I want to create two users
App_dbo which is used to deploy scripts
App_batch which is used to run jobs
I googled it and found SQL Script
I did not understand why I need to create a LOGIN.
What is the process to create a user ?
Let me try to explain how the login and users work on a little example.
Imagine you are going to stay in a hotel, you've booked a room. At the reception they check your id and give you the key for your room. The id is your login, it is only checked once at the reception and you get access to whatever you are eligible for. If you paid for more rooms, you will get multiple keys.
In the SQL server, the rooms are the databases and the keys are your users. You can map multiple users to the login as long as the users are in a different databases - you get keys for all rooms you've paid for using just one id.
There is also a case where login doesn't have any users mapped. It can have permissions to create new databases or update infrastructure, but will not have access to the existing databases. This can be a case of a server admin. In the hotel example it is the technical maintenance employee who fixes pipes or electric wires. He has access to the hotel, but doesn't have keys for any rooms.
Therefore, login gives access to the sql server (hotel common areas), however, it doesn't give you access to any database. You need user(s) mapped to your login to get a database(s) access(es).
Afaik, you can't map two users from the same db to one login (you only get one key for each room you've access too).
There are also other cases, like the AD one mentioned in the discussion below the question, where you can map multiple (external) identities to a single login etc, you can have users without login etc. I recommend to study documentation or get some good book explaining all possibilities. Good start might be here.
Hope this helps to understand how it works to a human being, there are plenty of answers how to set it up technically, for example the one you've referenced.
Related
I have an APEX application in which I need users(students) to be able to login and view their own information. I have both the usernames and passwords stored in a table within the database I'm using.
Is there a way of using these credentials to be able to log in individually? and how would I go about doing so?
I'm very new to APEX so sorry if this is an easy question.
Many thanks
Saying that each student has to see only their own data means - I presume (as it is about students) that there are as many database users (schemas) as students in your class.
If that's so, presuming that each of them will use their own Apex developer and its workspace (i.e. they won't share the workspace), I believe that you'll have to create that many Apex developers and assign each developer their own schema.
That should be done connected to the internal workspace, logged in as Apex admin.
However, as you have to create many users at once, that approach might be tedious. Instead, as you already have list of users stored in a table, you could utilize APEX_UTIL.CREATE_USER procedure and let it do the dirty job.
For example, if your table is MY_USERS, then such a script would do the job:
begin
for cur_u in (select username, password from my_users) loop
apex_util.create_user(p_user_name => cur_u.username,
p_web_password => cur_u.password
);
end loop;
end;
For more info, read this: https://docs.oracle.com/database/apex-18.2/AEAPI/CREATE_USER-Procedure.htm#AEAPI114
I would use a the Custom Authentication Scheme. It is documented, so if you need help, just clicked on the "?" buttons next to the various fields.
The example code is obviously not going to work, so please do not copy and paste blindly. Adapt it to your situation and hopefully, you are encrypting/hashing the passwords.
That gets you started with login (authentication). Next, to the second part of your question, that students should only see "their own information" (authorization). There are no clearcut answers to this question as there are many strategies available and many issues to consider. For example, how you design your application and data schema, what database features are available to you, and regulatory compliances that you need to meet.
A great starting point to read about these "database features" can be found here, on Real Application Security and Virtual Private Database.
The alternative includes a "poor man's implenentation of VPD" that Martin D'Souza wrote about a long time back.
HTH!
I'm using CouchDB 2.1.0 and for my use case I would like non-admin users to be able to create their own databases that they will then have write/read access to, and the ability to add other users with write/read access.
Note that this is not one database per user, which seems to be the common use case, but many user-created databases per user.
Users are being created right now by POSTing to the _users database. Authentication is being handled by CouchDB's built-in authentication.
I could create a backend service that has admin credentials that would create these databases, but I would like to avoid doing so. Reading through docs it seems like by default CouchDB only allows admins to create databases; is there a way to change this?
Honestly, I think the only real answer here is that you'll have to make a backend service that has admin credentials that can create new databases. Kind of a bummer since one of my goals for this project was "no backend other than CouchDB".
