Circumventing the password-protection mechanism may be necessary in the case of automated login systems. You can create a role that could access other roles without passwords.
If a System Security Officer wants to bypass the password mechanism for certain users, the System Security Officer can grant the password-protected role to another role and grant this new role to one or more users. Activation of this role automatically activates the password-protected role without having to provide a password.
For example:
Jane is the System Security Officer for the fictitious company ABC Inc., which uses automated login systems. Jane creates the following roles:
financial_assistant
create role financial_assistant with passwd "L54K3j"
accounts_officer
create role accounts_officer with passwd "9sF6ae"
chief_financial_officer
create role chief_financial_officer
Jane grants the roles of financial_assistant and accounts_officer to the chief_financial_officer role:
grant role financial_assistant, accounts_officer to chief_financial_officer
Jane then grants the chief_financial_officer role to Bob:
grant role chief_financial_officer to bob
Bob logs in to Adaptive Server and activates the chief_financial_officer role:
set role chief_financial_officer on
The roles of financial_assistant and accounts_officer are automatically activated without Bob providing a password. Bob now has the ability to access everything under the financial_assistant and accounts_officer roles without having to enter the passwords for those roles.
