System Security Officers use the grant set proxy or grant set session authorization command to give a user permission to impersonate another user within the server. The user with this permission can then execute either set proxy or set session authorization to become another user.
To grant proxy authorization permission, you must be a System Security Officer and execute the grant command from the master database. The syntax is:
grant set proxy
to {public | name_list | role_name}
or
grant set session authorization
to {public | name_list | role_name}
where:
public – is all users. Sybase recommends that you not grant this permission to “public.”
role_name – is an Adaptive Server system or user-defined role. You can grant permissions to users based on the specific role granted.
name_list – is user database or group names, separated by commas. The user must be a valid user in the master database.
To grant set proxy to an application with the login “appl” if you do not have sso_role currently active, and you are not in the master database, execute:
use master go set role sso_role on go grant set proxy to appl go
To grant set proxy to that user-defined role “accountant,” execute:
grant set proxy to accountant
To grant set session authorization to the “sa” account, whose user name in every database is “dbo,” execute:
grant set proxy to dbo
