Skip to Content
SQL ReferenceImpersonation

Execute As

EXECUTE AS is wrapper syntax for a single SQL statement. It switches USER-table or STREAM-table execution to a resolved target user ID only when the authenticated actor role is allowed to target that user’s role.

EXECUTE AS

SQL
EXECUTE AS '<user_id>' (  <single_statement>);

Rules

  1. The wrapper must contain exactly one SQL statement
  2. The target user ID must be single-quoted
  3. System users may target system, DBA, service, and user accounts
  4. DBA users may target DBA, service, and user accounts
  5. Service users may target service and user accounts
  6. Regular users may only target themselves
  7. The wrapper is valid for USER and STREAM tables; shared tables use their table policy directly
  8. Legacy inline ... AS USER 'name' syntax is not supported

Examples

Authorized delegated query:

SQL
EXECUTE AS 'user_123' (  SELECT * FROM app.messages WHERE conversation_id = 42);

Authorized delegated insert:

SQL
EXECUTE AS 'user_123' (  INSERT INTO app.messages (conversation_id, sender, role, content)  VALUES (42, 'user_123', 'assistant', 'Processing complete'));

Authorized delegated delete:

SQL
EXECUTE AS 'user_123' (  DELETE FROM app.messages WHERE id = 123);

Use Cases

ScenarioDescription
Service workersWrite rows into a user’s USER-table or STREAM-table partition through an explicit delegation boundary
TestingAssert allowed and denied role-matrix edges consistently
Audit trailsRecord the actor and target user for delegated operations
Last updated on
User ManagementSubscriptions & Live Queries