SQL1092N "USER" does not have the authority to perform therequested command - db2-udb
This is a discussion on SQL1092N "USER" does not have the authority to perform therequested command - db2-udb ; Hi all, i have a problem with the authority feature on my machine. It keeps on saying i don't have permission to run "CREATE DATABASE" command in db2cmd. I also having permission issue opening control center. Err : SQL1092N "KONGK" ...
08-03-2007, 02:30 AM
|
Database Bot
|
|
Join Date: Sep 2009
Posts: 1,236,248
|
|
SQL1092N "USER" does not have the authority to perform therequested command
Hi all, i have a problem with the authority feature on my machine. It keeps on saying i don't have permission to run "CREATE DATABASE" command in db2cmd. I also having permission issue opening control center. Err : SQL1092N "KONGK" does not have the authority to perform the requested command. The following is "get dbm cfg" output : SYSADM group name (SYSADM_GROUP) = DB2ADMNS SYSCTRL group name (SYSCTRL_GROUP) = SYSMAINT group name (SYSMAINT_GROUP) = I am using domain account login to windows. I have already added domain account kongk into local group DB2ADMNS and it is part of local administrator group. Please help as i cant find any workaround on this. Info : DB2 UDB v8.1 for windows Platform Windows XP Professional Edition Can someone please advice what should i do to workaround this issue ? Thanks in advance.
|
08-03-2007, 07:11 AM
|
Database Bot
|
|
Join Date: Sep 2009
Posts: 1,236,248
|
|
Re: SQL1092N "USER" does not have the authority to perform therequested command
Hi,
If a user logs on to a domain account and tries to access a DB2 database, DB2 goes to a Domain Controller to enumerate groups (including the Administrator's group). You can change this behavior in either of two ways:
1. Set the registry variable DB2_GRP_LOOKUP = local and add the domain accounts (or global groups) to the local Administrators group. 2. Update the database manager configuration file to specify a new group. If you want that group enumerated on the local machine, then you must also set the DB2_GRP_LOOKUP registry variable.
By default in a Windows NT domain environment, only domain users that belong to the Administrators group at the Primary Domain Controller (PDC) have SYSADM authority on an instance. Since DB2 always performs authorization at the machine where the account is defined, adding a domain user to the local Administrators group on the server does not grant the domain user SYSADM authority to the group.
To avoid adding a domain user to the Administrators group at the PDC, you should create a global group and add the users (both domain and local) that you want to grant SYSADM authority. To do this, enter the following commands:
DB2STOP DB2 UPDATE DBM CFG USING SYSADM_GROUP global_group DB2START
|
08-03-2007, 11:48 AM
|
Database Bot
|
|
Join Date: Sep 2009
Posts: 1,236,248
|
|
Re: SQL1092N "USER" does not have the authority to perform therequested command
hi elza, thanks a lot !!! it works well now. i can create database and open control center now without any problem.
Here is what i did as per your suggestion :
1. Set the registry variable DB2_GRP_LOOKUP = local and add the domain accounts (or global groups) to the local Administrators group. - db2set DB2_GRP_LOOKUP=local ?g 2. create new group ?DB2ADMNS? 3. Add both db2admin user and domain user into DB2ADMNS group 4.Update the database manager configuration file to specify a new group. Db2 update dbm cfg using sysadm_group DB2ADMNS 5. db2stop 6. db2start
|
08-04-2007, 10:32 AM
|
Database Bot
|
|
Join Date: Sep 2009
Posts: 1,236,248
|
|
Re: SQL1092N "USER" does not have the authority to perform the requestedcommand
d9832834@yahoo.com.au wrote: > hi elza, thanks a lot !!! it works well now. i can create database and open control center now without any problem. > > Here is what i did as per your suggestion : > > 1. Set the registry variable DB2_GRP_LOOKUP = local and add the domain accounts (or global groups) to the local Administrators group. > - db2set DB2_GRP_LOOKUP=local ?g > 2. create new group ?DB2ADMNS? > 3. Add both db2admin user and domain user into DB2ADMNS group > 4.Update the database manager configuration file to specify a new group. > Db2 update dbm cfg using sysadm_group DB2ADMNS > 5. db2stop > 6. db2start >The only change that you needed to make was #1 (and #5, #6, of course). Just so you understand, setting DB2_GRP_LOOKUP=local tells DB2 to enumerate a user's group memberships on the local machine, regardless of where (i.e. local machine or PDC) the user account was authenticated. The purpose of this is to allow you to define group memberships in one location. The default is somewhat confusing, because you can end up with 2 groups (DOMAIN\group and LOCALMACHINE\group), with different members ...
|
08-05-2007, 05:27 AM
|
Database Bot
|
|
Join Date: Sep 2009
Posts: 1,236,248
|
|
Re: SQL1092N "USER" does not have the authority to perform therequested<br> command
Hi Ian, thanks for your input. I really appreciate It works well now in my machine.
