A Database Owner may use setuser to:
Access an object owned by another user
Grant permissions on an object owned by another user
Create an object that will be owned by another user
Temporarily assume the DAC permissions of another user for some other reason
While the setuser command enables the Database Owner to automatically acquire another user’s DAC permissions, the command does not affect the roles that have been granted.
setuser permission defaults to the Database Owner and cannot be transferred. The user being impersonated must be an authorized user of the database. Adaptive Server checks the permissions of the user being impersonated.
System Administrators can use setuser to create objects that will be owned by another user. However, System Administrators operate outside the DAC permissions system; therefore, they need not use setuser to acquire another user’s permissions. The setuser command remains in effect until another setuser command is given, the current database is changed, or the user logs off.
The syntax is:
setuser ["user_name"]
where user_name is a valid user in the database that is to be impersonated.
To reestablish your original identity, use setuser with no value for user_name.
This example shows how the Database Owner would grant Joe permission to read the authors table, which is owned by Mary:
setuser "mary" grant select on authors to joe setuser /*reestablishes original identity*/
Copyright © 2005. Sybase Inc. All rights reserved. |