Sage SalesLogix
  • Contact Us
  • Sage North America
800-643-6400
Welcome Twitter Facebook LinkedIn
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Community Home Blogs Share Ideas Search Request Access Resources
Reply
Topic Options
rtrenado
New Member
rtrenado
Posts: 22
Registered: 02-15-2010

Is it safe to execute "GRANT VIEW ANY DEFINITION TO SYSDBA" on the database?

Options

02-11-2011 02:51 AM

Hi there, we're using task centre with our SLX implementation, and some time ago they told me to execute GRANT VIEW ANY DEFINITION TO SYSDBA on the database to fix an issue when creating triggers (task centre doesn't shows the tables of the database when logging with the sysdba user)..

But I never do that, as I'm concern about changing anything to the sysdba user, as long time ago, changing a permission to this user on the database, makes the whole application to stop..

So, is it safe to execute this? (of course, I'll make a backup prior to anything...)

Regards

Report Inappropriate Content
Message 1 of 3 (344 Views)
Reply
0 Kudos
Please use plain text.
 
RJLedger
Gold Super Contributor
RJLedger
Posts: 2,234
Registered: 03-19-2009

Re: Is it safe to execute "GRANT VIEW ANY DEFINITION TO SYSDBA" on the database?

Options

02-11-2011 06:10 AM

What you were told is exactly what needs to be done.  - We are a TaskCenter BP as well - we know ;-)

 

Now you do NOT have to use the sysdba user when doing the authentication in the TC Trigger tool. BUT if you use another (SQL) user, you would have to deal w/a host of additional (SQL) rights. Better to do it w/sysdba and get it done cleanly.

--
RJ Ledger - rjledger@rjlSystems.net

".. Stay Focused..."
http://www.rjlSystems.net - blog: www.rjlSystems.net/blog.html
Report Inappropriate Content
Message 2 of 3 (344 Views)
Reply
0 Kudos
Please use plain text.
 
Copper Super Contributor JohnHedges
Copper Super Contributor
JohnHedges
Posts: 33
Registered: 11-26-2009

Re: Is it safe to execute "GRANT VIEW ANY DEFINITION TO SYSDBA" on the database?

Options

02-11-2011 02:55 PM

"I'm concern about changing anything to the sysdba user, as long time ago, changing a permission to this user on the database, makes the whole application to stop..."

 

That was probably a case of you (or someone) assigning a server role (sysadmin or dbowner) to the SYSDBA user in SQL Server. When you do that, SQL Server assigns the "dbo" (i.e., default owner) schema to the SYSDBA user account, at which point any application that logs in with the SYSDBA account has to prefix all table references with the original schema name of each table owner (in SLX's case, this is also "SYSDBA"). Since SalesLogix isn't written so as to include those prefixes in its SQL queries, you get "object not found" errors pretty much immediately - if objects like tables aren't part of the user's default schema, they're treated as if they don't exist, unless references to them are qualified with a schema prefix.

 

You might think this is a deficiency on SLX's part, but if all table references in queries were qualified, then SLX could be run under practically any SQL Server user account, and it would actually be much less secure as a result. Anyway, it's a fairly simple explanation when you think about it, but you rarely see it explained among SalesLogix folks...

 

Anyway, explicitly granting a specific access permission (such as "View Any Definition") isn't the same as assigning a server role. Permissions like that don't affect the schema assignment, so it doesn't (or shouldn't) affect the interpretation of SQL queries (and thereby the operation of the program).

Report Inappropriate Content
Message 3 of 3 (332 Views)
Reply
0 Kudos
Please use plain text.