{"id":732,"date":"2025-08-30T09:01:35","date_gmt":"2025-08-30T12:01:35","guid":{"rendered":"https:\/\/lemosdba.com.br\/?p=732"},"modified":"2026-02-05T14:01:18","modified_gmt":"2026-02-05T17:01:18","slug":"autenticacao-via-proxy-user-no-oracle-database","status":"publish","type":"post","link":"https:\/\/lemosdba.com.br\/en\/autenticacao-via-proxy-user-no-oracle-database\/","title":{"rendered":"Authentication via proxy user in Oracle Database"},"content":{"rendered":"<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Introduction<\/h2>\n\n\n\n<p class=\"has-medium-font-size\">Proxy user authentication can be used to allow a specific proxy user to access the system on behalf of another target user, with full access or limited access to certain roles. In general, this type of authentication can be used in applications to differentiate access levels and functionalities, and in scenarios involving access management without sharing the target user\u2019s credentials, since the proxy user connects using their own password and\/or additional client-level authentication. It is important to carefully evaluate the scenarios in which this can be applied, as it is directly related to access control and security considerations.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configura\u00e7\u00f5es iniciais &#8211; setup<\/h2>\n\n\n\n<p class=\"has-medium-font-size\">Three users will be created to represent applications, along with one user that will act as the proxy, which will be able to access one of the application users. Some table objects and roles will also be created, in addition to granting privileges so that access tests can be performed in the following sections.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>Note:<\/strong> If you wish to carry out these configurations, apply them in a test-friendly environment in order to mitigate errors in critical environments.<\/pre>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers cbp-highlight-hover\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#d8dee9ff;--cbp-line-number-width:calc(2 * 0.6 * .875rem);--cbp-line-highlight-color:rgba(201, 218, 248, 0.2);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewbox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>SQL> create user appuser01 identified by strongpassword01;\n\nUser created.\n\nSQL> grant create session to appuser01;\n\nGrant succeeded.\n\nSQL> grant create table to appuser01;\n\nGrant succeeded.\n\nSQL> create table appuser01.table01 (\n    id number);  2  \n\nTable created.\n\nSQL> create user appuser02 identified by strongpassword02;\n\nUser created.\n\nSQL> grant create session to appuser02;\n\nGrant succeeded.\n\nSQL> grant create table to appuser02;\n\nGrant succeeded.\n\nSQL> create table appuser02.table02 (\n    id number);  2  \n\nTable created.\n\nSQL> create role appuser02_select;\n\nRole created.\n\nSQL> grant select on appuser02.table02 to appuser02_select;\n\nGrant succeeded.\n\nSQL> create user appuser03 identified by strongpassword03;\n\nUser created.\n\nSQL> grant create session to appuser03;\n\nGrant succeeded.\n\nSQL> grant create table to appuser03;\n\nGrant succeeded.\n\nSQL> create table appuser03.table03 (\n    id number);  2  \n\nTable created.\n\nSQL> create role appuser03_select;\n\nRole created.\n\nSQL> grant select on appuser02.table02 to appuser02_select;\n\nGrant succeeded.\n\nSQL> create user proxyuser identified by strongpassword;\n\nUser created.\n\nSQL> grant create session to proxyuser;\n\nGrant succeeded.\n\nSQL> alter user appuser01 grant connect through proxyuser;\n\nUser altered.\n\nSQL> grant appuser02_select to appuser01;\n\nGrant succeeded.\n\nSQL> grant appuser03_select to appuser01;\n\nGrant succeeded.\n\nSQL> grant select on appuser03.table03 to appuser01;\n\nGrant succeeded.\n<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> user appuser01 identified <\/span><span style=\"color: #81A1C1\">by<\/span><span style=\"color: #D8DEE9FF\"> strongpassword01;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">User created.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">session<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">to<\/span><span style=\"color: #D8DEE9FF\"> appuser01;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Grant<\/span><span style=\"color: #D8DEE9FF\"> succeeded.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">table<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">to<\/span><span style=\"color: #D8DEE9FF\"> appuser01;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Grant<\/span><span style=\"color: #D8DEE9FF\"> succeeded.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">table<\/span><span style=\"color: #D8DEE9FF\"> appuser01.table01 (<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">    id <\/span><span style=\"color: #81A1C1\">number<\/span><span style=\"color: #D8DEE9FF\">);  <\/span><span style=\"color: #B48EAD\">2<\/span><span style=\"color: #D8DEE9FF\">  <\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Table<\/span><span style=\"color: #D8DEE9FF\"> created.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> user appuser02 identified <\/span><span style=\"color: #81A1C1\">by<\/span><span style=\"color: #D8DEE9FF\"> strongpassword02;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">User created.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">session<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">to<\/span><span style=\"color: #D8DEE9FF\"> appuser02;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Grant<\/span><span style=\"color: #D8DEE9FF\"> succeeded.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">table<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">to<\/span><span style=\"color: #D8DEE9FF\"> appuser02;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Grant<\/span><span style=\"color: #D8DEE9FF\"> succeeded.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">table<\/span><span style=\"color: #D8DEE9FF\"> appuser02.table02 (<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">    id <\/span><span style=\"color: #81A1C1\">number<\/span><span style=\"color: #D8DEE9FF\">);  <\/span><span style=\"color: #B48EAD\">2<\/span><span style=\"color: #D8DEE9FF\">  <\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Table<\/span><span style=\"color: #D8DEE9FF\"> created.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">role<\/span><span style=\"color: #D8DEE9FF\"> appuser02_select;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Role<\/span><span style=\"color: #D8DEE9FF\"> created.