Am working on Sybase ASE 15.5.
I have 2 databases created in the same server, "DatabaseA" and "DatabaseB". The database owner is "User".
Logging in as "User" I created a table in "DatabaseB", called "TableA".
Now, my user has access to both database, but the default database is "DatabaseA".
This is sucessful when i login to DatabaseA:
USE DatabaseB
GO
SELECT * from DatabaseB.User.TableA
GO
But this is not:
USE DatabaseA
GO
SELECT * from DatabaseB.User.TableA
GO
It tells me that there is "No such object or user exists in the database".
I have Googled and most sites say that if the user has rights, then you only need to append the database and owner name to the table to access it. But it does not seems to work for my case.
I have tried creating a non DBO user "User2", and assigning it select rights using
GRANT SELECT ON DatabaseB.User.TableA to User2
and sp_helprotect shows that the rights is there for this user. But the results are exactly the same as when i query it with User.
Below is the result from sp_helprotect
grantor | grantee | type | action | object | column | grantable
'User' | 'User2' | 'Grant' | 'Select' | 'TableA' | 'All' | 'FALSE'
Is there anything configuration or setting that needs to be checked to enable this?
EDIT (22 July 2015)
Just discovered something. There are a few tables with DatabaseB that i can access from DatabaseA, but not all tables.
For example, there is TableA, TableB, TableC, and TableD in DatabaseB. Out of which TableB and TableD can be queried from DatabaseA using
USE DatabaseA
GO
SELECT * from DatabaseB.User.TableB
GO
SELECT * from DatabaseB.User.TableD
GO
which is sucessful. And
USE DatabaseA
GO
SELECT * from DatabaseB.User.TableA
GO
SELECT * from DatabaseB.User.TableC
GO
fails.
Help!!!
try SELECT * from DatabaseB..TableA to fetch the result from different database
also you can do below
use DatabaseB
SELECT * from TableA
you must at least have read access to the database .
Just another example :
Just another example:
select tabA.*,tabC.* from DatabaseB..TableA tabA, DatabaseA..TableC tabC
where tabA.xxx = tabC.xxx
The ASE server login seems to be 'User' -- a login is the thing that needs a password. This is not the same as the database user inside a database. THis mapping is established with 'sp_adduser'.
To resolve your problem, you need to figure out which DB user you are.
Run the following:
use DatabaseA
go
select user_name() user_in_A, suser_name() login_name
go
use DatabaseB
go
select user_name() user_in_B, suser_name() login_name
go
The output of these queries should help you move forward.
Having a login and user caled "USER" is not a good idea as it is also the name of the system function that returns the name of the current user. Can you try the same query using a different user altogether (eg. "bob")?
You may need to grant the appropriate permissions to bob but at least there won't be any confusion about user names.
This is further to RobV's comments (I don't have enough rep to add comments though!)
Related
I've been reading many answers but I am too weak at TSQL to filter out what I need.
I created a contained user for 1 DB...
CREATE USER appuser WITH PASSWORD = 'strongpwd';
So I need to allow a user in to read only the contents of 1 table - tableA (there are others in the DB) and do absolutely nothing else in the DB.
I do not want to affect any other users. I just want the user to be able to access the DB via say SSMS, see only tableA (well this is not that important), read it.
There are two ways one is to directly grant explicit SELECT only on Table 1 and the second one is to create a role, grant SELECT to role and addd the user to the role. Typically second way is the preferred way and can be done as below
CREATE ROLE [role_name]
GRANT SELECT ON [Table] to [role_name]
EXEC sp_addrolemember '[role_name]', 'appuser'
I am new to databases. Here I have logged in the user account:System
I then create a new user raj using the following command
create user raj identified by raj
Then I connected to the user raj using following command
grant connect to raj
Here I am granting privileges on the table client_master to raj
grant all on client_master to raj
Now I want to select the contents of table client_master
select * from raj.client_master
but it is giving an error that such table does not exist.
A quick search on google and you would find out that the select right is as simple as select.
grant select on client_master to raj;
However, it is not the real problem as when executing this command grant all on client_master to raj the select privilege is already included.
So here are the possibilities why you get this error :
The table does not exist (you need to create it).
It is in another schema, and you did not specify it.
You made a typo when writing client_master.
My guess is that you created the table in sys schema (which is really a bad idea btw) so the problem is the option 2 in the one I listed.
