jhwang@CS.UCLA.EDU (07/07/89)
I had the following permission problem while runnung ingres/star : I created a database navyd at one site : ipswich. The following permission problem occurs when I tried to remotely retrieve relation "ship" from other node : 3500: No permission for RETRIEVE on table ship 26002: Above error from Node: IPSWICH Database: IINAVYD Has anyone has the similar problem before ? Also, ingres star does not recognize "define permit" command. I'd appreciate if someone can tell me how this permission problem can be solved.
robf@squid.rtech.com (Robert Fair) (07/07/89)
jhwang@CS.UCLA.EDU () writes: > >I had the following permission problem while runnung ingres/star : > >I created a database navyd at one site : ipswich. The following >permission problem occurs when I tried to remotely retrieve >relation "ship" from other node : > >3500: No permission for RETRIEVE on table ship >26002: Above error from Node: IPSWICH Database: IINAVYD > >Has anyone has the similar problem before ? >Also, ingres star does not recognize "define permit" command. > The crucial concept here is that INGRES/STAR respects the autonomy of local databases - this means that if you can't access data locally then you can't access it through Star either (this stops any potential security loopholes at the local site.) As a result: - Permits are defined at the LOCAL level, not the Star level. - When Star logs into a local database (usually through INGRES/NET) the effective local user has to have appropriate access permissions. To give an example, user 'fred' on machine 'central' is accessing a Star database with links to table 'info' in database 'infodb' on node 'infonode'. When Fred issues a query on 'info' Star fires up a backend on 'infonode' to run the query, using INGRES/NET for data transfer. To run the backend there has to be an effective rlogin running on 'infonode', with an assocoiated username. This username is set by INGRES/NET and is defined by "ingnetdef" utility, which basically says: "Whenever you login to machine "x", use username "y" with password "zzz" ("x","y" and "zzz" are settable by Fred on his 'central' node). The net result of all this is if username "y" has been setup as an INGRES user without any permits then the local backend on 'infonode' will not allow him/her to access the data, and you'll get the above error. A couple of suggestions to avoid this kind of problem: 1) Make sure the NET login information (ingnetdef) is accurate. 2) Make sure the remote login has the appropriate local permits. BTW, in INGRES 6.2 STAR there is a nice new command to allow commands to be passed directly to the local DBMS: DIRECT CONNECT WITH NODE='infonode', DATABASE='infodb', DBMS='ingres'; /* ... */ GRANT SELECT ON info TO PUBLIC; /* ... */ DIRECT DISCONNECT When in DIRECT mode Star doesn't interpret the commands, so you can use any features specific to that local DBMS (which may or may not be INGRES) There is a similar DIRECT EXECUTE IMMEDIATE statement for running single commands. Robert Fair Technical Support Relational Technology, Inc
bg0l+@andrew.cmu.edu (Bruce E. Golightly) (07/07/89)
Haven't seen that particular error before, but...... What permits are in force on the remote table SHIP? It sounds like there may be some protection in place on the table via the local data base that is keeping you out when you try to get in trough the ddb. Try setting an appropriate permission on SHIP from the local data base. Bruce