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">select<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">on<\/span><span style=\"color: #D8DEE9FF\"> appuser02.table02 <\/span><span style=\"color: #81A1C1\">to<\/span><span style=\"color: #D8DEE9FF\"> appuser02_select;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Grant<\/span><span style=\"color: #D8DEE9FF\"> succeeded.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> user appuser03 identified <\/span><span style=\"color: #81A1C1\">by<\/span><span style=\"color: #D8DEE9FF\"> strongpassword03;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">User created.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">session<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">to<\/span><span style=\"color: #D8DEE9FF\"> appuser03;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Grant<\/span><span style=\"color: #D8DEE9FF\"> succeeded.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">table<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">to<\/span><span style=\"color: #D8DEE9FF\"> appuser03;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Grant<\/span><span style=\"color: #D8DEE9FF\"> succeeded.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">table<\/span><span style=\"color: #D8DEE9FF\"> appuser03.table03 (<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">    id <\/span><span style=\"color: #81A1C1\">number<\/span><span style=\"color: #D8DEE9FF\">);  <\/span><span style=\"color: #B48EAD\">2<\/span><span style=\"color: #D8DEE9FF\">  <\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Table<\/span><span style=\"color: #D8DEE9FF\"> created.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">role<\/span><span style=\"color: #D8DEE9FF\"> appuser03_select;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Role<\/span><span style=\"color: #D8DEE9FF\"> created.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">select<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">on<\/span><span style=\"color: #D8DEE9FF\"> appuser02.table02 <\/span><span style=\"color: #81A1C1\">to<\/span><span style=\"color: #D8DEE9FF\"> appuser02_select;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Grant<\/span><span style=\"color: #D8DEE9FF\"> succeeded.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> user proxyuser identified <\/span><span style=\"color: #81A1C1\">by<\/span><span style=\"color: #D8DEE9FF\"> strongpassword;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">User created.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">create<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">session<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">to<\/span><span style=\"color: #D8DEE9FF\"> proxyuser;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Grant<\/span><span style=\"color: #D8DEE9FF\"> succeeded.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">alter<\/span><span style=\"color: #D8DEE9FF\"> user appuser01 <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">connect<\/span><span style=\"color: #D8DEE9FF\"> through proxyuser;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">User altered.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> appuser02_select <\/span><span style=\"color: #81A1C1\">to<\/span><span style=\"color: #D8DEE9FF\"> appuser01;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Grant<\/span><span style=\"color: #D8DEE9FF\"> succeeded.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> appuser03_select <\/span><span style=\"color: #81A1C1\">to<\/span><span style=\"color: #D8DEE9FF\"> appuser01;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Grant<\/span><span style=\"color: #D8DEE9FF\"> succeeded.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">select<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">on<\/span><span style=\"color: #D8DEE9FF\"> appuser03.table03 <\/span><span style=\"color: #81A1C1\">to<\/span><span style=\"color: #D8DEE9FF\"> appuser01;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Grant<\/span><span style=\"color: #D8DEE9FF\"> succeeded.<\/span><\/span>\n<span class=\"line\"><\/span><\/code><\/pre><\/div>\n\n\n\n<p class=\"has-medium-font-size\">Some of the commands used in the upcoming sessions involve the use of scripts, which can be found on the scripts page of this site. Both the configurations that were performed and the queries\/scripts require certain privileges in the database environment.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Testing access\/authentication<\/h2>\n\n\n\n<p class=\"has-medium-font-size\">Since the proxyuser user can access the system through appuser01, both direct access using appuser01 and access to appuser01 via the proxy user will be demonstrated. By using the sys_context function in a query script, some context information from both connections was obtained. From the information shown below, it can be observed that in the proxy connection the value of PROXY_USER corresponds to the name of the proxy user, and the value of AUTHENTICATION_METHOD is set to none.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers cbp-highlight-hover\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#d8dee9ff;--cbp-line-number-width:calc(2 * 0.6 * .875rem);--cbp-line-highlight-color:rgba(201, 218, 248, 0.2);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewbox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>SQL> connect appuser01\/strongpassword01@pdb03\nConnected.\nSQL> @ora_context_info.sql\n\nINSTANCE_NAME             CON_NAME                  DATABASE_ROLE             SESSION_USER              CURRENT_USER              CURRENT_SCHEMA            PROXY_USER                AUTHENTICATED_IDENTITY    AUTHENTICATION_METHOD\n------------------------- ------------------------- ------------------------- ------------------------- ------------------------- ------------------------- ------------------------- ------------------------- -------------------------\norcl02                    PDB03                     PRIMARY                   APPUSER01                 APPUSER01                 APPUSER01                                           APPUSER01                 PASSWORD\n\nSQL> \nSQL> disconnect;\nDisconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production\nVersion 19.20.0.0.0\nSQL> \nSQL> connect proxyuser&#091;appuser01&#093;\/strongpassword@pdb03;\nConnected.