8104, 42000 Error in Post Dated Line Check

jetpilot

Please help. I have a problem when entering Post Dated Line Check. I encountered the following error messages:

"8104, 42000 Microsoft ODBC SQL Server Driver Error. The current user is not the database or object owner of table %. Cannot perform set operation."

If I make the Navision User ID a db_owner of Navision SQL DB this error disappears. But I dont want this to happen and I only want to assign a 'public' SQL role for this particular user which I beleived is the proper way to do.

Microsoft PartnerGuide and Partnersource site does not have this issue. I search Microsoft Knowledege Base and they offer me this solution: http://support.microsoft.com/default.as ... -us;243023
But this does not work.

How do I get past this problem? Does anyone ever experience this before?

Phenno

have you find solution for this?

i found out that this happens when i try to insert through C/AL and only if I try to insert more that one record.

first record it enter, second fails.

Phenno

Phenno wrote:

have you find solution for this?

i found out that this happens when i try to insert through C/AL and only if I try to insert more that one record.

first record it enter, second fails.

I "removed" a problem by removing "Auto increment" option on primary key on table that causes error.
After that, i had to make custom "auto increment" script to work properly.

jetpilot

Yes, I solved it using the solution below:

1Go to the server console and launch SQL Enterprise Manager
2Expand the (local) server > Databases > and the Navision SQL Database
3Click Roles. In the right pane, double-click ‘db_owner’
4Click Add, then select ‘$ndo$shadow’ and click ok.
5Click Ok in the Database Roles Properties window

The ‘$ndo$shadow’ is an application role created automatically by Navision each time a new Navision Database is created in SQL Server. The password for this application role is automatically generated by Navision, so that means nobody knows this password even the sa or administrator. In addition, the password for this role must not be modified or else Navision Database will not be accessible anymore. All users are logging in using their user ID in Navision and afterwards they will be using all the context rights assigned to ‘$ndo$shadow’ application role. Roles and permissions inside Navision are then assigned to their Navision Users IDs. In this way, nobody could use external tools such as SQL Query Analyzer to access the Navision SQL Database using their IDs to perform operations such as select, insert, update, delete,and so on, because this permissions are not assigned to ‘public’ role by default.

Phenno

It works indeed.


Thanx.

ara3n

One of our clients ran into this and using mibuso search while on the phone, found this thread and directed him on the solution. Many thanks mibuso and jetpilot.

amphysvena

Hi,
I'm using SQL 2005 & facing the same problems. How can i find the $ndo$shadow in SQL 2005?
Thanks

SonGoten13

Hi,

Had the same Problem today during an Update from Native to SQL 2005.
Could not make it work with the description from jetpilot.

I changed the AutoIncrement Property and the C/AL Code and it works, but is it possible to solve this Issue with SQL Server 2005 without giving the user db_owner rights?

ara3n

yes, you need to turn on the debugger and see where it errors out.

look for the field that auto increments. Make sure it's 0 before you insert it.

SonGoten13

ara3n wrote:

yes, you need to turn on the debugger and see where it errors out.

look for the field that auto increments. Make sure it's 0 before you insert it.

Yes, i know. I solved the Problem already in the Code.
But my question was if it is possible to solve it without touching the Code. Like jetpilot described it. Just couldn´t make that work in 2005.

rdebath

Came across this thread when I couldn't remember the SQL I need to run to do this so here it is ...

USE [Cronus]
GO
EXEC sp_addrolemember N'db_owner', N'$ndo$shadow'
GO

This works on 2000 and 2005 (probably 2008, didn't test) but the 'wonderful' 2005 GUI is unable to do it.
This can only work for 'Standard' security not 'Enhanced'.

I think the reason 2005 is incapable is that app-roles have gone out of fashion at Microsoft as Windows has no easy way to securely store the token/password for the app-role.