Question
· 16 hr ago

SQLCODE: -99 when executing dynamic SQL on specific properties

Hi, I am unsure how to remove this restriction; when I am performing dynamic SQL using ##class(%SQL.Statement).%ExecDirectNoPriv(, .query, args...)

It works fine, but the moment I add specific properties from the persistent class I am performing the select on into the WHERE clause, I get: ERROR #5540: SQLCODE: -99 Message: User UnknownUser is not privileged for the operation. Despite using %ExecDirectNoPriv, I've tried with prepared statement as well, exact same situation.

I have read that it is possible to set privileges on individual properties on a persistent class, but I have no clue where to remove or change these privileges; the only solution I found is to add the role %All to UnknownUser, but that is not a fix but despite attempting to add full privileges for the persistent class for UnknownUser, I keep getting this privilege error.

Product version: IRIS 2024.2
$ZV: IRIS for UNIX (Ubuntu Server LTS for ARM64) 2024.1.2 (Build 398U) Thu Oct 3 2024 13:42:05 EDT
Discussion (2)2
Log in or sign up to continue

First of all, I'll mention the suggestion in our documentation that, "Generally, if you configure InterSystems to allow unauthenticated access [i.e. UnknownUser], it is recommended there be unauthenticated access exclusively." That is, trying to manage security for UnknownUser isn't necessarily recommended.

The documentation on granting SQL privileges on specific columns (properties) is here. I don't know enough about your situation to feel confident about whether that is what's going on, though. You can also enable auditing for %System/%SQL/PrivilegeFailure to see if that gives you more information. Feel free to open a WRC issue if you are having trouble with this.