\nSQL> @ora_context_info.sql\n\nINSTANCE_NAME             CON_NAME                  DATABASE_ROLE             SESSION_USER              CURRENT_USER              CURRENT_SCHEMA            PROXY_USER                AUTHENTICATED_IDENTITY    AUTHENTICATION_METHOD\n------------------------- ------------------------- ------------------------- ------------------------- ------------------------- ------------------------- ------------------------- ------------------------- -------------------------\norcl02                    PDB03                     PRIMARY                   APPUSER01                 APPUSER01                 APPUSER01                 PROXYUSER                 APPUSER01                 NONE\n<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">connect<\/span><span style=\"color: #D8DEE9FF\"> appuser01<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9FF\">strongpassword01@pdb03<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">Connected.<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> @ora_context_info.<\/span><span style=\"color: #81A1C1\">sql<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">INSTANCE_NAME             CON_NAME                  DATABASE_ROLE             SESSION_USER              CURRENT_USER              CURRENT_SCHEMA            PROXY_USER                AUTHENTICATED_IDENTITY    AUTHENTICATION_METHOD<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">------------------------- ------------------------- ------------------------- ------------------------- ------------------------- ------------------------- ------------------------- ------------------------- -------------------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">orcl02                    PDB03                     <\/span><span style=\"color: #81A1C1\">PRIMARY<\/span><span style=\"color: #D8DEE9FF\">                   APPUSER01                 APPUSER01                 APPUSER01                                           APPUSER01                 <\/span><span style=\"color: #81A1C1\">PASSWORD<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> disconnect;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">Disconnected <\/span><span style=\"color: #81A1C1\">from<\/span><span style=\"color: #D8DEE9FF\"> Oracle <\/span><span style=\"color: #81A1C1\">Database<\/span><span style=\"color: #D8DEE9FF\"> 19c Enterprise <\/span><span style=\"color: #81A1C1\">Edition<\/span><span style=\"color: #D8DEE9FF\"> Release <\/span><span style=\"color: #B48EAD\">19<\/span><span style=\"color: #D8DEE9FF\">.<\/span><span style=\"color: #B48EAD\">0<\/span><span style=\"color: #D8DEE9FF\">.<\/span><span style=\"color: #B48EAD\">0<\/span><span style=\"color: #D8DEE9FF\">.<\/span><span style=\"color: #B48EAD\">0<\/span><span style=\"color: #D8DEE9FF\">.<\/span><span style=\"color: #B48EAD\">0<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">-<\/span><span style=\"color: #D8DEE9FF\"> Production<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">Version<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #B48EAD\">19<\/span><span style=\"color: #D8DEE9FF\">.<\/span><span style=\"color: #B48EAD\">20<\/span><span style=\"color: #D8DEE9FF\">.<\/span><span style=\"color: #B48EAD\">0<\/span><span style=\"color: #D8DEE9FF\">.<\/span><span style=\"color: #B48EAD\">0<\/span><span style=\"color: #D8DEE9FF\">.<\/span><span style=\"color: #B48EAD\">0<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">connect<\/span><span style=\"color: #D8DEE9FF\"> proxyuser&#091;appuser01&#093;<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9FF\">strongpassword@pdb03;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">Connected.<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> @ora_context_info.<\/span><span style=\"color: #81A1C1\">sql<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">INSTANCE_NAME             CON_NAME                  DATABASE_ROLE             SESSION_USER              CURRENT_USER              CURRENT_SCHEMA            PROXY_USER                AUTHENTICATED_IDENTITY    AUTHENTICATION_METHOD<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">------------------------- ------------------------- ------------------------- ------------------------- ------------------------- ------------------------- ------------------------- ------------------------- -------------------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">orcl02                    PDB03                     <\/span><span style=\"color: #81A1C1\">PRIMARY<\/span><span style=\"color: #D8DEE9FF\">                   APPUSER01                 APPUSER01                 APPUSER01                 PROXYUSER                 APPUSER01                 <\/span><span style=\"color: #81A1C1\">NONE<\/span><\/span>\n<span class=\"line\"><\/span><\/code><\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Role management in proxy user access<\/h2>\n\n\n\n<p class=\"has-medium-font-size\">\u00c9 importante controlar o n\u00edvel dos acessos que os usu\u00e1rios podem realizar no banco de dados, e isso segue v\u00e1lido para os proxy users, sendo poss\u00edvel limitar,  de modo total ou parcial, as roles que o usu\u00e1rio destino da autentica\u00e7\u00e3o via proxy  ter\u00e1 no acesso proxy. Esse controle \u00e9 realizado por meio da configura\u00e7\u00e3o da autentica\u00e7\u00e3o via proxy &#8220;&#8230; grant connect through&#8230;&#8221; onde \u00e9 espec\u00edficada a utiliza\u00e7\u00e3o de roles. Para verificar o que configurado, a view dba_proxies pode ser consultada.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-medium-font-size\"><strong>Note:<\/strong> Even with the possible limitation of roles, the target user will still retain any privileges that are granted directly to them.<\/pre>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Enable all roles<\/h3>\n\n\n\n<p class=\"has-medium-font-size\">By default, in proxy authentication configuration, not specifying role assignment implies access to all roles of the target user.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers cbp-highlight-hover\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#d8dee9ff;--cbp-line-number-width:calc(2 * 0.6 * .875rem);--cbp-line-highlight-color:rgba(201, 218, 248, 0.2);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewbox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>SQL> alter user appuser01 grant connect through proxyuser;\n\nUser altered.\n\nSQL> @ora_proxy_user_info.sql PROXYUSER\n\nPROXY                CLIENT               AUTHENTICATION AUTHORIZATION_CONSTRAINT            ROLE                 PROXY_AUTHORITY\n-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------\nPROXYUSER            APPUSER01            NO             PROXY MAY ACTIVATE ALL CLIENT ROLES                      DATABASE\n\nSQL> connect proxyuser&#091;appuser01&#093;\/strongpassword@pdb03;\nConnected.