Symptom
- A user with sso_role has a user database as its default database.
- When this user runs the authmech() builtin function execution is successful for that user only.
- It cannot return authentication information for any other active user session and instead fails with Error 10386.
- The 'Granular permissions' feature is not configured.
- Suid 5 has sso_role.
- Suid 5 can return the correct value for its session, but was unable to capture the same info for the session with suid 6.
select suid, authmech(spid) from master..sysprocesses where suid >= 1
go
Msg 10386, Level 14, State 1:
Server 'sp137', Line 1:
SELECT BUILTIN permission denied on builtin authmech, owner system security officer
suid
----------- -------------------------------------------------------------- ------------------------- --------------------------------------------------
6 NULL 5 ase
(2 rows affected) - Permissions for suid 5.
sp_displaylogin
go
Suid: 5
Loginame: sso_user_testdb
Fullname:
Default Database: testdb
Default Language:
Auto Login Script:
Configured Authorization:
sso_role (default ON)
Locked: NO
Date of Last Password Change: Aug 19 2016 6:09AM
Password expiration interval: 0
Password expired: NO
Minimum password length: 6
Maximum failed logins: 0
Current failed login attempts:
Authenticate with: AUTH_DEFAULT
Login Password Encryption: SHA-256
Last login date: Aug 19 2016 9:06AM
Exempt inactive lock: 0
(return status = 0)
Read more...
Environment
- SAP Adaptive Server Enterprise (ASE) 15.7
- SAP Adaptive Server Enterprise (ASE) 16.0
- Granular Permissions
Product
SAP Adaptive Server Enterprise 15.7 ; SAP Adaptive Server Enterprise 16.0
Keywords
KBA , BC-SYB-ASE , Sybase ASE Database Platform (non Business Suite) , Bug Filed
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.