What privileges are needed to run this query? - intersystems-cache

I use InterSystem's cache JDBC driver to query the "database dictionary" in order to retrieve source code from classes.
I have this SQL query:
final String query = "select id, super"
+ " from %Dictionary.ClassDefinition"
+ " where System = '0'"
+ " and name not like '\\%%' escape '\\'"
+ " and deployed != 2";
Right now, the user performing this query has %All as a role, which is of course not a good thing. I try and reduce the privileges of this user to the strict minimum necessary.
I am connected to namespace SAMPLES; I have created a role, say FOO to which I have given these privileges:
%Service_SQL (U);
%DB_SAMPLES (R);
select privilege on table %Dictionary.ClassDefinition in namespace %SYS.
I have tried and given my user only this role; but it fails at execution (-99 error translated: "privilege violation"):
Exception in thread "main" java.sql.SQLException: [SQLCODE: <-99>:<Violación de privilegio >]
[Location: <Prepare>]
[%msg: <User sonar is not privileged for the operation>]
at com.intersys.jdbc.CacheConnection.getServerError(CacheConnection.java:1312)
at com.intersys.jdbc.CacheConnection.processError(CacheConnection.java:1552)
at com.intersys.jdbc.InStream.readHeader(InStream.java:164)
at com.intersys.jdbc.CachePreparedStatement.prepareInternal(CachePreparedStatement.java:633)
at com.intersys.jdbc.CachePreparedStatement.prepare(CachePreparedStatement.java:594)
at com.intersys.jdbc.CachePreparedStatement.<init>(CachePreparedStatement.java:141)
at com.intersys.jdbc.CacheConnection.prepareStatement(CacheConnection.java:1860)
at com.intersys.jdbc.CacheConnection.prepareStatement(CacheConnection.java:484)
at es.litesolutions.cacheqc.dbread.CacheDbReader.listClasses(CacheDbReader.java:47)
at es.litesolutions.cacheqc.dbread.CacheDbReader.main(CacheDbReader.java:69)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
What privileges are missing so that I can use PreparedStatements?
(Yes, I know the query above has no bind variables but other queries will have bind variables.)

And you should add access for concrete table. It is possibble to do for role or for user, in tab SQL tables. Just add table %Dictiinary.Classdefinition
To find errors in settings of permissions, you can also use Audit
You should add access for table %Dictionary.ClassDefinition from namespace SAMPLES. It is important to choose correct namespace, because you connect to SAMPLES.

Related

PostgresSQL: org.postgresql.util.PSQLException: ERROR: Unsupported startup parameter: search_path

When I try to connect to the database on postgres via jdbc, I get the following error:
org.postgresql.util.PSQLException: ERROR: Unsupported startup parameter: search_path
This is how I create the connection:
val connection = DriverManager.getConnection(profile.connection + Option(profile.catalog).getOrElse("")+ "?currentSchema="+Option(profile.schema).getOrElse(""),
profile.user, profile.password)
I use scala and a custom version of postgres.
pgbauncer
In short, pgbouncer at least my version does not work with the search_path parameter, this discussion led me to this idea. There are two ways to fix this problem:
Change the pgbouncer config file by adding
IGNORE_STARTUP_PARAMETERS: search_path
Make a connection without using the currentSchema parameter in the connection string and create connection like this:
val connection =
DriverManager.getConnection(
profile.connection + Option(profile.catalog).getOrElse(""),
profile.user, profile.password)
Then he will choose the scheme according to the rule set, in search_path, they usually set something like "$user", public, in this case, when connecting, he first tries to choose the same scheme as the user name, and if he does not find such a scheme, he chooses public.

