`

(转)SQL1092N "USER" does not have the authority to perform therequested command -

    博客分类:
  • DB2
阅读更多

http://dbaspot.com/forums/db2-udb/203214-sql1092n-user-does-not-have-authority-perform-therequested-command.html

SQL1092N "USER" does not have the authority to perform therequested command - db2-udb

This is a discussion on SQL1092N "USER" does not have the authority to perform therequested command - db2-udb ; Hi all, i have a problem with the authority feature on my machine. It keeps on saying i don't have permission to run "CREATE DATABASE" command in db2cmd. I also having permission issue opening control center. Err : SQL1092N "KONGK" ...


Home > Database Forum Other Databases db2-udb > SQL1092N "USER" does not have the authority to perform therequested command

Reply

 

Thread Tools  Display Modes 
  #1  
Old 08-03-2007, 02:30 AM
Database Bot
 
Join Date: Sep 2009
Posts: 1,236,248
Database Administrator is on a distinguished road
Default SQL1092N "USER" does not have the authority to perform therequested command

Hi all, i have a problem with the authority feature on my machine.

It keeps on saying i don't have permission to run "CREATE DATABASE" command in db2cmd. I also having permission issue opening control center.

Err :

SQL1092N "KONGK" does not have the authority to perform the requested
command.

The following is "get dbm cfg" output :

SYSADM group name (SYSADM_GROUP) = DB2ADMNS
SYSCTRL group name (SYSCTRL_GROUP) =
SYSMAINT group name (SYSMAINT_GROUP) =

I am using domain account login to windows. I have already added domain account kongk into local group DB2ADMNS and it is part of local administrator group.

Please help as i cant find any workaround on this.

Info :

DB2 UDB v8.1 for windows
Platform Windows XP Professional Edition


Can someone please advice what should i do to workaround this issue ?

Thanks in advance.




Reply With Quote
  #2  
Old 08-03-2007, 07:11 AM
Database Bot
 
Join Date: Sep 2009
Posts: 1,236,248
Database Administrator is on a distinguished road
Default Re: SQL1092N "USER" does not have the authority to perform therequested command

Hi,

If a user logs on to a domain account and tries to access a DB2 database, DB2 goes to a Domain Controller to enumerate groups (including the Administrator's group). You can change this behavior in either of two ways:

1. Set the registry variable DB2_GRP_LOOKUP = local and add the domain accounts (or global groups) to the local Administrators group.
2. Update the database manager configuration file to specify a new group. If you want that group enumerated on the local machine, then you must also set the DB2_GRP_LOOKUP registry variable.

By default in a Windows NT domain environment, only domain users that belong to the Administrators group at the Primary Domain Controller (PDC) have SYSADM authority on an instance. Since DB2 always performs authorization at the machine where the account is defined, adding a domain user to the local Administrators group on the server does not grant the domain user SYSADM authority to the group.

To avoid adding a domain user to the Administrators group at the PDC, you should create a global group and add the users (both domain and local) that you want to grant SYSADM authority. To do this, enter the following commands:

DB2STOP
DB2 UPDATE DBM CFG USING SYSADM_GROUP global_group
DB2START

Reply With Quote
  #3  
Old 08-03-2007, 11:48 AM
Database Bot
 
Join Date: Sep 2009
Posts: 1,236,248
Database Administrator is on a distinguished road
Default Re: SQL1092N "USER" does not have the authority to perform therequested command

hi elza, thanks a lot !!! it works well now. i can create database and open control center now without any problem.

Here is what i did as per your suggestion :

1. Set the registry variable DB2_GRP_LOOKUP = local and add the domain accounts (or global groups) to the local Administrators group.
- db2set DB2_GRP_LOOKUP=local ?g
2. create new group ?DB2ADMNS?
3. Add both db2admin user and domain user into DB2ADMNS group
4.Update the database manager configuration file to specify a new group.
Db2 update dbm cfg using sysadm_group DB2ADMNS
5. db2stop
6. db2start

Reply With Quote
  #4  
Old 08-04-2007, 10:32 AM
Database Bot
 
Join Date: Sep 2009
Posts: 1,236,248
Database Administrator is on a distinguished road
Default Re: SQL1092N "USER" does not have the authority to perform the requestedcommand

d9832834@yahoo.com.au wrote:
> hi elza, thanks a lot !!! it works well now. i can create database and open control center now without any problem.
>
> Here is what i did as per your suggestion :
>
> 1. Set the registry variable DB2_GRP_LOOKUP = local and add the domain accounts (or global groups) to the local Administrators group.
> - db2set DB2_GRP_LOOKUP=local ?g
> 2. create new group ?DB2ADMNS?
> 3. Add both db2admin user and domain user into DB2ADMNS group
> 4.Update the database manager configuration file to specify a new group.
> Db2 update dbm cfg using sysadm_group DB2ADMNS
> 5. db2stop
> 6. db2start
>


The only change that you needed to make was #1 (and #5, #6, of course).

