I am creating a CI/CD pipeline to run my application, In my application it has multiple databases like database1, database2 ..... previously I was using AWS aurora Postgres , now I want to check the compatibility of the application with oracle RDS. Well, I don't know much about the oracle. I got to know that we can create multiple schemas
My application has 7 databases with a different names and in CI/CD pipeline I am using SQL plus to connect to the database and created all schemas, but I don't know how can I connect to a particular schema
I was able to connect to a database that I specified when creating Orcale RDS using:-
sqlplus username/password#oracle.xxxxxx.us-east-1.rds.amazonaws.com:1521/demo
I have used the following command to create the schema:-
CREATE BIGFILE TABLESPACE database1 DATAFILE SIZE 128M AUTOEXTEND ON NEXT 1M
MAXSIZE unlimited LOGGING EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO;
create user database1 identified by database1 profile default default tablespace
database1 TEMPORARY TABLESPACE TEMP ACCOUNT UNLOCK;
GRANT create trigger, CONNECT, RESOURCE, create table, create view, create
procedure, create sequence TO database1;
after that, I am running SQL plus command to connect to database1and it is not working
sqlplus username/password#oracle.xxxxxx.us-east-1.rds.amazonaws.com:1521/database1
Just wanted to is there any way to connect to a particular schema as my application is using jdbc:oracle:thin to connect to the database
In Oracle, schema = user ("create user database1 ..."), so what you're looking for is this:
sqlplus database1/database1#oracle.xxxxxx.us-east-1.rds.amazonaws.com:1521/demo
'demo' is actually the network service name, which will be the same for all users/schemas within the physical database instance.
Related
I created a new SQL server with a database in Azure and after logging in with the admin account I added a new user that I wanted to only have access to one database.
In SSMS I right clicked on mynewdatabase database and selected New Query.
I executed
CREATE USER mynewuser WITH PASSWORD ='good password here';
ALTER ROLE db_owner ADD MEMBER mynewuser ;
Now after logging in as mynewuser I can still see the master database.
The question is how do I restrict mynewuser to only access mynewdatabase?
I'm sure this is something basic.
In SQL Server, including Azure SQL DB, all users can can see all system databases in sys.databases. This is not the same as being able to connect to them or run queries in them. This does not disclose any sensitive information as these are system databases and whether you saw them listed or not you would know they were there. See https://msdn.microsoft.com/en-us/library/ms178534.aspx#Anchor_0.
Based on the steps you describe, you have created a contained user that should not be able to connect to the master database or run queries in Azure SQL DB.
I would like to create a Bash script, say queryserver.sh, that resides on ComputerA at IP 192.168.2.1, with USERA and password PASSA and queries a Postgresql database on ComputerB at IP 192.160.10.1 with user USERB and password PASSB for example.
In short, ComputerB has a PostgreSQL database table whose data is used to update a Postgresql table on ComputerA. ComputerA hosts the database used for a web application whereas ComputerB hosts backend number crunching functionalities.
In Microsoft SQL server, there is a concept of linked server, but I couldn't find the same concept on PostgreSQL.
Are there better ways than to use a Bash script and remotely invoke it using C++ CORBA?
There are many ways to solve this problem. psql can connect to remote hosts. You could also use ssh to run psql remotely. But since you referenced MSSQL's linked servers, the most comparable in PostgreSQL is the Foreign Data Wrapper.
To allow USERA on ComputerA's PostgreSQL instance to access tables on ComputerB as USERB:
CREATE SERVER ComputerB
FOREIGN DATA WRAPPER postgres_fdw
OPTIONS (host '192.160.10.1', port '5432', dbname 'computerB');
CREATE USER MAPPING FOR USERA
SERVER ComputerB
OPTIONS (user 'USERB', password 'PASSB');
Then you need to use CREATE FOREIGN TABLE for each table you'd like to use.
I have a Premium P2 SQL Azure Database for my Production App, and for security reasons I've created DB Specific Schemas/Views/Roles and a specific DB User account for reading the Data from SSRS Queries.
Lets just call the server PRIMARY and my database MyApp
The setup script for this is below.
