SAP Knowledge Base Article - Preview

2357201 - The authmech function raises Error 10386 SELECT BUILTIN permission denied on builtin authmech - ASE

Symptom

  • A user with sso_role has a user database as its default database. 
  • When this user runs the authmech() builtin function execution is successful for that user only. 
  • It cannot return authentication information for any other active user session and instead fails with Error 10386. 
    • The 'Granular permissions' feature is not configured.
    • Suid 5 has sso_role. 
    • Suid 5 can return the correct value for its session, but was unable to capture the same info for the session with suid 6.
      select suid, authmech(spid) from master..sysprocesses where suid >= 1
      go
      Msg 10386, Level 14, State 1:
      Server 'sp137', Line 1:
      SELECT BUILTIN permission denied on builtin authmech, owner system security officer
      suid                                                                                                                                                            
      -----------       --------------------------------------------------------------           -------------------------       --------------------------------------------------
                 6         NULL                                                                                                                 5                                                                   ase
      (2 rows affected)
  • Permissions for suid 5.
    sp_displaylogin
    go
    Suid: 5
    Loginame: sso_user_testdb
    Fullname:
    Default Database: testdb
    Default Language:
    Auto Login Script:
    Configured Authorization:
            sso_role (default ON)
    Locked: NO
    Date of Last Password Change: Aug 19 2016  6:09AM
    Password expiration interval: 0
    Password expired: NO
    Minimum password length: 6
    Maximum failed logins: 0
    Current failed login attempts:
    Authenticate with: AUTH_DEFAULT
    Login Password Encryption: SHA-256
    Last login date: Aug 19 2016  9:06AM
    Exempt inactive lock: 0
    (return status = 0)


Read more...

Environment

  • SAP Adaptive Server Enterprise (ASE) 15.7
  • SAP Adaptive Server Enterprise (ASE) 16.0 
  • Granular Permissions

Product

SAP Adaptive Server Enterprise 15.7 ; SAP Adaptive Server Enterprise 16.0

Keywords

KBA , BC-SYB-ASE , Sybase ASE Database Platform (non Business Suite) , Bug Filed

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.