[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | DBSTARS Conference |
|
| Moderator: | BROKE::BASTINE |
|
| Created: | Wed Feb 02 1994 |
| Last Modified: | Thu Jun 05 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 791 |
| Total number of notes: | 1521 |
771.0. "RDB-F-UNX_RCI, RCI call rdb_set_auth" by BROKE::BITHER () Tue Apr 22 1997 18:12
Try with connect servicename and then write article.
<<< NOMAHS::DISK$NOMAHS1:[NOTES$LIBRARY]DBINTEGRATOR_PUBLIC.NOTE;2 >>>
-< DB Integrator Public Conference >-
================================================================================
Note 1136.0 SQS database service priv prob with DO 10 replies
chsr38.ch.oracle.com::ROHR "The Packers did it!" 52 lines 24-MAR-1997 05:22
--------------------------------------------------------------------------------
Please see Sql Services notesfile 2173.
I am unable to get an SQl Services executor started with a database
service doing attach /type=dbi/dbname=bla and connect user
authorization.
However, with an universal server (no preattach) this works. The Sql
Services service owner is SQLSRV$DEFLT and has SELECT in the physical
database. I also granted Rdb$trusted_user to SQLSRv$DEFLT as suggested
in the Sql Services notesfile. After I granted SELECT (and DBADM) on
the logical database to SQLSRV$DEFLT, I get a different error message on
the client.
RDB-F-UNS_RCI, RCI call rdb_set_authorization is not supported by
Database Integrator.
The executor log file says:
Executing command: @SYS$COMMON:[SYSLIB]RDB$SETVER.COM;7 7.0 REMOTE
SQLSRV
$ ARG1 = "SQLSRV_70000"
$ ARG2 = "1:1:63504"
$ ARG3 = "SYS$SYSDEVICE:[SQLSRV$DEFLT]SQS_CHSR38_GBS00P000170.LOG;"
$ ARG4 = ""
$ ARG5 = ""
$ ARG6 = "070000"
$ DBS$IMAGE_SYMBOL := $SYS$SYSTEM:sqlsrv_exec70.exe
$ DBS$IMAGE_SYMBOL "SQLSRV_70000" "1:1:63504"
"SYS$SYSDEVICE:[SQLSRV$DEFLT]SQ
S_CHSR38_GBS00P000170.LOG;" "" "" "070000"
------------EVENT BEGIN: EVENT_LOG at Mon Mar 24 1997
10:37:16.429-------------
%SQLSRV-I-EVENT_LOG, event logged at line 1992 in file SRVEXE.C;1
%SQLSRV-E-ERRATTACHDB, Error attaching to database during executor
initialization
%SQLSRV-I-EXECSQLERRSTM, SQL statement: attach 'filename
/type=dbi/dbname=w2:[pmslogs.log73552]gbs_do'
%SQLSRV-I-EXECSQLERRSTS, SQLCODE: -1028, SQLERRD array: [0]=0, [1]=0,
[2]=0
%SQLSRV-I-EXECSQLERRMSG, SQL error message:
%RDB-E-NO_PRIV, privilege denied by database facility
-DBI-F-PRIVVIO, Privilege violation encountered for current DBI
database user SQLSRV$DEFLT
Can the DO gurus help me in setting this up?
Thanks,
Regina
================================================================================
Note 1136.1 SQS database service priv prob with DO 1 of 10
chsr38.ch.oracle.com::ROHR "The Packers did it!" 7 lines 24-MAR-1997 09:55
--------------------------------------------------------------------------------
If this is not supported in DBI are there any plans to support it? The
customer would really like to use this once they go in production, so I
would need to know what I can do to make this happen (product manager,
enhancement bug...).
Thanks,
Regina
================================================================================
Note 1136.2 SQS database service priv prob with DO 2 of 10
BROKE::ABUGOV 11 lines 25-MAR-1997 09:03
-< Not sure what is happening... >-
--------------------------------------------------------------------------------
Hi Christina,
I'm not exactly sure what is happening with this rci request. Could
you define dbi_trace_flags to be "rci,exceptions,errors" and
dbi_trace_output to be a file that you can provide a pointer to (or it
it is short, post it).
