Example of assigning a default role in a trusted-context object
This example demonstrates how to assign a default role for users of a trusted connection by using the DEFAULT ROLE clause. You can use the structure of this example to specify privileges for users of a trusted-context object.
Roles and privileges established through the trusted-context object allow a user to gain privileges in addition to the ones they already have.
A new user of a switched trusted connection inherits either a default role or a specific role from a trusted-context object. If a trusted-context object does not define a specific role for a trusted-connection user, the user inherits the default role, and all the access privileges that the Database Administrator defined for that default role.
In this example, the trusted-context object tcx1
grants
user brock
a trusted connection if the request is
coming from the IPv4 address 192.0.2.1
. The trusted
connection that brock
is granted can be switched
to any user. brock
and all other trusted connection
users are granted the default MANAGER
role, and all MANAGER
privileges
that were previously defined by the Database Administrator.
CREATE TRUSTED CONTEXT tcx1
USER brock
ATTRIBUTES (ADDRESS '192.0.2.1')
DEFAULT ROLE MANAGER
ENABLE
WITH USE FOR PUBLIC WITHOUT AUTHENTICATION;