Try
select * from sys.client_master;
Note that if you don't want to always specify the prefix, you can create a synonym.
create synonym raj.client_master for sys.client_master;
Then
select * from client_master;
Would work.
Try running below command -
GRANT EXECUTE ON Find_Value TO smith;
This may help you to resolve your issue.
When I want to select from table Y in database X I can use
select * from [X].[dbo].[Y]
or
USE X
select * from [Y]
Is there any reason to prefer one over the other?
dbo
Using dbo as the owner of all the database objects can simplify managing the objects. You will always have a dbo user in the database. Users in the database will be able to access any object owned by dbo without specifying the owner as long as the user has appropriate permission.
USE X
When a SQL Server login connects to SQL Server, the login is automatically connected to its default database and acquires the security context of a database user. If no database user has been created for the SQL Server login, the login connects as guest. If the database user does not have CONNECT permission on the database, the USE statement will fail. If no default database has been assigned to the login, its default database will be set to master.
Understanding the Difference between Owners and Schemas in SQL Server
USE (Transact-SQL)
I'd tend to use [server].[database].[schema].[table] in instances where a script may query mutliple tables from multiple databases.
The USE [database] would typically be used in scenarios where all statements were to apply to the same database and you needed to make sure they were applied to the correct database. Have you ever connected to a server and run a script only to find you ran it on the master database?
USE X will change the context to X and all the following statements will execute under the context X.
But X.dbo.Y will access the object Y without changing the current context.
Eg: Let us consider there is two databases DB1 and DB2. DB1 contains table T1 & T2 and DB2 contains tables U1 & U2.
Now,
USE DB1 -- here context set to DB1
select * from T1 -- works fine
select * from U1 -- gives error, because U1 is not in current context
select * from DB2.dbo.U1 -- works fine, because it access the context DB2 from current content context DB1
select * from T2 -- works fine
USE DB2 -- here context changed to DB2
select * from U2 -- works fine
select * from T1 -- gives error, because T1 is not in current context
select * from DB1.dbo.T1 -- works fine, because it access the context DB1 from current content context DB2
by using first Query you can perform that selection from other databases.In the same window you can have the selection for other data beses also.
But By using second selection, From the same window you can have selection for that(USE X) databse only.
Sometimes you want the schema and database to be dictated by the login, and in this case you should simply use the object name. That's one reason to not fully qualify them.
How can I restrict some users in DB2, not to see the table structure. I set the user privilege and restrict user from table access. so that user can not select data or change table but still can see the table structure or describe it.
This problem refers to row access in tables which is added in db2 version 10.
I had this problem too.
you can use this version - if applicable- and restrict user access from specific table structures.
You need to remove the select grant on catalog tables. For example, the following query should return 0 rows when executing with q restricted user.
db2 "select tabschema, tabname from syscat.tables"
All tables and views in the following schemas should not have select on public, nor in any group the restrictive user is in.
sysibm
syscat
db2 revoke select on SYSIBM.SYSTABLES from username
I am trying to set up the trigger in a way that when the administrator (not users) make any changes to the database, all the changed data with the administrator name and time gets saved in the audit table (already created) that has all the possible fields.
I have created triggers on each table for any sort of updates in those tables. The trigger saves the information in audittable. However, i want to restrict this action for administrators only. Like I only want to keep the record of changes made by adminsitrators with their name, time and changes made by them(I have a separate table for adminsitrator names, username, pw and all that).
Can someone please help me with that.
Thanks
To get the user you may use:
server level (login)
select system_user , suser_sname() , suser_sid()
db level (db user)
select session_user , current_user , user , user_name() , user_id()
Than and check that this user is admin or not in that additional table.
You can try one of these two functions, depending on what you define as "administrator".
SELECT IS_MEMBER('dbo'), IS_SRVROLEMEMBER('sysadmin')
The IS_MEMBER function evaluates the database role and the IS_SRVROLEMEMBER evaluates the server role. So, if you want to know if the user is a database admin, you would use IS_MEMBER. These will work for user-defined roles as well as built-in roles.
UPDATE:
Here's an example of the trigger that would add data to the audit table when a server administrator inserts data to the table.
CREATE TRIGGER trg_InfoUpdates ON tblCustomerInfo
FOR INSERT AS
IF IS_SRVROLEMEMBER('sysadmin') = 1
BEGIN
INSERT INTO tblAuditLog (CustomerID)
SELECT CustomerID
FROM inserted
END
;