While converting an Oracle code block I found this:
IF :NEW.username != USER THEN
Now, my question - what exactly is USER in Oracle? In SQL Server I have:
SELECT name FROM sys.server_principals
Is the 'name' here same as Oracle USER?
In SQL Server, the NAME in sys.database_principals is the USER. There was a similar question in dbastackexchange here https://dba.stackexchange.com/questions/22803/listing-the-existing-sql-server-logins-and-users
In Oracle, USER is an account through which you can log in to the database, and to establish the means by which Oracle Database permits access by the user.
For example, I connected to the sample schema "SCOTT", I connect like :
conn scott/tiger#database
So, here the user is "SCOTT". Let's see :
SQL> show user;
USER is "SCOTT"
Related
I created a new SQL server with a database in Azure and after logging in with the admin account I added a new user that I wanted to only have access to one database.
In SSMS I right clicked on mynewdatabase database and selected New Query.
I executed
CREATE USER mynewuser WITH PASSWORD ='good password here';
ALTER ROLE db_owner ADD MEMBER mynewuser ;
Now after logging in as mynewuser I can still see the master database.
The question is how do I restrict mynewuser to only access mynewdatabase?
I'm sure this is something basic.
In SQL Server, including Azure SQL DB, all users can can see all system databases in sys.databases. This is not the same as being able to connect to them or run queries in them. This does not disclose any sensitive information as these are system databases and whether you saw them listed or not you would know they were there. See https://msdn.microsoft.com/en-us/library/ms178534.aspx#Anchor_0.
Based on the steps you describe, you have created a contained user that should not be able to connect to the master database or run queries in Azure SQL DB.
I have a contained database with users authenticated in the database only (i.e. SQL user with password). What I am looking to do is the "uncontain" the database. Before I can change alter the database to containment 'NONE', I must remove all contained users. What I really want to do is create a SQL login for the user retaining the same password.
With a server login, I can use LOGINPROPERTY('myusername', 'PasswordHash') to get the password hash. For a SQL user with password (a contained user), this returns null. Where can I get the password hash for a contained user?
This article has the answer http://sqlblog.com/blogs/argenis_fernandez/archive/2014/07/28/scripting-out-contained-database-users.aspx
The article states that for contained database users, there is (currently) no method of obtaining SID or password hashes without connecting to the DAC (Dedicated Administrator Connection). Once you establish a DAC connection, the following query will give you the password hash:
SELECT password FROM sys.sysowners WHERE name = 'ContainedUser'
For information on how to connect get a DAC with SSMS, see https://technet.microsoft.com/en-us/library/ms178068(v=sql.105).aspx
Have you tried the sp_help_revlogin stored procedure?
I have been tasked with auditing security on my SQL Server. But, when I look at a login in SQL Server Management Studio, I don't see a checkbox beside the master db for that login. How can I determine what databases a login has access to?
ther is a useful system store procedure to list all mapping user of SQL login account.
Syntax:
sp_msloginmappings #Loginname , #Flags
#loginname: the login account name, If loginname is not specified, results are returned for the login account(current login name)
#Flags: value can be 0 and 1, by default 0. 0 means show mapping user in all databases. 1 indicates how mapping user in current
database context.
e.g
here is sample:
sp_msloginmappings 'sa'
show mapping user account info in all databases for login account 'sa'
sp_msloginmappings 'sa', 1
show mapping user account info in current databases context for login account 'sa'
If you see a login match up to a user in this manner, then the login has access to the database.
SELECT sp.name AS 'Login', dp.name AS 'User'
FROM sys.database_principals dp
JOIN sys.server_principals sp
ON dp.sid = sp.sid
ORDER BY sp.name, dp.name;
you can do it in SQL Server 2005/2008
I have an SQL user 'ABC', having sysadmin rights and access to all the databases, lets say database A and Database B, of the specific server. Where as my application uses users having access to only one database A.
I have created an stored procedure to insert records in tables of database B. So I am using EXECUTE AS clause to execute stored procedure with user ABC, but after testing I found that if my application users don't have exactly the same server roles as the use ABC have,it don't work.
When I make my other user sysadmin, it gives no error and works great.
If both users needs to have same roles then what's the use of this EXECUTE AS clause? Or am I missing something?
I think you question has already been answered here: SQL Server Execute Impersonation
execute as user = 'ABC' --The scope of impersonation is restricted to the current database.
vs
execute as login = 'ABC' --The scope of impersonation is at the server level.
I have a MS Access front end with tables linked to SQL Server. I used a file DSN to link tables, and upon opening Access database the user has to enter SQL server userID and password.
Is there a way to extract that userID (not the password) from the established ODBC connection, for example to use it for display and audit purposes?
Yes, you can create a Pass-Through query in Access with just the statement...
SELECT CURRENT_USER
...then in the Property Sheet for that query click the ellipsis button beside ODBC Connect Str and select your File DSN. (When asked if you want to save the password in the connection string, say "No".)
Then save the Pass-Through query (I called mine "getCurrentSqlUser") and run it to get the name of the current user on the SQL server.
(Note: While testing this I logged in as sa and found that the query returned dbo. I think that's because I was logged in as a member of the sysadmin Server Role.)