\nSQL> select distinct granted_role from user_role_privs;\n\nGRANTED_ROLE\n--------------------------------------------------------------------------------\nAPPUSER02_SELECT\nAPPUSER03_SELECT\n\nSQL> select grantee || ' ' || table_name || ' ' || privilege || ' ' || grantor from user_tab_privs;\n\nGRANTEE||''||TABLE_NAME||''||PRIVILEGE||''||GRANTOR\n--------------------------------------------------------------------------------\nAPPUSER01 TABLE03 SELECT APPUSER03\nPUBLIC APPUSER01 INHERIT PRIVILEGES APPUSER01\n\nSQL> select * from appuser02.table02;\n\nno rows selected\n\nSQL> select * from appuser03.table03;\n\nno rows selected<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">alter<\/span><span style=\"color: #D8DEE9FF\"> user appuser01 <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">connect<\/span><span style=\"color: #D8DEE9FF\"> through proxyuser;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">User altered.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> @ora_proxy_user_info.<\/span><span style=\"color: #81A1C1\">sql<\/span><span style=\"color: #D8DEE9FF\"> PROXYUSER<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXY                CLIENT               <\/span><span style=\"color: #81A1C1\">AUTHENTICATION<\/span><span style=\"color: #D8DEE9FF\"> AUTHORIZATION_CONSTRAINT            <\/span><span style=\"color: #81A1C1\">ROLE<\/span><span style=\"color: #D8DEE9FF\">                 PROXY_AUTHORITY<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXYUSER            APPUSER01            <\/span><span style=\"color: #81A1C1\">NO<\/span><span style=\"color: #D8DEE9FF\">             PROXY MAY ACTIVATE ALL CLIENT ROLES                      <\/span><span style=\"color: #81A1C1\">DATABASE<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">connect<\/span><span style=\"color: #D8DEE9FF\"> proxyuser&#091;appuser01&#093;<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9FF\">strongpassword@pdb03;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">Connected.<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">select distinct<\/span><span style=\"color: #D8DEE9FF\"> granted_role <\/span><span style=\"color: #81A1C1\">from<\/span><span style=\"color: #D8DEE9FF\"> user_role_privs;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">GRANTED_ROLE<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">--------------------------------------------------------------------------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">APPUSER02_SELECT<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">APPUSER03_SELECT<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">select<\/span><span style=\"color: #D8DEE9FF\"> grantee <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">&#39;<\/span><span style=\"color: #A3BE8C\"> <\/span><span style=\"color: #ECEFF4\">&#39;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> table_name <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">&#39;<\/span><span style=\"color: #A3BE8C\"> <\/span><span style=\"color: #ECEFF4\">&#39;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> privilege <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">&#39;<\/span><span style=\"color: #A3BE8C\"> <\/span><span style=\"color: #ECEFF4\">&#39;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> grantor <\/span><span style=\"color: #81A1C1\">from<\/span><span style=\"color: #D8DEE9FF\"> user_tab_privs;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">GRANTEE<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #ECEFF4\">&#39;&#39;<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\">TABLE_NAME<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #ECEFF4\">&#39;&#39;<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\">PRIVILEGE<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #ECEFF4\">&#39;&#39;<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\">GRANTOR<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">--------------------------------------------------------------------------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">APPUSER01 TABLE03 <\/span><span style=\"color: #81A1C1\">SELECT<\/span><span style=\"color: #D8DEE9FF\"> APPUSER03<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PUBLIC APPUSER01 INHERIT PRIVILEGES APPUSER01<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">select<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">*<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">from<\/span><span style=\"color: #D8DEE9FF\"> appuser02.table02;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">no<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">rows<\/span><span style=\"color: #D8DEE9FF\"> selected<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">select<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">*<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">from<\/span><span style=\"color: #D8DEE9FF\"> appuser03.table03;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">no<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">rows<\/span><span style=\"color: #D8DEE9FF\"> selected<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Enable all roles except a specific one<\/h3>\n\n\n\n<p class=\"has-medium-font-size\">A specific role can be excluded. It is worth remembering that privileges granted directly to the target user remain in effect.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers cbp-highlight-hover\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#d8dee9ff;--cbp-line-number-width:calc(2 * 0.6 * .875rem);--cbp-line-highlight-color:rgba(201, 218, 248, 0.2);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewbox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>SQL> alter user appuser01 grant connect through proxyuser with role all except appuser03_select;\n\nUser altered.\n\nSQL> @ora_proxy_user_info.sql PROXYUSER\n\nPROXY                CLIENT               AUTHENTICATION AUTHORIZATION_CONSTRAINT            ROLE                 PROXY_AUTHORITY\n-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------\nPROXYUSER            APPUSER01            NO             PROXY MAY NOT ACTIVATE ROLE         APPUSER03_SELECT     DATABASE\n\nSQL> connect proxyuser&#091;appuser01&#093;\/strongpassword@pdb03;\nConnected.