SETUSER fails with 17.0.11.7458 for DBA user with SET USER system privilege

0

As DBA I freqeuently use SETUSER to impersonate other users or to impersonate a role that owns a schema (often "dbo", as we have used that for user-defined objects out ot MS SQL compatibility).

With a database running on 17.0.11.7458, I often (but not always) get an error message when issuing SETUSER dbo - claiming SQLCODE -121 ("Permission denied: you do not have permission to set user "dbo"). It does also fail for some other users.

Of course the DBA user does have that privilege, as the following query reveals: 

select * from sp_displayroles ('DBA', 'expand_down') where role_name = 'SET USER';
returns:
role_name;parent_role_name;grant_type;role_level
'SET USER';'SYS_AUTH_SA_ROLE';'NO ADMIN';3
'SET USER';'SYS_AUTH_SSO_ROLE';'ADMIN ONLY';3

I don't notice that behaviour with 17.0.11.7432 and have never noticed that in previous versions...

What could cause this effect?

asked 17 Nov, 06:41

Volker%20Barth's gravatar image

Volker Barth
39.9k360547817
accept rate: 34%

edited 17 Nov, 06:42

One Answer:
active answersoldest answersnewest answerspopular answers
3

Re: What could cause this effect?

A bug was introduced in a recent change. It can be caused by executing grant/revoke statements on a separate connection. It is corrected in an upcoming release.

permanent link

answered 20 Nov, 11:12

JBSchueler's gravatar image

JBSchueler
3.3k31564
accept rate: 19%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×235
×24

question asked: 17 Nov, 06:41

question was seen: 83 times

last updated: 20 Nov, 11:12

Related questions

sysuser last login time not being updated

Error Code -6 when applying a transaction log file (from live backup)

Backups suddenly failing

Problem using 'callback' form of 'connect', JavaScript External Environment

Error using ''sa_dbcapi_handle" in JavaScript External Environment with WIndows

SA-17 Purchase Order Suspended

Portable version of SA and MobiLink

dbconsole and SQL Anywhere 17

Is there a local HTML help available for 17.0.4?

http web service trace log is empty in sa 17.0.10.5963