I have created a stored procedure with a user db_owner (Definer = db_owner, SQL Security Definer). This procedure selects some data from a table. The db_owner has full select privilege on all tables of his database via a role. Executing the procedure works fine, also selects from this table.
Another user db_connect has execute privilege for the procedure, executing procedure works also fine, but I get an error "ERROR 1142 (42000): SELECT command denied to user db_owner'#'host' for table 'xxx'"
If I grant a privilege to the user db_owner (grant select on db.'xxx' to db_owner#'host') without using the role, it works. Have anyone a better idea? I want to use roles.
MariaDB 10.3
Related
The application I am using creates procedures when certain activities are performed on the UI.
I want to grant debug permission when those store procs are created so that users who belong to certain DB roles can view the code for that stored proc.
Can this be done using a trigger? I tried to use a DDL trigger on create, while it works for printing a dbms_output.put_line value, when i use an execute immediate "GRANT DEBUG "|| procname || " TO ROLE", it complains.
Is there a way I can achieve this more elegantly?
I would like to know if there's any special requirement when calling a Snowflake stored procedure in a Informatica mapping. Concretely, I have a mapping in which the target is a snowflake table, and as Post-SQL, I want to call a stored procedure that is in the same database as my table.
I call my stored procedure in Post-SQL as following:
CALL spname();
However, I get the following error when running:
SQL compilation error: Unknown function spname
Do you know which could be the problem here?
That error message is coming from Snowflake, so Informatica (is this PowerCenter on-prem?) is attempting to run the SP and it's getting a response back from Snowflake. Here are some things to check:
Does the Snowflake user PowerCenter runs as have the required grants to run the SP? The error message will be the same whether the SP does not exist or the user lacks privileges to run it.
Does the user running PowerCenter have the required grants on the database and schema containing the stored procedure?
You can ensure that PowerCenter is looking in the right namespace by specifying both the database and schema before the SP name, such as call "MY_DB"."MY_SCHEMA"."MY_PROC"();
I am unable to rename a table in Exasol despite using having Alter Table privilege.
Created a user with Alter Table privilege and tried renaming a test table but it didn't worked.
The error that I receive is : [42500] insufficient privileges for renaming object Test_Table.
rename table DEMO.Test_Mahen to DEMO.Test_Mahen_Updated;
The above command should rename the table but it is not working. Is there any additional privilege that I need to give to the user for renaming tables.
The user has following privileges :
ALTER ANY TABLE
CREATE ANY TABLE
DELETE ANY TABLE
DROP ANY TABLE
EXECUTE ANY FUNCTION
EXECUTE ANY SCRIPT
UPDATE ANY TABLE
USE ANY CONNECTION
You may create a new role and change schema owner to this role. After that you may grant this role to users who should be able to update \ rename tables in this schema.
All operations within schema should be permitted with this technique, including renaming.
Cypher query CALL dbms.procedures; allows to get name, signature, and description of all available stored procedures at Neo4J server.
Is there a Cypher query to find out the mode of procedure(s)?
Source code of procedure should contain the annotation #Procedure with element mode. Value of the attribute mode indicates the type of actions (READ (default mode), WRITE, SCHEMA, DBMS) that can perform this procedure.
Adding 'mode' here is a good idea, I'll add it to the issues list.
In the meantime, dmbs.procedures() does YIELD roles (in the enterprise edition), which you can use to reason to the associated mode, at least where the basic roles are used.
I think this logic should be sound:
call dbms.procedures() yield name, roles
with name, roles,
case when 'reader' in roles then 'READ'
when 'publisher' in roles then 'WRITE'
when 'architect' in roles then 'SCHEMA'
when 'admin' in roles then 'DBMS'
end as mode
return name, roles, mode
order by mode asc
I'll look for solutions for the community edition.
I have created a stored proc on schema X that does a select across 10+ tables that are in schema X and Y.
I created a database role DBRole and added a new AD Group Login to it.
I thought all I needed to do was grant execute on x.MyStoredProc to DBRole,
but I'm getting errors because of select permission..
Stored Procedure MYSCHEMA.MyStoredProc failed: The SELECT permission
was denied on the object 'myTable', database 'Db', schema 'dbo'.
I wondered if it was because the tables its failing on are in a different schema but, doing a quick test that still worked..
Can anyone explain what I'm missing?