Maps external users to SAP ASE logins.
sp_maplogin (authentication_mech | null), (client_username | null), (action | login_name | null)
sp_maplogin NULL, "jsmith", "guest"
sp_maplogin PAM, NULL, "create login"
Use sp_maplogin to map an external name or client name, such as “ase.open.user,” defined in an LDAP directory to the SAP ASE login name of “aseopenuser.” That is, the client_username follows the rules of a name in an LDAP server, and the login_name follows the SAP ASE rules for identifiers.
If you are using LDAP User Authentication and the name in the LDAP server differs from the SAP ASE login name, use sp_maplogin so the LDAP server uses the client_username for authentication, and the SAP ASE login_name for identity within the SAP ASE server. That is, “isql -U client_username...” has the identity of login_name within the SAP ASE server.
1> sp_helpmaplogin 2> go
authentication client name login name ---------------------------------------------- LDAP ase.open.user aseopenuser
C:\> isql -Uase.open.user -Pasepass 1> select @@authmech 2> go
------------------ ldap
The permission checks for sp_maplogin differ based on your granular permissions settings.
Setting | Description |
---|---|
Enabled | With granular permissions enabled, you must be a user with manage any login privilege. |
Disabled | With granular permissions disabled, you must be a user with sa_role. |
Values in event and extrainfo columns from the sysaudits table are:
Information | Values |
---|---|
Event | 38 |
Audit option | exec_procedure |
Command or access audited | Execution of a procedure |
Information in extrainfo |
|