I need know the tablespace of particulary table, the typical query SELECT owner, table_name, tablespace_name FROM dba_tables; can't use, because I haven't permissions. There is other way to consult Tablespace unused dba_tablespaces?
What permissions do you have?
If you have the ability to query the table in question, for example, you can use all_tables which has the same columns that dba_tables does but only has data for tables that you have privileges on.
If you don't have privileges on the table are there other data dictionary tables that you do have access to (dba_segments, for example)?
If you don't have privileges on the table and you don't have privileges on any of the dba data dictionary views, why do you need to know the tablespace?
Use USER_TABLES if the table is in your working schema; and ALL_TABLES if you have permissions on the table but it is not in your working schema.
Otherwise change schema or get permission to access DBA_TABLES.
Related
I have created a role with the following grants
GRANT
USAGE,
CREATE FUNCTION,
CREATE PROCEDURE,
CREATE TABLE,
CREATE VIEW,
CREATE EXTERNAL TABLE,
CREATE MATERIALIZED VIEW,
CREATE TEMPORARY TABLE,
ON SCHEMA dbname.schemaname TO ROLE role_test;
Now using this role, i am able to create table or replace a table and also drop a table.
How to stop someone to DROP table.
The owner role of the table will have DROP permissions. So it's not possible to stop someone from dropping the table they created.
You may need to change the ownership of the table to another role.
https://community.snowflake.com/s/article/how-to-drop-an-object-as-a-role-other-than-the-object-creator
We have a specific table that has a lot of activity and it creates a lot of change records. The consequence is that the flashback data only goes back a couple of days. That is OK for many cases but it would be beneficial to have access to more historical data.
We would like to either restrict logging on our one high activity table. Or disable it completely. I imagine that we may be able to do this by tablespace, I just have not found much on how to make these changes.
You can disable flashback archiving with alter table clause:
alter table YOUR_TABLE_NAME no flashback archive;
It's possible also to limit archive to specified size. To do that you need to create flashback archive designated to this table with desired retention and optionally size quota:
create flashback archive YOUR_TABLE_ARCHIVE tablespace SOME_TABLESPACE quota 512M retention 1 DAY;
Then assign new archive to table:
alter table YOUR_TABLE_NAME flashback archive YOUR_TABLE_ARCHIVE;
Examine Oracle documentation to check additional requirements. E.g. you need FLASHBACK ARCHIVE ADMINSTER privilege to execute statement above.
You can generate scripts for all tables under any schema by executing following query:
SELECT 'alter table ' || OWNER || '.' || TABLE_NAME || 'no flashback archive;'
FROM ALL_TABLES WHERE OWNER IN ('YOUR_SCHEMA');
For some reason, I have created a few tablespaces for testing in DB2, I realized that if I didn't specify which tablespace the table should be created in, DB2 will select it for me.
The question is, I want to delete the unused tablespace, but I am afraid I will delete something that I didn't know. I have checked the tables, index and sequence after dropping the unused tablespace, and the number of rows is the same. Will this checking be enough to conclude the tablespace is good to be dropped?
You can query the catalog in order to retrieve the tables and where they are stored.
select tabschema, tabname, tbspaceid, tbspace
from syscat.tables
where tabschema not like 'SYS%'"
You can change the where condition, in order to filter the tablespace you are going to drop.
I have an SQL server database, with soon to be two databases, which I use for a website.
I already have a user account which is read-only for database 1 to search our products inventory. I'd like to create a seperate account for database 2 only, for table 1 ONLY, that ONLY allows inserting records (no update or delete or anything else). Im trying to be as redundant as possible with access restrictions (on top of code to try and prevent sql injection, if someone were to somehow get something through, I dont want the database itself to allow it).
So bottom line question, How do I create a user in SQL server that has restricted access to only x table in y database and can only read/insert records, and nothing else?
create the user, don't give any roles like db_datareader or db_datawriter
then GRANT INSERT ON YourTable TO SomeUser
if you want insert and select
GRANT INSERT, SELECT ON YourTable TO SomeUser
(1) To give a user with limited access to one Table only
GRANT SELECT ON [schemaName].[tableName] to [username]
Go
(2) To grant INSERT Permission.
GRANT INSERT ON [schemaName].[tableName] TO [username]
Syntax for granting access to a single table:
GRANT access_type ON table_name TO [user name]
Syntax for revoking access for a single table:
REVOKE access_type ON table_name FROM [user name]
where access_type can be SELECT, INSERT, DELETE...
Grant select on dbname.dbo.tablename to username
it giving this error :
Cannot find the object 'APP_TBL_Log', because it does not exist or you do not have permission.
I am logged on as "sa"
I thought that the schemas are namespace instances and hence the same table created under 2 different schemas are 2 different objects from the perspective of the database. One of my colleagues claim that schemas are nothing but a security container, hence we can create the same table in different schemas. Is this true?
You are correct.
CREATE TABLE foo.T
(
c int
)
and
CREATE TABLE bar.T
(
c int
)
creates 2 separate objects. You could create a synonym bar.T that aliases foo.T though.
CREATE SCHEMA foo
GO
CREATE SCHEMA bar
GO
CREATE TABLE foo.T(c INT)
GO
CREATE SYNONYM bar.T FOR foo.T;
INSERT INTO foo.T VALUES (1);
SELECT * FROM bar.T;
They are 2 different objects, check the object_id
Yes, it can. Just try it
CREATE SCHEMA OneSchema AUTHORIZATION dbo;
CREATE SCHEMA TwoSchema AUTHORIZATION dbo;
CREATE TABLE dbo.SomeTable (foo int);
CREATE TABLE OneSchema.SomeTable (foo int);
CREATE TABLE TwoSchema.SomeTable (foo int);
A schema is both a securable and part of the "namespace"
I guess that you are trying to solve an issue by dividing data with the same data-structure between different tenants. You don't want to use different databases to reduce costs.
To my mind, it is better to use row-level security in this case. In this case, data are stored in one table, but one tenant can't access data that were created by another tenant.
You could read more in the next article - Row-Level Security
myschema.table1 is different than yourschema.table1