\nSQL> \nSQL> select distinct granted_role from user_role_privs;\n\nGRANTED_ROLE\n--------------------------------------------------------------------------------\nAPPUSER02_SELECT\n\nSQL> select grantee || ' ' || table_name || ' ' || privilege || ' ' || grantor from user_tab_privs;\n\nGRANTEE||''||TABLE_NAME||''||PRIVILEGE||''||GRANTOR\n--------------------------------------------------------------------------------\nAPPUSER01 TABLE03 SELECT APPUSER03\nPUBLIC APPUSER01 INHERIT PRIVILEGES APPUSER01\n\nSQL> select * from appuser02.table02;\n\nno rows selected\n\nSQL> select * from appuser03.table03;\n\nno rows selected<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">alter<\/span><span style=\"color: #D8DEE9FF\"> user appuser01 <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">connect<\/span><span style=\"color: #D8DEE9FF\"> through proxyuser <\/span><span style=\"color: #81A1C1\">with<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">role<\/span><span style=\"color: #D8DEE9FF\"> all <\/span><span style=\"color: #81A1C1\">except<\/span><span style=\"color: #D8DEE9FF\"> appuser03_select;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">User altered.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> @ora_proxy_user_info.<\/span><span style=\"color: #81A1C1\">sql<\/span><span style=\"color: #D8DEE9FF\"> PROXYUSER<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXY                CLIENT               <\/span><span style=\"color: #81A1C1\">AUTHENTICATION<\/span><span style=\"color: #D8DEE9FF\"> AUTHORIZATION_CONSTRAINT            <\/span><span style=\"color: #81A1C1\">ROLE<\/span><span style=\"color: #D8DEE9FF\">                 PROXY_AUTHORITY<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXYUSER            APPUSER01            <\/span><span style=\"color: #81A1C1\">NO<\/span><span style=\"color: #D8DEE9FF\">             PROXY MAY <\/span><span style=\"color: #81A1C1\">NOT<\/span><span style=\"color: #D8DEE9FF\"> ACTIVATE <\/span><span style=\"color: #81A1C1\">ROLE<\/span><span style=\"color: #D8DEE9FF\">         APPUSER03_SELECT     <\/span><span style=\"color: #81A1C1\">DATABASE<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">connect<\/span><span style=\"color: #D8DEE9FF\"> proxyuser&#091;appuser01&#093;<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9FF\">strongpassword@pdb03;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">Connected.<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">select distinct<\/span><span style=\"color: #D8DEE9FF\"> granted_role <\/span><span style=\"color: #81A1C1\">from<\/span><span style=\"color: #D8DEE9FF\"> user_role_privs;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">GRANTED_ROLE<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">--------------------------------------------------------------------------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">APPUSER02_SELECT<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">select<\/span><span style=\"color: #D8DEE9FF\"> grantee <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">&#39;<\/span><span style=\"color: #A3BE8C\"> <\/span><span style=\"color: #ECEFF4\">&#39;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> table_name <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">&#39;<\/span><span style=\"color: #A3BE8C\"> <\/span><span style=\"color: #ECEFF4\">&#39;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> privilege <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #ECEFF4\">&#39;<\/span><span style=\"color: #A3BE8C\"> <\/span><span style=\"color: #ECEFF4\">&#39;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> grantor <\/span><span style=\"color: #81A1C1\">from<\/span><span style=\"color: #D8DEE9FF\"> user_tab_privs;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">GRANTEE<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #ECEFF4\">&#39;&#39;<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\">TABLE_NAME<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #ECEFF4\">&#39;&#39;<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\">PRIVILEGE<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #ECEFF4\">&#39;&#39;<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\">GRANTOR<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">--------------------------------------------------------------------------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">APPUSER01 TABLE03 <\/span><span style=\"color: #81A1C1\">SELECT<\/span><span style=\"color: #D8DEE9FF\"> APPUSER03<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PUBLIC APPUSER01 INHERIT PRIVILEGES APPUSER01<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">select<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">*<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">from<\/span><span style=\"color: #D8DEE9FF\"> appuser02.table02;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">no<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">rows<\/span><span style=\"color: #D8DEE9FF\"> selected<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">select<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">*<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">from<\/span><span style=\"color: #D8DEE9FF\"> appuser03.table03;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">no<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">rows<\/span><span style=\"color: #D8DEE9FF\"> selected<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Assign a set of roles<\/h3>\n\n\n\n<p class=\"has-medium-font-size\">It is possible to define one or more roles after proxy authentication.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers cbp-highlight-hover\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#d8dee9ff;--cbp-line-number-width:calc(2 * 0.6 * .875rem);--cbp-line-highlight-color:rgba(201, 218, 248, 0.2);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewbox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>SQL> alter user appuser01 grant connect through proxyuser with role appuser02_select;\n\nUser altered.\n\nSQL> @ora_proxy_user_info.sql PROXYUSER\n\nPROXY                CLIENT               AUTHENTICATION AUTHORIZATION_CONSTRAINT            ROLE                 PROXY_AUTHORITY\n-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------\nPROXYUSER            APPUSER01            NO             PROXY MAY ACTIVATE ROLE             APPUSER02_SELECT     DATABASE\n\nSQL> alter user appuser01 grant connect through proxyuser with role appuser02_select, appuser03_select;\n\nUser altered.