With the proxy authorization capability of Adaptive Server, System Security Officers can grant selected logins the ability to assume the security context of another user, and an application can perform tasks in a controlled manner on behalf of different users. If a login has permission to use proxy authorization, the login can impersonate any other login in Adaptive Server.
WARNING! The ability to assume another user’s identity is extremely powerful and should be limited to trusted administrators and applications. A user with this permission can even assume the identity of the “sa” login, and, thereby, have unlimited power within Adaptive Server.
A user executing set proxy or set session authorization operates with both the login name and server user ID of the user being impersonated. The login name is stored in the name column of master..syslogins and the server user ID is stored in the suid column of master..syslogins. These values are active across the entire server in all databases.
set proxy and set session
authorization are identical in function and can be used
interchangeably. The only difference between them is that set
session authorization is ANSI SQL92 compatible, and set
proxy is a Transact-SQL extension.