Thanks,
Dan
================================================================================
Note 1136.3 SQS database service priv prob with DO 3 of 10
chsr38.ch.oracle.com::ROHR "The Packers did it!" 172 lines 25-MAR-1997 14:15
-< The trace output >-
--------------------------------------------------------------------------------
$ DELETE/SYMBOL/ALL
$ VRFY_SAVE = F$VERIFY(1)
$ DELETE SYS$SYSDEVICE:[SQLSRV$DEFLT]SQS_CHSR38_GBS00P000170.COM;1
$ DEFINE SQS$DBSERVER TRUE
$ DEFINE SYS$LOGIN "SYS$SYSDEVICE:[SQLSRV$DEFLT]"
$ SET DEFAULT SYS$LOGIN
$ DEFINE SYS$SCRATCH "SYS$SYSDEVICE:[SQLSRV$DEFLT]"
$ TMP = F$VERIFY(0)
Executing command: @SYS$COMMON:[SYSLIB]SQLSRV_SETVER.COM;2 7.0
Executing command: @SYS$COMMON:[SYSLIB]RDB$SETVER.COM;8 7.0 REMOTE SQLSRV
$ ARG1 = "SQLSRV_70000"
$ ARG2 = "1:1:245776"
$ ARG3 = "SYS$SYSDEVICE:[SQLSRV$DEFLT]SQS_CHSR38_GBS00P000170.LOG;"
$ ARG4 = ""
$ ARG5 = ""
$ ARG6 = "070000"
$ DBS$IMAGE_SYMBOL := $SYS$SYSTEM:sqlsrv_exec70.exe
$ DBS$IMAGE_SYMBOL "SQLSRV_70000" "1:1:245776" "SYS$SYSDEVICE:[SQLSRV$DEFLT]SQS_CHSR38_GBS00P000170.LOG;" "" "" "070000"
Unable to create trace output file 38_W2:[ROHR]DBI.LOG
. Trace output will be redirected to the terminal.8��
---EVENT BEG: RCI ------------------------------ Tue Mar 25 20:11:17.240 1997---
Entering FD_ATTACH_DATABASE
Input parameters:
DB Name :
utl_string_desc_t: (0x7EE27D10 : 2128772368):
length = 47
ptr -> "/type=dbi/dbname=38_w2:[pmslogs.log73552]gbs_do"
DB Handle : 00000000
DPB Length : 16 (0x00000010)
Security info length : 0 (0x00000000)
Database Parameter Block:
DPB_VERSION2
FACILITY_ALL
DPB2_DBKEY_SCOPE
DPB_DBKEY_SCOPE_TRANS
FACILITY_ALL
DPB2_REQUEST_SCOPE
DPB2_REQUEST_SCOPE_ATTACH
FACILITY_RDB_VMS
DPB2_CDD_MAINTAINED
---EVENT END: RCI ------------------------------ Tue Mar 25 20:11:17.350 1997---
---EVENT BEG: RCI ------------------------------ Tue Mar 25 20:11:26.380 1997---
Exiting FD_ATTACH_DATABASE
Output parameters:
DB Handle : 00010001
---EVENT END: RCI ------------------------------ Tue Mar 25 20:11:26.380 1997---
---EVENT BEG: RCI ------------------------------ Tue Mar 25 20:11:26.610 1997---
Entering FD_EXTENSION
Input parameters:
Extension index : 20
Handle : 00010001
Handle type : 1
Input buffer length : 22 (0x0016)
Result buffer length : 24 (0x0018)
Entering function PARSE_SET_TRANS
Input Buffer:
DEFAULT_TPB
Tpb_length: 2
MODULE_NAME
Name_length: 13
INFO_END
Entering function FD_PARSE_TPB
VERSION
WRITE
Exiting function FD_PARSE_TPB
Exiting function PARSE_SET_TRANS
---EVENT END: RCI ------------------------------ Tue Mar 25 20:11:26.690 1997---
---EVENT BEG: RCI ------------------------------ Tue Mar 25 20:11:26.730 1997---
Exiting FD_EXTENSION
---EVENT END: RCI ------------------------------ Tue Mar 25 20:11:26.730 1997---
---EVENT BEG: RCI ------------------------------ Tue Mar 25 20:11:26.740 1997---
Entering FD_DATABASE_INFO
Input parameters:
DB Handle : 00010001
Item list length : 5 (0x0005)
Result buffer length : 256 (0x0100)
Item list buffer:
DB_IMPLEMENTATION
3 1 23 1
DB_VERSION
13 1
11 "DBI V7.0-00"
DB_MULTISCHEMA
1 0
DB_CSET
12 CSET_DEC_MCS CSET_DEC_MCS CSET_DEC_MCS
INFO_END
---EVENT END: RCI ------------------------------ Tue Mar 25 20:11:26.760 1997---
---EVENT BEG: RCI ------------------------------ Tue Mar 25 20:11:26.760 1997---
Exiting FD_DATABASE_INFO
---EVENT END: RCI ------------------------------ Tue Mar 25 20:11:26.760 1997---
---EVENT BEG: RCI ------------------------------ Tue Mar 25 20:11:28.560 1997---
Entering FD_EXTENSION
Input parameters:
Extension index : 20
Handle : 00010001
Handle type : 1
Input buffer length : 22 (0x0016)
Result buffer length : 24 (0x0018)
Entering function PARSE_SET_TRANS
Input Buffer:
DEFAULT_TPB
Tpb_length: 2
MODULE_NAME
Name_length: 13
INFO_END
Entering function FD_PARSE_TPB
VERSION
WRITE
Exiting function FD_PARSE_TPB
Exiting function PARSE_SET_TRANS
---EVENT END: RCI ------------------------------ Tue Mar 25 20:11:28.640 1997---
---EVENT BEG: RCI ------------------------------ Tue Mar 25 20:11:28.640 1997---
Exiting FD_EXTENSION
---EVENT END: RCI ------------------------------ Tue Mar 25 20:11:28.640 1997---
------------EVENT BEGIN: EVENT_LOG at Tue Mar 25 1997 20:11:28.901-------------
%SQLSRV-I-EVENT_LOG, event logged at line 2387 in file SRVEXE.C;1
%SQLSRV-E-LWCCONNERRUSER, Error creating a SQL connect for username: ROHR
%RDB-F-UNS_RCI, RCI call rdb_set_authorization is not supported by DataBase Integrator
------------EVENT END : EVENT_LOG at Tue Mar 25 1997 20:11:28.929-------------
------------EVENT BEGIN: EVENT_LOG at Tue Mar 25 1997 20:13:25.838-------------
%SQLSRV-I-EVENT_LOG, event logged at line 9088 in file CMD.C;1
%SQLSRV-I-SM_EXECSHUT, Shutting down executor GBS00P0001
------------EVENT END : EVENT_LOG at Tue Mar 25 1997 20:13:25.864-------------
---EVENT BEG: RCI ------------------------------ Tue Mar 25 20:13:25.900 1997---
Entering FD_DETACH_DATABASE
Input parameters:
DB Handle : 00010001
---EVENT END: RCI ------------------------------ Tue Mar 25 20:13:25.900 1997---
---EVENT BEG: RCI ------------------------------ Tue Mar 25 20:13:26.260 1997---
Exiting FD_DETACH_DATABASE
---EVENT END: RCI ------------------------------ Tue Mar 25 20:13:26.260 1997---
SQLSRV$DEFLT job terminated at 25-MAR-1997 20:13:26.95
Accounting information:
Buffered I/O count: 433 Peak working set size: 21344
Direct I/O count: 292 Peak page file size: 108464
Page faults: 2609 Mounted volumes: 0
Charged CPU time: 0 00:00:02.76 Elapsed time: 0 00:02:17.65
================================================================================
Note 1136.4 SQS database service priv prob with DO 4 of 10
chsr38.ch.oracle.com::ROHR "The Packers did it!" 10 lines 1-APR-1997 09:18
-< Any news? >-
--------------------------------------------------------------------------------
Any news on this?
Is is normal that it doesn't work? If yes what can I do to get this
feature?
If it is not normal then please advise if I have to open a bug.
Thanks,
Regina
================================================================================
Note 1136.5 SQS database service priv prob with DO 5 of 10
BROKE::ABUGOV 9 lines 2-APR-1997 12:23
-< being looked at >-
--------------------------------------------------------------------------------
Hi Regina,
Someone is looking at this (but they have other development
deliverables too so please bear with us).
Thanks,
dan
================================================================================
Note 1136.6 SQS database service priv prob with DO 6 of 10
BROKE::BITHER 30 lines 2-APR-1997 16:58
-< Recreated on our system here. >-
--------------------------------------------------------------------------------
Hi Regina,
DBI v7.00
Rdb v7.0-01
SQL/Serv v7.00
I was able to recreate your problem today exactly as you described.
I don't think it is possible at this time to attach to a dbi database
using a v7 database class service.
What works:
generic service - to an Rdb database.
generic service - to a DBI database.
database class service - to an Rdb database.
What fails:
database class service - to a DBI database.
Fails with the error:
[Oracle][ODBC][Rdb]%RDB-F-UNS-RCI, RCI call rdb_set_authorization is
not supported by DataBase Integrator (#-1)
I have everything configured on our system here which is the same
system engineering (see previous reply) is using to work on this problem
so am sending them the configuration info.
Diane
================================================================================
Note 1136.7 SQS database service priv prob with DO 7 of 10
CHSR38::RROHR "Cajun? Zeydeco? Both!" 4 lines 14-APR-1997 05:33
-< Bug 478294 >-
--------------------------------------------------------------------------------
Customer wants to use this in production, so he needs to know if this
is a restriction or if this is a bug with a possible fix.
Bug 478294
/Regina
================================================================================
Note 1136.8 SQS database service priv prob with DO 8 of 10
BROKE::ABUGOV 13 lines 14-APR-1997 09:21
-< It is a restriction at this time... >-
--------------------------------------------------------------------------------
Hi Regina,
The supported method for connecting using Rdb and a database class
service is not available in DBI (it is a restriction).
We are trying to determine why when the security mechanism was
circumvented the unsupported RCI message was returned. That is the
what we are looking at at this point in time.
Sorry,
Dan
================================================================================
Note 1136.9 SQS database service priv prob with DO 9 of 10
CHSR38::RROHR "Cajun? Zeydeco? Both!" 22 lines 14-APR-1997 11:50
--------------------------------------------------------------------------------
Hi Dan,
>>The supported method for connecting using Rdb and a database class
^^^^^^^^^
>>service is not available in DBI (it is a restriction).
Is there an unsupported method? Just in case. ;-)
>>We are trying to determine why when the security mechanism was
>>circumvented the unsupported RCI message was returned. That is the
>>what we are looking at at this point in time.
I don't feel I have circumvented security mechanisms?
Is the restriction documented somewhere so that I can at least show a
piece of paper or documentation to this unhappy fellow?
As it is a restriction, will it be lifted?
Thanks,
Regina
================================================================================
Note 1136.10 SQS database service priv prob with DO 10 of 10
BROKE::ABUGOV 37 lines 15-APR-1997 09:02
-< I wish I could make him happy... >-
--------------------------------------------------------------------------------
Hi Regina,
The mechanism used by SQL Services to attach to rdb database class
servers was invented and implemented by those groups. I thought I read
in the SQL Services notes file a warning about the work-around you have
implemented regarding security and granting the rights identifier to
a user accessing the dbi database (I could have misinterpreted it though).
At this point it is a restriction, undocumented because we just found
out about it with "this unhappy fellow".
Sorry,
Dan
<<< NOMAHS::DISK$NOMAHS1:[NOTES$LIBRARY]SQL_SERVICES.NOTE;1 >>>
-< SQL/Services Forum >-
================================================================================
Note 2173.9 Database service priv problem with DO 9 of 9
ORASQS::OXBURY "Oracle Corporation, Rdb Desktop Gro" 14 lines 24-MAR-1997 09:45
-< DON'T grant that Ident to any accnts/feature not supported by DB >-
--------------------------------------------------------------------------------
The previous note I entered was an attempt to briefly describe the
INTERNALS that SQL/Services uses to handle database services with
database authorization by connect user, so as to explain that as far as
I know, DBI, does NOT support the interface that Rdb provides to
SQL/Services to support database services with database authorization
by connect user. In this respect, RDB$TRUSTED_USER is an identifier
that SQL/Services dynamically and automatically grants to executor
PROCESSES for database services with database authorization by connect
user; its not something that customers have to deal with. DO NOT grant
this identify to any account; doing so will allow that account to do
anything with any database on your system, given the knowledge of how
to do it.
Si
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 771.1 | Final - Sent to Mem 5/21/97 | BROKE::BITHER | | Wed May 21 1997 09:21 | 61 |
| From: BROKE::BITHER "Please reply to [email protected]" 21-MAY-1997 08:20:28.46
To: MEMORMAN
CC: BITHER
Subj: New STARS article
TITLE: %RDB-F-UNS-RCI Using Database Service with Distributed Option
PRODUCT: Distributed Option 7.*
RELATED
PRODUCTS: SQL/Services 7.*
OP/SYS: OpenVMS VAX, OpenVMS AXP
SOURCE: Oracle Worldwide Customer Support
PROBLEM:
Distributed Option v7.00
Rdb v7.0-01
SQL/Services v7.00
Attaching to a Distributed Option database using a database service with
authorization by connect user fails with:
[Oracle][ODBC][Rdb]%RDB-F-UNS-RCI, RCI call rdb_set_authorization
is not supported by DataBase Integrator (#-1)
What works:
Generic service authorization by either connect username or service
name - to an Rdb database.
Generic service authorization by either connect username or service
name - to a Distributed Option database.
Database service authorization by either connect username or
service name - to an Rdb database.
Database service authorization by service name only - to a Distributed
Option database.
What fails:
Database service authorization by connect username - to a Distributed
Option database.
SOLUTION:
This is a restriction. Use either a generic service where authorization is by
either service name or connect username, or use a database service where
authorization is by service name only to access a distributed option database
from SQL/Services.
\
\ CONTRIBUTORS:
\
\ Technical: Diane Bither
|