-- On Primary Master
CREATE LOGIN ssrsuser WITH password='******'
-- On Primary MyApp
CREATE USER ssrsuser FOR LOGIN ssrsuser
CREATE ROLE [ssrsreader] AUTHORIZATION [db_owner]
GRANT SELECT ON SCHEMA :: [App] TO [ssrsreader]
GRANT SELECT ON SCHEMA :: [Reports] TO [ssrsreader]
EXEC sp_addrolemember 'ssrsreader', 'ssrsuser'
So our users were putting a LOT of load on the Prod DB and we decided it was time to move the reporting functions off to a secondary sync'd slave database.
Since we're using the SQL Azure Premium Tier, we can enable Active Geo-Replication with a read-only secondary copy. In fact MS even say that it's suitable for read-only workloads such as reporting.
So I've setup the SECONDARY server, enabled the seeding, it's now complete and I can access the readonly copy using the SECONDARY admin user and password.
But the SECONDARY server doesn't have a login for ssrsuser and I while I can create one in SECONDARY.master, I can't DROP RECREATE the user since the SECONDARY.MyApp database is in readonly mode.
Is there any otherway to get around this. I really don't want to have to put the SECONDARY server admin user & password into SSRS connection strings.
There is no need to regenerate SID for ssruser in the user database. It is already there as a result of replication. All you need to do is associate that SID with a LOGIN in the master in the secondary server. This article provides the details.
https://azure.microsoft.com/en-us/documentation/articles/sql-database-geo-replication-security-config/
I hope this helps.
I tried to migrate a SQL Server database by Export Data-tier Application (.bacpac file) from an Amazon RDS instance to other, but import didn't succeed. So now I want to delete the database (which is empty), when I try to:
DROP DATABASE mydatabase;
I get the error:
Cannot drop the database 'mydatabase', because it does not exist or
you do not have permission
Some context:
I've tried using SQL Server Management Studio, and choosing close connections: same error.
I'm logged as master user.
I can create and drop other databases, but not this one.
I just have these effective permissions on this database: CONNECT, SHOWPLAN, VIEW DATABASE STATE, VIEW DEFINITION (don't know why or how is this possible).
Any help is greatly appreciated!
I ran into this same issue. After trying to restore a database via SSMS using a .bacpac, it fails and leaves you with a database that you appear to not have permissions to drop.
A workaround, is to use the rdsadmin rename function to rename it to something else, which then seems to fix the permission issue and allows you to drop it.
EXEC rdsadmin.dbo.rds_modify_db_name N'<OldName>', N'<NewName>'
Then just drop the DB. Hope that helps someone else in the same predicament.
This is the answer for an old thread but who knows, it might help someone having the same issue.
I ran into the same problem, but in my case, my database was in an offline mode. If the database is in offline mode, it won't allow you to drop it with the drop command. first, you should bring the database back online by running this sp and then execute the drop table command.
EXEC rdsadmin.dbo.rds_set_database_online databasename
If your database is in a Multi-AZ deployment, then you need to run this command to drop those databases:
EXECUTE msdb.dbo.rds_drop_database N'DBName'
Sounds like your not a member of the correct role.
https://msdn.microsoft.com/en-us/library/ee240822.aspx
Permissions
A DAC can only be deleted by members of the sysadmin or serveradmin fixed server roles, or by the database owner. The built-in SQL Server system administrator account named sa can also launch the wizard.
https://msdn.microsoft.com/en-us/library/ms178613.aspx
Permissions
SQL Server - Requires the CONTROL permission on the database, or ALTER ANY DATABASE permission, or membership in the db_owner fixed database role.
Azure SQL Database - Only the server-level principal login (created by the provisioning process) or members of the dbmanager database role can drop a database.
Parallel Data Warehouse - Requires the CONTROL permission on the database, or ALTER ANY DATABASE permission, or membership in the db_owner fixed database role.
I'm trying to query the consumed size of a SQL Azure database using code from this answer:
SELECT SUM(reserved_page_count)*8.0/1024 FROM sys.dm_db_partition_stats;
That query runs just fine under the database admin, but not under another user - I get
The user does not have permission to perform this action.
and when I try to GRANT SELECT permission I get this error message:
Permissions on server scoped catalog views or system stored procedures or extended stored procedures can be granted only when the current database is master.
If I log to master and try to GRANT there I get this message:
Permissions for system stored procedures, server scoped catalog views, and extended stored procedures cannot be changed in this version of SQL Server.
So it looks like users other than database admin can't get the used space.
How do I query the used space in the SQL Azure database under a user other than database admin?
I seem to recall that we had to grant the login "VIEW DATABASE STATE" and "VIEW DEFINITION" in order to run that query.