I have more than one database (in PostgreSQL), and every database has more than one schema, and I want to give the select permission on all databases(only database level, not schema level) for a particular user. Any suggestion for how this could be done.
https://dba.stackexchange.com/questions/91953/grant-access-to-all-tables-of-a-database.checked this link but its only for schema level.
Related
I am new to SQL Server database and I am struggling to figure out the access issue for one of the user on a particular view. I don't want to expose any of my base tables.
The scenario is: I have 3 databases, DB one, two and three
Database one has 2 base tables
Database two has one view on top of those tables (tables in database one)
Database three has one view which is on top of the view of database two
Database three is our data warehouse. So, I would like to know if I give select permission on only database three's view, will that suffice?
The catch is I don't want to expose any of my base tables in database one
If I grant select permission to user1 on datawarehouse view (view in database three) and deny all the permissions to the base tables (in database 1), then is it possible?
Thanks
Ownership chaining allows access to data via the view without permissions on the underlying tables as long as all objects are owned by the same security principal. There is no need for an explicit GRANT or DENY on the indirectly used objects with an unbroken ownership chain since permissions are checked only on the directly access view. The object owner is typically inherited from the schema owner.
To allow ownership chaining to extend across multiple database:
The DB_CHAINING database option must be ON for the databases involved.
The user must be able to use the databases (have a user account in each database with CONNECT permissions), although only permissions on directly accessed objects are needed.
In the case of dbo-owned objects, the databases must be owned by the same login (AUTHORIZATION) since the dbo schema owner is the database owner. For other schemas, the schema owner must map to the same login.
DB_CHAINING should be enabled only when you fully trust highly-privileged users (those with permissions to create database objects).
Now I can use beeline to create role and user, every user have his/her own database using admin role to grant, but I need to create a new database that all users can create tables in the public database, how to create database like that?
Users can not create tables in other databases and can only create tables under their own databases.
You need an authorization provider that supports Hive. Apache Sentry is a popular one.
You will need to create a Sentry role that allows access to certain databases only.
Then assign a (Linux) group to that role.
Any user in above group will get access privileges to certain databases only (because of step 1.)
I am aware of Oracle. In oracle schema or user is more or less same. When we create a user, schema is created.
Database is something we create when we install oracle.
I am new to Teradata. Are things same in case of Teradata too?
How user, database and schema are related in Teradata?
The full Teradata system is quite similar to a database in Oracle.
A database in Teradata is the same as a schema in Oracle.
A user is almost the same as a database in Teradata ( you can create objects in both), the main difference is the ability to logon to the system.
And there's a hierarchy of users & databases in Teradata, root is user dbc. Users might own databases and databases might own users. A user has the implicit right to manage his children (i.e. GRANT & REVOKE access rights on owned databases & users).
End users are usually a leaf in the hierarchy, no children & no perm space to store tables.
For more details see: About Databases and Users in Teradata
I am new to SQL Server. I connected to SQL server via SQuirrel Client.
Connection URL:
jdbc:sqlserver://192.xx.xx.xx:1433;databaseName=ep
with username & password.
Then I tried a query on table1 in schema1 -
SELECT * from table1
It returned records. I did not mention schema name in query.
There may be possibility of having tables in different sachems (same database) with same name.
Am I right? If yes, then how will it resolve schema name?
Schema work like a namespace in SQL SERVER, you can create tables, views, sps under a schema and set GRANT, DENY, or REVOKE permissions on those objects. From Implementation of Database Object Schemas
SQL Server 2005 implemented the concept of a database object schema. A schema is a distinct namespace to facilitate the separation, management, and ownership of database objects. It removed the tight coupling of database objects and owners to improve the security administration of database objects. Database object schemas offer functionality to control and help secure application objects within a database environment not available in previous versions of SQL Server.
Just wanted to add here, if you have not specified any schema than, it select dbo as schema.
It is distinguished by its owner. Every object (table ,view ,proc) has an owner which must be a user in the database. For example you may have user1.table1 and user2.table2 in the same database.
So you may type
select * from user1.table1
and
select * from user2.table1
You may see names like dbo.table_name, this means that the owner is the dbo, the database owner. If you do not specify an owner then the system checks dbo and your user (the user that run the command)
Using SQL Server 2014 Express. I'm new to SQL Server (more familiar with Oracle). I have a schema defined and a user defined as the schema owner. I cannot seem to find a way to allow the user to create tables inside the schema without granting db_owner role.
This will not work for my DB because there will be multiple schemas. With this database level role, ie db_owner, the user (schema owner) can create tables in any schema.
My goal is to have a schema owner user able to log into the DB and create tables and manage the schema and ONLY their own schema.
Can someone help me with this? I'm quite frustrated.
Thanks in advance.
After much research, I was able to figure out the answer to my own question:
"Create table" is only a database level permission, cannot be assigned at the schema level.
A user can be defined as the schema owner. If the user has "Create Table" permissions at the database level and is a schema owner, all tables will be created in the schema he/she owns.
A user cannot see other schemas unless granted "select" permission at the schema level by the schema owner (or someone with higher level authority). If the user has "Select" at the database level, he/she will see all schemas.