Is there a query which I can use to grab the amount of sessions I can use concurrently? I am threading some database connections and getting the error:
ORA-02391: exceeded simultaneous SESSIONS_PER_USER limit
How can I get the value for this limit?
start with this query to find out how many sessions you are using
select count(*) from v$session where username='YourUser';
then find out how many you are allowed in the profile for your user
select profile from dba_users where username ='YourUser';
finally
select PROFILE, LIMIT
from dba_profiles
WHERE RESOURCE_NAME = 'SESSIONS_PER_USER'
AND PROFILE = 'YourUserProfile';
and the fix
Alter profile YourUserProfile limit SESSIONS_PER_USER 100;
Limits are in place for a reason as each session consumes resources. If you increase the limit some careful planning is in order for production systems so you don't run out of memory.
It's profile setting
SELECT * FROM DBA_PROFILES WHERE RESOURCE_NAME = 'SESSIONS_PER_USER';
You can change it using
ALTER PROFILE <profile name> LIMIT SESSIONS_PER_USER <number>;
or
ALTER PROFILE <profile name> LIMIT SESSIONS_PER_USER UNLIMITED;
Get the PROFILE for that user
select profile from dba_users where username = :who;
Then get the resource limit for that profile
SELECT P1.LIMIT AS "Concurrent Sessions (Per User)"
FROM DBA_PROFILES P1
WHERE P1.PROFILE = :PROFILE
AND P1.RESOURCE_NAME = 'SESSIONS_PER_USER';
Or
In SQL Developer, open the DBA panel and browse the users & profiles under 'security'
While the other solutions provide statements on altering the user session limit, the diagnostic queries did not work for me, although I am a complete beginner and maybe performed it incorrectly. The following queries from Atlassian helped me.
For checking number of sessions per user, so you can see which users are nearing their limit:
SELECT count(*) as connections,
username
FROM v$session
GROUP BY username
ORDER BY username;
and to check what that limit is set to be:
SELECT DISTINCT username,
profile,
resource_name,
limit
FROM dba_profiles
NATURAL JOIN dba_users
WHERE resource_name = 'SESSIONS_PER_USER';
From there, the rest of the linked site or other solutions here can presumably help with altering the limit to your needs.
Related
In the Security/Users folder in my database, I have a bunch of security groups, include "MyApplication Users". I need to check if I am (or another user is) in this group, but I have no idea how to query for it or where I could see this information. I tried looking in the properties, but couldn't find anything. Any ideas?
Checking yourself or the current user:
SELECT IS_MEMBER('[group or role]')
A result of 1 = yes,0 = no, and null = the group or role queried is not valid.
To get a list of the users, try xp_logininfo if extended procs are enabled and the group in question is a windows group :
EXEC master..xp_logininfo
#acctname = '[group]',
#option = 'members'
For a quick view of which groups / roles the current user is a member of;
select
[principal_id]
, [name]
, [type_desc]
, is_member(name) as [is_member]
from [sys].[database_principals]
where [type] in ('R','G')
order by [is_member] desc,[type],[name]
To find the AD Group members in the Instance, we can use below query:
xp_logininfo 'DomainName\AD_GroupName', 'members'
By using this query, we can find the below states.
account name, type, privilege, mapped login name, permission path
Accepted answer from DeanG is the preferred solution for getting this info within SQL Server
You can use Active Directory tools for this. I like Active Directory Users and Computers that is part of the Remote Server Administration Tools. Follow the link to download and install the tools on Windows 7.
Once installed, you can search for a specific group name:
Then you can see group membership using the Members tab:
If you don't want to use the AD browser packaged with RSA tools, there are several others available.
You don't.
Instead you use the users and groups to grant/deny privileges, and let the engine enforce them appropiately. Attempting to roll your own security will get you nowhere fast. A banal example is when you will fail to honor the 'one deny trumps all grants' rule. And you will fail to navigate the intricacies of EXECUTE AS. Not to mention security based on module signatures.
For the record: users, roles and groups are exposed in the sys.database_principals catalog view. sys.fn_my_permissions will return the current context permissions on a specific securable.
The code that is provided on the Microsoft page here works for me, every time.
