Oracle DBA – A lifelong learning experience

«
»

Using grant connect through to manage database links

Posted by John Hallas on December 4, 2014

Nobody can say that I am not current and topical with my posts. This post refers to functionality that was introduced in 9i, however I have just come across it and thought it useful enough to blog about it.

The command ALTER USER USERB GRANT CONNECT THROUGH USERA allows a proxy connection to be made using the username and password of USERA but  to connect in as USERB. The purpose is so that management of a user can be done without knowing that users password or changing it. This is most commonly going to be used by support teams.

I will give an example

SQL> create user test1 identified by password;

User created.

SQL> grant create session , resource , unlimited tablespace to test1;

Grant succeeded.

SQL> create user test2 identified by password;

User created.

SQL> grant create session , resource , unlimited tablespace to test2;

Grant succeeded.

SQL> alter user test2 grant connect through test1;

User altered.

SQL> connect test1[test2]/password
Connected.
SQL> show user
USER is "TEST2"

Here is a way that I can create a database link as user2 without knowing that users password. User2 has to have create database link privilege.

SQL> connect / as sysdba
Connected.
SQL> grant create database link to test2;

Grant succeeded.

SQL> connect test1[test2]/password
Connected.
SQL> show user
USER is "TEST2"
SQL> create database link TSTAUDIT connect to remote1 identified by password using 'TSTSAUDIT';

By the way as a privileged user you can apparerently create a link in another schema

SQL> connect / as sysdba
Connected.
SQL> create database link test2.TSTAUDIT connect to remote1 identified by password using 'TSTSAUDIT';

Database link created.

But the link is still owned by SYS but has the name TEST2.TSTAUDIT

SQL> select owner, DB_LINK username, host from dba_db_links;

OWNER                          USERNAME    HOST
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SYS                            TEST2.TSTAUDIT TSTSAUDIT

drop database link "TEST2.TSTAUDIT";

 

 

This entry was posted on December 4, 2014 at 8:24 am and is filed under Oracle. Tagged: , , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Using grant connect through to manage database links”

  1. Log Buffer #400, A Carnival of the Vanities for DBAs | InsideMySQL said

    December 6, 2014 at 1:00 am

    […] Using grant connect through to manage database links. […]

    Reply

Leave a comment

«
»