If a user issues set proxy to assume the privileges, login name, and suid of another user, Adaptive Server checks the proxy user’s access to database objects, rather than the original user’s access. When Adaptive Server accesses a key copy, however, it does so on behalf of the original user and not the proxy user. Because a key copy may be encrypted by a user's login password. Adaptive Server uses the name and password information to check for automatic access to encryption keys using login credentials. Adaptive Server does not have access to the proxy user's password.
For example, if user1 has set his proxy to user2, that means user2 has access to the key through user1’s key copy, which may be encrypted by user1’s login password, or by a user-defined password which user1 must have passed to user2.
