If somebody want to manage permissions in a program first idea would be RBAC implementation. but another idea is a service like NTFS which allow to any user to create and manage his/her directories and sub directories. moreover can add more users with defined access
Related
I'm a newbie to Snowflake. I'm assigned task to make python script that gets data from Snowflake View and copies it to SFTP server. I have barely any permissions on that account (can only view the shared Views).
Now my 2 questions:
Can admin grant me permission to creating internal stages without granting me any more permissions? (I want to ask the admin to give me that permission, but he won't be willing to share anything more with me.)
Can I use COPY INTO command on Views? All examples I read on the internet were about Tables and not Views and I'd like to be sure I can copy Views before asking for any permissions.
I apologize if those questions sound silly, but I have no way of testing those myself as I have no permissions on that account and I need to be sure before negotiating anything with admins.
Yes, that can be done. Also, you can look at the following documentation which details about Unload operation : docs.snowflake.com/en/user-guide/data-unload-overview.html
I have written a code that almost works.
the only part that doesn't work is when it needs to copy from the Z: drive to the C:\Program Files\software
That step requires to run the batch as an admin, however i would like to run it withouth admin rights.
I want to make it executable for every user in the domain, withouth having to give them admin rights.
Is this possible to do (also withouth having to copy the map for every single computer)
TL;DR
To copy a file to the C: drive the user would need to be an admin or run it as admin. However i don't want to make everyone admin so they can execute it.
Is there a way to evade this? Or some code i can put it to make non-admin users be able to copy to that folder.
Thanks in advance.
Why don't you simply change the security options for the target folder? Just give any user a write permission for it.
It makes no sense - if a user can't write to a location it's because of the security policy. If there was a way to allow a user to write to a location even if he isn't allowed to you would simply evade the windows security policy - which is not possible or at least not intended.
TL;DR: Ither grant the users the permission to write to the desired location by changing the security settings for the target dir OR by elevating the users' rights.
I have to write files to a hidden location in WPF.
I do not want the user to be able to locate these files.
When I'm done writing I plan to upload these files to a separate location.
What is the best location to write to for this scenario.
Thanks
This is not possible.
More experienced users will always be able to locate files you modify, using tools like Process Monitor.
If you don't want users to see the contents of the files, then encrypt them.
The best location to store application-specific data is %AppData%\YourApp\ (this is a per-user folder). You'll have write privileges to this folder even if the user isn't administrator.
If you try to save files to location where they need administrator privileges, you'll get User Account Control Dialog Box, and they will recognize that your application tries to access unauthorized location.
We have several Windows network shares, in a common location (\\server-name\share) that hosts a common set of files. These shares are replicated across roughly 300 hundred servers. We have the actual replication down, but we're running into an unanticipated problem: server admins half the world away changing file permissions on our share, and breaking replication in creative ways.
To detect this early on, we'd like to write a script to check each server's network share and ensure that a few permissions exist for the share folder & its contents:
Everyone needs read access
User X needs change/modify
User Y needs full control
Now, so far I've got a nice script that checks that at least each share exists. The complication stems from the fact that (due to a nice Active Directory tree), the usernames are consistent across servers (always of the form "DOMAIN/user"), but their guid numbers vary.
So far I've been looking at cacls.exe and the newer version Icacls.exe, but the options are confusing and seem to be centered around changing the Access Control Lists, which I don't want to do. Any tool that's Windows built-in is preferable, I'm just unsure how to approach this.
So it comes down to is: on some arbitrary server, if I only know the NAME of a user, is there a way to figure out what file permissions they have on a given folder?
icacls does allow the use of the "friendly name" form for specifying the user. Which means you should be able to use the human style names. So 'bob' should point to the same person in all of your domains.
You can grant a user a permission without changing anything else using /grant:r which means "if it's already there do nothing, otherwise add it". So,
Everyone needs read access
icacls \a\directory\somewhere /t /grant:r Everybody:(rd)
I assume you want them to be able to list the contents of the directory as well as read.
User X needs change/modify
icacls \a\directory\somewhere /t /grant:r bobX:m
And so on. I assume that 'm' is sufficient to convey the 'modify' permission.
ACLs are just another name for "permissions". So, if you want to change permissions then you want to change the ACLs.
I want to make a WPF application that exists in one directory including all files that it needs: .exe, .mdf database, .xml config files, etc.
the application should work no matter what directory it is in so that it supports this scenario:
person 1 executes the application in c:\temp\wpftool.exe
the application reads and writes to the c:\temp\wpftool.mdf database
person 1 zips up that directory and sends it to person 2 via e-mail
person 2 unzips it to c:\Users\jim\documents\checkout\wpftool.exe, the application reads and writes to the same database in that directory (c:\Users\jim\documents\checkout\wpftool.mdf)
person 2 zips the directory up again and sends it back to person 1 to continue making changes on it
What is the best way to create a WPF application that supports the above scenario?, considering:
there should be no hard-coded database connection strings
what is the best deployment method, click once? or just copy the .exe file out of the /release directory?
reasonable security so that users have to log in based on passwords in the database, and if a third person happens to intercept the e-mail, he could not easily look at the data in the database
Some points on the database side:
Assuming the "New user" already has SQL installed, they'd need to attach the (newly copied) database. Besides having sufficient access rights to attach a database, your application would need to configure the call to include the drive\folder containing the database files. If your .exe can identify it's "new home folder" on the fly, you should be able to work that out.
Define "reasonable security". Any database file I get, I can open, review, and ultimately figure out (depends on how obscure the contents are). Can you obfuscate your data, such as using table "A" instead of "Customer"? Would you really want to? The best possible security involves data encryption, and managing that--and in particular, the encryption keys--can be a pretty advanced subject, depending on just how "secure" you want your data to be.
For the database, I would look into using the "user instance" feature in SQL Express. Combined with the |DataDirectory| substitution string support it makes it very easy for your application to get hooked up.
In all honesty I have not deployed a ClickOnce app leveraging this approach myself yet, but I just thought I would bring it to your attention because it's what I would look into myself if I was building something like you described.