Example of assigning user-specific privileges in a trusted-context object

This example demonstrates how to assign user-specific privileges for a trusted connection by using the ROLE object. You can use the structure of this example to assign privileges for users of a trusted-context object.

In this example, the trusted-context object tcx1 grants user newton a trusted connection if the request is coming from the IPv4 address 192.0.2.1. The trusted connection that newton is granted can be switched to brock without a password. The trusted connection can be switched to hayes, but hayes must provide a password.

newton is granted the default AUDITOR role and privileges. If the connection is switched to brock, brock is granted the default AUDITOR role and privileges. If the connection is switched to hayes, hayes is granted the specific MANAGER role and privileges instead of the AUDITOR role and privileges.

CREATE TRUSTED CONTEXT tcx1
  USER newton
  ATTRIBUTES (ADDRESS '192.0.2.1')
  DEFAULT ROLE AUDITOR
  ENABLE
  WITH USE FOR brock WITHOUT AUTHENTICATION,
               hayes WITH AUTHENTICATION ROLE MANAGER;