With the proxy authorization capability of Adaptive Server, system security officers can grant selected logins the ability to assume the security context of another user, and an application can perform tasks in a controlled manner on behalf of different users. If a login has permission to use proxy authorization, the login can impersonate any other login in Adaptive Server.
WARNING! The ability to assume another user’s identity is extremely powerful and should be limited to trusted administrators and applications. grant set proxy ... restrict role can be used to restrict which roles users cannot acquire when switching identities.
A user executing set proxy or set session authorization operates with both the login name and server user ID of the user being impersonated. The login name is stored in the name column of master..syslogins and the server user ID is stored in the suid column of master..syslogins. These values are active across the entire server in all databases.
set proxy and set session
authorization are identical in function and can be used
interchangeably. The only difference between them is that set
session authorization is ANSI-SQL92-compatible, and set
proxy is a Transact-SQL extension.
