root authentication

[francesco]

I'm new on Progress and OpenEdge. I have a problem with the connection and authentication. I have a server with progress database in the db and there are 3 users. "a", "b" and root. User "to" I know the password and can not connect to the database remotely with the odbc driver (OpenEdge 10.1c). the user is read-only so I can not make changes to the db. user "b" do not know the password. I just root and I understand that should correspond to the root user of the operating system (redhat 6). I know the root password of the operating system, but even so I can not connect to the database remotely. septum when the odbc driver and insert the OpenEdge root user name and password gives me access denied error (or something similar). Could someone help me please. It 'possible that the root user is allowed only from the machine on which you installed progress?
Thanks in advance
hi
sorry for my english

 

[RealHeavyDude]

There are only 1.5 users that can access an OpenEdge database via the SQL engine out-of-the-box: The user which created the database ( does not necessarily have to be root ) and the other is the special user SYSPROGRESS which you must add to the user table via the 4GL engine in order to be able to use. Only from there you can grant futher SQL privileges to existing 4GL users and create new SQL users.

Having a root user defined in the 4GL user table does not automatically mean that you can use it to access the database via the SQL engine with it.

You might want to have a look at http://knowledgebase.progress.com/articles/Article/20143/p.

Background information: Progress distinguished between 4GL and SQL security. Most prominently philosophically: 4GL revoke vs. SQL grant.

Heavy Regards, RealHeavyDude.

 

[francesco]

There are only 1.5 users that can access an OpenEdge database via the SQL engine out-of-the-box: The user which created the database ( does not necessarily have to be root ) and the other is the special user SYSPROGRESS which you must add to the user table via the 4GL engine in order to be able to use. Only from there you can grant futher SQL privileges to existing 4GL users and create new SQL users.

Having a root user defined in the 4GL user table does not automatically mean that you can use it to access the database via the SQL engine with it.

You might want to have a look at http://knowledgebase.progress.com/articles/Article/20143/p.

Background information: Progress distinguished between 4GL and SQL security. Most prominently philosophically: 4GL revoke vs. SQL grant.

Heavy Regards, RealHeavyDude.

thanks for the reply. I am sysprogress.sysdbauth in Table 3 users: "a" (read only), "b" (with read / write) and "root" (permission to read / write). I suppose that the user "root" is also the operating system user who initially created the database. Remotely setting the odbc driver OpenEdge can not access db with the user "a" (read-only), but can not access the "root" user and I do not understand why. I not connect using something like root @ domain or something? I can do some specific evidence from the server to try to connect with the user "root"?
thanks in advance

 

[RealHeavyDude]

As far as I know the root user account in the sysdbauth table is not necessarily identical with the root user in the operating system. I am afraid that, unless you know the password for the root user account in the sysdbauth, you can't successfully connect to that database.

If I were you I would set up the user SYSPROGRESS on the 4GL engine and use that one to initially connect via the SQL engine and grant privileges from there.

Heavy Regards, RealHeavyDude.

 

[francesco]

Could you please explain how to do it

 

[LarryD]

Go into the Data Dictionary-> Admin -> Security -> Edit User List

From there you can add the sysprogress user, and then follow the instructions on granting appropriate permissions as per the document RHD linked to.

If you don't have access to the Data Dictionary, you will need to have a system admin do it for you.

 

[francesco]

i can do it also if i don't have database administration privilege? Just I'm operative system admin "root"? Thank for the reply

 

[Rob Fitzpatrick]

It depends on how the database is currently configured. If the system user table (called _User) contains no records and if blank user connections are allowed in the database (they are by default) then you can connect to the database, run the data dictionary, and add a user called sysprogress and give it a password (in data dictionary: Admin menu, Security, Edit User List). Instructions for this are in the Knowledge Base article linked in RealHeavyDude's post above.

If are one or more records in _User and you connect to the database without logging in then you can still run the data dictionary program but you will not be allowed to select the Edit User List menu item. You will have to be an authenticated user to create or edit another one.

 

[francesco]

I have an user "a" and I know password, but it has only read permission. With user "a" I can create the sysprogress user? I view in a how to a launch data dictionary with command pro -p dict.p on UNIX shell with root user. You think I can it?
thank in advance

 

[tamhas]

No, someone who has DBA rights is going to have to do this.

