cancel
Showing results for 
Search instead for 
Did you mean: 

SETUSER fails with 17.0.11.7458 for DBA user with SET USER system privilege

VolkerBarth
Contributor
0 Kudos
780

As DBA I freqeuently use SETUSER to impersonate other users or to impersonate a role that owns a schema (often "dbo", as we have used that for user-defined objects out ot MS SQL compatibility).

With a database running on 17.0.11.7458, I often (but not always) get an error message when issuing SETUSER dbo - claiming SQLCODE -121 ("Permission denied: you do not have permission to set user "dbo"). It does also fail for some other users.

Of course the DBA user does have that privilege, as the following query reveals:

select * from sp_displayroles ('DBA', 'expand_down') where role_name = 'SET USER';
returns:
role_name;parent_role_name;grant_type;role_level
'SET USER';'SYS_AUTH_SA_ROLE';'NO ADMIN';3
'SET USER';'SYS_AUTH_SSO_ROLE';'ADMIN ONLY';3

I don't notice that behaviour with 17.0.11.7432 and have never noticed that in previous versions...

What could cause this effect?

Accepted Solutions (1)

Accepted Solutions (1)

jack_schueler
Product and Topic Expert
Product and Topic Expert

Sorry about that. I see that we failed to generate a bug fix entry for SQL Anywhere (we did for SAP IQ).

The issue is fixed in version 17.0.11.7586.

justin_willey
Participant

Thanks, that's great. We'll get updated.

Answers (1)

Answers (1)

jack_schueler
Product and Topic Expert
Product and Topic Expert

Re: What could cause this effect?

A bug was introduced in a recent change. It can be caused by executing grant/revoke statements on a separate connection. It is corrected in an upcoming release.

justin_willey
Participant
0 Kudos

Hi - I can't see a fix for this between builds 7458 & 7672. Does anyone know if it is still an issue in the latest build?