Just so you understand, setting DB2_GRP_LOOKUP=local tells DB2 to
enumerate a user's group memberships on the local machine, regardless
of where (i.e. local machine or PDC) the user account was authenticated.

The purpose of this is to allow you to define group memberships in one
location. The default is somewhat confusing, because you can end up
with 2 groups (DOMAIN\group and LOCALMACHINE\group), with different
members ...

Reply With Quote
  #5  
Old 08-05-2007, 05:27 AM
Database Bot
 
Join Date: Sep 2009
Posts: 1,236,248
Database Administrator is on a distinguished road
Default Re: SQL1092N "USER" does not have the authority to perform therequested<br> command

Hi Ian, thanks for your input. I really appreciate 

It works well now in my machine.
Reply With Quote
  #6  
Old 09-28-2007, 01:22 AM
Database Bot
 
Join Date: Sep 2009
Posts: 1,236,248
Database Administrator is on a distinguished road
Default Re: SQL1092N "USER" does not have the authority to perform therequested<br> command

I have tried everything in this article and still have the problem. My environment is:
- New to DB2 Express C
- Windows XP SP2
- Signed on as domain user
- My profile is a Domain Admin
- DB2 Express C installed on my local machine
- DB2ADMINS and DB2USER are local groups
- My domain user ID as a member of DBADMINS and DBUSERS
- I did have a local user with the same name as my domain user but I have deleted it as per this article:http://publib.boulder.ibm.com/infoce...c/r0005907.htm
- Stop/Start DB2 after making the change.
- Here are my settings
C:\Program Files\IBM\SQLLIB\BIN>db2set -all
[e] DB2PATH=C:\Program Files\IBM\SQLLIB
[i] DB2_CREATE_DB_ON_PATH=ON
[i] DB2_GRP_LOOKUP=local
[i] DB2INSTPROF=C:\Program Files\IBM\SQLLIB
[i] DB2COMM=TCPIP
[g] DB2_EXTSECURITY=YES
[g] DB2PROCESSORS=0,1
[g] DB2_GRP_LOOKUP=local
[g] DB2SYSTEM=SEDGE
[g] DB2PATH=C:\Program Files\IBM\SQLLIB
[g] DB2INSTDEF=DB2
[g] DB2ADMINSERVER=DB2DAS00

Thanks
Steve
Reply With Quote
  #7  
Old 08-17-2010, 11:16 AM
Database Newbie
 
Join Date: Aug 2010
Posts: 1
Tiger_trace is on a distinguished road
Default Re: SQL1092N "USER" does not have the authority to perform therequested command

Hi Steve

I don't know if you eventually found the answer to this...?
After a lot of scratching around and trial & error, I managed to get it to work by doing the following:
1. db2set DB2_GRP_LOOKUP=LOCAL,TOKENLOCAL
2. db2stop
3. db2start

I hope that this helps you.

分享到:
评论

相关推荐

    彻底解决登录路由器的管理界面提示You have no authority to access this device的问

    给大家分析并解决了路由器后台提示“You have no authority to access this device”的原因和解决办法。

    gz-tony-spring-authority-master

    《gz-tony-spring-authority-master》项目是一个关于Spring权限管理的开源项目,它整合了Spring框架的相关技术,用于实现高效、安全的权限控制。在这个项目中,开发者Tony可能为了整理个人电脑上的资源,将其公开...

    计算机网络第六版答案

    14. If the two ISPs do not peer with each other, then when they send traffic to each other they have to send the traffic through a provider ISP (intermediary), to which they have to pay for carrying ...

    AUTHORITY-CHECK

    在SAP ABAP编程中,`AUTHORITY-CHECK`语句是用于权限检查的关键命令,它确保只有具有适当权限的用户才能执行特定操作。这个功能是SAP安全模型的重要组成部分,遵循SAP的授权概念,该概念基于对象、字段和值来定义...

