| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Q: The "BECOME USER" system privilege
A copy of this was sent to "Johan Wegener" <120010082756_at_post.tele.dk>
(if that email address didn't require changing)
On Tue, 20 Apr 1999 20:34:14 +0200, you wrote:
>Hello,
>
>I am interested in learning something about the BECOME USER system
>privilege: Do I understand it correctly when I assume that a user with this
>privilege can log in as another user without knowing the password of this
>user?
>
>If it is so, how do I actually do this? I have studied the documentation and
>the data dictionary extensively, but it appears almost undocumented.. I can
>find no description of it other than it is granted to the
>"IMP_FULL_DATABASE" role.
>
thats correct (your assumption and the undocumented part). Its part of IMP. There are undocumented OCI calls that can do a switch user, imp does it to reload the data.
In Oracle8i release 8.1, there is a documented method to log in as another user without knowledge of their password (its not a 'switch user', you log in as them -- if you were already logged in, you will log out and log back in as them). You need the cooperation of the person you want to log in as (or need the alter user priv). You would issue:
ALTER USER <some_user> GRANT CONNECT THROUGH <some_other_user>;
some_other_user may now use OCI (not sqlplus, not svrmgrl, but a custom app) to supply their username and password along with the username some_user to authenticate as some_other_user but log in as some_user.
>I would appreciate any comment on this, thanks in advance.
>
>Cheers,
>Johan
>
Thomas Kyte
tkyte_at_us.oracle.com
Oracle Service Industries
Reston, VA USA
--
http://govt.us.oracle.com/ -- downloadable utilities
 |
 |