is there a way to assign two tablespace to a single user example: vehiculelocation for user and TableLocationVehicule, TableLocationVehicul1 for tablespaces respectively ?
You can define a default tablespace for a user, not 2. And that does not mean that no other user can use this tablespace, it is just that if you create a table or an index without specifying a tablespace, it will go into the default one. Otherwise, you can say for each table/index in which tablespace it should go.
Related
Is there a way to create a column to be readonly to the user, but updatable by the script/code?
i know with update statement whatever values the users will put will get overwritten anyways, but it would be nice to make it read-only to the user in the first place.
for example, if i want to create a PROCESS_STATUS column, in which the script inserts success or failure status as value, and this value is read-only to the user of course
Create a VIEW of the table. Grant your users read-only access to the view, and no access at all to the table.
This is exactly the sort of thing that Server and Database Roles exist to manage.
In a database (Microsoft Access, Relational), is it possible to restrict access to a specific field in a table for a certain group?
So the group would have access to the table but not see one of the fields?
If not, is the only way to do this by seperating the data into another table and restricting it for this group?
You can not restrict access to a specific field.
However, you can create a query based off a table. And you can also set a table's "Visible" property to "No". This isn't foolproof; if the user knows how to change the properties of a table then they can change it back to "Visible".
There really is no 100% foolproof way to lock down an Access database entirely. However, you can make it awfully difficult by hiding the objects, hiding the database and bypassing the CTRL key (to avoid the old Shift/CTRL trick).
You can create different views for difference users | users group with only required columns that they should allow to access. Then grant permission for users/user groups on those views accordingly.
Update:
I asked that since if we run this statement:
select * from v$object_privilege where object_type_name = 'INDEX';
and we obtain this:
.
So i assume that certain users may / may not be able to execute these indexes, as a form of security.
Or am i wrong and none of this makes sense?
Kind regards for your answers!
--
Good afternoon,
I would like to know why does oracle indexes have an EXECUTE privilege, but every time we try to grant it to a Role / User, we obtain the same error:
SQL Error: ORA-04042: procedure, function, package, or package body does not exist.
The object is perfectly fine, and this error even appears when we try to set it to oracle default-created indexes.
Kind regards,
Sam
There is no PRIVILEGES (neither EXECUTE privilege) on INDEX(NOT INDEXTYPE) objects, as own DICTIONARY is saying:
select * from sys.V_$OBJECT_PRIVILEGE where object_type_name = 'INDEX';
OBJECT_TYPE_NAME OBJECT_TYPE_ID PRIVILEGE_ID PRIVILEGE_NAME
--------------------- -------------- ------------ ---------------
INDEX 32 12 EXECUTE
Check OBJECT_TYPE_ID = 32 corresponding to :
select * from REPCAT$_OBJECT_TYPES where OBJECT_TYPE_ID = 32;
OBJECT_TYPE_ID OBJECT_TYPE_NAME
-------------- -----------------
32 INDEX TYPE
Now, INDEX TYPE is used to create DOMAINS, it means, application specific indexes, EXECUTE privilege is required because are associated to user-defined index functions and procedures than implements the index type.
This is taken from Oracle documentation, referring also to "Using Extensible Indexing"
Creating an Indextype: Example
The following statement creates an indextype named position_indextype and specifies the position_between operator that is supported by the indextype and the position_im type that implements the index interface. Refer to "Using Extensible Indexing" for an extensible indexing scenario that uses this indextype:
CREATE INDEXTYPE position_indextype
FOR position_between(NUMBER, NUMBER, NUMBER)
USING position_im;
At the end of complete implementation, you can execute this:
SELECT last_name, salary FROM employees WHERE
position_between(salary, 10, 20)=1 ORDER BY salary DESC, last_name;
Complete implementation here.
EXECUTE privilege could be granted on INDEXTYPE:
http://docs.oracle.com/cd/E11882_01/server.112/e41084/statements_9013.htm#r9c1-t49
"Normal" indexes created by CREATED INDEX ... statement do not require this privilege and could not have one.
UPDATE:
1) execute privilege is required because INDEXTYPE uses OPERATOR which uses PL/SQL function. So when you create domain index you need to be able to execute that function which is used for operator.
2) Why it is displayed as INDEX but not INDEXTYPE in the system dictionary - here we can only guess. I think they decide to do that because domain INDEX is instance of an application-specific index of type (http://docs.oracle.com/cd/E11882_01/server.112/e41084/statements_5012.htm#i2062403).
So standalone INDEXTYPE does not make much sense. But again, this is only my assumption.
some declarations from oracle document,
To create an index in your own schema, one of the following conditions must be true:
The table or cluster to be indexed must be in your own schema.
You must have the INDEX object privilege on the table to be indexed.
You must have the CREATE ANY INDEX system privilege.
"To create an index in another schema, you must have the CREATE ANY INDEX system privilege. Also, the owner of the schema to contain the index must have either the UNLIMITED TABLESPACE system privilege or space quota on the tablespaces to contain the index or index partitions."
"To create a domain index in your own schema, in addition to the prerequisites for creating a conventional index, you must also have the EXECUTE object privilege on the indextype. If you are creating a domain index in another user's schema, then the index owner also must have the EXECUTE object privilege on the indextype and its underlying implementation type. Before creating a domain index, you should first define the indextype."
if you run a multi-tier-application, you can create a oracle schema for your app's repository with the db-role "create resource". With this role you can create table for persisting your data and create index on your Tables, you dont need think about "execute" privilege.
The way "create an index in another schema" can normally not be allowed by dba.
I have a database with two file groups, the second file group (Default) being used for the database tables.
For some reason, when I check the file group sizes, the Primary file group is still being used to store all the data while the secondary appears to be as its initial size.
I have double checked that the tables are on the secondary file group by viewing the table properties Filegroup field.
Why is this database still using the primary file group ?
Additional information.
I ran #Vishal Gajjar's referenced script which identified that one table (the largest table) is not entirely using the secondary Filegroup as its still using the Primary for the "Text Filegroup".
The default options specified on a database are only applied to the objects created after the option is changed. Existing objects will keep the options they had when they were created.
So:
either modify the default options before creating any object
or modify the objects one by one (or run an script to do so) if you didn't do the first option
As you've mentioned, you can keep the "limited size" columns in a file group and the "blob columns" (those with MAX length, text, ntext...) on a different file group (the Text filegroup)
Which database design would be most efficient for an SaaS product, and why?
Design1: three tables (standard way to design your role permission tables)
ROLE
Id
Name
Description
PERMISSION
Id
Name
ROLEPERMISSION
Id
RoleId
PermissionId
Design2: two tables
ROLE
Id
Name
Description
PermissionSetData
PERMISSION
Id
Name
Where role.permissionsetdata column contains a CVS of permissionsets stored in the role record. (Save database storage space, may help with performance?)
Solution 1 is the only appropriate design.
Saving database storage space is nearly always a moot point here I think. When you can buy TERA bytes of space at a reasonable price, why would you try saving a few kilo bytes? (the space needed for each solution would be approximately the same).
The multi-value column in the second design doesn't follow proper database design.
From a practical point of view, retrieving data in a muli-value column is massively more complex and expensive than in a properly designed db. For instance, you can't index a CSV column properly, you can't join easily.