 

[francesco]

refer back the question again trying to be more clear.
db configured serves unix red hat 6 , in the " dbname " . " SYSPROGRESS ." " SYSDBAUTH " there are two users:
- root
- SYSPROGRESS
for both users and RES_ACC DBA_ACC fields are set to "y".

I can see this through another machine with windows installed the drivers odbc OpenEdge . Using sql server and DTS (date trasformation service) to connect to the db on unix . the only problem is that I only know the login information of a user who has read-only rights .

in another table called " dbname " . " SYSPROGRESS ." " SYSTABAUTH " I find the permissions for each table set for three users :
"a" ( read-only , the user I use to connect )
"b" ( I think he has rights to read and write) do not know the password
"root" (I thought that was the root of unix I know , but the password does not match ) .

I need to connect to the db in writing, database administrators do not know , how can I use what I have to do that. I use the user SYSPROGRESS (although I do not know the password. Tried with the password " sysprogress " but does not work) .

Also, if you run the query directly from vogio need unix (I know the login user "root " ) , what should I do, what I lacinare commands directly from the shell. Please help me because for me it is very important.
Thanks in advance
look your news

 

[RealHeavyDude]

As far as I understand, you do know the password of the "root" account in the database but you do not know the password of the user SYSPROGRESS. Since the user SYSPROGRESS is not there out-of-the-box, somebody must have set it up. That somebody most likely did it with the purpose of setting up the initial SQL security. That somebody must know the password.

You say, your database administrators don't know. Do they have credentials to login into the database via the 4GL engine? If you can't login via the SQL engine you might be able to login via the 4GL engine and re-create the user SYSPROGRESS with a password you know so that you can login with it via the SQL engine and setup SQL accounts that you can use.

On a side note: It seems strange to me that database administrators do not know an account which they can use to get into a database they should administer ...

Heavy Regards, RealHeavyDude.

 

[francesco]

the problem is that I have no way of tracing database administrators. with 4gl as I do, can you give me a help or a how to? on the other Windows machine where I installed the drivers odbc OpenEdge 4GL batch engine find the item but if you start the application gives me the following error: "** PROGRESS in batch mode requires a boot process (1144)," What does this mean? how i might be able to login via the 4GL engine and re-create the user SYSPROGRESS with a password?
thank in advance

 

[tamhas]

Who manages the database?

 

[RealHeavyDude]

The message does not talk about a "boot process". Instead it reads

** Batch-mode PROGRESS requires a startup procedure. (1144)

That means that you can't start a Progress batch session without specifying a starting procedure. What would a batch session be good for without anything that should run in it.

The concept of Progress is similar to that of Java: You have a virtual machine - the AVM - which interpretes platform independent byte code ( well, more or less - if you use GUI specific function then you are not able to run it in CHUI ). Nevertheless, it's like just starting the Java virtual machine without anything it should execute ...

What you need is the data administration tool. But you will only have an icon for that ( unless somebody removed it ) when you have a developer license installed on the machine.

Please don't get me wrong: While I love to support other people when they have issues with Progress I can be helpful with, this is not a replacement for proper education. Especially when you know nothing about Progress - because Progress is different from many other technologies. That means that specific SQL knowledge can't be applied to Progress without having knowledge on how to set up the SQL engine of Progress database in the first place. Therefore you might find many people such as yourself not understanding what they are dealing with and therefore maybe not liking it that much. But IMHO that is just lack of knowledge.

Bottom line: Whoever holds you responsbile for making something happen with your Progress database should be told that this might be a dead end without proper traing or consulting.

As a side note: If you don't know credentials of an account which has the privileges to do whatever it is you need to be done then you are hosed. Full stop. In any other case the database would not be secure and there is no backdoor built into the database that allows you to break into it or hack it. It is in the responsibility of whoever administers that database to setup the security in a way so that it is accessible for whoever needs to access it and that he/she has not locked out him/herself for example by forgetting the password of the only DBA account.

Heavy Regards, RealHeavyDude.

 

[TomBascom]

As RHD says "If you don't know credentials of an account which has the privileges to do whatever it is you need to be done then you are hosed. Full stop."

It is like being told that you are now expected to be the system administrator on a UNIX box that nobody knows the root password to.