    Laravel开发-authority-laravel

    "authority-laravel" 是一个专门为 Laravel 设计的授权系统,它使得在 Laravel 应用程序中管理用户权限变得更加简单和灵活。本篇文章将深入探讨 Laravel 的授权机制,并基于 "authority-laravel-master" 项目进行...

    authority-manage-system-reactor.zip

    【标题】"authority-manage-system-reactor.zip" 提供了一个基于SpringBoot、Shiro和Webflux的权限管理系统实现。这个系统旨在帮助开发者构建一个高效、安全的后台管理平台,允许用户进行权限控制和身份验证。 ...

    传智权限管家系统基于SpringCloud(Hoxton.SR3) +-itcast-authority-web.zip

    传智权限管家系统的主体部分是`itcast-authority-web`,这是一个Web应用服务,主要负责权限的管理和控制。它可能包含以下关键模块: 1. **用户管理**:系统中用户的创建、修改、删除以及角色分配等功能。通常会集成...

    NewSID(光学习一下代码就可以了,没看清楚介绍别运行)

    Note that just changing the computer name or adding the computer to a different domain does not change the computer SID and that the computer SID is not the same as the SID, called the domain SID, ...

    Laravel开发-authority-controller

    然而,当应用的权限需求变得复杂时,这些内置机制可能不够用,这就是"authority-controller"库的作用所在。 "authority-controller"库扩展了Laravel的原生权限管理功能,提供了更高级别的控制和灵活性。它允许...

    Laravel开发-authority-l4

    在 "authority-l4" 系统中,角色(Role)和权限(Permission)是两个核心概念。角色是一组特定的权限集合,而权限则定义了用户可以执行的操作。通过分配角色给用户,我们可以间接地赋予用户相应的权限。 #### 2. ...

    hdfs-command-line_Transcript.pdf

    - **URI组成**:由方案(scheme)、权威(authority)和路径(path)三部分组成。 - **支持的方案**: - `file`:表示本地文件系统。 - `hdfs`:表示HDFS文件系统。 ##### 4.3 `hadoop fs -copyFromLocal` - **...

    Laravel开发-laravel-yes-authority

    在本文中,我们将深入探讨基于Laravel框架的`laravel-yes-authority`库,它是一种用于实现精细路由授权的解决方案。Laravel是一款流行的PHP框架,以其优雅的语法和强大的功能而闻名,使得Web应用开发更为高效。`...

    a project model for the FreeBSD Project.7z

    These are usually the most active developers who are willing to spend their time not only integrating their own code but integrating code submitted by the developers who do not have this privilege....

    Joe Celko’s Trees and Hierarchies in SQL for Smarties

    *Expert advice from a noted SQL authority and award-winning columnist who has given 10 years of service to the ANSI SQL standards committee *Teaches scores of advanced techniques that can be used with...

    Realtek_WPS_user_guide.pdf

    This document is aimed to the engineers who have basic knowledge about WPS and will utilize Realtek 8xxx-SDK to develop their products. 1.3 Definitions of Wi-Fi Protected Setup terminologies (Wi-Fi ...

    对表进行任何操作都不被允许,提示SQLSTATE=57016 SQLCODE=-668 ,原因码 \"7\"的错误:SQL0668N Operation not

    这个错误的完整信息是"SQL0668N Operation not allowed.",意味着在尝试执行特定的数据库操作时,系统拒绝了这个操作。原因码“7”可能提供了更具体的错误原因,但没有提供详细描述,我们通常需要查看DB2的官方文档...

    ssh-cert-authority:SSH证书颁发机构的实现

    ssh-cert-authority介绍民主的SSH证书颁发机构。 ssh-cert-authority的运营商希望使用SSH证书来提供对其所操作服务器的细粒度访问控制,强制执行2人规则,将其证书签名密钥保持秘密,并且不需要参与实际签名即可证书...

    Authority--Huffman.Codec.zip_authority

    "Authority--Huffman.Codec.doc" 文件很可能包含了关于霍夫曼编码的详细理论介绍、算法实现、实例分析或者优化策略等内容。通过阅读这份文档,读者可以更深入地理解霍夫曼编码的工作原理,学习如何在实际项目中应用...

    From-System-authority-to-Medium-authority:渗透测试

    这可能涉及到缓冲区溢出、SQL注入、命令注入等各种技术。 3. **权限提升**:一旦获得较低级别的访问,就需要寻找方法升级权限。在Windows环境中,这可能涉及提权漏洞,如SMB漏洞、权限令牌篡改等;在Linux环境下,...

Global site tag (gtag.js) - Google Analytics