tags:

views:

234

answers:

4
+2  Q: 

red herring error "The user does not have permission to perform this action"

When running a stored procedure, we're getting the error 297

"The user does not have permission to perform this action"

This occurs during times of heavy load (regularly, when a trim job is running concurrently). The error clears up when the service accessing SQL Server is restarted (and very likely the trim job is finished as well), so it's obviously not a real permissions problems. The error is reported on a line of a stored procedure which access a function, which in turn accesses dynamic management views.

What kind of situations could cause an error like this, when it's not really a permissions problem?

Might potentially turning on trace flag 4616 fix this, as per this article? I'd like to be able to just try it, but need more info. Also, I'm baffled by the fact that this is an intermittent problem, only happening under periods of high activity.

I was trying to reproduce this same error in other situations (that were also not real permissions problems), and I found that when running this on SQL Server 2005 I do get the permissions problem: 

select * from sys.dm_db_index_physical_stats(66,null,null, null, null)

(66 is an invalid DBID.)

However, we're not using dm_db_index_physical_stats with an incorrect DBID. We ARE using dm_tran_session_transactions and dm_tran_active_transactions, but they don't accept parameters so I can't get the error to happen with them. But I was thinking perhaps that the issue is linked.

Thanks for any insights.

A: 

I know this sounds wierd but try setting the Database property "AutoClose" to "true". This is just a guess of course. Also, if this is a production environment, you shouldn't leave it that way.

djangofan  2010-04-21 21:58:14
Thanks for the idea. Is there a reason that you think this might help? We can't change this property in production so until we can reproduce this in another environment, I won't be able to try it.
Sylvia  2010-04-21 22:12:19
This is never an option.
gbn  2010-05-01 12:21:32
A: 

If this occurs only during periods of heavy activity maybe you can run Profiler and watch for what locks are being held.

Also is this always being run the same way? For example is it run as a SQL Agent Job? or are you sometimes running manually and sometimes running it as a job. My thinking is maybe it is running as diff. users at different times.

Maybe also take a look at this Blog Post

TooFat  2010-04-26 15:56:19
The locking was my first guess, too. It could be a bogus error message in that it couldn't run the stored procedure because of the locks, but the error message that comes back is the same as if it were unauthorized.
ewall  2010-04-27 15:59:16
+2  A: 

Would it be related to concurrency issues?

For example, the same data being processed or a global temp table being accessed? If so, you may consider sp_getapplock

And does each connection use different credentials with a different set of permissions? Do all users have GRANT VIEW SERVER STATE TO xxx?

Finally, and related to both ideas above, do you use EXECUTE AS anywhere that may not be reverted etc?

Completely random idea: I've seen this before but only when I've omitted a GO between the end of the stored proc definition and the following GRANT statement. So the SP tried to set it's own permissions. Is it possible that a timeout or concurrency issue causes some code to run that wouldn't normally?

gbn  2010-05-01 12:29:39
as @gbn mentioned, I've also seen similar behaviour caused by a missing GO
Mitch Wheat  2010-05-01 12:31:20
A: 

Thanks everyone for your input. What I did (which looks like it's fixed the problem for now), is alter the daily trim job. It now waits substantially longer between deletes, and also deletes a much smaller chunk of records at a time.

I'll update this later on with more info as I get it.

Thanks again.

Sylvia  2010-05-02 23:01:30

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?