We Keep Coding

How to solve ERROR: must be member of role "postgres"

I am very new to postgres. One of my project is using an RDS postgres instance, the application team created a user and use that user to create the database.
I am trying to grant default privilege to the default postgres user to this application database by running the command below but I am getting an error message.
ALTER DEFAULT PRIVILEGES
FOR USER postgres
IN SCHEMA public
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO postgres;
Error message
ERROR: must be member of role "postgres"
SQL state: 42501
Please advise how I can grant default privilege to postgres user for the database.

You must connect as a superuser to run this command.

I misunderstood my case earlier. Apparently, postgres user was the owner of the database not the app user. So I logged in as postgres and executed the command and it works.

If you did a pgdump to export the database, and then were getting this error on trying to import it. Use -O when creating the pgdump - https://www.postgresql.org/docs/current/app-pgdump.html

Creating a user in Oracle 11g - No permissions issue

I am trying to set up a user in my Oracle 11g database as such
create user BARRY6 IDENTIFIED by password123;
grant connect to BARRY6;
grant create session to BARRY6;
grant UNLIMITED TABLESPACE to BARRY6;
commit;
This should create the user and provides them with the basic permissions.
All commands executes successfully, However i can not connect with this user.
I get an error
An error was encountered performing the requested operation:
ORA-01031: insufficient privileges
01031. 00000 - "insufficient privileges"
*Cause: An attempt was made to perform a database operation without
the necessary privileges.
*Action: Ask your database administrator or designated security
administrator to grant you the necessary privileges
Vendor code 1031
When i view the USER_ROLE_PRIVS table , there is no permissions in that table for my user

This was happening because the role i was trying to login in as was sysdba. While it should be default.
I know, stupid, but it posting the solution in case other people are creating a user and they make this simple mistake. It was caused by loading the sys connection and just changing the password and not changing the role

Create an user in Oracle database

I am the first user of Oracle Database.
Now, I want to create a DB schema called ERDB.
I need to create the ERDB user and granting appropriate privileges to the ERDB user on SQL script file.
CREATE USER dmuser IDENTIFIED BY password
DEFAULT TABLESPACE USERS
TEMPORARY
TABLESPACE TEMP
QUOTA UNLIMITED ON USERS;
GRANT CREATE JOB TO dmuser;
GRANT CREATE MINING MODEL TO dmuser;
GRANT CREATE PROCEDURE TO dmuser;
GRANT CREATE SEQUENCE TO dmuser;
GRANT CREATE SESSION TO dmuser;
GRANT CREATE SYNONYM TO dmuser;
GRANT CREATE TABLE TO dmuser;
GRANT CREATE TYPE TO dmuser;
GRANT CREATE VIEW TO dmuser;
GRANT EXECUTE ON ctxsys.ctx_ddl TO dmuser;
but the error happens, SQL Error: ORA 01031 insufficient privileges;
please help me.

The Oracle documentation clearly states the following:
Prerequisites
You must have the CREATE USER system privilege.
Connect as SYSTEM, no need of SYSDBA and then execute:
CREATE USER user IDENTIFIED BY password
Similarly, execute other command to create the tablespaces and required grants etc.
On a side note, regarding SYSDBA:
Never ever use SYS (or SYSDBA) but for maintenance purpose (startup, shutdown, backup, recover)
SYS/SYSDBA is special
SYS/SYSDBA is Oracle proprietary (try to open a SR/TAR starting with "i did that with SYS/SYSDBA" and you'll see the immediate answer)
SYS/SYSDBA does not act like any other user
When you use SYS/SYSDBA Oracle deactivates some code path and activates others
Whatever you do with SYS/SYSDBA will neither validate nor invalidate the same thing with any other user.
NEVER EVER use SYS/SYSDBA for anything that can be done by another
user. Use SYS/SYSDBA ONLY for something that can't be done by someone
else.

CREATE DATABASE permission for asp.net application

Hello I am trying to grant access for a stored procedure to be able to create a database. I am currently getting an error when running a backup restore script from the application: "CREATE DATABASE permission denied in database 'master'"
I tried to grant access to the restore SP to create database
GRANT CREATE DATABASE ON dbo.my_stored_procedure TO [IIS APPPOOL\myAppName];
However this command gives me the following error
Incorrect syntax near 'CREATE DATABASE..'.
Here is the basics of the Sproc:
RESTORE DATABASE #new_db_name
FROM DISK = #file_path
WITH RECOVERY,
MOVE 'CurrentDB' TO #new_db_file,
MOVE 'CurrentDB_log' TO #new_db_log

Your syntax is wrong. You don't grant database permissions on something. You grant to a user or role.
http://msdn.microsoft.com/en-gb/library/ms178569.aspx
You can grant execute on a sproc though. That may be enough to get the database permissions you need. If not, then either give the executing user the permissions, or look into impersonation.

tSQL to set up user with View Definition permission on SQL Azure

I'm trying to export a SQL Azure database to a .bacpac file using the Azure portal. The administrator username on my database contains a *. When I use it in the username field I get this error.
The login name must meet the following requirements:
It must be a SQL Identifier.
It cannot be a system name, for example:
- admin, administrator, sa, root, dbmanager, loginmanager, etc.
- Built-in database user or role like dbo, guest, public, etc.
It cannot contain:
- White space like spaces, tabs, or returns
- Unicode characters
- Nonalphabetic characters ("|:*?\/#&;,%=)
It cannot begin with:
- Digits (0 through 9)
- #, $, +
So I add a new user to the database using the following tSQL.
USE master;
CREATE LOGIN gu6t6rdb WITH PASSWORD = 'kjucuejcj753jc8j'
USE MyActualDB;
CREATE USER gu6t6rdb FOR LOGIN gu6t6rdb
The portal export form accepts that username but later errors with the following message.
Error encountered during the service operation. Could not extract
package from specified database. The reverse engineering operation
cannot continue because you do not have View Definition permission on
the 'MyActualDB' database.
To fix this I tried the following tSQL
GRANT VIEW ANY DEFINITION TO gu6t6rdb
which throws the following error
Securable class 'server' not supported in this version of SQL Server
How should I use tSQL to provide an additional user on my database and give the user sufficient privileges to export the database through the Azure portal to a .bacpac file in an Azure blobstore?

This will not work on sql azure. You will need to grant view definition at the database level. (without the ANY keyword)
GRANT VIEW DEFINITION TO gu6t6rdb
P.S: I hit the exact same issue and this seemed to solve my problem. I also had to do a Grant Execute (but it depends on what your bacpac is applying to the database)

Got it. I can add the user to the db_owner role and then the export proceeds without error.
EXEC sp_addrolemember 'db_owner', 'gu6t6rdb'

as of now, GRANT VIEW DEFINITION TO [username] works in Azure SQL, I just verified it myself. See https://learn.microsoft.com/en-us/sql/relational-databases/security/permissions-database-engine?view=sql-server-ver15 for reference:
So in order to successfully export database as bacpak file you can created contained user (no need in CREATE LOGIN... command) and give the following permissions:
CREATE USER [user_from_azure_AD] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [user_from_azure_AD]
GRANT VIEW DEFINITION TO [user_from_azure_AD]