified by app;
grant create session to APPUSER;
I create 2 users, PO and APPUSER. I only grant the create table permission to PO.
Let APPUSER can impersonate PO.
alter user PO grant connect through appuser;
Connect as PO and create the test table t1.
create table t1( a number);
insert into t1 values( 1);
commit;
APPUSER connect normally. As we expect, the appuser does not have permission on PO.t1 table.
sqlplus appuser/app
show user
select * from po.t1;
APPUSER connect through PO.
sqlplus appuser[po]/app
show user
select * from po.t1;
select * from t1;
create table t2( a number);
insert into t1 values( 1);
commit;
And it is shows APPUSER as PO.
0 comments:
Post a Comment