SELECT DP1.name AS DatabaseRoleName,
isnull (DP2.name, 'No members') AS DatabaseUserName
FROM sys.database_role_members AS DRM
RIGHT OUTER JOIN sys.database_principals AS DP1
ON DRM.role_principal_id = DP1.principal_id
LEFT OUTER JOIN sys.database_principals AS DP2
ON DRM.member_principal_id = DP2.principal_id
WHERE DP1.type = 'R'
ORDER BY DP1.name;
Please let me know if this works for you!
I am new to Snowflake and am trying to create my first task.
CREATE TASK task_update_table
WAREHOUSE = "TEST"
SCHEDULE = 'USING CRON 0 5 * * * America/Los_Angeles'
AS
INSERT INTO "TEST"."WEB"."SOME_TABLE" (ID,VALUE1,VALUE2,VALUE3)
WITH CTE AS
(SELECT
ID
,VALUE1
,VALUE2
,VALUE3
FROM OTHER_TABLE
WHERE ID NOT IN (SELECT ID FROM "TEST"."WEB"."SOME_TABLE")
)
SELECT
ID,VALUE1,VALUE2,VALUE3
FROM CTE
I got a message that the task was created successfully
"Task task_update_table successfully created"
I then try to run show tasks in schema SHOW TASKS IN "TEST"."WEB" and get 0 rows as a result. What am I doing wrong? why is the task not showing?
I did all of this under sysadmin and was using the same warehouse, db and schema.
There are some limitations around show commands that might be blocking you,
particularly "SHOW commands only return objects for which the current user’s current role has been granted the necessary access privileges".
https://docs.snowflake.com/en/sql-reference/sql/show.html#general-usage-notes
I suspect the task was created by a different role (therefore owned by a different role), or perhaps it was created in different database or schema.
To find it, I'd recommend running the following using a role such as ACCOUNTADMIN.
show tasks in account;
SELECT *
FROM (
SELECT *
FROM TABLE(RESULT_SCAN(LAST_QUERY_ID())))
WHERE "name" = 'TASK_UPDATE_TABLE';
While testing and learning in Snowflake, it is critical you set your session "context" correctly, using commands like this:
USE ROLE my_role_here;
USE WAREHOUSE my_warehouse_here;
USE DATABASE my_database_here;
USE SCHEMA my_schema_here;
Doing those four commands, or setting defaults for them for your user will help you tremendously when learning.
I hope this helps...Rich
I am an IS auditor and I would like to check how we can retrieve the PASSWORD_VERIFY_FUNCTION assigned to users. I understand the script utlpwdmg.sql can be executed to setup the default password resource limits.
If changes were made using ALTER PROFILE, the script utlpwdmg.sql will not show the latest settings.
Please let me know what SQL commands I can execute to show what is the PASSWORD_VERIFY_FUNCTION stored and used in the system.
You can use this query to see source code of stored proc:
--Source of all password functions.
select *
from dba_source
where owner = 'SYS'
and name in
(
--The name of all password functions in use.
--See DBA_USERS.PROFILE to determine which user is using which profile.
select limit
from dba_profiles
where resource_name = 'PASSWORD_VERIFY_FUNCTION'
--Yes, this is intentionally the string 'NULL', that's what Oracle uses here.
and limit <> 'NULL'
)
order by name, line;
To find out what users are using PASSWORD_VERIFY_FUNCTION, you need to find out which profiles are using the function and then see which users are assigned that profile.
select profile from dba_profiles where limit = 'PASSWORD_VERIFY_FUNCTION';
select username from dba_users where profile = ;
We license our software by number of workstations.
I have a query that I have used for years to get an accurate count of the workstations logged in to my SQL Server database. For simplicity, all users use the same login name/password. This is built in to the script that attaches to the DB. They have access only to that DB with the exception of
USE [Master] GRANT VIEW SERVER STATE to MyUser
The query that has been working is below:
SELECT COUNT(Users) AS UserCount FROM (SELECT COUNT(Master.dbo.sysprocesses.hostname) AS Users FROM Master.dbo.sysprocesses LEFT OUTER JOIN Master.dbo.sysdatabases ON Master.dbo.sysdatabases.dbid = Master.dbo.sysprocesses.dbid WHERE (Master.dbo.sysdatabases.name = 'MyDatabase') GROUP BY Master.dbo.sysprocesses.net_address) AS UserCount_1
Basically this relies on the mac address (Master.dbo.sysprocesses.net_address), since both Workstation names and ip addresses can be duplicated.
