Allow privileged users to gain or shed privileges for particular operations.
Some applications perform database operations with a single privileged account on the behalf of multiple clients. These clients use some form of application level authentication and authorization in order to gain access to privileged resources. Applications must be carefully written to ensure that its authorization model is strictly enforced.
Using this functionality, an application would be able to temporarily scope its database privileges to those required to perform operations for a particular client. This would mitigate some of the risk of a client attempting to bypass the application authorization model and manipulate database resources that it shouldn't be able to access.
Lead : Jeff
Author : Divjot
POCs : GO
Technical Design Document