on 2023 Nov 17 6:41 AM
As DBA I freqeuently use SETUSER to impersonate other users or to impersonate a role that owns a schema (often "dbo", as we have used that for user-defined objects out ot MS SQL compatibility).
With a database running on 17.0.11.7458, I often (but not always) get an error message when issuing SETUSER dbo - claiming SQLCODE -121 ("Permission denied: you do not have permission to set user "dbo"). It does also fail for some other users.
Of course the DBA user does have that privilege, as the following query reveals:
select * from sp_displayroles ('DBA', 'expand_down') where role_name = 'SET USER'; returns: role_name;parent_role_name;grant_type;role_level 'SET USER';'SYS_AUTH_SA_ROLE';'NO ADMIN';3 'SET USER';'SYS_AUTH_SSO_ROLE';'ADMIN ONLY';3
I don't notice that behaviour with 17.0.11.7432 and have never noticed that in previous versions...
What could cause this effect?
Sorry about that. I see that we failed to generate a bug fix entry for SQL Anywhere (we did for SAP IQ).
The issue is fixed in version 17.0.11.7586.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks, that's great. We'll get updated.
Re: What could cause this effect?
A bug was introduced in a recent change. It can be caused by executing grant/revoke statements on a separate connection. It is corrected in an upcoming release.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
75 | |
9 | |
9 | |
8 | |
8 | |
7 | |
7 | |
6 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.