I have a website that does two things:
1) It allows users to select a group from the dropdown menu and push a button to run a report on a group that already exists in our database.
2) If a group is not already in the group list, a second page allows the user to input some group information to our database (with the idea that they could then run a report on that group.
When the website coder created the website, he put the dropdown menu options into one database and has the collected group information going into another.
Problem:
Once the new group information has been collected, I need to update the drop down table in the other database to include the name of the new group.
The easiest fix would probably be to have the website update both tables, but we not longer have the services of the guy who coded the website and I need to get this fixed. So, I want to fix this on the database side.
I was thinking I could do that with an insert trigger, however, other strings state that cross-database triggers aren't a kosher thing to do.
Further complicating the matter, our databases are both hosted on Microsoft Azure. I found a post about doing a select from two statements on Azure and am trying to work through it to create a cross-database query right now. I am still unsure how I will solve the problem of needing data in both databases though.
What can I do?
Related
I'm working on a Microsoft BI project.
I am currently in the process of connecting my systems to SQL Server. I want to connect my Active Directory to a table in SQL Server and I want to sync to one table per hour. This means that every hour the details of the Active Directory will be updated.
I realized that it is necessary to use SSIS to do this I would be happy for help to connect my AD to SQL Server with the help of SSIS.
There are two routes available to you to sync AC user classes to a table. You can use an ADO source in an SSIS Data Flow Task or you can write custom .NET code as part of a Script Source. The right answer depends on your team's ability to maintain and troubleshoot a particular solution as well as the size of your AD tree/forest. If you're a small shop (under a thousand) anything is going to work. If you're a larger shop, then you need to worry about the query mechanism and the total rows returned as there is an upper boundary of how many results can be returned in a single query. In that case, then a script task likely makes more sense as you can more easily write a query to pull all the accounts that start with A, B, etc. I've never worked with Hebrew, so I assume one could do a similar filter for aleph, bet, etc.
General steps
Identify your domain controller as you need to know what server to ask information from. I do not know how to deal with Azure Active Directory requests as I believe it works a bit different there but haven't had client work that needed it.
Create a Connection Manager for ADO.NET . Use the ".Net Providers for OleDb\OLE DB Provider for Microsoft Directory Services" and point that to your DC.
Write a query to pull back the data you need. Based on the comment, it seems you want something like this
SELECT
distinguishedName
, mail
, samaccountname
, mobile
, telephoneNumber
, objectSid
, userAccountControl
, title
, sn
FROM
'LDAP://DC=domain,DC=net'
WHERE
sAMAccountType = 805306368
ORDER BY
sAMAccountName ASC
Using that query, we'll add a Data Flow Task and within it, add an ADO.NET Source. Configure it to use our ADO.NET Connection manager and use the above query (adjusting for the LDAP line and any other fields you do/don't need)
Add an OLE DB Connection Manager to your package and point it to the database that will record the data.
Add an OLE DB Destination to the Data Flow and connect the output line from the ADO.NET Source to this destination. Pick the table in the drop down list and on the Columns tab, make sure you have all of your columns connected. You might run into issues where the data types don't match so you'll need to figure out how to handle that - either change your table definition to match the source or you need to add data conversion/derived columns components to the data flow to mangle the data into the correct shape.
You might be tempted to pull in group membership. Do not. Make that a separate task as a person might be a member of many groups (at one client, I am in 94 groups). Also, the MemberOf data type is a DistinguishedName, DN, which SSIS cannot handle. So, check your types before you add them into an AD query.
References
ldap query to get disabled user records with whenchanged within 30 days
http://billfellows.blogspot.com/2011/04/active-directory-ssis-data-source.html
http://billfellows.blogspot.com/2013/11/biml-active-directory-ssis-data-source.html
Is there a particular part of the AD that you want? In any but the smallest corporations the AD tends to be huge. Making a SQL copy of an entire forest every hour is a very strange thing that may have many adverse effects on your AD, network, security and domain-wide performance.
If you are just looking to backup your AD, I believe that there are other options available, specific to the Windows AD (maybe even built-in, I'm not an AD expert).
If you really, truly want to do this here is a link to get you started: https://social.technet.microsoft.com/Forums/ie/en-US/79bb4879-4d82-4a41-81a4-c62afc6c4b1e/copy-all-ad-objects-to-sql-database?forum=winserverDS. You can find many more articles on this just by Googling "Copy AD to Sql".
However, heed the warnings well: the AD is effectively a multi-domain-wide distributed database, attempting to copy it into a centralized database like SQL Server every hour is contra-indicated. You are really fighting against its design.
UPDATE Based on the Comments:
Basically you've got too much in one question here. Sql Server, SSIS and the Active Directory (AD) are each huge subjects in and of themselves and the first time that you attempt to use all of them together you will run into many individual issues depending on your environment, experience and specific project goals. We cannot anticipate all of them in a single answer on this site.
You need to start using the information you have from the following links to begin to implement this yourself, and then ask specific questions as you run into problems along the way.
Here are the links that you can start with,
The link I provided above from MS: https://social.technet.microsoft.com/Forums/ie/en-US/79bb4879-4d82-4a41-81a4-c62afc6c4b1e/copy-all-ad-objects-to-sql-database?forum=winserverDS
The link that you provided in the comments that explains how to setup ADSI as a linked server and how to use T-SQL on it: https://yiengly.wordpress.com/2018/04/08/query-active-directory-in-sql-server-with-linked-server/
This one explain how to use AD from within an SSIS DataFlow task (but is limited to 1000 rows): https://dataqueen.unlimitedviz.com/2012/05/importing-data-from-active-directory-using-ssis/
This related one explains how to use AD within an SSIS Script task to get around the DataFlow task limits: https://dataqueen.unlimitedviz.com/2012/09/get-around-active-directory-paging-on-ssis-import/
As you work your way through this you may run into specific problems, which you can ask about at https://dba.stackexchange.com which has more specific expertise with Sql Server and SSIS.
