In order to run SELECT NEXT VALUE FOR <my_sequence> that are owned by other users in that same database an executing user must have an UPDATE ON SEQUENCE permission on all sequences within this database. Just having CREATE SEQUENCE is not sufficient. Issue shows up when user creates a sequence and changes ownership to ADMIN, typically, for cosmetic reasons. To solve this problem you must issue grant UPDATE ON SEQUENCE do:
grant UPDATE ON SEQUENCE TO <my_user>;
EXAMPLE:
A user TESTSD creates a sequence and successfully tests it:
CREATE SEQUENCE my_sequence;
SELECT NEXT VALUE FOR my_sequence;
/* Records Affected: 1. */
Change ownership of the newly created sequence:
ALTER SEQUENCE my_sequence OWNER TO ADMIN;
Selecting value from the same sequence fails:
/* ERROR [HY000] ERROR: Permission denied on "MY_SEQUENCE". */
SELECT NEXT VALUE FOR my_sequence;
As ADMIN user, grant UPDATE ON SEQUENCE to user TESTSD;
[nz@server]$ nzsql -db SANDBOX -u ADMIN
SANDBOX.ADMIN(ADMIN)=> grant UPDATE ON SEQUENCE TO TESTSD;
GRANT
Now, TESTSD user has ability to use sequence:
SELECT NEXT VALUE FOR sandbox..y_sequence;
/* Records Affected: 1. */
SELECT NEXT VALUE FOR my_sequence;
/* Records Affected: 1. */
Excellent information thank you, I just encountered this issue. It worked fine on one machine, but after restoring the database on another machine (and setting the owner), then it wouldn't let me get new values for the sequence. Granting the update permission on the sequence worked.
ReplyDelete