Considerations for using proxies.
Before you can use the set proxy or set session authorization command, you must be granted set proxy privilege or set session authorization privilege in master.
grant set proxy to user_or_role_list [restrict role role_list | all | system]
Executing set proxy or set session authorization with the original login_name reestablishes your previous identity.
You cannot execute set proxy or set session authorization from within a transaction.
set proxy "mary" create table mary_sales (stor_id char (4), ord_num varchar (20), date datetime) grant select on mary_sales to public set proxy "ralph" set proxy "joe" create view joes_view (publisher, city, state) as select stor_id, ord_num, date from mary_sales set proxy "ralph"
If a user issues set proxy to assume the permissions, login name, and suid of another user, the SAP ASE server checks the proxy user’s access to database objects, rather than the original user’s access.
The SAP ASE server uses the name and password information of the user who logged in to check for automatic access to encryption keys using login credentials. The SAP ASE server does not have access to the proxy user’s password. Access to keys through the login password is on behalf of the user who logs in, not on behalf of the user assumed through an alias, set proxy, or setuser. Access to copies of encryption keys that were set up for login association, but which are still encrypted by the system encryption password or the master key, is treated similarily.