Is there a way to use a big query logged in user's other attributes (example: team) to restrict the rows in a table. Currenlty we have a row level security like below where in which we are making use of the native function session_user().
Looking to see if we could get something like session_team(). A different BQ Table has the user-team mapping.
CREATE OR REPLACE ROW ACCESS POLICY example_policy
ON dataset.tablename
GRANT TO ("group:groupname-group#company.com")
FILTER USING (employee_email <> session_user())
Are you perhaps referring to this cloud.google.com/bigquery/docs/… Use case is using the session_user() function. It is similar to the query you have posted.
But for group you can review this use case that uses the region as group. Possibly can be implemented with the group that similar to your use case.
Diagram in the documentation for reference:
Related
Is there a way to write the start_key for Bigtable? I was not able to find a clear documentation on what the syntax is for start_key.
Suppose I have a row key of {domain}_{timestamp} of user activity.
To filter the query to a specific domain I could use a filter (slower), or a start_key (faster).
I have been writing my start_key string as {domain}_, but what if we now have domain, user ID, and timestamp, and now I want to filter by any user but a specific time, can I use something like {domain}_*_{timestamp}?
You have to use a Filter with RegexStringComparator. You can also setStart({domain}_) for better performance. Unfortunately, that's going to pretty much going to do a scan on {domain}_ and filter on the server-side.
It might be faster to do a search with either a random user id, or if you need all users, to use Table.get(List<Get>) where each Get correspond to individual user.
I am using a sample LDAP which is available online here.
I want to retrieve a user's group membership given their uid. In the example, Gauss (uid=gauss) is a member of the Mathematicians group (ou=mathematicians,dc=example,dc=com).
I tried several LDAP queries but I cannot seem to find the one that returns me the ou=mathematicians given the uid.
There are a lot of similar answers on SO but none seem to fit this very simple use case.
Thanks,
David.
You won't be able to retrieve the group membership by simply using the uid as the groupmemberships are stored using the uniqueMember-attribute which requires a complete DN as value. Therefore you'll have to use a searchfilter like uniqueMember=uid=gauss,dc=example,dc=com.
You might think "that's great, so I just add uid=gauss to the baseDN and I'm finished". You might not always have luck with that as it's not defined that users have to be located right in the baseDN. They might be distributed acros the complete LDAP-tree and then it's going to be tough. But when you already have searched for the user (IE for binding) you got the DN back "for free" so you can use that on.
Hope that helps!
Not sure if I get right what you want to do, but retrieving group membership is done by a filter similar to this one:
(&(objectClass=group)(member:1.2.840.113556.1.4.1941:=<<<USER-DN>>>))
I always pull the user dn with a seperate search:
(&(objectCategory=person)(objectClass=user)(samaccountname=<<<USER LOGON NAME>>>))
I don't know if uid, dn and samaccountname can be used in every filter interchangeable, but try it with uid=<<>> instead.
See this article for details : https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx
We have a set of events (kind of log) that we want to connect to get the current state. To improve performance/cost further, we would like to create snapshots (in order to not check all the events in history, but only from the last snapshot). Logs and snapshots are the tables with date suffix.
This approach works OK in the BQ, but we need to manually define the query every time. Is there any way to define 'view' with parameters (e.g. dates for the table range query)? Or any plans to do something like that?
I know that there are some topics connected with TABLE_RANGE / QUERY in views (eg Use of TABLE_DATE_RANGE function in Views). Are there any new information on this subject?
That's a great feature request - but currently not supported. Please leave more details at https://code.google.com/p/google-bigquery/issues/list, the BigQuery team takes these requests very seriously!
As a workaround i wrote a small framework to generate complex queries with help of velocity templates. Just published it at https://github.com/softkot/gbq
Now you can use Table Functions (aka table-valued functions - TVF) to achieve this. They are very similar to a view but they accept a parameter. I've tested and they really help to save a lot while keeping future queries simple, since the complexity is inside the Table Function definition. It receives a parameter that you can then use inside the query for filtering.
This example is from the documentation:
CREATE OR REPLACE TABLE FUNCTION mydataset.names_by_year(y INT64)
AS
SELECT year, name, SUM(number) AS total
FROM `bigquery-public-data.usa_names.usa_1910_current`
WHERE year = y
GROUP BY year, name
Then you just query it like this:
SELECT * FROM mydataset.names_by_year(1950)
More details can be found in the oficial documentation.
You can have a look at BigQuery scripting that have been released in beta : https://cloud.google.com/bigquery/docs/reference/standard-sql/scripting
I'm having spleepless night thanks to Asterisk Realtime.
I have some trouble understanding the documentation ( like http://www.voip-info.org/wiki/view/Asterisk+RealTime+Sip ). Too many tables, many parameters, fragmented informations, no exhaustive tutorial.
I have simply to auto-register some users from an external MySQL's table ( id, user, chatkey ).
Which are the columns i HAVE to set to get it work? If there where simply a user and password column, I would have matched them with my.user and my.chatkey, but now I'm very confused.
Is there any side effects using VIEWS instead table + triggers?
You have set ALL columns. Minimum set is something like type,username, host,name,nat,allow,disallow.
You can do it using mysql view from your current tables.But if you do so, you have use cache of realtime friends or organize contact update(update&store of all fields below&including ipaddr). Otherwise your setup will not able determine where your sip devices.
I don't understand your issues. Wiki is very clear. For sip auth you need only one table sip_buddies
and need put in /etc/asterisk/extconfig.conf
sipusers => mysql,general,sip_buddies
sippeers => mysql,general,sip_buddies
note, general - name of already setuped(in /etc/asterisk/res_mysql.conf) database connection.
From your question i see you not understanding asterisk internals, so i recommending you read Orely's book "Asterisk the future of telephony" or hire expert. Otherwise resulting application will be not scalable and probably will work strange.
I have a User ndb.Model which has a username StringProperty that allows upper en lower case letters, at some point I wanted to fetch users by username but have the case forced to lowercase for the filtering. Therefor I added a ComputedProperty to User: username_lower which returns the lowercase version of the username as follows:
#ndb.ComputedProperty
def username_lower(self):
return self.username.lower()
then I filter the query like so:
query = query.filter(User.username_lower==username_input.lower())
This works, however it only does for users created (put) after I added this to the model. Users created before don't get filtered by this query. I first thought the ComputedProperty wasn't working for the older users. However, tried this and calling .username_lower on an old user does work.
Finally, I found a solution to this is to fetch all users and just run a .put_multi(all_users)
So seems like a ComputedProperty added later to the model works when you invoke it straight but doesn't filter at first. Does it not get indexed automatically ? or could it be a caching thing.. ?
any insight to why it was behaving like this would be welcome
thanks
this is the expected behaviour. The value of a ComputedProperty (or any property for that matter I guess) is indexed when the object is "put". The datastore does not do automatic schema updates or anything like that. When you update your schema you need to either allow for different schema versions in your code or update your entities individually. In the case of changes to indexing you have no choice but to update your entities. The MapReduce API can be used for updating entities to avoid request limitations and the like.