Sequelize, create new User and assign already created roles in one query? - database

Is it possible to create a user and set roles in sequelize like the code bellow or somehow without creating the user first and then setting the roles?
User.create({name: ’test’, password:’test’, roles:[1,2] })
Given the role ids 1,2

You can only create roles along with a user using one call. To assign existing roles to a user you need two calls:
to create a user
assign roles to the created user (calling a special method of the created user).
Anyway even if such a possibility exists technically it turns into two SQL queries. Don't forget to indicate the same transaction in both calls (1 and 2).

Related

Snowflake : List out all roles and their access level to each Database objects

I need to get all the roles and their access to each database objects whether is it Read access or Write access
In Snowflake, I tried as below
show roles
select * from table(RESULT_SCAN (LAST_QUERY_ID()));
I'd like to show ALL grants for ALL roles in one table. My best guess would be to write a procedure that iterates through all the role names, executes the above code, and outputs the result to a table.
Is there a better way of doing this?
I also checked this view GRANTS_TO_ROLES , but not sure if this gives me all the roles for all the database

Snowflake warehouse: get all roles (including inherited ones) assigned to a user

I am trying to get all the roles a user is part of. In my case, the user is part of an admin role which inherits another role ingestor, this inherits another role analyst. If I query from snowflake like as follows:
show grants to user <userid>
This lists only the admin role but not other two roles (ingestor, analyst). If the same user logs into snowflake, he could see all three roles available for him in the role dropdown.
Need help to get all explicit roles irrespective of role inheritance.
As a start, the views "SNOWFLAKE"."ACCOUNT_USAGE"."GRANTS_TO_USERS" and "SNOWFLAKE"."ACCOUNT_USAGE"."GRANTS_TO_ROLES" in combination have the information you need,
but are only accessible to ACCOUNTADMIN
You also have:
SELECT * FROM "MY_DATABASE"."INFORMATION_SCHEMA"."ENABLED_ROLES";
SELECT * FROM "MY_DATABASE"."INFORMATION_SCHEMA"."APPLICABLE_ROLES";
The latter looks like a good place to start.
Edit primo 2023:
If you want to make your own near-instant expanded GRANTS_TO_ROLES, you can follow these lines:
Get roles with SHOW ROLES; RESULT_SCAN()
Iterate over roles above with SHOW GRANTS TO ROLE <role>; RESULT_SCAN()
Iterate over ALL_USER_NAMES() with SHOW GRANTS TO USER <user>; RESULT_SCAN()
Finally create a SELECT statement with a recursive Common Table Expression expanding the nested roles
i found the best way to find all roles with inherited roles.
just run below SQL.
SELECT CURRENT_AVAILABLE_ROLES()

Appengine ndb - How to ensure unique username and email without ancestors?

In my Appengine (using ndb) application I store users and both username and email need to be unique.
I also need to be able to update progress (save level if higher than previously stored level), change email and pw and delete account.
I noticed that it is not possible to query without ancestors in a transaction. But creating an ancestor is NOT a solution since that would limit the number of writes to 1 per second which is not OK if the app gets popular. So I need another solution.
Is it possible to use the Key? Yes, but that only makes the username unique, how can I make sure noone is reusing the email for another account?
You should be able to use a cross group transaction for this along with an entity that exists solely for reserving email addresses.
For your User entity, you could use the username as the key name. When creating a user, you also create an EmailReservation entity that has the user's email address as a key name.
You then use a cross-group transaction to create a new user:
#ndb.transactional(xg=True)
def create_user(user_name, email):
user = User.get_by_id(user_name)
email_reservation = EmailReservation.get_by_id(email)
if user or email_reservation:
# Either the user_name or email is already in use so stop
return None
# Create the user and reserve the email address so others can't use it
user = User(id=user_name)
email_reservation = EmailReservation(id=email)
ndb.put_multi(user, email_reservation)
return user

Yii2 - login from more database tables

I need a help. I have three tables (admin, teacher, student) and I want to log in them from one login form. And I need also distinguish them as roles that for example student can't go to some page as teacher.
I created three radio buttons for every table in login form.
Like * admin * teacher * student.
With using this:
<?= $form->field($model, 'role')->inline()->radioList(array(1 => 'admin',2 => 'teacher',3 =>'student'))->label('You are: '); ?>
How can I make to find and log in the user when the user put there username and pass word and click on one from the radio buttons who he is? I generated three models for each table with using gii. So what and where I must write to make it work? Thank you for help!
If you have table/model per each role and you want to login from the same form, then on your login form except of usual username and password fields, you'll also need a role field (some radio button where user will have to specify what role they are). Otherwise, you won't know which table to query for username/password. Of course you can query all of them step by step, but what if there are teacher or student with the same username? Username has to be something unique, if you have one login form and it is not possible to achieve in case you have 3 tables for every type of user.
Another option would be to use one User table/model for all roles by simply adding extra column role. I think there's role column inside user table out of the box if you use Yii2 Advanced Template. Probably this is where you can start from.
As for permission to access specific pages per role. What you need is ACL (Access Control filter in Yii2).
I found few existing articles on how to achieve what you need.
http://yii2-user.dmeroff.ru/docs/custom-access-control - this is
simple example
http://code.tutsplus.com/tutorials/how-to-program-with-yii2-user-access-controls--cms-23173 - this is a bit more advanced
Hope that helps.

Show Right Column to Right User

If I have three different user with different occupation (manager, salesman, accounting)
The main question is to how display right column to right person based on star schema and requirement below in SQL server?
The fact and dim are using regular table inside of data mart.
Background information:
The manager is authorized to see all column in factTransaction
The salesman is not allowed to see TaxAmount, TotalAmount and ProductBusinessKey.
The Accounting is note allowed to see Product Quantity, ProductPrice and GeographyFullname.
In windows, the they have their own user account.
The picture is take from the address (Design of a data warehouse with more than one fact tables)
SQL Server does have the ability to assign column permissions (http://msdn.microsoft.com/en-us/library/ms180341%28v=sql.105%29.aspx). You can set the specific permissions as you like, by treating each column as an object with its own security.
Managing column level security is likely to be cumbersome, because you have to remember to update the security every time the table changes and new users are added.
You consider a different approach. Define a separate view for each of the different groups. Only the manager would have access to the "manager" view; only the salesman (and the manager perhaps) would have access to salesman view and so on. Then build the application for each group based on those views.
Finally, managing multiple views might be a bit cumbersome. Instead, you can also have a table-valued function that wraps all the views into a single function. The function would check the permissions for each user and choose the appropriate data to return.
The advantage of user defined functions is that only the user who created the function needs to have access to the underlying tables. That is, the users only have permissions for the function; otherwise, they cannot see the underlying tables. The function would control what they can see.

Resources