I am using PostgreSQL 9.5.19.
I want to change the owner of some tables. All these tables are in the same database my_db in the public schema.
I have read the post Modify OWNER on all tables simultaneously in PostgreSQL.
Thanks to this post the operation succedeed but partially.
Most of the table are owned by postgres user and not new_user.
I tried to manually change the owner but it failed.
You can change the ownership of tables owned by postgres if you are a superuser.
But you won't be able to REASSIGN OWNED, because postgres has to own the system objects.
Perhaps you can use psql's \gexec:
SELECT format('ALTER TABLE %I SET OWNER = willi;', table_name)
FROM information_schema.tables
WHERE ... \gexec
You can fill in the appropriate WHERE condition.
Related
I have created a new user 'u' using my 'security_admin' role, and assigned role 'r' (which already has some select/usage permission on few tables) to the user. Now I want add more permissions to the role. I have ran below statement:
grant select on all tables in schema db_name.schema_name to role r;
The above statement gives necessary permission to the user 'u', i have checked with show grants to role r statement. However the granted permission is valid only for one day, the next day the user does not have the permission that is granted using above statement. It keeps happening for sometime. I do not know what the problem is. I do not have any automated SQL script to recreate users & grants daily.
If you could share the actual error message you get, that would be helpful for us to understand where the problem lies. But I suspect that it's just a case of not having access on FUTURE TABLES (tables that has been created after the grants was applied).
These commands should cover you:
use role securityadmin;
grant usage on database db_name to role r;
grant usage on schema db_name.schema_name to role r;
grant select on all tables in schema db_name.schema_name to role r;
grant select on future tables in schema db_name.schema_name to role r;
One plausible scenario is that tables are recreated with CREATE OR REPLACE TABLE command. It could be checked using query history view.
SELECT *
FROM snowflake.account_usage.query_history
WHERE DATABASE_NAME = 'DATABASE_NAME_HERE'
AND QUERY_TEXT ILIKE '%CREATE%OR%REPLACE%TABLE%'
ORDER BY START_TIME DESC;
In such case the permissions may not be preserved, unless specyfing COPY GRANTS option.
Optional parameters:
COPY GRANTS
Specifies to retain the access privileges from the original table when a new table is created using any of the following CREATE TABLE
variants:
CREATE OR REPLACE TABLE
CREATE TABLE … LIKE
CREATE TABLE … CLONE
When installing a new db, it is a best practice to create a new user and a new tablespace, because creating tables shouldn't be done with SYS/SYSTEM or/and on the tablespace "SYSTEM".
So I created the user "alex" and the tablespace "alexData" with the following commands:
CREATE TABLESPACE alexData datafile 'C:/oraclexe/alexData.dbf'
size 100M;
ALTER USER alex QUOTA UNLIMITED ON alexData;
ALTER USER alex QUOTA 0 ON SYSTEM;
I want to accomplish that the user "alex" is only able to save his data in the "alexData" tablespace.
Why? Because when he wants to access a table he shouldn't always have to mention the tablespace "alexData".
otherwise he would always need to mention it like:
SELECT *
FROM alexData.table
but I want that he always is JUST in that tablespace so he doesn't need to mention it:
SELECT *
FROM table;
Is this possible?
First of all , Consequence of what #Mat told, you can not use like
SELECT * FROM alexData.table_ but SELECT * FROM alex.table_, since a table may be prefixed with a schema name. As you may notice, you can not use table,which is a keyword for oracle, as table name, so i've used table_ instead.
When you create user, the object is automatically created inside that tablespace. As an example, when create table ... statement issued, there's no need to mention about the tablespace provided that you create or alter your user with DEFAULT TABLESPACE phrase:
CREATE USER alex IDENTIFIED BY alex321
DEFAULT TABLESPACE alexData
TEMPORARY TABLESPACE alexTempData;
OR
ALTER USER alex IDENTIFIED BY alex321
DEFAULT TABLESPACE alexData;
You cannot create triggers on a table owned by SYS, or SYSTEM see:
Why cannot I create triggers on objects owned by SYS?
If the table on which you wish to create a trigger is a table which you have created, it should live on the ALEX schema. This schema should have privileges to create triggers on tables created in the same schema. As previously mentioned in the comments, you should revoke the CREATE ANY TABLE privilege from the ALEX schema, as this user should only be able to create tables on their own schema.
I've been reading many answers but I am too weak at TSQL to filter out what I need.
I created a contained user for 1 DB...
CREATE USER appuser WITH PASSWORD = 'strongpwd';
So I need to allow a user in to read only the contents of 1 table - tableA (there are others in the DB) and do absolutely nothing else in the DB.
I do not want to affect any other users. I just want the user to be able to access the DB via say SSMS, see only tableA (well this is not that important), read it.
There are two ways one is to directly grant explicit SELECT only on Table 1 and the second one is to create a role, grant SELECT to role and addd the user to the role. Typically second way is the preferred way and can be done as below
CREATE ROLE [role_name]
GRANT SELECT ON [Table] to [role_name]
EXEC sp_addrolemember '[role_name]', 'appuser'
I have 2 schemas database1#server and database2#server.
I want to know how to grant priveleges for database2 to read from database1.
example executing in database2:
select * from database1..table1
You will have to make sure the user in database2 is added to database1 (sp_adduser or sp_addalias).
You can find your current user by doing select user_name() and get a list of users within a database by executing sp_helpuser in that database.
Assuming we have db_user1 and dbuser2, we would add the alias like this:
use database1
go
sp_addalias db_user2, dbuser1
go
From that point forward, when db_user2 is accessing database1, it will be with db_user1's credentials, rights and privileges.
If you add the user, instead of adding the alias, then you will have to grant privileges for tables in the schema to the user (or group that the user is a member of).
How can I restrict some users in DB2, not to see the table structure. I set the user privilege and restrict user from table access. so that user can not select data or change table but still can see the table structure or describe it.
This problem refers to row access in tables which is added in db2 version 10.
I had this problem too.
you can use this version - if applicable- and restrict user access from specific table structures.
You need to remove the select grant on catalog tables. For example, the following query should return 0 rows when executing with q restricted user.
db2 "select tabschema, tabname from syscat.tables"
All tables and views in the following schemas should not have select on public, nor in any group the restrictive user is in.
sysibm
syscat
db2 revoke select on SYSIBM.SYSTABLES from username