My Background is MySQL/PhpMyAdmin and there I can create easily new database by entering the name in Phpmyadmin, But I'm facing problem to creating database in Oracle SQL Developer... I already connected HR_ORACLE default database and test the connection. But I don't know how to create new database?
You usually only have one database (=instance) in Oracle. A database in Oracle is something completely different than a database in MySQL. Actually MySQL calls databases "schemas" and that's what they are best mapped to in Oracle.
To create a new schema in Oracle, you create a new user. Those two things are more or less the same (there are some subtle differences, but as you are a beginner just assume that it's the same for now).
To create a new user, you need to connect as a privileged user (typically SYSTEM or SYS) and run the CREATE USER command.
I don't use SQL Developer but I think it has some DBA tools built-in that can probably help you with that. Just seach for "user management" or something similar. You do not want to create a new database if you have Oracle up and running.
Further reading:
2 Day DBA - Administering User Accounts and Security
SQL Developer's User Guide - Create/Edit User
Database Administrator's Guide - Managing Users and Securing the Database
Concepts Guide - Oracle Instance Architecture
Edit (as you seem to be confused about the new user):
Each user can (by default) only access the tables that were created under that user (the ones that user owns). So if you create a second user NEWBIE and log in with that user, you won't be able to access the tables of the user (schema) HR_ORACLE. If you create a new table as NEWBIE that table is created in the schema NEWBIE and is owned by the user NEWBIE. The user HR_ORACLE can not access the tables owned by NEWBIE (unless given the necessary grants)
Related
Thanks in advance for reading!
Note: I've read everything else I could find about this on SO, but don't see this particular question asked.
I don't want to muddy (or break) our 3rd party production ERP database ("B") with objects of my own, so I created a database ("A") in another instance and use it as the home of various objects that serve our custom applications.
I have a stored procedure in A that selects from tables in B, and returns a dataset. It works beautifully for me from my app using Windows authentication, because I am an admin on both servers. But I am one of the rare users who have Windows Authentication in the ERP db. By default, users in the ERP are created with SS authentication.
If it's a reasonable practice (and because maintenance of my objects would be simpler than with certificates), would it make sense/be possible to create a SQL authenticated user on A (and maybe B) that has execute permissions on the sp in A and read permissions on tables in B?
If not, and in order to avoid dealing with certificates whenever I modify a procedure, I'll probably create server logins on A and B for new Active Directory groups, and create database roles for the groups.
Thanks again for your interest!
I have a simple logic question which I don't understand for now. I am currently working on a simple winforms application which should allow users to register and login to a database (SQL Server database). That users should be able to, for example, buy something. Now I wonder If I need to create a database user which is allowed to modify that record to change their data or if there is another possibility to do that. I think most people create a table which stores all users and their information but how do they connect to the database if they are not a database user? Im a bit confused and I am pretty new to databases.
I'm a new sql user (3 days) and I'm having some problems querying data from database tables I've created, whereas there is no problems querying the default 'postgres' database tables. My first thought was that it was a access/privilege problem, but had no effect. I did also notice that my database activity in the dashboard is always idle, whereas the default postgres database is always active. So it looks like my database is available but not connected. Can I choose which database to connect to? Ive been checking the docs, but can't find how to make my database active. Any help appreciated. Thanks
When you connect to PgAdmin to a Postgres instance you get to choose which database you want your queries to work against. You can see an example here.
If you cannot see your database once you connect to the instance you might either:
1) not have the db created in that instance.
2) not have permissions to view/access it. For this one you may need to ask to the administrator of the db for the relevant permission grants.
Apologies in advance for the long post, I am trying to be as clear as possible. Is there a way to disable a user / Windows AD group accessing a database via SQL Server Management Studio (SSMS)?
I have an desktop application that uses a SQL Server 2005 database. The application runs as the user logged onto the machine (unfortunately we can't change that otherwise this would be simple). The database is permissioned with groups (but it would apply to users as well) to give access to the appropriate schemas and objects that the user requires. The users have (and need) the ability to select, insert, update and delete data to complete their process.
The application carries out a series of validation and auditing steps on the user input to ensure they are entering decent data (and for some additional business processing). A user could open SSMS and make these changes through the query editor avoiding the application completely which is what we are trying to avoid. What I am looking for is a way to stop the users updating the database through any tool other than the application provided.
I have found a couple of similar posts (including How to disable SQL Server Management Studio for a user) but these don't quite cover this issue as they work on restricting user access or using different logins.
The only solution I can think of at the moment is to have a set of tables where the user data goes initially and then another process picks this up, runs the application processes on and then puts the data into the master / source tables. Then I could restrict user access to the master tables.
This appears to be a good scenario for an application role.
What's a good way to manage and maintain SQL Server logins, server roles, and individual access rights across multiple databases that exist in multiple environments? What are your best practices?
Some info about my situation:
SQL Server 2005
We have N amount of "client" databases with identical schemas (in theory, at least)
We have a central "admin" database that references each client database and can hold configuration values
This "admin/client" pattern is duplicated across multiple environments (dev/qa/stage/prod)
Some users, like testers, need different rights based on evironment
We frequently have to pull client db backups from one environment to restore on another for development or testing purposes
We keep our stored procedures and scripts in source control and deploy in a build cycle
Right now my organization is chaotic and we don't follow good security practices. We have no formal DBA. However, if we got any more complex it would be a constant hassle to maintain it all the time. I could see migrating to a new server or recovering from disaster being extremely time consuming if we where to attempt configuring it directly through the management studio IDE.
First, to make restoring a database to a different server easier, make sure that your logins all have the same SID on all of your servers by using the sp_help_revlogin stored procedure from Microsoft to script the login on the first server you create it on and then use the script to create the login on your other servers. This keeps the database user mapped to the login correctly when you restore the database.
Having different permissions at the database level depending on the environment is going to be a hassle to a point no matter how you role this out. I have a stored procedure in master that gets called on my Dev Server as a part of my restore process that performs the additional GRANT's on the database to give the developers access to make changes. That's the best I have been able to come up with to solve similar problems.
A way to make the rights easier would be to create rolls in the database called Dev, QA, Test, Prod and grant the correct rights to those roles. Then as you restore the databases to each environment just drop the developers in the correct role.
We use active directory groups and enforce windows authenticated logins. From within SQL Server we can then define access based on the AD group the user is in by creating a single SQL Server login per AD group. Not sure if this is any better or worse than DB roles, but it means the roles are managed outside each database.
Propagating access to databases is then either a manual operation or a short SQL script to ensure the logins in the database point to a valid SQL Server login (which in turn is an AD group).
Generally this works well for the general case. We can use DB roles then to assign the builtin roles (e.g, db_datareader) to each AD group
Rarely someone needs some specific access to a database outside this model. We either end up opening it up to the group as a whole if it's not going to be invasive or critical or we'll end up creating a per-user account that has to be managed separately. We endevour to keep these to an absolute minimum, and clean them up every now and then so they're not abused/forgotten about.