RDBPROD: RDB_NATCONN7nn ADDUSER Fails With No Privilege Error When Adding Another User
(Doc ID 731737.1)
Last updated on MAY 03, 2018
Applies to:
Oracle SQL/Services for Rdb on OpenVMS - Version 7.1.6.2 and laterHP OpenVMS Itanium
HP OpenVMS Alpha
Symptoms
Adding a user with RDB_NATCONNnn that has a different username than the username of the current user gives the following error:
The problem can be demonstrated as follows:
Show the current user in AUTHORIZE (only the privileges are relevant in this case):
UAF> show USER1
Username: USER1 Owner: Test
.
.
Authorized Privileges:
NETMBX SETPRV TMPMBX
Default Privileges:
NETMBX SETPRV TMPMBX
Identifier Value Attributes
VMS$MEM_RESIDENT_USER %X80000009
UAF> Exit
%UAF-I-NOMODS, no modifications made to system authorization file
%UAF-I-NAFNOMODS, no modifications made to network proxy database
%UAF-I-RDBNOMODS, no modifications made to rights database
Create the database:
SQL> create database filename v_test;
SQL> create table t(i integer);
SQL> commit;
SQL> Exit
Set all privileges to prepare the database and do the prepare:
$ @sys$share:rdb_natconn72 prepare v_test
**** Preparing database V_TEST ****
**** Preparing database successfully completed ****
$
Set the privileges back as they are not needed to add the username of the current user and add this username:
$ @sys$share:rdb_natconn72 show v_test
Users in V_TEST
SYS
SYSTEM
Count = 2
$ @sys$share:rdb_natconn72
Operation (prepare/upgrade/drop/add_user/modify_user/remove_user/show_users): add
Username [USER1]:
User name [USER1] is used.
New password:
Password Verification:
Database: v_test
%ADDED, user USER1 added to V_TEST
$ @sys$share:rdb_natconn72 show v_test
Users in V_TEST
USER1
SYS
SYSTEM
Count = 3
Then set all privileges and check that you have SYSPRV, SECURITY and BYPASS:
UAF> sho user1
Username: USER1 Owner: Test
.
.
CPU: (none) Enqlm: 32767 Pgflquo: 2000000
Authorized Privileges:
NETMBX SETPRV TMPMBX
Default Privileges:
NETMBX SETPRV TMPMBX
Identifier Value Attributes
VMS$MEM_RESIDENT_USER %X80000009
UAF> Exit
%UAF-I-NOMODS, no modifications made to system authorization file
%UAF-I-NAFNOMODS, no modifications made to network proxy database
%UAF-I-RDBNOMODS, no modifications made to rights database
$ set proc/priv=all
$ sho proc/priv
19-AUG-2008 02:06:02.69 User: USER1 Process ID: 202006AE
Node: NODE1 Process name: "Process 1"
Authorized privileges:
NETMBX SETPRV TMPMBX
Process privileges:
ACNT may suppress accounting messages
.
.
BYPASS may bypass all object access controls
.
SECURITY may perform security administration functions
SETPRV may set any privilege bit
.
SYSPRV may access objects via system protection
.
WORLD may affect other processes in the world
Process rights:
USER1 resource
INTERACTIVE
REMOTE
VMS$MEM_RESIDENT_USER
System rights:
SYS$NODE_NODE1
Soft CPU Affinity: off
Now try to add USER2, being logged in with username USER1 and having all privileges:
Operation (prepare/upgrade/drop/add_user/modify_user/remove_user/show_users): add
Username [USER1]: user2
User name [USER2] is used.
New password:
Password Verification:
Database: v_test
%FAILED, update to V_TEST failed
%Reason, - no privilege to perform operation on database V_TEST
Despite having all privileges, you cannot add a user that is not the current user.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |