DB02 privileges on SYSIBM etc.

Former Member · ‎06-07-2006

Dear communitiy,

I've a problem with transaction DB02 after and upgrade from basis 6.20 to 7.00:

SQL0551N "SAPPSM" does not have the privilege to

perform operation "SELECT" on object

"SYSIBM.SYSDUMMY1". SQLSTATE=42501

sappsm is the connect user which is in the newly created group dbpsmmnt and in also in group sapsys.

db2 get dbm cfg:

SYSADM group name (SYSADM_GROUP) = DBPSMADM

SYSCTRL group name (SYSCTRL_GROUP) = DBPSMCTL

SYSMAINT group name (SYSMAINT_GROUP) = BPSMMNT

db2 version is 8.1 fixpak 11

also saproot.sh was executed successfully...

I don't know what more to do. I cross checked all permissions with a 6.40 system and everything I can think of is the same.

Regards,

Pascal

Former Member · ‎10-26-2007

We have the same problem. Some ideas ?

Looks like rights are missing for sapr3:

Direct DBADM authority = NO

Direct CREATE_NOT_FENC authority = NO

Direct LOAD authority = NO

Direct QUIESCE_CONNECT authority = NO

Direct CREATE_EXTERNAL_ROUTINE authority = NO

Kind regards,

Uta

Former Member · ‎06-12-2006

Hi pascal

pls issue

grant execute on Procedure SYSPROC.GET_DB_CONFIG to SAP<sapsid>

(or to PUBLIC )

Best regards

dirk

Former Member · ‎06-12-2006

Hi Pascal

pls issue

select * from syscat.routineauth where schema='SYSPROC' and specificname='GET_DB_CONFIG'

Best regards

dirk

Former Member · ‎06-08-2006

Hi Pascal

the standard is select authority for public on SYSIBM.SYSDUMMY1 which was somehow revoked on your System .

Only with SYSADM you gain access to this table without proper permissions.

To restore the Privileges on SYSIBM.SYSDUMMY1 issue

GRANT SELECT ON SYSIBM.SYSDUMMY1 TO PUBLIC

So you could perform the Select on this table without being SYSADM

>>>snip<<<

but it's the same result on a system where it works...

>>>unsnip<<<

Maybe there is no select on that table in DB02 on that System .

You could check , if this system would also be affected , when you connect to the mentioned System as sap<sapsid> as above .

Check that you have only SYSMAINT Authority .

Issue

Select * from sysibm.sysdummy1

Without the Grant, this should give you the same results as above .

db2 'select * from sysibm.sysdummy1'

SQL0551N "SAPxxx" does not have the privilege to perform operation "SELECT"

on object "SYSIBM.SYSDUMMY1". SQLSTATE=42501

Hth

Best regards

Dirk

Former Member · ‎06-08-2006

Hi Pascal

what gives

select GRANTOR,GRANTEE,SELECTAUTH from syscat.tabauth where tabname='SYSDUMMY1' and TABSCHEMA='SYSIBM'

?

Best regards

dirk

Former Member · ‎06-07-2006

Hi Pascal

Please perform the following steps for Diagnosis

1. Logon to the Database Server as user db2<dbsid>

2. Connect to your Database as user sap<sapsid>

issue

db2 connect to psm user sappsm

then issue

db2 get authorizations

3. Please verify , that you have

>>>snip<<<

Indirect SYSMAINT authority = YES

>>>unsnip<<<

Could you please provide the results

Best regards

dirk

Frank-Martin · ‎06-07-2006

Hi Pascal,

could this be a type in the group name in dbm cfg?

You wrote on OS level user sappsm is in group dbpsmmnt which does not match the configured SYSMAINT_GROUP .

SYSMAINT group name (SYSMAINT_GROUP) = BPSMMNT

Regards

Frank

DB02 privileges on SYSIBM etc.

Accepted Solutions (0)

Answers (7)

Answers (7)

Re: IAS as proxy

Re: cloud connector

Re: SAP Cloud Identity Services

Corporate Git Setup on SAP BTP versus connecting t...

Re: Shadow user in BTP