I have created one user in my oracle database. I have given read-only access to 2-3 schemas.
But I also want to grant access to those schemas with the ability to run packages and procedures.
How can I do that?
Granted read-only access to those schemas.
GRANT EXECUTE ON b.procedure_name TO a
Please check your query below
Granting Rights on Stored Procedure to another user of Oracle
Related
When I am creating a user in RedShift from a superuser account, the user created has full access(select, insert, update, delete, drop, references) to all DBs in the cluster and all schemas on the DBs.
When I am using REVOKE to limit access, the access for the user does not change.
How can I create a user in RedShift with limited access to databases and schemas? Commands from the documentation execute but do not change access level.
I am creating a user that should only have access to the database tables metadata,via INFORMATION_SCHEMA, and not the table data. So no perms to query the tables directly. The role the user will be a member of will have USAGE privileges on INFORMATION_SCHEMA schema. I tested the user with that role and it is only able to see tables within public and no where else.
I did see in Snowflake documentation:
"The output of a view or table function depend on the privileges granted to the user’s current role. When querying an INFORMATION_SCHEMA view or table function, only objects for which the current role has been granted access privileges are returned."
So, I tried to grant to the role MONITOR and USAGE on other schemas; but, that did not work either. Only when I granted a role with read access to all the tables in the schema was it able to see and query from INFORMATION_SCHEMA.TABLES the tables in that schema. This, however, is not what I want as now that user would be able to query data from the tables. I just want to set that user to be able to query and gather the metadata of tables and not allow data access. Is there a way in Snowflake to setup and perform this type of setup?
I believe the only way to do this would be to provide access to the SNOWFLAKE.ACCOUNT_USAGE share on Snowflake, which also has TABLES and would allow this user to query the metadata of all tables and columns in that Snowflake account. There is a lot more information available in that share, but at least the user would not have access to any real data, if that is what you are after.
In SnowFlake, I want to provide access kind ofddl_admin in sql server to a user or role who can drop any tables in schema regardless anybody else is the owner of the table.
There is no concept of having a super role in Snowflake. Everything has to go by access hierarchy.
However, if all the roles are granted to ACCOUNTADMIN role then no matter which user creates the table, that can be dropped by ACCOUNTADMIN.
I am transitioning a project from Advantage Database Server to MS SQL server. In Advantage, you can password protect an individual table, which is also encrypted. As such, you cannot open, view, update, etc. the table without the password. I place my project's registration information in this table, so I don't want any user to be able to look at its contents.
I cannot find a similar function in SQL server. Encrypting the data is insufficient. So my question is: is there a way to password protect a table in SQL Server.
In SQL server you can link various access roles to the users. These roles can be applied to tables, views, stored procedures etc. The best thing to do is to create views on the database, and let the users access specific views, rather than giving permissions on all DB objects.
Alternatively, you can deny permissions on a specific table to a user or a role.
Here are two articles on MSDN that will get you started:
GRANT Object Permissions
DENY Object Permissions
Using SQL Server 2014 Express. I'm new to SQL Server (more familiar with Oracle). I have a schema defined and a user defined as the schema owner. I cannot seem to find a way to allow the user to create tables inside the schema without granting db_owner role.
This will not work for my DB because there will be multiple schemas. With this database level role, ie db_owner, the user (schema owner) can create tables in any schema.
My goal is to have a schema owner user able to log into the DB and create tables and manage the schema and ONLY their own schema.
Can someone help me with this? I'm quite frustrated.
Thanks in advance.
After much research, I was able to figure out the answer to my own question:
"Create table" is only a database level permission, cannot be assigned at the schema level.
A user can be defined as the schema owner. If the user has "Create Table" permissions at the database level and is a schema owner, all tables will be created in the schema he/she owns.
A user cannot see other schemas unless granted "select" permission at the schema level by the schema owner (or someone with higher level authority). If the user has "Select" at the database level, he/she will see all schemas.