I have created a stored proc on schema X that does a select across 10+ tables that are in schema X and Y.
I created a database role DBRole and added a new AD Group Login to it.
I thought all I needed to do was grant execute on x.MyStoredProc to DBRole,
but I'm getting errors because of select permission..
Stored Procedure MYSCHEMA.MyStoredProc failed: The SELECT permission
was denied on the object 'myTable', database 'Db', schema 'dbo'.
I wondered if it was because the tables its failing on are in a different schema but, doing a quick test that still worked..
Can anyone explain what I'm missing?
Related
The application I am using creates procedures when certain activities are performed on the UI.
I want to grant debug permission when those store procs are created so that users who belong to certain DB roles can view the code for that stored proc.
Can this be done using a trigger? I tried to use a DDL trigger on create, while it works for printing a dbms_output.put_line value, when i use an execute immediate "GRANT DEBUG "|| procname || " TO ROLE", it complains.
Is there a way I can achieve this more elegantly?
I'm building a project where the front end is react and the backend is ruby on rails and uses a postgres DB. A required functionality is the ability for users to export a large datasets.
I have the following code snippet that creates a CSV and stores it on the database server.
query = <<-SQL
COPY (SELECT * FROM ORDERS WHERE ORDERS.STORE_ID = ? OFFSET ? LIMIT ?) to '/temp/out.txt' WITH CSV HEADER
SQL
query_result = Order.find_by_sql([query, store_id.to_i, offset.to_i, 1000000])
How would I be able to retrieve that file to send to the front end. I've seen examples that use copy_data and get_copy_data but I couldn't get it to work with parameterized query. Any help would be great. Thanks!
There are two problems with your approach:
COPY doesn't support parameters, so you will have to construct the complete query string on the client side (beware of SQL injection).
COPY ... TO 'file' requires superuser rights or membership in the pg_write_server_files role.
Don't even think of running an application as a superuser.
Even without that, allowing client code to create files on the database server opens you the risk of denial-of-service through a full file system.
I think that the whole idea is ill-conceived. If you have a large query result, the database server will automatically use temporary files if an intermediate result won't fit into memory. Keep it simple.
I would like to know if there's any special requirement when calling a Snowflake stored procedure in a Informatica mapping. Concretely, I have a mapping in which the target is a snowflake table, and as Post-SQL, I want to call a stored procedure that is in the same database as my table.
I call my stored procedure in Post-SQL as following:
CALL spname();
However, I get the following error when running:
SQL compilation error: Unknown function spname
Do you know which could be the problem here?
That error message is coming from Snowflake, so Informatica (is this PowerCenter on-prem?) is attempting to run the SP and it's getting a response back from Snowflake. Here are some things to check:
Does the Snowflake user PowerCenter runs as have the required grants to run the SP? The error message will be the same whether the SP does not exist or the user lacks privileges to run it.
Does the user running PowerCenter have the required grants on the database and schema containing the stored procedure?
You can ensure that PowerCenter is looking in the right namespace by specifying both the database and schema before the SP name, such as call "MY_DB"."MY_SCHEMA"."MY_PROC"();
I am unable to rename a table in Exasol despite using having Alter Table privilege.
Created a user with Alter Table privilege and tried renaming a test table but it didn't worked.
The error that I receive is : [42500] insufficient privileges for renaming object Test_Table.
rename table DEMO.Test_Mahen to DEMO.Test_Mahen_Updated;
The above command should rename the table but it is not working. Is there any additional privilege that I need to give to the user for renaming tables.
The user has following privileges :
ALTER ANY TABLE
CREATE ANY TABLE
DELETE ANY TABLE
DROP ANY TABLE
EXECUTE ANY FUNCTION
EXECUTE ANY SCRIPT
UPDATE ANY TABLE
USE ANY CONNECTION
You may create a new role and change schema owner to this role. After that you may grant this role to users who should be able to update \ rename tables in this schema.
All operations within schema should be permitted with this technique, including renaming.
I have created a stored procedure with a user db_owner (Definer = db_owner, SQL Security Definer). This procedure selects some data from a table. The db_owner has full select privilege on all tables of his database via a role. Executing the procedure works fine, also selects from this table.
Another user db_connect has execute privilege for the procedure, executing procedure works also fine, but I get an error "ERROR 1142 (42000): SELECT command denied to user db_owner'#'host' for table 'xxx'"
If I grant a privilege to the user db_owner (grant select on db.'xxx' to db_owner#'host') without using the role, it works. Have anyone a better idea? I want to use roles.
MariaDB 10.3