When the SQL Wizard is used to create a Primary AuthID (with its corresponding password), you are also allowed to specify a SecondaryID. If a SecondaryID is defined, it is used instead of the Primary AuthID to determine the actual privileges available to the session.
Once the user or process logs in, the value defined for the SecondaryID is used wherever the Primary AuthID would normally be used. It is as though the user or process had logged in using the SecondaryID instead of the Primary AuthID. For example, the SecondaryID appears in the special register USER, which normally contains the Primary AuthID of a session.