|
09-28-2007, 01:22 AM
|
Database Bot
|
|
Join Date: Sep 2009
Posts: 1,236,248
|
|
Re: SQL1092N "USER" does not have the authority to perform therequested<br> command
I have tried everything in this article and still have the problem. My environment is: - New to DB2 Express C - Windows XP SP2 - Signed on as domain user - My profile is a Domain Admin - DB2 Express C installed on my local machine - DB2ADMINS and DB2USER are local groups - My domain user ID as a member of DBADMINS and DBUSERS - I did have a local user with the same name as my domain user but I have deleted it as per this article: http://publib.boulder.ibm.com/infoce...c/r0005907.htm- Stop/Start DB2 after making the change. - Here are my settings C:\Program Files\IBM\SQLLIB\BIN>db2set -all [e] DB2PATH=C:\Program Files\IBM\SQLLIB [i] DB2_CREATE_DB_ON_PATH=ON [i] DB2_GRP_LOOKUP=local [i] DB2INSTPROF=C:\Program Files\IBM\SQLLIB [i] DB2COMM=TCPIP [g] DB2_EXTSECURITY=YES [g] DB2PROCESSORS=0,1 [g] DB2_GRP_LOOKUP=local [g] DB2SYSTEM=SEDGE [g] DB2PATH=C:\Program Files\IBM\SQLLIB [g] DB2INSTDEF=DB2 [g] DB2ADMINSERVER=DB2DAS00 Thanks Steve
|
08-17-2010, 11:16 AM
|
Database Newbie
|
|
Join Date: Aug 2010
Posts: 1
|
|
Re: SQL1092N "USER" does not have the authority to perform therequested command
Hi Steve
I don't know if you eventually found the answer to this...? After a lot of scratching around and trial & error, I managed to get it to work by doing the following: 1. db2set DB2_GRP_LOOKUP=LOCAL,TOKENLOCAL 2. db2stop 3. db2start
I hope that this helps you.
|
分享到:
相关推荐
给大家分析并解决了路由器后台提示“You have no authority to access this device”的原因和解决办法。
《gz-tony-spring-authority-master》项目是一个关于Spring权限管理的开源项目,它整合了Spring框架的相关技术,用于实现高效、安全的权限控制。在这个项目中,开发者Tony可能为了整理个人电脑上的资源,将其公开...
14. If the two ISPs do not peer with each other, then when they send traffic to each other they have to send the traffic through a provider ISP (intermediary), to which they have to pay for carrying ...
在SAP ABAP编程中,`AUTHORITY-CHECK`语句是用于权限检查的关键命令,它确保只有具有适当权限的用户才能执行特定操作。这个功能是SAP安全模型的重要组成部分,遵循SAP的授权概念,该概念基于对象、字段和值来定义...
"authority-laravel" 是一个专门为 Laravel 设计的授权系统,它使得在 Laravel 应用程序中管理用户权限变得更加简单和灵活。本篇文章将深入探讨 Laravel 的授权机制,并基于 "authority-laravel-master" 项目进行...
【标题】"authority-manage-system-reactor.zip" 提供了一个基于SpringBoot、Shiro和Webflux的权限管理系统实现。这个系统旨在帮助开发者构建一个高效、安全的后台管理平台,允许用户进行权限控制和身份验证。 ...
在Ubuntu 9.10操作系统中,用户可能会遇到“Could not update ICEauthority file”的错误,这是一个与图形界面登录相关的权限问题。ICEauthority文件是X Window System中用于存储认证信息的文件,它允许用户无须反复...
传智权限管家系统的主体部分是`itcast-authority-web`,这是一个Web应用服务,主要负责权限的管理和控制。它可能包含以下关键模块: 1. **用户管理**:系统中用户的创建、修改、删除以及角色分配等功能。通常会集成...
Note that just changing the computer name or adding the computer to a different domain does not change the computer SID and that the computer SID is not the same as the SID, called the domain SID, ...
然而,当应用的权限需求变得复杂时,这些内置机制可能不够用,这就是"authority-controller"库的作用所在。 "authority-controller"库扩展了Laravel的原生权限管理功能,提供了更高级别的控制和灵活性。它允许...
在 "authority-l4" 系统中,角色(Role)和权限(Permission)是两个核心概念。角色是一组特定的权限集合,而权限则定义了用户可以执行的操作。通过分配角色给用户,我们可以间接地赋予用户相应的权限。 #### 2. ...
- **URI组成**:由方案(scheme)、权威(authority)和路径(path)三部分组成。 - **支持的方案**: - `file`:表示本地文件系统。 - `hdfs`:表示HDFS文件系统。 ##### 4.3 `hadoop fs -copyFromLocal` - **...
在本文中,我们将深入探讨基于Laravel框架的`laravel-yes-authority`库,它是一种用于实现精细路由授权的解决方案。Laravel是一款流行的PHP框架,以其优雅的语法和强大的功能而闻名,使得Web应用开发更为高效。`...
microsoft-root-certificate-authority microsoft-root-certificate-authoritymicrosoft-root-certificate-authoritymicrosoft-root-certificate-authoritymicrosoft-root-certificate-authoritymicrosoft-root-...
These are usually the most active developers who are willing to spend their time not only integrating their own code but integrating code submitted by the developers who do not have this privilege....
*Expert advice from a noted SQL authority and award-winning columnist who has given 10 years of service to the ANSI SQL standards committee *Teaches scores of advanced techniques that can be used with...
This document is aimed to the engineers who have basic knowledge about WPS and will utilize Realtek 8xxx-SDK to develop their products. 1.3 Definitions of Wi-Fi Protected Setup terminologies (Wi-Fi ...
这个错误的完整信息是"SQL0668N Operation not allowed.",意味着在尝试执行特定的数据库操作时,系统拒绝了这个操作。原因码“7”可能提供了更具体的错误原因,但没有提供详细描述,我们通常需要查看DB2的官方文档...
ssh-cert-authority介绍民主的SSH证书颁发机构。 ssh-cert-authority的运营商希望使用SSH证书来提供对其所操作服务器的细粒度访问控制,强制执行2人规则,将其证书签名密钥保持秘密,并且不需要参与实际签名即可证书...