setuser

Description

Allows a database owner to impersonate another user.

Syntax

setuser ["user_name"]

Examples

Example 1

The database owner temporarily adopts Mary’s identity in the database in order to grant Joe permissions on authors, a table owned by Mary:

setuser "mary" 
go 
grant select on authors to joe 
setuser 
go

Usage

Standards

ANSI SQL – Compliance level: Transact-SQL extension.

Permissions

The permission checks for setuser differ based on your granular permissions settings.

Granular permissions enabled

With granular permissions enabled, you must have setuser privilege to run setuser. setuser privilege is granted to the database owner by default.

Granular permissions disabled

With granular permissions disabled, setuser privilege defaults to the database owner and is not transferable.

Auditing

Values in event and extrainfo columns of sysaudits are:

Event

Audit option

Command or access audited

Information in extrainfo

84

setuser

setuser

  • Roles – current active roles

  • Keywords or options – NULL

  • Previous value – NULL

  • Current value – NULL

  • Other information – Name of the user being set

  • Proxy information – original login name, if a set proxy is in effect

See also

Commands grant, revoke, use