Monday, December 10, 2012

0 Proxy User

Proxy user allow user to use its own username and password connect to the oracle database but change the user context after login.

Here is the example: 

create user PO
identified by oracle
default tablespace POTS1
temporary tablespace tempts
quota 10M ON POTS1
profile default;
grant create session,create table to PO;
 
create user APPUSER identified by app;
grant create session to APPUSER;

 

I create 2 users, PO and APPUSER. I only grant the create table permission to PO.image

Let APPUSER can impersonate PO.

alter user PO grant connect through appuser;

image

Connect as PO and create the test table t1.

create table t1( a number);
insert into t1 values( 1);
commit;

image

APPUSER connect normally. As we expect, the appuser does not have permission on PO.t1 table.

sqlplus appuser/app
show user
select * from po.t1;

image

APPUSER connect through PO. 

sqlplus appuser[po]/app
show user
select * from po.t1;
select * from t1;
 
create table t2( a number);
insert into t1 values( 1);
commit;

 

And it is shows APPUSER as PO.

image

Posted by Po@sqlpanda at 12:10 AM
Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 

SQL Panda Copyright © 2011 - |- Template created by O Pregador - |- Powered by Blogger Templates