\n\nSQL> @ora_proxy_user_info.sql PROXYUSER\n\nPROXY                CLIENT               AUTHENTICATION AUTHORIZATION_CONSTRAINT            ROLE                 PROXY_AUTHORITY\n-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------\nPROXYUSER            APPUSER01            NO             PROXY MAY ACTIVATE ROLE             APPUSER02_SELECT     DATABASE\nPROXYUSER            APPUSER01            NO             PROXY MAY ACTIVATE ROLE             APPUSER03_SELECT     DATABASE<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">alter<\/span><span style=\"color: #D8DEE9FF\"> user appuser01 <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">connect<\/span><span style=\"color: #D8DEE9FF\"> through proxyuser <\/span><span style=\"color: #81A1C1\">with<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">role<\/span><span style=\"color: #D8DEE9FF\"> appuser02_select;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">User altered.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> @ora_proxy_user_info.<\/span><span style=\"color: #81A1C1\">sql<\/span><span style=\"color: #D8DEE9FF\"> PROXYUSER<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXY                CLIENT               <\/span><span style=\"color: #81A1C1\">AUTHENTICATION<\/span><span style=\"color: #D8DEE9FF\"> AUTHORIZATION_CONSTRAINT            <\/span><span style=\"color: #81A1C1\">ROLE<\/span><span style=\"color: #D8DEE9FF\">                 PROXY_AUTHORITY<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXYUSER            APPUSER01            <\/span><span style=\"color: #81A1C1\">NO<\/span><span style=\"color: #D8DEE9FF\">             PROXY MAY ACTIVATE <\/span><span style=\"color: #81A1C1\">ROLE<\/span><span style=\"color: #D8DEE9FF\">             APPUSER02_SELECT     <\/span><span style=\"color: #81A1C1\">DATABASE<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">alter<\/span><span style=\"color: #D8DEE9FF\"> user appuser01 <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">connect<\/span><span style=\"color: #D8DEE9FF\"> through proxyuser <\/span><span style=\"color: #81A1C1\">with<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">role<\/span><span style=\"color: #D8DEE9FF\"> appuser02_select, appuser03_select;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">User altered.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> @ora_proxy_user_info.<\/span><span style=\"color: #81A1C1\">sql<\/span><span style=\"color: #D8DEE9FF\"> PROXYUSER<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXY                CLIENT               <\/span><span style=\"color: #81A1C1\">AUTHENTICATION<\/span><span style=\"color: #D8DEE9FF\"> AUTHORIZATION_CONSTRAINT            <\/span><span style=\"color: #81A1C1\">ROLE<\/span><span style=\"color: #D8DEE9FF\">                 PROXY_AUTHORITY<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXYUSER            APPUSER01            <\/span><span style=\"color: #81A1C1\">NO<\/span><span style=\"color: #D8DEE9FF\">             PROXY MAY ACTIVATE <\/span><span style=\"color: #81A1C1\">ROLE<\/span><span style=\"color: #D8DEE9FF\">             APPUSER02_SELECT     <\/span><span style=\"color: #81A1C1\">DATABASE<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXYUSER            APPUSER01            <\/span><span style=\"color: #81A1C1\">NO<\/span><span style=\"color: #D8DEE9FF\">             PROXY MAY ACTIVATE <\/span><span style=\"color: #81A1C1\">ROLE<\/span><span style=\"color: #D8DEE9FF\">             APPUSER03_SELECT     <\/span><span style=\"color: #81A1C1\">DATABASE<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Disable roles<\/h3>\n\n\n\n<p class=\"has-medium-font-size\">All roles of the target user can be disabled when accessing the database via proxy authentication.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers cbp-highlight-hover\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#d8dee9ff;--cbp-line-number-width:calc(1 * 0.6 * .875rem);--cbp-line-highlight-color:rgba(201, 218, 248, 0.2);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewbox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>SQL> alter user appuser01 grant connect through proxyuser with no role;\n\nUser altered.\n\nSQL> @ora_proxy_user_info.sql PROXYUSER\n\nPROXY                CLIENT               AUTHENTICATION AUTHORIZATION_CONSTRAINT            ROLE                 PROXY_AUTHORITY\n-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------\nPROXYUSER            APPUSER01            NO             NO CLIENT ROLES MAY BE ACTIVATED                         DATABASE<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">alter<\/span><span style=\"color: #D8DEE9FF\"> user appuser01 <\/span><span style=\"color: #81A1C1\">grant<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">connect<\/span><span style=\"color: #D8DEE9FF\"> through proxyuser <\/span><span style=\"color: #81A1C1\">with<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">no<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">role<\/span><span style=\"color: #D8DEE9FF\">;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">User altered.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> @ora_proxy_user_info.<\/span><span style=\"color: #81A1C1\">sql<\/span><span style=\"color: #D8DEE9FF\"> PROXYUSER<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXY                CLIENT               <\/span><span style=\"color: #81A1C1\">AUTHENTICATION<\/span><span style=\"color: #D8DEE9FF\"> AUTHORIZATION_CONSTRAINT            <\/span><span style=\"color: #81A1C1\">ROLE<\/span><span style=\"color: #D8DEE9FF\">                 PROXY_AUTHORITY<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXYUSER            APPUSER01            <\/span><span style=\"color: #81A1C1\">NO<\/span><span style=\"color: #D8DEE9FF\">             <\/span><span style=\"color: #81A1C1\">NO<\/span><span style=\"color: #D8DEE9FF\"> CLIENT ROLES MAY BE ACTIVATED                         <\/span><span style=\"color: #81A1C1\">DATABASE<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Queries related to proxy users<\/h2>\n\n\n\n<p class=\"has-medium-font-size\">It is essential to understand what has been configured in terms of privileges and what is actually being used in the database at the session level. Below are some queries related to proxy users.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">List proxy users<\/h3>\n\n\n\n<p class=\"has-medium-font-size\">The PROXY_USERS view displays the list of proxy users.