how to check permissions on a table in sybase ase 15-2. I wan to check all the existing permissions on a table.
I tried exec sp_helprotect 'dbo.mytable'
Also How to check what are all groups are having what are all permissions on a table?.
sp_helpgroup will list groups in the current database.
sp_helpgroup GROUPNAME will list the groups members.
sp_helprotect TABLENAME will list the permission details (must be a table in the current database)
sp_helprotect USERNAME will list user's permission details
Please take a look at some the Sybase System Administration Guides 1 & 2. As a new user to ASE, you will find many of your answers there.
System Admin Guide 1
System Admin Guide 2
SyBooks Online for ASE
There is a system table sysprotects where all the user and group permissions are stored. You can join with sysusers to obtain the results.
SP:
sp_helprotect gives you the required information.
Related
Is there any way to check the user name who created the table in snowflake database.
To previous questions in stack over flow some one suggested below query.
How to find the user who created a table in Snowflake
but I am unable to run the query, showing below error
Error: SQL compilation error: Shared database is no longer available for use. It will need to be re-created if and when the publisher makes it available again.
After gone through some documentation in snowflake I understood it need share access
Please let us know if this share access can be granted to every end user to find the user name who created table ? is it recommended to grant to users.
if so how to grant access to user
or is there any alternative way to get this information.
Regards,
Srinivas
Run the following command to find your current role:
select current_role();
Then ask your account admin to grant access to the SNOWFLAKE database:
grant IMPORTED PRIVILEGES on database snowflake to role your_role_name;
You can try information Schema. If you have access to that database then you should be good.
select user_name,query_text,*
from table(information_schema.query_history())
where contains(lower(query_text),'<your table name>')
and query_type = 'CREATE_TABLE'
order by start_time;
I am trying the below query against SNOWFLAKE.INFORMATION_SCHEMA from account admin but it returning an error.
Query:
Select
'databases' as category,
count(*) as found,
'3' as expected
from SNOWFLAKE.INFORMATION_SCHEMA.DATABASES
where DATABASE_NAME IN ('USDA_NUTRIENT_STDREF','LIBRARY_CARD_CATALOG','SOCIAL_MEDIA_FLOODGATES')
Error:
SQL compilation error: Database 'SNOWFLAKE' does not exist or not authorized.
Checked SNOWFLAKE database exists but it does not have any schema including INFORMATION_SCHEMA
Databases live under your account. Account is the top level object in the Snowflake object hierarchy. Databases live under account. See this link, and find the text where it says, "The top-most container is the customer account...". It's got a nice little graphic there.
When you query information_schema on the Snowflake database, you're getting the information_schema of just the snowflake database, not of your entire account. Snowflake.information_schema is kinda useless b/c it just shows the information schema of a database (Snowflake) that you have no control over - Snowflake controls it.
If you want to see all the databases in your account, you can do the following:
use role accountadmin;
show databases;
select count(*) from table(result_scan(last_query_id())) where "name" in ('USDA_NUTRIENT_STDREF','LIBRARY_CARD_CATALOG','SOCIAL_MEDIA_FLOODGATES');
Now, separately, if you're concerned about the error you're getting - that you don't have access to the snowflake database, then I'd say you're either not using the accountadmin role, or you're not using a role that has the right privileges. If you'd like to give a role privileges to the Snowlfake database, you can run the following:
GRANT IMPORTED PRIVILEGES
ON DATABASE SNOWFLAKE TO ROLE {SOME_ROLE_OF_YOURS};
Good luck!
My aim is to fetch the list of users who have any access on syslogins table.
sp_helprotect 'syslogins'
Can someone provide a query for this?
I have a Sybase database and I've created a user following this video. Now I want to grant only select and get DDL permissions to the user, I've granted select permissions on all the user tables in the database to the user using grant select on tableName to user_ro query. But I'm not able to identify which permission will allow user to get DDL of all the database objects and can only read the data. What are the least privileges or roles that are needed to be granted to the user?
Queries that I ran against the database using SQL Interactive board:
//create login under master
use master
sp_addlogin user_ro, user1234
//verify user is created successfully
select name from syslogins
//add login user to mydatabase
use mydatabase
sp_adduser user_ro
//grant select on all tables one by one
grant select on tableName to user_ro
I'm quite new to Sybase, so please correct me wherever I'm wrong.
There is no specific DDL permission in ASE.
All programs that make DDL just select from system tables the definition of a certain object. So if you have access to some database and sp_help works then you can also create DDL from an object.
I have a question regarding 1 user belongs to 2 different user group in SQL Server and I am trying to manage object permission in the server.
In our database, there is one view with sensitive permission that only certain people can see it, and most of our user are manage in the group.
such as: Sales Group, Manager Group
Ideally, we want only grant permission to Manager Group and deny permission to all the other user,
Let's say manager John is in Manager group, but he is also in Sales Group since he is the manager in Sales department.
My understanding is, if 1 user in 2 different user group, if you deny permission to any of the group, even the user have granted permission in another, he can still not see the object.
How can I overcome this situation?
Thanks!
Replying my own question, we found the solution,
under database security, we can create database role, in database role we can assign single table permission to different role, then we assign database role to user group. in this case, ex.
there are 3 table in the database,
table A is the one with credential information. only manager can see
Table B and C is just the regular table.
create database role 'Normal Access' and grant permission to table B and C.
Then create another database role 'credential Access' and grant permission to table A.
in your Server level security. all the user group should only belong to 'Public', in Server roles level.
and in Use mapping, select the database and only choose the database role you assign.
in my case, Assign database role, 'Normal Access' and 'Credential Access' to Manager group. so he will have all the access to ABC table
Sales Group should only have 'Normal Access' so it cannot access A table.
thanks