SQL> show user
USER is "SYSTEM"
SQL> create user lm1 identified by pass1;
User created.
SQL> create user lm2 identified by pass2;
User created.
SQL> grant connect to lm1, lm2;
Grant succeeded.
SQL> alter user lm2 grant connect through lm1;
User altered.
SQL> connect lm1/pass1
Connected.
SQL> show user
USER is "LM1"
SQL> connect lm1[lm2]/pass1
Connected.
SQL> show user
USER is "LM2"
USER is "SYSTEM"
SQL> create user lm1 identified by pass1;
User created.
SQL> create user lm2 identified by pass2;
User created.
SQL> grant connect to lm1, lm2;
Grant succeeded.
SQL> alter user lm2 grant connect through lm1;
User altered.
SQL> connect lm1/pass1
Connected.
SQL> show user
USER is "LM1"
SQL> connect lm1[lm2]/pass1
Connected.
SQL> show user
USER is "LM2"
... so lm1 was able to connect to lm2 without using the password pass2 for lm2.
This superceeds the "alter user identified by values" method in older releases (which is still valid).
To reverse,
SQL> alter user lm2 revoke connect through lm1;
User altered.
SQL> conn lm1/pass1
Connected.
SQL> show user
USER is "LM1"
SQL> connect lm1[lm2]/pass1
ERROR:
ORA-28150: proxy not authorized to connect as client
Warning: You are no longer connected to ORACLE.
No comments:
Post a Comment