I am looking for a way to create a live copy of my mongoDB. My requirement is that this new DB deployment should be completely independent of the existing DB server so, that the access role can be different from the main DB.
My needs are:
Transfer live data from main DB to this DB as soon as new data is entered
Main DB should not be accessible from outside network (internet)
New DB should have only one readOnly user who can read data from internet after authentication (username/password against authenticationDatabase)
Main DB does not have authentication enabled and it should be as it is
Think of it as if I want to create a mirror of application data without sharing authentication logic. I tried to add new DB in the replica set but it requires same auth policies. Also, I tried creating read-only replica with no voting rights but it did not work as the new DB needs user roles and once the role is added, replication stops as auth fails for internal nodes.
Is there any way to replicate/stream to new DB, so that only application data can be migrated? Also, if there is any other strategy then I can also try that as long as requirement does not change.
Related
My application have to create database and import data, this is done once the app is deployed.
I noticed that the database could be only created if my connection string specifies user sa, or other user with CREATE DATABASE privilege on master database. Well, the first time I created the database manually, then created a user for it, then used EF (via Package Manager Console) to create the structure.
Then I accidentally deleted the database, so I tried to recreate it with EF which failed with "create database failed" and that I need "create database" privilege on "master".
So I thought, well, I'll give it a try, I specify sa as the user. And no initial catalog, let EF Core create the database, right?
Here comes the surprise: it didn't create any databases, it created tables in my master database. This is definitely not what I wanted! How to specify the name of the database to use?
I know this question was asked before, with the answer "use the connection string name". NO - IT DOESN'T WORK in Blazor application with Identity. My connection has a name that is NOT USED, the database is not created, my tables goes to master. In this framework, the configuration sits in appsettings.json file. There is a special method to fetch connection strings, but their names are not special. It's just a configuration key as any other and I don't think its name is used for anything but finding the appropriate string in the file.
If I create the database manually, then create user, then grant privileges, then set the connection string to that user, with initial catalog set to my database - then it works, but there are several problems here. I try to do as much as possible within my application, I try to avoid manual actions as much as I can. I need the deployment process as simple as possible. First run on special privileges, to import data, second run on regular user privileges.
Then I'd like to make limit the concrete RDBMS dependence to the minimum. Let EF Core do everything it can automagically.
Is it even possible?
What is the best common practice?
Do you create databases and privileges manually, or can it be automated in EF?
How does EF create the database? Does it set any special options like default collation? What options should I set when creating the database manually?
Good afternoon,
I am writing a front-end for a research database that holds sensitive health information. My institution has a policy that user actions be logged by the SQL server so that they can perform audits on the server log files in the event of a breach.
Because of this policy, I cannot connect Django to the db as a system user (otherwise, all users of the front-end actions would be logged by the server as the Django system user instead as the actual user individually).
Is there a way to connect to the DB using per user credentials so that actions performed on the front end will be logged as that user on the db server? I have been able to find a lot of information about using multiple databases, but nothing about per user authentication of those databases.
Thank you in advanced!
I don't think you can do that, the user that connect to the database need to have access to all the tables.
I had a similar issue when I wanted to use Django models outside Django and restrict access to certain models for certain users.
I ended up using SQLAlchemy and its automap feature on the existing Django database. Then you can connect to the database using your SQL users.
However, if you don't mind all the users accessing all the tables and are only concerned about the logs, maybe you can use a different settings.py or at least a different DATABASES configuration for each user?
I was able to accomplish this by giving the SQL user the IMPERSONATE permission and performing EXECUTE AS prior to the DB queries that I needed to have logged in models.py.
cursor = self.connection.cursor()
try:
cursor.execute("EXECUTE AS " + get_current_user()
except DatabaseError as e:
cursor.close()
raise e
Is there a good way to automate creating a new user and adding it as a DB owner on every new database created on an Azure-hosted SQL Server?
so basically create user + alter role db_owner add member (or sp_addrolemember) every time a new database is created on the server.
TL;DR on 'why' : I need to have every database on the server accessible (and editable, change schema objects, change data, etc) with a user attached to a specific login, relating to this issue.
I tried checking with ARM templates to see if there is a possibilty of editing templates to add users..But there is no option at present.Read comments section for more info..
If the logical server name is same for all the databases.. you could try using azure functions and loop each db and use execute non query method..
you can set to run this function every one hour or 12 hours and also it should check if that user status before creating
I have an windows forms application which I'm migrating from MySql to MsSql. In MySql we are using database users for every user. So every user connects to the database using their own account. This is not what we want, because in the future we want the application set open to the world and database users is not a thing on the wishlist. So this is going away.
The problem is that many views work with a function which uses CURRENT_USER() to give access to records (because users are part of a department and are not allowed to see all records of all departments).
In MsSql we are using just one type of connectionstring, but every application connects the database directly. Is it possible in MSSQL to store variables per connection so I can identify a user in the view by the variable I set after creating the connection?
So it would be like this:
Start application
Users logs on
Application creates connection with mssql
Application sets a variables on sql-server
User opens a screen with a view
SQL server returns the view using the variable that has ben set earlier to only return the allowed records to view.
So every user must have it's own variable. Is that possible?
Application is build with NET and iBatis. Not the best combination, but iBatis is to much integrated to throw it all overboard.
While this may or may not be possible, it's definitely not the right way to go. As you said, you're using a single connection string, and likely using a pool of connections to access the database. As you want users to be able to pick any available connection in the pool to do their queries, you don't want any user state (or any state at all for that matter) to be tied to the connection.
As you're opening up to the world, you don't want the application to directly connect to the database. Instead, you should implement middleware that will handle authentication and access rights, and only return data from the database that the user may access. So instead of
user application <- iBatis -> MSSQL
you'll have:
user application <- HTTP/something else -> API <- iBatis -> MSSQL
This is the approach taken used by websites as well. In addition, you'll be able to add functionality like caching, connection pooling etc. to the API, making it possible to support more users.
I'm trying to find a tutorial or help for solve this scenario.
In my MVC 4 application I want to have a Database where I store login information (username, password, connection strings ).
When User Login success, I want to open database with connection string stored in User Table, and get the policy from specific database (this database also contains the application data).
This means that a user can access to multiple database, and have different policy on every database.
Administrator can create a new user on Login Database, associate user with databases, and set policies for every Database.
Someone can help me or know a tutorial for doing that.
Thanks