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers cbp-highlight-hover\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#d8dee9ff;--cbp-line-number-width:calc(1 * 0.6 * .875rem);--cbp-line-highlight-color:rgba(201, 218, 248, 0.2);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewbox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>SQL> @ora_proxy_user_info.sql PROXYUSER\n\nPROXY                CLIENT               AUTHENTICATION AUTHORIZATION_CONSTRAINT            ROLE                 PROXY_AUTHORITY\n-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------\nPROXYUSER            APPUSER01            NO             NO CLIENT ROLES MAY BE ACTIVATED                         DATABASE<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> @ora_proxy_user_info.<\/span><span style=\"color: #81A1C1\">sql<\/span><span style=\"color: #D8DEE9FF\"> PROXYUSER<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXY                CLIENT               <\/span><span style=\"color: #81A1C1\">AUTHENTICATION<\/span><span style=\"color: #D8DEE9FF\"> AUTHORIZATION_CONSTRAINT            <\/span><span style=\"color: #81A1C1\">ROLE<\/span><span style=\"color: #D8DEE9FF\">                 PROXY_AUTHORITY<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXYUSER            APPUSER01            <\/span><span style=\"color: #81A1C1\">NO<\/span><span style=\"color: #D8DEE9FF\">             <\/span><span style=\"color: #81A1C1\">NO<\/span><span style=\"color: #D8DEE9FF\"> CLIENT ROLES MAY BE ACTIVATED                         <\/span><span style=\"color: #81A1C1\">DATABASE<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">List roles assigned to proxy user connections<\/h3>\n\n\n\n<p class=\"has-medium-font-size\">The DBA_PROXIES view can be queried to obtain information about proxy connections in the database.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers cbp-highlight-hover\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#d8dee9ff;--cbp-line-number-width:calc(1 * 0.6 * .875rem);--cbp-line-highlight-color:rgba(201, 218, 248, 0.2);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewbox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>SQL> @ora_proxy_user_info.sql PROXYUSER\n\nPROXY                CLIENT               AUTHENTICATION AUTHORIZATION_CONSTRAINT            ROLE                 PROXY_AUTHORITY\n-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------\nPROXYUSER            APPUSER01            NO             PROXY MAY ACTIVATE ALL CLIENT ROLES                      DATABASE<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> @ora_proxy_user_info.<\/span><span style=\"color: #81A1C1\">sql<\/span><span style=\"color: #D8DEE9FF\"> PROXYUSER<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXY                CLIENT               <\/span><span style=\"color: #81A1C1\">AUTHENTICATION<\/span><span style=\"color: #D8DEE9FF\"> AUTHORIZATION_CONSTRAINT            <\/span><span style=\"color: #81A1C1\">ROLE<\/span><span style=\"color: #D8DEE9FF\">                 PROXY_AUTHORITY<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">-------------------- -------------------- -------------- ----------------------------------- -------------------- ---------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXYUSER            APPUSER01            <\/span><span style=\"color: #81A1C1\">NO<\/span><span style=\"color: #D8DEE9FF\">             PROXY MAY ACTIVATE ALL CLIENT ROLES                      <\/span><span style=\"color: #81A1C1\">DATABASE<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Identify proxy user sessions<\/h3>\n\n\n\n<p class=\"has-medium-font-size\">The V$SESSION_CONNECT_INFO, V$PROCESS, and V$SESSION views can be combined to obtain details about sessions in the database.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers cbp-highlight-hover\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#d8dee9ff;--cbp-line-number-width:calc(1 * 0.6 * .875rem);--cbp-line-highlight-color:rgba(201, 218, 248, 0.2);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewbox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>SQL> @ora_query_proxy_sessions.sql\n\nUSERNAME             AUTHENTICATION_TYPE    INST_ID        SID    SERIAL# STATUS   LOGON_TIME          ELAPSED_TIME        MACHINE||PORT||OSUSER||PROGRAM                                                 MODULE || EVENT                                                        PROCESS                  SPID                     SQL_ID        PREV_SQL_ID       CON_ID\n-------------------- ------------------- ---------- ---------- ---------- -------- ------------------- ------------------- ------------------------------------------------------------------------------ ---------------------------------------------------------------------- ------------------------ ------------------------ ------------- ------------- ----------\nAPPUSER01            PROXY                        1        153      49341 INACTIVE 2025-08-29 19:13:39 00d00h04m34s        oracledb||61228||oracle||sqlplus@oracledb (TNS V1-V3)                          SQL*Plus || SQL*Net message from client                                2659                     2661                                   g4y6nw3tts7cc          4<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> @ora_query_proxy_sessions.<\/span><span style=\"color: #81A1C1\">sql<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">USERNAME             AUTHENTICATION_TYPE    INST_ID        <\/span><span style=\"color: #81A1C1\">SID<\/span><span style=\"color: #D8DEE9FF\">    <\/span><span style=\"color: #81A1C1\">SERIAL<\/span><span style=\"color: #D8DEE9FF\"># <\/span><span style=\"color: #81A1C1\">STATUS<\/span><span style=\"color: #D8DEE9FF\">   LOGON_TIME          ELAPSED_TIME        MACHINE<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\">PORT<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\">OSUSER<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\">PROGRAM                                                 MODULE <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">EVENT<\/span><span style=\"color: #D8DEE9FF\">                                                        PROCESS                  SPID                     SQL_ID        PREV_SQL_ID       CON_ID<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">-------------------- ------------------- ---------- ---------- ---------- -------- ------------------- ------------------- ------------------------------------------------------------------------------ ---------------------------------------------------------------------- ------------------------ ------------------------ ------------- ------------- ----------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">APPUSER01            PROXY                        <\/span><span style=\"color: #B48EAD\">1<\/span><span