My backend service ended up just taking a list of users that should have access to the created database, creating the database with a unique ID, and returning that ID. I then have a document in each user's DB that lists all of the DBs they have created.
I currently have a hatchling plan with hostgator that I will be using to host the database end of my iOS messaging application. Each user has their own table to store all of their friends. If I have a few hundred people with accounts (this means a few hundred tables) will the web server be able to handle potentially thousands of requests per day to access these tables, or must I purchase a larger hosting plan?
No idea wether or not it "crashes" your server or you need another hosting plan, but I can say one thing for sure: that simply is a very very very bad idea.
Create a table User and create a table Friend which basically contains two references to User entries/rows. Maybe add a timestamp or a state or whatever additional data you need.
Each user should be represented by one entry / row in the User table.
Each friendship should be represented by one entry / row in the Friend table.
Excuse me if the question is simple. We have multiple medical clinics running each running their own SQL database EHR.
Is there anyway I can interface each local SQL database with a cloud system?
I essentially want to use the current patient data that one is consulting with at that moment to generate a pathology request that links to a cloud ?google app engine database.
As a medical student / software developer this project of yours interests me greatly!
If you don't mind me asking, where are you based? I'm from the UK and unfortunately there's just no way a system like this would get off the ground as most data is locked in proprietary databases.
What you're talking about is fairly complex anyway, whatever country you're in I assume there would have to be a lot of checks / security around any cloud system that dealt with patient data. Theoretically though, what you would want to do ideally is create an online database (cloud, hosted, intranet etc), and scrap the local databases entirely.
You then have one 'pool' of data each clinic can pull information from (i.e. ALL records for patient #3563). They could then edit that data and/or insert new records and SAVE them, exporting them back to the main database.
If there is a need to keep certain information private to one clinic only this could still be achieved on one database in a number of ways, or you could retain parts of the local database and have them merge with the cloud data as they're requested by the clinic
This might be a bit outdated, but you guys should checkout https://www.firebase.com/. It would let you do what you want fairly easily. We just did this for a client in the exact same business your are.
Basically, Firebase lets you work with a Central Database on the Cloud, that is automatically synchronised with all its front-ends. It even handles losing the connection to the server automagically. It's the best solution I've found so far to keep several systems running against one only cloud database.
We used to have our own backend that would try its best to sync changes, but you need to be really careful with inter-system unique IDs for your tables (i.e. going to one of the branches and making a new user won't yield the same id that one that already exists in any other branch or the central database). It becomes cumbersome very quickly.
CakePHP can automatically generate this kind of Unique IDs pretty easily and automatically, but you still have to work on sync'ing all the local databases with the central repository.
I am not a DBA and so dont really know anything about SQL 2005 security settings, etc. I am attempting to set up an empty copy of our database by generating the full database from SQL Management Studio generated scripts. Unfortunately I don't know what many of the options do and the MSFT documentation of this processes isn't great.
There is an option to generate script for Schemas, Tables, Views and Users. It is the users I am confused about, because I don't understand how they affect the usage of the database. We have some developers in the team who are in this list and some who are not, yet everyone can do anything on the database, at least when they are hosting it on their own machines.
Do I need to keep these Users in my new generated database and what do they do?
We also have a dbo User who is a db_owner and owns many of our schemas. What is this dbo User? What is the significance of a user Owning Schemas? We use Schemas as "namespaces" to group logically related tables in our database but I take it there is more to them than that?
There is also a username tied to this dbo User, its the windows NT login of one of our developers, but he doesn't have his own User object in the list...is there any significance to this? Is this a bad thing?
Other Users are guest, INFORMATION_SCHEMA and sys, but I think these are all defaults?
Sorry but I am a SQL admin ignoramus and usually left these things to the DBA in my previous job!
Thanks for any help.
Do I need to keep these Users in my new generated database and what do they do
The answer is it depends. If your applications use a mixed mode authentication then you will need the user accounts created in SQL. If you use windows authentication (and it sounds like you are) then you might not need them.
What is the significance of a user Owning Schemas?
In SQL Server 2005 all schemas must be owned by a user. Schemas can be used to group functionality but they can also be used to group security. For example a user account may only have access to a specific schema (or multiple schemas).
Hopefully that helps answer some of your questions