I have a USER1 in DATABASE1 and USER2 and USER3 in DATABASE2. I am given the credentials of USER2 from which i can select only few tables on USER3. Now the requirement is, i have to create a databaselink in USER1 to query the tables in USER3. Can someone help, how to create the database link for this type of requirement?
Here's one options: in USER2 schema create views to tables owned by USER3:
create view v_tab1 as select * from user3.tab1;
As USER1, create a database link to USER2:
create database link dbl_user2
connect to user2
identified by its_password
using 'database2_alias';
Now you can access USER2 objects, which includes both tables and views:
select * from tabx#dbl_user2; -- selects from USER2's table
select * from v_tab1#dbl_user2; -- selects from USER3's table, via a view owned by USER2
Related
We can see what roles are assigned to a user but how do I see the list of users in a role snowflake?
For example I have a role svn_dev_admin , I need to see all users under this role
Thanks,
Xi
https://docs.snowflake.com/en/sql-reference/sql/show-grants.html will do what you want with:
SHOW GRANTS OF ROLE svn_dev_admin;
created_on role granted_to grantee_name granted_by
2018-11-12 15:18:07.580 -0800 SYSADMIN ROLE ACCOUNTADMIN
2019-10-02 09:23:26.688 -0700 SYSADMIN USER XYZ ACCOUNTADMIN
2020-03-02 12:56:01.386 -0800 SYSADMIN USER ZYX ACCOUNTADMIN
The following query should give you users list for the role specified and the role(s) under that.
-- since role_name used in the query twice, set it to a parameter
set role_name = 'svn_dev_admin';
select GRANTEE_NAME
from SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_USERS
where ROLE = $role_name
and DELETED_ON is null
union
select GRANTEE_NAME
from SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_USERS
where ROLE IN (select NAME
from SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_ROLES
where GRANTEE_NAME = $role_name)
and DELETED_ON is null;
If you want to see the users got the access with a lower level role to the given role you can add the ROLE column to the query like the following, but it might create duplicate user names
select ROLE, GRANTEE_NAME
You can just query the GRANTS_TO_USERS view
I have two AD groups: GROUP A and GROUP B
GROUP A contains User1, User2, User3
GROUP B contains User1
I have 3 stored procedures
SP1 GROUP A Grant Execute
SP2 GROUP A Grant Execute
SP3 GROUP A Deny Execute, GROUP B Grant Execute
SP3 doesn't run for User 1, guessing as the Deny from Group A overrides Group B Grant, is this true?
How can I make this work without removing User1 from GROUP A and adding GROUP B to all SP's... or not possible.
The way it is currently setup, it is not possible as the 'DENY' will always take precedence over the 'GRANT'.
You would need to create another security group called GROUP C and remove User 1 from other groups and add them to this one. You would then apply GRANT to SP1 and SP3 for Group C.
I'm looking for a right solution for database structure regarding user permissions.
Tables:
users
companies (relevant columns: id)
projects (relevant columns: id,company_id)
jobs (relevant columns: id, company_id,project_id)
Scenarios I want to accomplish is to have specific user and/or users assigned to:
all the projects within company ("Cindy is assigned to all projects and all jobs within company")
select projects within company ("Cindy is assigned to three out of five projects and is assigned to all jobs within those three projects")
selected job(s) within project(s) ("Cindy is assigned to five jobs out of ten within one project and two jobs within the other project")
I think about separate permissions table where I just insert permissions to relevant jobs and to use the relevant columns from jobs table to cascade permissions upwards. In other words - if a user has permission for a specific job then it also has permission for parent project and parent company.
SQL Fiddle: http://sqlfiddle.com/#!9/74a4d3/2
Here is a proposed table structure for permissions:
USER_ID OBJ_TYPE OBJ_ID PERMISSION
JDOE COMPANY 1 1-READONLY
JDOE COMPANY 2 2-READWRITE
JDOE PROJECT 1 2-READWRITE
Then code to check user access could look something like:
SELECT MAX(permission) FROM permissions
WHERE user_id = :USERID
AND ( (obj_type = 'JOB' and obj_id = :JOBID)
OR (obj_type = 'PROJECT' and obj_id = :PROJECTID)
OR (obj_type = 'COMPANY' and obj_id = :COMPANYID))
I have a table containing my user (Admins) and another table for other accounts.
each of these accounts are in a accountsgroup table.
I want to give a list of accountsgroups access to a user. This access is different for each user.
Something like this:
Users:
user1
user2
accountsGroups:
group1
group2
group3
group4
user1 has access to group1 and group2
user2 has access to group1 and group3
How to give them these permissions?
Do I have to add another table?
One way to solve your problem is to add a third table.
This table is sometimes called an "associative table", or "association table".
It can look a bit like this: useraccountgroups = { id, user, group }.
The records, then, will look like this: (1, "user1", "group1"), (2, "user1", "group2").
Hope this helps.
I'm trying to look for all the users with certain privileges in the DBA_SYS_PRIVS table. The table has a GRANTEE column and according to Oracle Official website, the GRANTEE column shows "Grantee name, user, or role receiving the grant". So how could I know if the GRANTEE is an account or a role? For example, there is role called SYS and also an account called SYS in the Oracle DB. So how do I know if this is an account or role????
Also in table DBA_TAB_PRIVS, there is a column called GRANTEE. And in this table, the column GRANTEE is "Name of the user to whom access was granted". So I am really confused because the "GRANTEE" column means different things in two different tables
Please help, thanksssssssssssssss
No there is no SYS role in Oracle.
SQL> select * from dba_roles where role='SYS';
no rows selected
Actually you cant create roles same name as usernames.
SQL> create role sys;
create role sys
*
ERROR at line 1:
ORA-01921: role name 'SYS' conflicts with another user or role name
To get only the roles without usernames.
SQL>select grantee from dba_sys_privs where grantee not in(select username from all_users);
To get only users without roles.
SQL>select grantee from dba_sys_privs where grantee in(select username from all_users)