Allows a database owner to impersonate another user.
setuser ["user_name"]
The database owner temporarily adopts Mary’s identity in the database in order to grant Joe permissions on authors, a table owned by Mary:
setuser "mary" go grant select on authors to joe setuser go
The database owner uses setuser to adopt the identity of another user in order to use another user’s database object, to grant permissions, to create an object, or for some other reason.
Except for sessions run by login account “sa,” when the database owner uses the setuser command, Adaptive Server checks the permissions of the user being impersonated instead of the permissions of the database owner. The user being impersonated must be listed in the sysusers table of the database.
setuser affects permissions only in the local database. It does not affect remote procedure calls or accessing objects in other databases.
setuser remains in effect until another setuser command is given or until the current database is changed with the use command.
setuser has no effect when creating a database.
Executing setuser with no user name reestablishes the database owner’s original identity.
system administrators can use setuser to create objects that are owned by another user. However, since a system administrator operates outside the permissions system, she or he cannot use setuser to acquire another user’s permissions.
ANSI SQL – Compliance level: Transact-SQL extension.
The permission checks for setuser differ based on your granular permissions settings.
Granular permissions enabled |
With granular permissions enabled, you must have setuser privilege to run setuser. setuser privilege is granted to the database owner by default. |
Granular permissions disabled |
With granular permissions disabled, setuser privilege defaults to the database owner and is not transferable. |
Values in event and extrainfo columns of sysaudits are:
Event |
Audit option |
Command or access audited |
Information in extrainfo |
---|---|---|---|
84 |
setuser |
setuser |
|