style=\"color: #D8DEE9FF\">        <\/span><span style=\"color: #B48EAD\">153<\/span><span style=\"color: #D8DEE9FF\">      <\/span><span style=\"color: #B48EAD\">49341<\/span><span style=\"color: #D8DEE9FF\"> INACTIVE <\/span><span style=\"color: #B48EAD\">2025<\/span><span style=\"color: #81A1C1\">-<\/span><span style=\"color: #B48EAD\">08<\/span><span style=\"color: #81A1C1\">-<\/span><span style=\"color: #B48EAD\">29<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #B48EAD\">19<\/span><span style=\"color: #D8DEE9FF\">:<\/span><span style=\"color: #B48EAD\">13<\/span><span style=\"color: #D8DEE9FF\">:<\/span><span style=\"color: #B48EAD\">39<\/span><span style=\"color: #D8DEE9FF\"> 00d00h04m34s        oracledb<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #B48EAD\">61228<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\">oracle<\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\">sqlplus@oracledb (TNS V1<\/span><span style=\"color: #81A1C1\">-<\/span><span style=\"color: #D8DEE9FF\">V3)                          <\/span><span style=\"color: #81A1C1\">SQL*<\/span><span style=\"color: #D8DEE9FF\">Plus <\/span><span style=\"color: #81A1C1\">||<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">SQL*<\/span><span style=\"color: #D8DEE9FF\">Net <\/span><span style=\"color: #81A1C1\">message<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">from<\/span><span style=\"color: #D8DEE9FF\"> client                                <\/span><span style=\"color: #B48EAD\">2659<\/span><span style=\"color: #D8DEE9FF\">                     <\/span><span style=\"color: #B48EAD\">2661<\/span><span style=\"color: #D8DEE9FF\">                                   g4y6nw3tts7cc          <\/span><span style=\"color: #B48EAD\">4<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Revoke proxy user authentication<\/h2>\n\n\n\n<p class=\"has-medium-font-size\">It is possible to revoke proxy user authentication.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers cbp-highlight-hover\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#d8dee9ff;--cbp-line-number-width:calc(2 * 0.6 * .875rem);--cbp-line-highlight-color:rgba(201, 218, 248, 0.2);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewbox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>SQL> @ora_proxy_users.sql\n\nPROXY                CLIENT               AUTHENTICATION FLAGS\n-------------------- -------------------- -------------- -----------------------------------\nPROXYUSER            APPUSER01            NO             PROXY MAY ACTIVATE ALL CLIENT ROLES\n\nSQL> \nSQL> alter user appuser01 revoke connect through proxyuser;\n\nUser altered.\n\nSQL> \nSQL> @ora_proxy_users.sql\n\nno rows selected<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewbox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> @ora_proxy_users.<\/span><span style=\"color: #81A1C1\">sql<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXY                CLIENT               <\/span><span style=\"color: #81A1C1\">AUTHENTICATION<\/span><span style=\"color: #D8DEE9FF\"> FLAGS<\/span><\/span>\n<span class=\"line\"><span style=\"color: #616E88\">-------------------- -------------------- -------------- -----------------------------------<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">PROXYUSER            APPUSER01            <\/span><span style=\"color: #81A1C1\">NO<\/span><span style=\"color: #D8DEE9FF\">             PROXY MAY ACTIVATE ALL CLIENT ROLES<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">alter<\/span><span style=\"color: #D8DEE9FF\"> user appuser01 <\/span><span style=\"color: #81A1C1\">revoke<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">connect<\/span><span style=\"color: #D8DEE9FF\"> through proxyuser;<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9FF\">User altered.<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> <\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">SQL&gt;<\/span><span style=\"color: #D8DEE9FF\"> @ora_proxy_users.<\/span><span style=\"color: #81A1C1\">sql<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">no<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">rows<\/span><span style=\"color: #D8DEE9FF\"> selected<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Considerations<\/h2>\n\n\n\n<p class=\"has-medium-font-size\">Evaluating the impact of proxy authentications and defining appropriate access levels are fundamental to database access control and security. Therefore, proxy users and their authentications must be managed with caution.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">References<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/docs.oracle.com\/en\/database\/oracle\/oracle-database\/19\/dbseg\/configuring-authentication.html#GUID-00632C9C-5C01-4C8F-A4D0-5E575502A6AE\">Oracle Database 19c &#8211; Security Guide &#8211; Configuring Authentication<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/docs.oracle.com\/en\/database\/oracle\/oracle-database\/19\/sqlrf\/ALTER-USER.html\">Oracle Database 19c &#8211; SQL Language Reference &#8211; ALTER USER<\/a><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Proxy user authentication in Oracle Database: configuration, management, and queries.<\/p>","protected":false},"author":1,"featured_media":809,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[26],"tags":[30,31],"class_list":["post-732","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oracle","tag-oracle","tag-proxy_auth"],"_links":{"self":[{"href":"https:\/\/lemosdba.com.br\/en\/wp-json\/wp\/v2\/posts\/732","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lemosdba.com.br\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lemosdba.com.br\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lemosdba.com.br\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lemosdba.com.br\/en\/wp-json\/wp\/v2\/comments?post=732"}],"version-history":[{"count":63,"href":"https:\/\/lemosdba.com.br\/en\/wp-json\/wp\/v2\/posts\/732\/revisions"}],"predecessor-version":[{"id":1065,"href":"https:\/\/lemosdba.com.br\/en\/wp-json\/wp\/v2\/posts\/732\/revisions\/1065"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lemosdba.com.br\/en\/wp-json\/wp\/v2\/media\/809"}],"wp:attachment":[{"href":"https:\/\/lemosdba.com.br\/en\/wp-json\/wp\/v2\/media?parent=732"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lemosdba.com.br\/en\/wp-json\/wp\/v2\/categories?post=732"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lemosdba.com.br\/en\/wp-json\/wp\/v2\/tags?post=732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}