Applications that use the trusted sessions feature may submit both trusted and nontrusted requests. The application, not Vantage, knows which requests can be trusted and which cannot. Vantage only verifies that the SET QUERY_BAND request with a PROXYUSER is a trusted request if the logon user has the WITH TRUST_ONLY option set.
Server software enforces trusted requests by means of GRANT CONNECT THROUGH requests that give trusted users the TRUST_ONLY privilege. If you specify WITH TRUST_ONLY for a trusted user, Vantage validates that a request to set a Proxy User is trusted. Otherwise, Vantage ends the request and returns an error to the requestor.
Suppose a middle tier application submits the following SET QUERY_BAND request with a PROXYUSER.
SET QUERY_BAND = 'PROXYUSER=client787';
The following outcomes are possible, depending on whether the request is trusted and what CONNECT THROUGH privileges have been granted to the application user that submits it.
| Trusted User Has TRUST_ONLY Privilege | Trusted Flag of Options Parcel Setting | Result |
|---|---|---|
| Yes | Y | Request is trusted. SET QUERY_BAND PROXYUSER requests are allowed. |
| N | Request isnot trusted. SET QUERY_BAND PROXYUSER requests end. |
|
| No | Y | Request is neither trusted nor not trusted. Vantage ignores flag setting. |
| is set to N | (Default) Request isneither trusted nor not trusted. Vantage ignores flag setting. |