I have created a Remote Server connection called TeleMed from one Sybase ASA 12 database (db1) to another Sybase ASA 12 database (db2) to access a table from the second database in the first database, a Proxy Table

alt text

I have created a user called Therapist in the db2, which has permissions to Select and Reference only the one table being the proxy table in db1.

I have a User Group Therapist in db1, with many members. The Group is then used as an External Login to db2 using the Therapist user id and password from db2.

When I log in to db1 as a user XYZ, whom belongs to the User Group Therapist in db1, I can't access the proxy table.

alt text

If I add the user XYZ as an External Login using the Therapist user id and password from db2, all works fine.

Why doesn't the external login based on a group allow the user to connect/select the proxy table data, I would have thought that user would be granted access via the membership to the Therapist group.

Is there something I am missing here?

Thanks in advance

asked 16 Jun '16, 01:53

Datagaard's gravatar image

Datagaard
2658919
accept rate: 0%

edited 16 Jun '16, 01:55


AFAIK, remote connections are never based on group membership. Extern logins are created for single users, not for groups.

So I guess you will have to

  • either add an externlogin for each user of the group or
  • create users with identical credentials on both databases so they can connect from db1 to db2 with the same credentials, and no externlogin has to be created.

(If my assumptions are correct, than I would share your impression that this seems rather surprising and complex ...)


Note, with v16 and above, remote connections by default are made based on the effective user, not the logged-in user, so you could turn the proxy access in, say, a procedure with SQL SECURITY DEFINER, and then only the owner of the procedure would need an externlogin - that and the different v12 behaviour are discussed here (note particularly Karim's comments) and here.

permanent link

answered 16 Jun '16, 05:32

Volker%20Barth's gravatar image

Volker Barth
40.0k361549819
accept rate: 34%

Hi Volker,

Thanks for your answer, and yes I am a bit surprised that the Group can be added to the external login, but then members of the group don't "inherit" those permissions.

Will just have to add each user to the external login.

THanks

(16 Jun '16, 20:17) Datagaard
Replies hidden

I am a bit surprised that the Group can be added to the external login

That detail should not come as a surprise because up to v12, a group is a user itself by design, and so the group as a user can have an externlogin, too.

(17 Jun '16, 03:58) Volker Barth
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×69
×56

question asked: 16 Jun '16, 01:53

question was seen: 2,695 times

last updated: 17 Jun '16, 03:58