Skip to main content

Proxy User and Connect Through

Proxy User and Connect Through

Since Oracle 9i Release 2 it has been possible to create proxy users, allowing you to access a schema via a different username/password combination. This is done by using the GRANT CONNECT THROUGH clause on the destination user. Assuming we have a user called SCOTT and we want to create a proxy user to allow someone to connect to SCOTT without knowing the password, we could do the following.
CONN / AS SYSDBA
CREATE USER test_user IDENTIFIED BY test_user;

ALTER USER scott GRANT CONNECT THROUGH test_user;
We can now connect to the SCOTT user, using the credentials of the proxy user.
SQL> CONN test_user[scott]/test_user
SQL> SHOW USER
USER is "SCOTT"
SQL>
Proxy users can be identified using the PROXY_USERS view.
SELECT * FROM proxy_users;

PROXY                          CLIENT                         AUT FLAGS
------------------------------ ------------------------------ --- -----------------------------------
TEST_USER                      SCOTT                          NO  PROXY MAY ACTIVATE ALL CLIENT ROLES

SQL>

The proxy authentication can be revoked using the following command.
ALTER USER scott REVOKE CONNECT THROUGH test_user;



Using this method the administrator can now set up their privileged account have connect through access to any other user, allowing them to perform tasks as that user, without having to alter the user's password.


For more information see: 
Creating Proxy User Accounts and Authorizing Users to Connect Through Them 


Derrived from :http://oracle-base.com/articles/misc/proxy-users-and-connect-through.php


Thank you Tim.













Labels:




































Comments











Post a Comment



















Popular posts from this blog



















Oracle Enterprice Management Console




























Hi - I got some useful tips regarding the management console. Speciall I used these commands when there was a requirement in changing my Server name. RECREATE EM REPOSITORY ====================== ################################################################################ # warning: 1. emca put database into quiesced mode, only DBA transaction #             continues,the other waits, on production db there must be downtime #              #           2. if some emca process fails, make a manual check and clean #              - check OS processes,is java app running emca, RepManagerand,kill # #              - is database in quiesced mode? #                => SQL> select active_state from v$instance #                => you can send #                   SQL> ALTER SYSTEM UNQUIESCED; #              ################################################################################               emca help - see full syntax  emctl stop dbconsole #To Drop emca -deconfig dbcontrol d...




















Post a Comment









Read more




















































  RMAN Crosscheck commands derived  from different Oracle sources: To crosscheck all backups use: RMAN> CROSSCHECK BACKUP; To list any expired backups detected by the CROSSCHECK command use: RMAN> LIST EXPIRED BACKUP; To delete any expired backups detected by the CROSSCHECK command use: RMAN> DELETE EXPIRED BACKUP; To crosscheck all archive logs use: RMAN> CROSSCHECK ARCHIVELOG ALL; To list all expired archive logs detected by the CROSSCHECK command use: RMAN> LIST EXPIRED ARCHIVELOG ALL; To delete all expired archive logs detected by the CROSSCHECK command use: RMAN> DELETE EXPIRED ARCHIVELOG ALL; To crosscheck all datafile image copies use: RMAN> CROSSCHECK DATAFILECOPY ALL; To list expired datafile copies use: RMAN> LIST EXPIRED DATAFILECOPY ALL; To delete expired datafile copies use: RMAN> DELETE EXPIRED DATAFILECOPY ALL; To crosscheck all backups of the USERS tablespace use: RMAN> CROSSCHECK BACKUP OF TABLESPACE USERS; To list expired backups...




















Post a Comment









Read more




























Changing redo log Size




























Redo logs cannot be resized on the fly we must drop and recreate them.This is the only method known to resize at the time this post is written. A database requires at least two groups of redo log files,regardless the number of the members. We cannot drop the redo log file if it's status is current or active. Initially the status need to be changed "inactive" before dropping the redo log member. Soon after a redo log member is drooped the file doesn't remove from the file system, instead it need to be separately removed from the file system. Step 1 : Check the Status of Redo Logfile    SQL>   select group#,sequence#,bytes,archived,status from v$log;       GROUP#        SEQUENCE#      BYTES    	 ARC 	 STATUS ----------  ----------   ----------    	 -----  	 -------------          1          5  ...




















Post a Comment









Read more