I have a postgis geographical database with different access accounts.
how do i set a layer in geoserver so that the wfs insert, update, delete transactions can only be done through these accounts and logins in my web interface (openlayers) ?
Related
I have a bunch of users who can view and create new data using Power Apps (Canvas) forms. They can view all data in Power BI also.
I want to restrict access to certain data in Power BI and Power Apps for some users.
All data viewed and created by these users is stored in a SQL Server database. The connection to this SQL DB is made using SQL server authentication (username and password).
What options do I have to restrict creation and viewing of certain data for some users? I know of row-level security, Active Directory groups and roles, Power BI user roles, etc.
I am unsure of the best approach, and when one or the other approach should be taken.
I have one snowflake instance and I want to use it for 2 different environments.
To segregate the cost, I will create 2 warehouse for dev and qa.
Also, I will create two databases. Is it possible that dev warehouse can be restricted to be used by one dev db and qa database can only be used by qa warehouse.
I know we can restrict it be roles. But it is possible on database level in snowflake?
Or if not, what is the best way - is it creating two roles and then granting the access of db and warehouse by roles?
The issue with roles is that- I can impose restrictions with application level roles but not with individual user roles
It's not possible to assign warehouses to databases. You need to set up (at least) 2 roles and grant required permissions to use the specific warehouse and the database.
I couldn't understand the issue with the users. You will assign these roles to users, so the users will have access to only the specific warehouse and the database.
As Gokhan notes.
WAREHOUSES and DATABASES are just resources. They are only acted on by USER, users do stuff via ROLES.
So you have to have your QA users, have QA_x roles, and those ROLES have access to the WAREHOUSES and the DATABASES. And thus the DEV roles have access to the DEV DB & WAREHOUSE.
The only problem with this is if a USER has access to both ROLES, but then they will have to select between ROLES to access the resources, which they can use both ROLES at the same time via USE SECONDARY ROLES unless you have that blocked.
I am developing a background worker that moves database between pools, create a pool, delete a pool, etc. I couldn't find in Microsoft document what the minimum required access to do such tasks? Admin to Azure SQL Server, Contributor or anything? I also read both server and database statistics from sys.* databases.
You need atleat Contributor role to perform create, delete, move, etc. related task.
A Contributor role allow to Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
Please refer https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor for more details.
To read data from system tables make sure you have required role assigned on database level, e.g., db_datareader role.
I want to execute elastic queries on azure sql databases running on free subscription. So I need to create a user and login credential to do that.
Can I create user in this subscription? Can I access master database from here using same subscription?
Can I create user in this subscription? Can I access master database from here using same subscription?
Yes, you can create the a user and login on the Azure SQL database. And about these two questions, you can reference this document: Controlling and granting database access to SQL Database and SQL Data Warehouse. This Azure document will give you more details.
But if you want to use Elastic Query, you must give the user sufficient permissions.
For more details, please see Getting started with cross-database query (vertical partitioning).
Hope this helps.
On the azure page I can create my tables but there are only 4 data types and no option to create or relate the tables using foreign keys and SQL.
What I want to do is have a user and contact table with userId in contact table as a foreign key.
I am using apache cordova and angularJs on the front end in visual studio. I have already added the mobile service to my project.
Mobile Services does not directly support relationships in the backend, but you can customize the data using server scripts and the mssql object. Alternatively, you can create database views that have relationships between tables.
For an example of mapping relationships using database views, please see my post in this forum thread: Best Practice For Syncing Related Tables in Offline Mode.
For more information on managing the database directly, see this article: Scale mobile services backed by Azure SQL Database.