I am using MSSQL, where I have already defined some table so I didn't define anything under models.py file, Is there any way that I get to see all my table in the admin site. ( i successfully connected Django application to MSSQL)
Connect your App with the sql admin account is not secure but if you want the command is
SHOW TABLES;
Related
Most of you would have encountered the problem of creating db users for developers across multiple database (using common user is not allowed). We have around 90 DB's on AWS and 200-250 dev's. Everyday someone needs access to a database and this is manual and repetitive task.
I am looking for a solution to automate end-to-end lifecycle of user management, scripting or creating a terraform module are solutions which I already have in my mind, but how does other organization manage DB users at scale ?
I did look at AWS IAM authentication but I am not sure how can we grant fine grain access using IAM roles.
Cheers,
Fun Learn
The way I've done this is (high level);
Create your RDS Terraform Config / Module(s)
Create a sql file with the user & grant creations needed
Create a wrapper script that deploys terraform then connects to it to deploy your SQL file with user creation
Your wrapper script will need to use Terraform Outputs to get your newly created RDS Endpoint to connect to | Say you created an output called rds_endpoint in your terraform plan / config... This is how you grab it in bash terraform output rds_endpoint
Assuming your new RDS DB is not publicly accessible, your wrapper script will need to tunnel in through a bastion or some other instance that is publicly accessible with access to the DB. Example: ssh -oStrictHostKeyChecking=no -p 22 -i ~/.ssh/bastion-host-key.pem -C -N ec2-user#$bastion_ip -L 3306:$rds_endpoint:3306 &
Your wrapper script will need to use the RDS user & password you created with terraform as well to run the SQL File
In fact IAM authentication could be the key to do that.
What you can do is in fact create all you databases with terraform.
do not forget to enable iam authentication via your terraform module.
Once all you databases are created via teraform, you have to create local role(s) in all of theses databases (either via terraform using SQL script or still via terraform using modules that allow you to create user/roles, for postgresql you can use this module ) and you have to grant them the pre-created, existing, database role for iam (for example with postgresql its named "rds_iam")
The thing that is interresting with iam authentication is that all of your developper can connect using their account to aws and request a token that will be used as a password (the username will be the role you created before) and by doing this you create only one role, but each authentication is made by each developpers account.
If your company really needs you to create roles for each devs (even if the roles are exactly the same, It makes no sense since by definition, we ASSUME a role, so anyone can assume ONE role, this is not awful) you can then create a local database users (instead of a role) for all of your developpers in all of your database by using an SQL script that your terraform will execute.
Of course do not forget to grant the rds_iam existing role to either the unique role that will be used by all the developpers (in case you choose this solution) or to all the db users you created before.
You will have to manage IAM policy for all of theses users to be accurate regarding to the security (or use * in the policy to let all your developpers connect to all you db users lol)
and then your developpers will be able to use aws rds command to generate an auth token and connect to their local db user that will have to correct rights.
There is a hole bunch of informations and precisions here:
https://aws.amazon.com/premiumsupport/knowledge-center/users-connect-rds-iam
have a nice journey on aws
At present, we are supposed to provide a tenant id to create net new database for a tenant . But there is no way to create net new databases for the default tenant. Initially it was agreed to create the default tenant database with "_system" but later it got changed and there is no support to create the default tenant db.
I need groovy code to create database with no tenant id.
I understand your question now. When you run your app, your app will create a database and with a suffix like "_100" added to the name of the database. You don't want the suffix added anymore.
When you run a Grails app, it does not create a database for you. You will have a database created ahead of time yourself.
If you said the app did create a database, your programmer might have a SQL script somewhere in your app.
You must have something like this in your source code .executeUpdate("CREATE DATABASE IF NOT EXISTS MyDatabaseName")
See if you can find this SQL and change it.
I'm trying to export a database from a CloudSQL SQL Server Express Database, that is currently attached on a user other than sqlserver, and import it on a new CloudSQL SQL Server Standard Database. While I can export/import normally with BAK files, I'm unable to create a new user on the destination database and grant it the db_owner on the imported schema, everything always goes only to the sqlserver user. Can someone help me out?
Best regards.
You haven't mentioned what have you tried, for creating users and what output you received when you tried that.
But have you tried creating the user using gcloud cli? gcloud sql users create
https://cloud.google.com/sdk/gcloud/reference/sql/users/create
You can assign the above user to access a specific database once it has been created using the command above.
If the new Standard Database is on a new Cloud SQL instance, you might be using the new default MASTER database. By design, the "db_owner" role cannot be attributed there, so you may create a new database and grant the role on that new one instead.
Good afternoon,
I am writing a front-end for a research database that holds sensitive health information. My institution has a policy that user actions be logged by the SQL server so that they can perform audits on the server log files in the event of a breach.
Because of this policy, I cannot connect Django to the db as a system user (otherwise, all users of the front-end actions would be logged by the server as the Django system user instead as the actual user individually).
Is there a way to connect to the DB using per user credentials so that actions performed on the front end will be logged as that user on the db server? I have been able to find a lot of information about using multiple databases, but nothing about per user authentication of those databases.
Thank you in advanced!
I don't think you can do that, the user that connect to the database need to have access to all the tables.
I had a similar issue when I wanted to use Django models outside Django and restrict access to certain models for certain users.
I ended up using SQLAlchemy and its automap feature on the existing Django database. Then you can connect to the database using your SQL users.
However, if you don't mind all the users accessing all the tables and are only concerned about the logs, maybe you can use a different settings.py or at least a different DATABASES configuration for each user?
I was able to accomplish this by giving the SQL user the IMPERSONATE permission and performing EXECUTE AS prior to the DB queries that I needed to have logged in models.py.
cursor = self.connection.cursor()
try:
cursor.execute("EXECUTE AS " + get_current_user()
except DatabaseError as e:
cursor.close()
raise e
Is there any way by which I can map my users created in the jazn-data.xml file in adf application to the database table. Want to use query result in via method or bean return parameter.
You need to configure an sqlauthenticator in you WebLogic server (in the security realm).
If you got that working, you should be able use the default ADF Security settings to login with your users from your WLS.