Skip to content

Latest commit

 

History

History
78 lines (59 loc) · 3.85 KB

setuser-transact-sql.md

File metadata and controls

78 lines (59 loc) · 3.85 KB
Raw
title description author ms.author ms.date ms.service ms.subservice ms.topic f1_keywords helpviewer_keywords dev_langs
SETUSER (Transact-SQL)
SETUSER (Transact-SQL)
VanMSFT
vanto
07/26/2017
sql
t-sql
reference
SETUSER_TSQL
SETUSER
delegation [SQL Server]
impersonation [SQL Server]
SETUSER statement
user impersonation [SQL Server]
TSQL

SETUSER (Transact-SQL)

[!INCLUDE SQL Server]

Allows a member of the sysadmin fixed server role or the owner of a database to impersonate another user.

Important

SETUSER is included for backward compatibility only. SETUSER may not be supported in a future release of [!INCLUDEssNoVersion]. We recommend that you use EXECUTE AS instead.

:::image type="icon" source="../../includes/media/topic-link-icon.svg" border="false"::: Transact-SQL syntax conventions

Syntax

  
SETUSER [ 'username' [ WITH NORESET ] ]

[!INCLUDEsql-server-tsql-previous-offline-documentation]

Arguments

' username '
Is the name of a [!INCLUDEssNoVersion] or Windows user in the current database that is impersonated. When username is not specified, the original identity of the system administrator or database owner impersonating the user is reset.

WITH NORESET
Specifies that subsequent SETUSER statements (with no specified username) should not reset the user identity to system administrator or database owner.

Remarks

SETUSER can be used by a member of the sysadmin fixed server role or the owner of a database to adopt the identity of another user to test the permissions of the other user. Membership in the db_owner fixed database role is not sufficient.

Only use SETUSER with [!INCLUDEssNoVersion] users. SETUSER is not supported with Windows users. When SETUSER has been used to assume the identity of another user, any objects that the impersonating user creates are owned by the user being impersonated. For example, if the database owner assumes the identity of user Margaret and creates a table called orders, the orders table is owned by Margaret, not the system administrator.

SETUSER remains in effect until another SETUSER statement is issued or until the current database is changed with the USE statement.

Note

If SETUSER WITH NORESET is used, the database owner or system administrator must log off and then log on again to reestablish his or her own rights.

Permissions

Requires membership in the sysadmin fixed server role or must be the owner of the database. Membership in the db_owner fixed database role is not sufficient

Examples

The following example shows how the database owner can adopt the identity of another user. User mary has created a table called computer_types. By using SETUSER, the database owner impersonates mary to grant user joe access to the computer_types table, and then resets his or her own identity.

SETUSER 'mary';  
GO  
GRANT SELECT ON computer_types TO joe;  
GO  
--To revert to the original user  
SETUSER;

See Also

DENY (Transact-SQL)
GRANT (Transact-SQL)
REVOKE (Transact-SQL)
USE (Transact-SQL)