Recently this has stopped working at a number of customers. Suddenly individual workstations are showing multiple net addresses for the same workstation causing a substantial overcount of users. This may be related to SQL Server 2012 - not sure.
What I need is a very reliable way to get a count of workstations logged in to my database.
If anyone can tell me why I am suddenly getting multiple net_addresses for each workstation and how to prevent that that would be one possible solution.
Otherwise if anyone can give me a rock solid way to get a workstation count other than the above that would be great. Our largest customer is 50 users by the way.
HERE IS AN EXAMPLE:
SELECT Master.dbo.sysprocesses.hostname AS Users, Master.dbo.sysprocesses.net_address FROM Master.dbo.sysprocesses
LEFT OUTER JOIN Master.dbo.sysdatabases ON Master.dbo.sysdatabases.dbid = Master.dbo.sysprocesses.dbid
WHERE Master.dbo.sysdatabases.name = 'mydb' GROUP BY Master.dbo.sysprocesses.hostname, Master.dbo.sysprocesses.net_address
RETURNS:
DAVID-PC 001CC490239E
FLOOR1 001CC41D8012
FLOOR2 CB8FEE6C5856
FLOOR3 A50B18FF1516
KER-PC7 6C626DEA68CC
LIZ-PC A4E553460E35
LIZ-PC EFE3F0E20260
LIZ-PC FD32F7B30360
PAP 9D35A704C29C
PAP CFB724BA1183
PAP D1A58A8878E6
PAP E9B116CA34B8
PAP F38B335A7AE6
Thanks in advance for any help.
You can get an accurate count of the users logged in to SQL Server database by the following query:
SELECT
DB_NAME(dbid) as DB
COUNT(dbid) as Numb
loginame as LoginNa
FROM
sys.sysprocesses
WHERE
dbid > 0
GROUP BY
dbid, loginame
Also you can get full details of connected users by this:
sp_who2 'Active'
Here is a way that will give you the number of IPs or MAC addresses connected to a given database. I'd go with IP as you might have multiple NICs/MACs in a given high end workstation.
SELECT COUNT(DISTINCT c.client_net_address) as DistinctIPCount,
COUNT(DISTINCT p.net_address) as DistinctMACCount
FROM sys.dm_exec_connections c INNER JOIN sys.dm_exec_sessions s ON c.session_id = s.session_id
INNER JOIN sysprocesses p ON s.session_id = p.spid
WHERE s.is_user_process = 1
AND p.dbid = DB_ID('yourdbnamehere')
I have created a login and database user called "MYDOMAIN\Domain Users". I need to find what roles a logged on domain user has but all the calls to get the current user return the domain username eg. "MYDOMAIN\username" not the database username eg. "MYDOMAIN\Domain Users".
For example, this query returns "MYDOMAIN\username"
select original_login(),suser_name(), suser_sname(), system_user, session_user, current_user, user_name()
And this query returns 0
select USER_ID()
I want the username to query database_role_members is there any function that will return it or any other way I can get the current users roles?
I understand that the Domain Users login is mapped into AD group?
You have to bear in mind that user can be in several AD groups and each of them can be mapped somehow in database which may be a bit messy. Also it means you need something with multiple results :)
Try this:
select * from sys.server_principals where type_desc = 'WINDOWS_GROUP' and is_member(name) = 1
I think it should grab properly all Windows Group logins that will be tied with particular users. After that you can join it for database users i.e.:
Select u.name from YourDB.sys.syslogins l
inner join YourDB.sys.sysusers u
on l.sid = u.sid
where l.loginname = ANY (select * from sys.server_principals where type_desc = 'WINDOWS_GROUP' and is_member(name) = 1)
You have to keep in mind that - all the way - you may need to handle whole sets rather then single values.