SQL0443 error when executing a Select with a Trigger on DB2 for iSeries

I've some problem querying a db2/as400 table, let's call it TAB1. Since it was added a trigger on this table when I perform a normal SELECT (using the TAB1-key) I get the following error. Never had a problem before the trigger was created.
It's a query performed in a batch-application (Java 1.6) using Modern Batch and Spring Batch 2.1.8. No chance to update the libraries, since the program is quite old and the customers won't agree.
Anyway,I would say it's a trigger problem ( as the sql codes say) but different applications perform different SELECTs on TAB1 and they never get any similar problem.The batch perform more or less 40000 select like this, and just 300 fail with this error.
Any idea, tip, suggestion?
### Error querying database. Cause: java.sql.SQLException: [SQL0443] *N *N
### The error may exist in class path resource [eu/mycompany/el20/dq/as400/dataaccess/mappers/tab1/Tab1Mapper.xml]
### The error may involve eu.mycompany.el20.dq.as400.dataaccess.persistence.tab.Tab1Mapper.selectByExample-Inline
### The error occurred while setting parameters
### SQL: select * from TAB1 WHERE ( D10_SOC = ? and D10_COD_NDG = ? and D10_DATE = ? )
### Cause: java.sql.SQLException: [SQL0443] *N *N
; uncategorized SQLException for SQL []; SQL state [38501]; error code [-443]; [SQL0443] *N *N; nested exception is java.sql.SQLException: [SQL0443] *N *Nstack trace: org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:83)
org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
org.mybatis.spring.MyBatisExceptionTranslator.translateExceptionIfPossible(MyBatisExceptionTranslator.java:71)
org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:365)
com.sun.proxy.$Proxy120.selectList(Unknown Source)
org.mybatis.spring.SqlSessionTemplate.selectList(SqlSessionTemplate.java:195)
org.apache.ibatis.binding.MapperMethod.executeForMany(MapperMethod.java:124)
org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:90)
org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:40)
com.sun.proxy.$Proxy136.selectByExample(Unknown Source)
eu.mycompany.el20.dq.as400.crud.services.tab.BLSTab1.select(BLSTab1.java:46)
it.mycompany.xframe.dq.batch.steps.programstep.ProgramExecutor.processRecord(ProgramExecutor.java:544)
com.ibm.websphere.batch.devframework.steps.technologyadapters.GenericXDBatchStep.processRecord(GenericXDBatchStep.java:263)
com.ibm.websphere.batch.devframework.steps.technologyadapters.GenericXDBatchStep.processJobStep(GenericXDBatchStep.java:227)
com.ibm.ws.gridcontainer.batch.impl.StepManagerImpl._regularJobBatchLoop(StepManagerImpl.java:1065)
com.ibm.ws.gridcontainer.batch.impl.StepManagerImpl.executeStep(StepManagerImpl.java:390)
com.ibm.ws.gridcontainer.security.actions.ExecuteStepBatchUserPrivilegedAction.executeAction(ExecuteStepBatchUserPrivilegedAction.java:47)
com.ibm.ws.gridcontainer.security.AbstractUserPrivilegedAction.runWithoutSecurity(AbstractUserPrivilegedAction.java:66)
com.ibm.ws.gridcontainer.services.impl.WASRunUnderCredentialServiceImpl.runUnderUserCredential(WASRunUnderCredentialServiceImpl.java:134)
com.ibm.ws.gridcontainer.services.impl.WASRunUnderCredentialServiceImpl.runActionUnderUserCredential(WASRunUnderCredentialServiceImpl.java:386)
com.ibm.ws.gridcontainer.batch.impl.JobManagerImpl._sequentialStepScheduling(JobManagerImpl.java:783)
com.ibm.ws.gridcontainer.batch.impl.JobManagerImpl.executeJob(JobManagerImpl.java:199)
com.ibm.ws.batch.BatchJobControllerWork._runJob(BatchJobControllerWork.java:435)
com.ibm.ws.batch.BatchJobControllerWork.run(BatchJobControllerWork.java:241)
com.ibm.ws.asynchbeans.J2EEContext$RunProxy.run(J2EEContext.java:271)
java.security.AccessController.doPrivileged(AccessController.java:399)
com.ibm.ws.asynchbeans.J2EEContext.run(J2EEContext.java:797)
com.ibm.ws.asynchbeans.WorkWithExecutionContextImpl.go(WorkWithExecutionContextImpl.java:222)
com.ibm.ws.asynchbeans.ABWorkItemImpl.run(ABWorkItemImpl.java:206)
java.lang.Thread.run(Thread.java:790)
The text for message SQL0443 is 'Trigger program or external routine detected an error'.
I would suggest looking at the host database server job for the JDBC connection.
On the IBM i command line, run the command WRKOBJLCK OBJ(<user>) OBJTYPE(*USRPRF) (where <user> is the user profile you're using to do the JDBC connection) and find jobs named QZDASOINIT. These are the database host server jobs.
In these jobs, look at the joblog (or joblog spool file) to find the SQL0443 message ... around that message you should see what the actual error is.

Kafka connect JDBC connector

I am trying to use io.confluent.connect.jdbc.JdbcSourceConnector in bulk mode using the query .
query = select name, cast(ID as NUMBER(20,2)),status from table_name
Is this possible?
If possible am I missing something?
I am getting
exception (org.apache.kafka.connect.runtime.WorkerTask:148)
org.apache.avro.SchemaParseException: Illegal character in: CAST(IDASNUMBER(20,2))
Use an alias for the 2nd column. This alias must be the name of the target avro-field.

postgres liquibase limit diff to one schema

Goal:
I created a special login (named liquibase) which has only acces to one schema CustomerXX (the schema which I would like to compare and only this!!)
Problem:
Even with this login limited the liquibase diff operations try to read other schema (as exemple in my error obsolete_objects)
Remark:
I am studing the CustomerXX. I have another schema in the database named obsolete_objects but i am only focus on customerxx
login liquibase used ==>
GRANT all ON schema customerxx to liquibase;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA customerxx to liquibase;
no other right
My command liquibase:
liquibase.bat
--classpath="E:\Program Files\Talend-Studio\plugins\org.talend.libraries.jdbc.postgresql_5.5.1.r118616\lib\postgresql-9.2-1003.jdbc3.jar"
--driver=org.postgresql.Driver --url=jdbc:postgresql://xxxxxxxxx
--username=USERNAME
--password=PASSWORD
--defaultSchemaName=customerxx
Diff
--referenceUrl=jdbc:postgresql://yyyyyyyyyy
--referenceUsername=liquibase
--referencePassword=liquibase
--referenceDefaultSchemaName=customerxx
My error
Diff Results:
Unexpected error running Liquibase: liquibase.exception.DatabaseException:
org.postgresql.util.PSQLException: ERROR: permission denied for schema obsolete_objects Positioná: 27
Thanks in advance!

Ecpiselink NativeQuery from other schema

i would execute a simple select with eclipselink from another schema like this:
Query query = em.createNativeQuery("select * from another_schema.TABLE_NAME");
List returnList = query.getResultList();
But when i run my application i get the following error:
java.sql.SQLException: The transaction is no longer active - status: 'Marked rollback.
Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLException: The transaction is no longer active - status: 'Marked rollback. [Reason=weblogic.transaction.internal.TimedOutException: Transaction timed out after 30 seconds
BEA1-0091256F3B0B87325B62]'. No further JDBC access is allowed within this transaction.
I have privileges to run this sql command, i tried with sql developer, and it's working.
Can anybody please help me, how should I run this NativeQuery?
Thank you!
I solved this error "No further JDBC access is allowed within this transaction." by setting the transaction in Weblogic as "Local Transaction".
Just uncheck the transaction option: Supports Global Transactions