Granting Proxies and Session Authorizations

Granting permission to execute set proxy or set session authorization allows the grantee to impersonate another login in the SAP ASE server. set proxy and set session authorization are identical, except set session authorization follows the SQL standard, and set proxy is a Transact-SQL extension.

  • To grant set proxy or set session authorization permission, you must be in the master database.

  • The name you specify in the grant set proxy command must be a valid user in the database; that is, the name must be in the sysusers table in the database.

  • grant all does not include the set proxy or set session authorization permissions.

  • You can restrict roles incrementally using grant set proxy. For example, you can first restrict the sa_role, then the sso_role:
    grant set proxy to joe
    restrict role sa_role
    grant set proxy to joe
    restrict role sso_role
  • You cannot unrestrict individual roles. You must revoke set proxy to revoke permissions from all roles.