cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SQL Anywhere 16: unload/reload via reload.sql and password for DBA

former_SQLA_member326303
Participant

on ‎2018 May 08 5:46 AM

0 Kudos
1,591

SQL Anywhere 16.0.0.2546.
Let's create a database with a standard password (sql) for DBA.
Let after some time we changed the password for DBA. For example:
ALTER USER DBA IDENTIFIED BY test;
If now we want to make unload/reload database using reload.sql-file, then we lose the new password (test) for DBA. Please, look reload.sql:
GRANT CONNECT TO "DBA" IDENTIFIED BY sql go

I'll remind you that the "-up" option is not in the version 16.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

MarkCulp
Participant
‎2018 May 08 9:03 AM

The DBA password that is set near the beginning of the reload.sql script is only temporary. Have a look at the end of the reload.sql file: the script will set the DBA's password to the one in the database there.

-------------------------------------------------
--   Set DBA password
-------------------------------------------------
GRANT CONNECT TO DBA IDENTIFIED BY ENCRYPTED '...escaped-hex-string...'
go

HTH

Show replies
Show replies
former_SQLA_member326303
Participant
‎2018 May 10 3:53 AM
0 Kudos

Thank you.
Indeed, for a "normal" database, we get:
GRANT CONNECT TO DBA IDENTIFIED BY ENCRYPTED '...'
But if there is a "secret" administrator (for example ADM) and the DBA-user is deprived of administrator privileges (REVOKE DBA FROM DBA ), then
DBA-password (<> sql) is lost. That is, we do not see GRANT CONNECT TO DBA IDENTIFIED BY ENCRYPTED.
We look only:

----------------------
--   Create users




GRANT CONNECT TO "dba" IDENTIFIED BY sql
go
...




--   Remove or modify DBA userid


GRANT CONNECT TO "adm" IDENTIFIED BY sql
go


CONNECT USING 'UID=adm;PWD=sql'
go


BEGIN IF EXISTS (SELECT * FROM SYS.SYSUSER WHERE user_name = 'SYS_AUTH_DBA_ROLE') THEN REVOKE DBA FROM DBA END IF; END; 
go


GRANT CONNECT TO "adm" IDENTIFIED BY ENCRYPTED '...'
go`
chris_keating
Product and Topic Expert
Product and Topic Expert
‎2018 May 14 10:58 AM

We have reproduced this and are investigating a solution. Please note that this problem does not appear in v17. This issue is being tracked as Engineering Case# 814977 and will be available in an upcoming update.

Ask a Question