Suppose you have defined the following external authorization object:
CREATE AUTHORIZATION DEFINER sales USER 'salesdept' PASSWORD 'secret';
You now create the following C UDF:
CREATE FUNCTION sales_collect ( store_number INTEGER, item_no INTEGER) RETURNS INTEGER LANGUAGE C NO SQL EXTERNAL 'cs!salecol!salecollector.c' PARAMETER STYLE SQL EXTERNAL SECURITY DEFINER sales;
This function collects data associated with sales for a given store and item number (item_no) and returns the number of items sold. In one scenario, the function communicates with the store using a network interface. The function is created using the DEFINER context. Therefore, when a user logs onto its database account and runs an SQL request that invokes this function, the database uses the logon ID associated with the sales authorization object, not the user running the SQL request. In this example, user salesdept has access to the external data the function reads to get the needed information.