May 2018
Intermediate to advanced
576 pages
30h 25m
English
If a role or user is created with the NOINHERIT option, this user will not automatically get the rights that have been granted to the other roles that have been granted to itself. To claim these rights from a specific role, it has to set its role to one of those other roles.
In some sense, this works a bit like the su (set user) command in Unix and Linux systems. That is, you (may) have the right to become that user, but you do not automatically have the rights of the aforementioned user.
This setup can be used to get better audit information, as it lets you know who the actual user was. If you just allow each user to log in as the role needed for a task, there is no good way to know later which of the users was really logged ...