I have a user test. I want to grant all privileges to this user on all databases.
How can it be done?
Run this command from psql:
ALTER USER myuser WITH SUPERUSER;
from postgres: upgrade a user to be a superuser?
For aws use: GRANT rds_superuser TO youruser;
Related
We want to give SYSADMIN the privilege to create integrations for an automated pipeline.
We ran the following with the ACCOUNTADMIN role but got a syntax error
GRANT CREATE INTEGRATION TO ROLE SYSADMIN;
What is the correct statement for this?
Answer -
GRANT CREATE INTEGRATION ON ACCOUNT TO ROLE SYSADMIN;
GRANT CREATE INTEGRATION ON ACCOUNT TO ROLE SYSADMIN;
You can also refer to the syntax shared in the link below for the format of granting the privileges to roles
https://docs.snowflake.com/en/sql-reference/sql/grant-privilege.html#syntax
I want to run the statement DESCRIBE TABLE dwh.ods.users with the role PUBLIC.
I have already grant privileges to role public with:
grant all privileges on schema ods to public;
However, when I try to run the query, I get the following error:
SQL compilation error:
Table 'DWH.ODS.USERS' does not exist or not authorized.
With the role USERADMIN it works. How could I solve it? Thanks
You also have to grant USAGE on the database. Granting all privileges on the schema doesn't mean granting privileges for the database.
GRANT USAGE ON DATABASE <database> TO ROLE <role>;
In your case:
GRANT USAGE ON DATABASE dwh TO ROLE public;
You can find more info about the USAGE-right here: https://docs.snowflake.com/en/user-guide/security-access-control-privileges.html
Please try to grant SELECT on table, USAGE on schema and database:
grant usage on database DWH to public;
grant usage on schema DWH.ODS to public;
grant select on table DWH.ODS.USERS to public;
I am currently importing a dump file inside RDS Oracle 12C instance using impdp command.
Prior to that it is required to create few users & grant them required privileges.
I have following statements that I use on other non-rds databases.
GRANT UNLIMITED TABLESPACE TO "USERNAME"
GRANT "RESOURCE" TO "USERNAME"
GRANT "CONNECT" TO "USERNAME"
GRANT "EXECUTE_CATALOG_ROLE" TO "USERNAME"
When I run these prior to import, these commands return grant succeeded.
Now, when I run impdp, I get following errors in log:
Processing object type SCHEMA_EXPORT/SYSTEM_GRANT
ORA-31685: Object type SYSTEM_GRANT:"USRNAME" failed due to insufficient privileges.
Failing sql is:
GRANT UNLIMITED TABLESPACE TO "USERNAME"
ORA-39083: Object type ROLE_GRANT failed to create with error:
ORA-01924: role 'CONNECT' not granted or does not exist
Failing sql is:
GRANT "CONNECT" TO "USERNAME"
Same for other privileges as well.
I am running these commands using admin user that was created while spinning up the instance.
I have seen there's a different way of granting in AWS RDS on this link
How do I map that with what I'm trying to achieve here?
I'd suggest you NOT to use RESOURCE and CONNECT roles. These were popular back in 1990s as they contained the most common privileges one might need. However, best practice says that you should grant only privileges that are required for a certain user.
CONNECT nowadays contains only CREATE SESSION. RESOURCE contains several CREATE something privileges (table, procedure, trigger, ...) (query DBA_SYS_PRIVS to see them all). Do you really need CREATE CLUSTER? If not, well, don't grant it.
Try to add those privileges separately:
grant create session to username;
grant create table to username;
grant unlimited tablespace to username;
grant *whichever additional privilege USERNAME requires*;
Finally, just in case you didn't read it, this is the Importing Data into Oracle on Amazon RDS documentation, have a look; perhaps you'll find something useful.
Your case deals with a very specific situation Oracle Database permission to user. To grant a ALREADY EXISTING USER such a privilege (QUOTA UNLIMITED) is has to be done with this command:
ALTER USER xxxx_userName QUOTA UNLIMITED ON yyyy_tablespaceName;
For example I give CREATE priviliges on Postgresql database to Public
postgres=# GRANT CREATE
postgres-# ON DATABASE postgres
postgres-# TO public ;
GRANT
Or I can give such admin privileges at Postgresql database to any roles or any users
My questions is ; How can I query which users or roles have any admin priviliges
for Postgresql database security control
Thanks in advance
Anil Akduygu
The problem is that admin access is a pretty vague term. Admin access for what?
pg_database.datacl stores the permissions for a database
pg_class.relacl stores the permissions for a relation
Similar fields exist in many other system atalogs
On top of this you want to look at ownership and user implications so pg_roles is important.
I need to grant a db_datawriter before executing SqlBulkCopy and remove it after:
try
{
"EXEC [db_mod].[sys].[sp_addrolemember] N'db_datawriter', N'my_user'" // via SqlCommand
bulk.WriteToServer(table);
}
finally
{
"EXEC [db_mod].[sys].[sp_droprolemember] N'db_datawriter', N'my_user'" // via another SqlCommand
}
but I'm getting an error:
User does not have permission to
perform this action.
How can I fix that?
Try using GRANT and REVOKE.
Wouldn't it be easier to just grant that user that runs the SqlBulkCopy (which inserts data into just exactly one temporary staging table) full rights on that single table only?
Something like:
GRANT ALL ON (temporaryTable) TO my_user
That should be sufficient to do the SqlBulkCopy operation.
In order to run the GRANT command, the user running that command must have the necessary permission to do so - see SQL Books Online on that topic (GRANT (Transact-SQL)).
Marc
MSDN sp_addrolemember tells you what rights are needed...
Membership in the db_owner fixed database role.
Membership in the db_securityadmin fixed database role.
Membership in the role that owns the role.
ALTER permission on the role
Practically, you'd need to be in the db_securityadmin role.
However, why not just persist INSERT/UPDATE rights via GRANT? The right to grant yourself rights implies enough privilege to not need any more rights...