When I attempt to drop an external table in Azure Synapse SQL Pool I get the folloiwng error:
Cannot drop the EXTERNAL TABLE 'TableName', because it does not exist or you do not have permission.
I am accessing Synapse SQL Server via SSMS.
Can someone let me know how elevate my permissions to drop an external table please.
Theis error generally cause two reasons one is you are table might not present in that particular data baser or the user with which you are querying that table has not have proper privileges.
To Drop Any external table, you need below three major permissions like Alter any schema, alter any external data source and alter any external file format as #Jon suggested.
GRANT ALTER ANY SCHEMA to {user};
GRANT ALTER ANY EXTERNAL DATA SOURCE to {user};
GRANT ALTER ANY EXTERNAL FILE FORMAT to {user};
And also db_exporter server role is there which grant all this permission to you user.
ALTER SERVER ROLE db_exporter ADD MEMBER {user} ;
Also make sure you are using appropriate database to be querying your table where it is present.
And also make sure there is no DENY permission on your user
Related
I have a requirement where I need to revoke users access on a particular schema as we will be purging that schema and its table in future.
Currently, the process followed to create Schema and grant access is like below,
Create Schema
Create DB Role
Create Azure AD Group on azure portal
Create DB User with the same name as AD group
Then, we run EXEC sp_addrolemember command to add DB user to DB role in database.
Finally, we run the Grant command to give permission (Select, Insert etc) on Schema to DB Role.
Now, whenever any new user need access to that schema we simply add him in the Azure AD group and he is able to see and access that schema.
However, when I Revoke the access of user by removing him from Azure AD group he is still able to see that Schema.
As I am not an expert in SQL so I am not sure what am I missing in order to revoke his access.
I also tried Revoke command like below but still the user is able to see the schema.
REVOKE SELECT ON SCHEMA :: Schema_Name TO [DB Role]
Am I missing anything, can anyone please let me know the right steps to revoke user access so that they should not be able to see that schema anymore or should not be able to run any command on that schema not even select command?
Then, in addition to remove it from the AD group, try to deny permissions on the schema:
DENY SELECT,VIEW DEFINITION On SCHEMA::Schema_Name To [user_name]
I think I'm missing something when it comes to grant alter table. I'm looking at the AWS docs
https://docs.aws.amazon.com/redshift/latest/dg/r_GRANT.html
And they say I can grant alter table to a role. I've tried running grant alter table to user but that gives me SQL Error [0LP01]: ERROR: Grant/Revoke system privilege on User is not supported.. So, I'm confused on what exactly a role in redshift is and how it works. Using rows, could I grant a group of people alter table permissions on a single schema?
I think you are being crossed up by the fact the GRANT ALTER is for external datalake objects only. It has to do with modifying the external datastore and isn't meant for normal Redshift tables.
If memory serves the ability to ALTER a normal table is linked with DROP permission. Otherwise it is linked to table ownership.
You can grant "ALTER TABLE" in this way.
create role testingaltertablerole;
create user testingaltertableuser with password disable;
grant alter table to role testingaltertablerole;
grant role testingaltertablerole to testingaltertableuser;
At the moment, there's no way to grant this permission for a single table, AFAIK.
I am trying to add a role in my master database in SQL Server 2016 using below command:
SP_AddRole 'test'
I am getting this error:
There is already an object named "test" in the database.
I have checked expanding Roles in my master database, and I found that there is no Role with name "test" in my master database.
Still I have tried to Drop that Role using below query:
Drop Role 'Test'
I get this error:
Cannot drop the role because it does not exist or you do not have permissions
When I try to alter Role using below query:
Alter Role Add Member "Domain\userName"
I was getting same error as below:
Cannot alter the role because it does not exist or you do not have permissions.
Note: I have all permissions and privileges to SQL Server and master database.
Can someone please suggest what can be done in order to resolve this?
I can't change the name of the role as it is very important for my applications to create a role with this name.
There was an already created SCHEMA in that SQL Server database.
I have deleted that schema
DROP SCHEMA Test
And then below SQL query worked.
SP_AddRole 'Test'
When I create Role, a default schema with same name gets created which was visible when I expand Schemas.
When I try to Drop the Role, I will need to first Drop the schema and then the Role.
Even if the schema with same name(But Role does not) present, SQL Server does not allow me to create new Role with same name.
Reference here
in H2 DBMS I want a user (which he is not admin by the way) to not be able to alter the database schema.
But surprisingly despite the fact I didn't grant this user the ability to create tables (I didn't use the SQL statement grant alter any schema to u1 ) .This user was able to create but not able to drop or alter tables !!!!!!
Is there a way to revoke the ability of creating a table from a user in H2 DBMS ?
One more thing I want a user to be able to create user but not able to alter schema is this possible or not ?
It is not possible currently.
Access rights in the H2 database are very basic currently. If you need more features, or course you could write the the H2 Google Group or write a patch.
For the last part, if he Is not admin he should not be doing anything with user management.
Can you provide more info about what permission you granted this user?
What are min permission we need to truncate table ? Apart from DDLAdmin. And what is best pratice to give permission to the user to truncate the user on SQL 2008 R2
Truncate table documentation at books online here
Permissions
The minimum permission required is
ALTER on table_name. TRUNCATE TABLE
permissions default to the table
owner, members of the sysadmin fixed
server role, and the db_owner and
db_ddladmin fixed database roles, and
are not transferable. However, you can
incorporate the TRUNCATE TABLE
statement within a module, such as a
stored procedure, and grant
appropriate permissions to the module
using the EXECUTE AS clause. For more
information, see Using EXECUTE AS to
Create Custom Permission Sets.
MSDN:
The minimum permission required is
ALTER on table_name. TRUNCATE TABLE
permissions default to the table
owner, members of the sysadmin fixed
server role, and the db_owner and
db_ddladmin fixed database roles, and
are not transferable.
If you don't want to grant rights (which are excessive, really, and described in other answers) you can escalate permissions within a stored procedure...
CREATE PROC DoTruncate
WITH EXECUTE AS OWNER
AS
TRUNCATE TABLE Mytable
GO
And permission this instead with "normal" rights