I'm about to migrate from Goldmine database to Suitecrm database. In Goldmine they have user groups and members, Im unable to locate that table where the groups/membership for each users has been stored in the Goldmine database. Can you please help me at the earlist!
Thanks in advance!
GoldMine stores the group membership in the U_security field in the users table. Unfortunately it is encrypted by the application and you will require the API to get access to it.
Related
I need to structure the roles in snowflake and need advise for it.
Currently, there are two databases: basedb and computedb. basedb is the database where we load the data and the data is not transformed. more like a landing zone.
computedb is where the transformation happens and there are dozens of functional teams and each would have a schema like content team has content schema and there could a schema which can be shared across multiple teams.
all the teams/ schema inside computedb can read from basedb but there are teams that are reading from transform schema of other teams and that is where I need assistance.
all custom roles are under sysadmin and we have a read and write role per schema.
Now analytics schema wants to read from sales and marketing schema as well.
should just give the read access of sales and marketing to analytics? like shown in picture (issue is that the teams might need to access more schemas in future from other schemas in transform)
or should we create a new role for all the schema in computedb which needs access to other schemas of computedb?
Open to more suggestions.
A role hierarchy is the easiest to build and maintain, whilst giving you flexibility.
Create role(s) that give you the required access to each schema.
Create a role for each team and assign to it the appropriate roles to give them access to the schemas they need
I am looking for your suggestions on Snowflake Role based Access control hierarchy which I created for a Snowflake data warehousing project.
Basically, we need to maintain different client data with different databases. This database creation process is automated with a script including create databases(DEV, QA and PROD), roles etc.. for a specific client. Here I have created a hierarchy with 3 different default roles for a database.
ADMIN_{ENV}_{CLIENT_ID}
READ_WRITE_{ENV}_{CLIENT_ID}
READ_{ENV}_{CLIENT_ID}
Then I created a set of roles which have access to all databases like..
ADMIN_{ENV}_ALL
READ_WRITE_{ENV}_ALL
READ_{ENV}_ALL
Hope below image illustrates that..
My questions are:
Is this right approach to continue?
When creating database objects, which role should I use? SYSADMIN? For example: for creating database objects in CLIENT_1_DEV_DB database, should I use ADMIN_DEV_CLIENT_1 role or SYSADMIN?
ADMIN_DEV_CLIENT_1 role should be able to create new users and grant the privileges. In that case should I use USERADMIN or SECURITYADMIN? Are there any methods to restrict that to database level?
There is a use case to clone a schema in a database if any issue occurred. In that case How to manage the grants? When we clone a schema, the roles are not retained to the cloned schema. In that case what is the best approach to copy the grants. having another role with MANAGE GRANTS privileges and use that?
Hope you suggestions on these. Thanks
A couple of RBAC approaches articles to help you fine-tune yours:
https://servian.dev/snowflake-role-based-access-control-simplified-41a3ddf34729
https://medium.com/snowflake/a-functional-approach-for-snowflakes-role-based-access-controls-5f0e84e80146
https://www.analytics.today/blog/introducing-snowflake-rbac
I have a requirement to list down all the tables created under snowflake schema.
I tried using "Show Tables" and "Information_Schema.Tables", but these only list the tables accessible to me. I need to be able to see the entire list of tables irrespective of the access.
Is there a way I can do it other than Admin access?
You can list all the tables for which you have access privileges - which role(s) that is depends on how you've set up your account
You cannot see any information, even the names, of tables that you do not have access to. This is fundamental to Snowflake's role-based access. Your user must be assigned a role that has the necessary access.
I am trying to share my Snowflake Database(default metadata)--> Account_Usage schema --> Query_History table to another managed account (i.e. reader account) but the data is not visible in another account.
is there any way to share the snowflake database without duplicating the data?
I am getting error as Already Imported Database (i.e) SNowflake cannot be shared for Datashare option.
for a Managed account for usage, I Snowflake database and schemas are available but are not able to see the data which is available.
According to the documentation you can't re-share any database that is shared with you:
Shared databases and all the objects in the database cannot be forwarded (i.e. re-shared with other accounts).
Since the Snowflake database is one that is shared to you from Snowflake, this is probably why you're having issues.
If you need to do this your best bet is to create a table and populate it with the data you need from the Snowflake database and share that table instead. Although it is strange that you'd want to share this info with another account.
Your other option would be to create database/schema in your account with views over the account usage data that you want to share, create a role that can access only that, and then provide a user login with that role only to the group needing to do analytics on your data.
I know sybase supports two types of temp tables, one starts with # and can't be shared by sessions. The other one is created with tempdb.. prefix which can be shared by sessions or users.
My question is:
Are tables created in tempdb accessible to other users as well?
How to control the access or how to prevent the table created by userA from being modified/dropped by userB?
I googled for a while but didn't find any information on this.
I'm using sybase at work but don't have admin access to create new user so I can't do the test.
Can someone who have experience please advise?
please refer to http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc32300.1570/html/sqlug/X10118.htm for details.
i also test the behavior on sybase ase 15.7.
the result as same as the previous link.
Are tables created in tempdb accessible to other users as well?
Yes.
How to control the access or how to prevent the table created by userA from being modified/dropped by userB?
There seems no method about the tempdb..xxx tables.