SETSESSIONAUTH Clause
The GRANT SETSESSIONAUTH statement grants the SETSESSIONAUTH privilege to one or more users or roles. This privilege allows the holder to use the SET SESSION AUTHORIZATION statement to set the session authorization to PUBLIC or to any one of a list of specified users.
Element | Description | Restrictions | Syntax |
---|---|---|---|
role | Role to which the privilege is to be granted | Must be the authorization identifier of a role | Owner name |
user | After the TO keyword, a user to whom the privilege is to be granted. After the ON keyword, a user whose identity the grantee can specify in the SET AUTHORIZATION statement. | Must be the authorization identifier of a user | Owner name |
Only a user who holds the DBSECADM role can grant the SETSESSIONAUTH privilege. Both the SETSESSIONAUTH privilege and the DBA privilege are required to execute the SET AUTHORIZATION statement.
The user or PUBLIC specification that follows the ON keyword specifies whose identity the grantee of the SETSESSIONAUTH privilege can take while using SET SESSION AUTHORIZATION statement. This can be a user or PUBLIC but not a role. If PUBLIC is specified, then the grantee of the privilege can assume the identity of any database user.
The USER and ROLE keywords that can follow the TO keyword are optional. Neither the user nor the role can be the holder of the DBSECADM role who issues the GRANT SETSESSIONAUTH statement. The TO clause cannot specify PUBLIC as the grantee.
GRANT SETSESSIONAUTH ON lynette, manoj TO sam;
GRANT SETSESSIONAUTH ON PUBLIC TO lynette;
Only a user who holds the DBSECADM role can revoke the SETSESSIONAUTH privilege. For a discussion of LBAC security objects, see your HCL OneDB™ Security Guide