Anyone knows how to get the "logical server" create time? I'm unable to find this in any Azure cmdlet.
You could get it from Activity log.
Update:
Activity log is limited to 90 days. Another way you could find Deployments templates in Azure Portal.
In SQL, you could use following sql query to get creation data.
SELECT name, database_id, create_Date, compatibility_level FROM sys.databases
Please check this link.
Related
I'm doing some ETL, using the standard "Pre-Load" partition pattern: Load the data into a dated partition of a loading table, then SWITCH that partition into the live table.
I found these options for the SWITCH command:
ALTER TABLE [myLoadingTable] SWITCH PARTITION #partNum TO [myLiveTable] PARTITION #partNum -- Move the New Data in.
WITH ( WAIT_AT_LOW_PRIORITY ( MAX_DURATION = 1 MINUTES, ABORT_AFTER_WAIT = BLOCKERS ))
Those options seem like valuable things to define (even if they wouldn't be needed during normal operation).
Unfortunately, when I try to run that, I get:
Sql error number: 11423.
Error Message: User does not have permission to use the ABORT_AFTER_WAIT = BLOCKERS option.
Further reading confirms that this is appropriate: (link)
BLOCKERS
Kill all user transactions that currently block the SWITCH or online index rebuild DDL operation so that the operation can continue.
Requires ALTER ANY CONNECTION permission.
But when I try to GRANT the relevant user that permission I get an error:
GRANT ALTER ANY CONNECTION TO [myAdfUser]
Securable class 'server' not supported in this version of SQL Server.
I'm using (AFAIK) a normal Azure SQL Server database.
Is there any work around for this? Or is it just not possible for me to use these options on this Database?
Looks the question was solved by #Larnu's comment, just add it as an answer to close the question.
If you are using Azure SQL Database, then what the error is telling you is true. Azure SQL Databases are what are known as Partially Contained databases; things like their USER objects have their own Password and the LOGIN objects on the server aren't used for connections. The CONNECTION permission is a server level permission, and thus not supported in Azure SQL Databases.
I am trying the below query against SNOWFLAKE.INFORMATION_SCHEMA from account admin but it returning an error.
Query:
Select
'databases' as category,
count(*) as found,
'3' as expected
from SNOWFLAKE.INFORMATION_SCHEMA.DATABASES
where DATABASE_NAME IN ('USDA_NUTRIENT_STDREF','LIBRARY_CARD_CATALOG','SOCIAL_MEDIA_FLOODGATES')
Error:
SQL compilation error: Database 'SNOWFLAKE' does not exist or not authorized.
Checked SNOWFLAKE database exists but it does not have any schema including INFORMATION_SCHEMA
Databases live under your account. Account is the top level object in the Snowflake object hierarchy. Databases live under account. See this link, and find the text where it says, "The top-most container is the customer account...". It's got a nice little graphic there.
When you query information_schema on the Snowflake database, you're getting the information_schema of just the snowflake database, not of your entire account. Snowflake.information_schema is kinda useless b/c it just shows the information schema of a database (Snowflake) that you have no control over - Snowflake controls it.
If you want to see all the databases in your account, you can do the following:
use role accountadmin;
show databases;
select count(*) from table(result_scan(last_query_id())) where "name" in ('USDA_NUTRIENT_STDREF','LIBRARY_CARD_CATALOG','SOCIAL_MEDIA_FLOODGATES');
Now, separately, if you're concerned about the error you're getting - that you don't have access to the snowflake database, then I'd say you're either not using the accountadmin role, or you're not using a role that has the right privileges. If you'd like to give a role privileges to the Snowlfake database, you can run the following:
GRANT IMPORTED PRIVILEGES
ON DATABASE SNOWFLAKE TO ROLE {SOME_ROLE_OF_YOURS};
Good luck!
Someone deleted my azure database tables and procedures. Now I want to know from which workstation/ip this has happened.The person used db owner Id.
Azure portal activity logs don't give any details as deletion is done through sql queries.
I know how to see active sessions in sql service, but I want the history of sessions that existed in last 3 days with my database. Please help!
Using the below query can find the history of connection sessions, but it only can shows the local client IP address:
SELECT connection_id,
c.client_net_address,
c.session_id,
connect_time,
client_net_address,
client_tcp_port,
host_name,
program_name,
login_name,
row_count
FROM sys.dm_exec_connections c
JOIN sys.dm_exec_sessions s ON s.session_id = c.session_id
You will get the results like this:
Maybe it can help you know from which workstation/ip this delete operation has happened
Hope this helps.
I need to be able to stop Microsoft Office applications from connecting to my SQL database except if the login used is part of a specific AD group.
Only those within said AD group should be able to connect to the database with any Office application. This is even possible?
SQL Server 2012 Enterprise.
I know they're configured for the whole server, but I'm thinking of creating a trigger. I've created a table that is constantly updated with the AD users and created the below join. What I need is for everyone that is returned by this query to access the database with their desired Office app, and everyone who isn't returned to be rejected.
SELECT A.LOGIN_NAME, A.PROGRAM_NAME, B.LOGIN NAME
FROM sys.dm_exec_sessions A
JOIN AD_Group_Members B ON A.login_name = B.LOGIN NAME
WHERE session_id = ##SPID
AND program_name IN (N'2007 Microsoft Office system', N'Microsoft Office', N'Microsoft Office 2016', N'Microsoft Office 2013', N'Microsoft® Mashup Runtime')
I can't test this because I cannot get my hands of an adequate testing environment :/
So, would this work? Is there a better way of conducting this?
I know how to write the trigger, I'm just looking at getting the meaty bit right as I don't fancy blocking the wrong connections on a production box.
By default if you connect to a remote SQL Server via an account that has access to say 1 of the 10 databases. You will still see in the Object Explorer all other databases, obviously due to permissions you cannot actually query them, but you can see their names.
I have heard that there is a method that disable this behavior, but I've been unable to find the answer, does anyone know how to do this? To give an example I have a SQL Server called MyDbServer, it has 4 databases,
MyDatabase
YourDatabse
PrivateDatabase
ReallyPrivateDb
If you connect via an account that only has permissions to "YourDatabse" you will still see a listing of all other databases, attempts to query will grant "select" permission denied or a similar error.
For security resons, we DO NOT want users to see any database other than the ones they are mapped to.
This blog talks about methods for hiding DBs for both SQL 2000 and SQL 2005.
After having my client struggle with the identified resources I did some testing and created this blog posting with a bit more context and instruction on how to get this working.
The short of it is:
use master
go
deny VIEW any DATABASE to login1
go
where login1 is the login account that you want to limit.