Based on your goals, I think that you will want to use a staging table approach. That is, use your AD/Sql query to import all of the AD users records into a new/empty temporary table that has the same column definition as your production table, then use a Merge query to find and update the changed user records and insert the new user records (this is called a Differential or Type II update).
I have created a data entry application that works like this. All data entered goes in to an ACCESS table. At any time the user can hit the update button and the new data in the ACCESS table updates a table in a SQL Server data base. Recently, we have a need for multiple people to be doing data entry at the same time, and I am a bit confused about what is happening with the ACCESS table. I conducted experiments with two users updating the access table then closing the app before updating and after updating. My question is this: everything seems to work fine, no data is missing from either the ACCESS table or the SQL Server table. This begs the question of where does the ACCESS table reside when two versions of the app are open at the same time. Are there two versions of the ACCESS table or just one version that is used by both applications. I think it's the latter but I am not sure, because when we hit the update button on one users pc the data from both users is updated. I am trying to decide if I need to put the ACCES table up on SQL SERVER as well but would like to avoid the extra work.
Thanks
JPL
Found out I have this wonderful software on my PC after working here for almost 3 years :)
So, with that said, I am a complete newbie at this. I can do the basics, which is mostly all I'll need to do with what I'm looking for, except I haven't seen how to do what I want.
What I want to do is query a SQL Server 2008 database table, gather specific data, but have end users only be able to update 2 columns of the data.
Example:
http://i.imgur.com/PfkouWn.png?1
In the above image, I want the highlighted columns to be editable to the database and the others set as read-only.
If I right click on the columns and edit the Text Box properties, there's an option in the Display tab called 'Read-only', which is probably what I'm looking for...right?
http://i.imgur.com/EleWfeP.png?1
I guess my question is, am I on the right track here? Do I create a general user in SQL Server that can read and write to the table and it will work?
Yes you are on the right track. All those fields that you don't want changed need to be marked as read only.
As for SQL Server users, you may be better off creating a Role and setting the permissions on that role. Then add your users to that role.
When first time I created my App, I created a Database using Microsoft SQL SERVER Management Studio and I connected my App with it.
I created another DB with the same tables and every thing but with diferent names and I let my App to connect to the second one because I want to make some changes and when I am trying to edit my DataSet with Wizard I get this tables page :
as you can see my app couldn't find the right tables and when I am trying to select LastWork table as in the pic, it will make the table name in the DataSet LastWork1.
How I can fix this problem? and let it find the right tables
I've seen this problem when using copies of databases as well, after pointing to a different connection in the settings area of the project properties. The XSD evidently hard codes each DbObjectName with the name of the database and schema in use at design time. One approach to fixing it is to open the wizard for the appropriate dataset, uncheck the red-x objects with the missing references, close the wizard, then re-open it and re-select the objects that are needed. This is not ideal in a large xsd if many findby queries, custom columns, etc. have been added. So an alternative is to do a find and replace on the database name within the XSD itself.
Interestingly, my experience has been that an application runs fine when the connection string points to a differently named but otherwise identical database.
I am building a application in silverlight which will enable users read information about their payment. Their login and password will be save in table in db.
It is possibility to improve security in my app by limiting what data a query has access to? For instance i want to prevent a user from selecting data they do not own. A limitation is that my application is using a its own table for users, so i cannot use GRANT PERMISSION :/. I am using Linq to build my sql queries.
This question is from my teacher who "suggest" me to improve security, so if it's impossible - it's no big deal ;)
Well, it is kind of a vague question you've asked, but I'll hazard a stab at it.
You must be doing some authentication on the user's identity to only be showing them their payment, as opposed to someone else's payment. So, if you can do that, you should be able to create triggers that disallow any insert, updates, or deletes on your tables from those same identities... I don't think this is a very robust or scalable solution, but it's an idea.
CREATE TRIGGER [x] ON [TABLE] FOR INSERT
/* Disallow Users to insert */
IF EXISTS( SELECT 1 1 FROM [Users] WHERE [Users].UserID = [Y])
--Rollback transaction, set error, etc
Do you have any more details? Anything else could be helpful in finding a better solution.
A fine tuned access control for database resources is a very uncommon method of securing your application. User level access control is best implanted by the application. The sql user account used by the application should be as restricted as possible. For instance it should only be able to use the database(s) it needs to function, and nothing more.
There is 1, and only 1 project that has fine grained access control for a sql database, and that project is SE-PostgreSQL.
"It can provide fine grained mandatory
access control to various database
objects such as tables, columns or
tuples and can apply consistent
authority of remote/local client
integrated with operation system
independent from database
authorization."
Create a view named 'MyPayments', on the 'Payments' table. Make sure you have a WHERE clause in the view definition, so that the view returns only the relevant data to each user. Here is what the WHERE clause of your view will look like:
WHERE PaymentOwner = SUSER_SNAME()
The SUSER_SNAME() system function returns the currently logged in user's login name. If the first user logs in with the login name 'User1' and inserts a row, his/her login name is stored along with the row. The SUSER_SNAME() function in the WHERE clause of the view definition makes sure 'User1' see only those rows that have the 'PaymentOwner' column set to 'User1'.
More here