EXECUTE AS USER is a powerful feature in SQL Server that allows you to temporarily take on someone else’s permissions inside a database.
This enables you to test things like security settings, identify bugs, and better understand how users interact with the system and what they’re able to access.
Impersonating the User
Before executing as a different user, it’s important to check if youre your current username:
SELECT USER_NAME()
Then, you can run:
EXECUTE AS USER = 'hi';
If it completes successfully, your session will now operate under the permissions of the hi user.
Testing Permissions
With db_datareader permissions assigned:
- The user can successfully run
SELECTqueries on tables. - Attempting to perform an
UPDATEor any other modification will result in a permission error.
This confirms that the user’s access is limited to reading data only, as intended.
Important: Always Revert
After testing, you should REVERT back to your original login to avoid operating under the impersonated user’s permissions unintentionally:
REVERT;
This restores your original security context.
Why Use EXECUTE AS USER?
Using EXECUTE AS USER is extremely useful for:
- Testing different user roles and permissions
- Ensuring the principle of least privilege is enforced
- Simulating user activity in a secure, controlled environment
- Troubleshooting access issues
EXECUTE AS LOGIN
- Prerequisites: The user you want to impersonate must exist and must have a login.
- If you need to impersonate at the server level (instead of just the database), you can use:
EXECUTE AS LOGIN = 'LoginName';When working at the server level, use SELECT SYSTEM_USER instead of SELECT USER_NAME() to confirm the impersonated login.
Example:
SELECT SYSTEM_USER;This approach is ideal when you need to validate server-level permissions across different logins.
Conclusion
EXECUTE AS USER is a simple but powerful feature in SQL Server that makes it easier to manage and troubleshoot permissions.
It allows developers and database administrators to verify user access without switching accounts, and ensures systems are operating securely according to best practices.
