Someone created a database and I am a super user in PG Admin. When I tried to access the database tables by clicking on it, I received the error message "permission denied for relation table_name". It's a table for the Mayan database. I tried all kinds of methods, but I am unfamiliar with this and not sure how to go about doing it. I opened the SQL editor and entered the GRANT commands to grant myself access, but I keep getting "permission denied". I am using PG Admin.
Can anyone tell me how can I be granted access to the table?
To access a table you have to grant privileges to the tables with GRANT. First enter to the database and open a SQL editor then execute one of the next queries:
-- For all privileges
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO user
-- For viewing privileges
GRANT SELECT ON ALL TABLES IN SCHEMA public TO user
Note that you have to specify the schema.
Related
A user had an issue with a login to an application. The error is "The Update permission was denied on the object '{tablename}', database '{databasename}, schema 'dbo'.
The user already has permissions based on a role that already allowed other users to properly login, making the necessary entry into the "log" table.
When checking the user with this code,
EXECUTE AS LOGIN = N'[AD UserName]';
SELECT
permission_name AS [Permission]
FROM fn_my_permissions(N'[ServerName]', N'DATABASE')
ORDER BY permission_name;
REVERT;
the results were:
CONNECT
EXECUTE
SELECT
VIEW ANY COLUMN ENCRYPTION KEY DEFINITION
VIEW ANY COLUMN MASTER KEY DEFINITION
I expected this:
CONNECT
DELETE
EXECUTE
INSERT
SELECT
UPDATE
VIEW ANY COLUMN ENCRYPTION KEY DEFINITION
VIEW ANY COLUMN MASTER KEY DEFINITION
I granted Insert, Update, Delete and Execute directly to the user for the database. The permissions were still not showing Insert, Execute or Delete and still the user can not log in.
I applied permissions directly to the table. Again the user could not access the application due to the error when inserting into the table.
Additionally the user has access to other DB's on the server but I am not able to find why on this database the user's granted permissions are not correctly applied.
Where can I find if permissions are being altered due to server level permissions or other ideas i am not able to think of.
Thank you in advance
The issue was the user was part of a group that had db_denywriter checked on the same database.
The question still remains what is the best way to determine the permissions of a user, even if it's through a group permission, are denied or granted.
The lack of something should not equate to true, or false.
Thanks!
I am currently importing a dump file inside RDS Oracle 12C instance using impdp command.
Prior to that it is required to create few users & grant them required privileges.
I have following statements that I use on other non-rds databases.
GRANT UNLIMITED TABLESPACE TO "USERNAME"
GRANT "RESOURCE" TO "USERNAME"
GRANT "CONNECT" TO "USERNAME"
GRANT "EXECUTE_CATALOG_ROLE" TO "USERNAME"
When I run these prior to import, these commands return grant succeeded.
Now, when I run impdp, I get following errors in log:
Processing object type SCHEMA_EXPORT/SYSTEM_GRANT
ORA-31685: Object type SYSTEM_GRANT:"USRNAME" failed due to insufficient privileges.
Failing sql is:
GRANT UNLIMITED TABLESPACE TO "USERNAME"
ORA-39083: Object type ROLE_GRANT failed to create with error:
ORA-01924: role 'CONNECT' not granted or does not exist
Failing sql is:
GRANT "CONNECT" TO "USERNAME"
Same for other privileges as well.
I am running these commands using admin user that was created while spinning up the instance.
I have seen there's a different way of granting in AWS RDS on this link
How do I map that with what I'm trying to achieve here?
I'd suggest you NOT to use RESOURCE and CONNECT roles. These were popular back in 1990s as they contained the most common privileges one might need. However, best practice says that you should grant only privileges that are required for a certain user.
CONNECT nowadays contains only CREATE SESSION. RESOURCE contains several CREATE something privileges (table, procedure, trigger, ...) (query DBA_SYS_PRIVS to see them all). Do you really need CREATE CLUSTER? If not, well, don't grant it.
Try to add those privileges separately:
grant create session to username;
grant create table to username;
grant unlimited tablespace to username;
grant *whichever additional privilege USERNAME requires*;
Finally, just in case you didn't read it, this is the Importing Data into Oracle on Amazon RDS documentation, have a look; perhaps you'll find something useful.
Your case deals with a very specific situation Oracle Database permission to user. To grant a ALREADY EXISTING USER such a privilege (QUOTA UNLIMITED) is has to be done with this command:
ALTER USER xxxx_userName QUOTA UNLIMITED ON yyyy_tablespaceName;
I am learning oracle and PL/SQL. I have created a database called "PRACTICE" and created a user called "MITHRA" by connecting as a SYS.
My question is i want to grant privileges to the user "MITHRA" for the specific database "PRACTICE". The user "MITHRA" can able to do all activities like create, drop, alter etc.. only in "PRACTICE" database.
Please suggest me how to do this.
Oracle can only host one database so what you are asking for will essentially grant root privileges to this user, including drop database. This should be avoided on production from obvious reasons.
So in order to grant full access to user mithra:
Connect as sys and run the following command -
Grant dba to mithra;
That should give the user mithra all possible privileges for that database.
You can also use the grant command the grant any distinct privileges.
Just to be sure that we speak in the same terms.
Is the "PRACTICE" database or schema? If it is DATABASE then you should grant DBA, if it is schema then Oracle does not have statements to grant rights to schemas (only system and object priveleges). Reading your question makes me think that you come from MSSQL where you can grant to a specific user gratns to specific database, in Oracle it is a little bit different - to make an analogy - you do not have databases but schemas.
I'm a newbie on SQL, I'd like to know how to grant select and other permissions to a specify user in Azure Sql Server.
I'm trying to use AUMC to do this, I've created a new login as well as a new user test and grant all permissions I can select on AUMC. (for master database, I've assigned roles loginmanager and dbmanager to test, for other database, I've assigned permissions db_owner, db_securityadmin, db_accessadmin, db_backupoperator, db_ddladmin, db_datawriter, db_datareader, db_denydatawriter, db_denydatareader to test).
After the setting, I'm trying to login to the Azure SQL Server via ssms. The login is success, but I cannot find any tables on the database except the System Tables.
And when I execute SELECT TOP 1 * FROM <a_table>, it returns The SELECT permission was denied on the object <a_table>, database <the database>, schema dbo.
The problem is likely that you are adding your test user to the db_denydatawriter and db_denydatareader roles. These roles prevent the user from reading or writing in the database, overriding the permissions granted by other roles like db_datawriter and db_datareader. Try removing your user from these two 'deny' roles.
For more information on the various database-level roles, see: https://msdn.microsoft.com/en-us/library/ms189121.aspx
Using SQL Server 2008.
I created a new database, created a new user and mapped the user to the same login name.
Gave the user all the roles available including db_owner.
The user created a new table but when the user tried to select from the table, an error "The SELECT permission was denied on the object ...." showed up.
Why doesn't the user have select permission if the user is member of the db_owner and db_datareader roles?
I recall this used to work before.
MOst likely the user isn't actually the DBO. Check the table name is [dbo].[tablename] and that the user actually is the dbo.
Actually - More information about the error would be nice. Cause you usually have select access to tables you have created.
Are there any deny permissions set?