Problem: When a user is deleted the associated record is not deleted from the database. Instead, I set user.delete column to true. Now I need to put a unique constraint on user.email but only for active users (not deleted).
How can I do this?
databaseChangeLog:
- changeSet:
id: add-user-unique-constraint
author: me
changes:
- addUniqueConstraint:
columnNames: email, delete
constraintName: unique-email-not-deleted
tableName: users
The above naive approach puts a composite constraint on (email, delete) columns, but it doesn't work because in the following flow user is blocked from deleting and creating an account:
register a new user with email "E"
delete the user with email "E"
register again new user with email "E"
delete the user with email "E" -> error: constraint violation
register new user with email "E" -> error: constraint violation
ps. databases are H2 and PostgreSQL
This feature is DB-specific and currently liquibase doesn't support it.
For PostgreSQL you may use direct SQL:
databaseChangeLog:
- changeSet:
id: add-user-unique-constraint
author: me
changes:
- sql:
"sql": "CREATE UNIQUE INDEX user_email_idx ON user (email) WHERE delete = 'false'"
however this will NOT work in H2.
Possible options for H2:
if it's used in tests then you may migrate to PostgreSQL using testcontainers technology (but your build environment will depend on docker)
have custom changesets for PostgreSQL and H2 - you may use preconditions
Related
thank for taking the time to try answer/understand this question.
I am using AWS Aurora Postgres (Engine version: 13.4) database.
I referred to this document for creating readwrite and readonly roles for 2 new rdsiam users -> "dev_ro" and "dev_rw". I have granted readwrite role to "dev_rw" and readonly to "dev_ro". The additional changes are:
myschema is "public" - which is my default schema
I add the same permissions as "myschema" to another schema called "graphile_worker" (from graphile/worker - which is a job queue).
With this in mind, here is what I have done:
I run my application which adds some repeating jobs (jobs schedule itself), implying that the jobs table can never be empty
Connect to RDS using the IAM user (doesn't matter dev_ro or dev_rw)
I run SELECT * FROM graphile_worker.jobs in my IDE (dbeaver - shouldn't matter, I think)
The table shows up empty
Disconnect and Re-connect to RDS using superuser credentials (which are created when server is created)
Run same query as above
See data in the table
I don't know why this is happening.
I double-checked, both "dev_ro/w" (through the roles) and superuser, have:
CONNECT to database (without doubt)
SELECT on all tables of graphile_worker schema
USAGE on the graphile_worker schema
Moreover, I can query graphile_worker.migrations and the migration records show up as expected (on both devro/w and superuser)!
Please let me know if there is any more information that I can provide to help debug this issue.
Removing Row-Level Security (RLS) solved this issue.
Thanks #Hambone for asking the right question.
RLS is removed by executing
ALTER ROLE <username> WITH BYPASSRLS
I'm connected to schema apm.
Trying to execute a function and getting below error:
ERROR: user mapping not found for "postgres"
Database connection info says:
apm on postgres#PostgreSQL 9.6
psql version: PostgreSQL 9.6.3, compiled by Visual C++ build 1800, 64-bit
How can this error be addressed?
It means that you are trying to use foreign table and your role (in this case postgres) does not have defined user and password for remote server.
You can add this by executing such query:
CREATE USER MAPPING
FOR postgres
SERVER remote_server_name
OPTIONS (user 'bob', password 'secret');
You can get server name for table like that:
SELECT srvname
FROM pg_foreign_table t
JOIN pg_foreign_server s ON s.oid = t.ftserver
WHERE ftrelid = 'schemaname.tablename'::regclass
If you want to create user mapping for all users, you can do it like this
CREATE USER MAPPING
FOR PUBLIC
SERVER remote_server_name
OPTIONS (user 'bob', password 'secret');
https://www.postgresql.org/docs/current/static/sql-createusermapping.html
CREATE USER MAPPING — define a new mapping of a user to a foreign
server
Your function queries foreign tables, using some server, for which you need a user mapping. Apparently it exists for the user owner, and not for you. Or just run the function with a user that has user mapping created.
you can view them with:
SELECT um.*,rolname
FROM pg_user_mapping um
JOIN pg_roles r ON r.oid = umuser
JOIN pg_foreign_server fs ON fs.oid = umserver;
How to create and use Synonyms on PostgreSQL as in Oracle. Do I need to create some DB link or any thing else. I could not find any good official doc on this topic.
Edit 1
Actually as of now i have an application which has two separate modules which connects with two different oracle databases; One modules need to access tables of other so for which we use synonyms over db link in oracle. Now we are migrating application to postgresql, so we need synonyms.
Edit 2
When i say two different oracle databases it means it can be two different oracle instances or two schemas of same db, it is configurable in application and application must support both modes.
PostgreSQL version: 9.6.3
Approach 1:-
Finally i got it working using foreign data wrapper postgres_fdw as below
I have two databases named dba and dbb. dbb has a table users and i need to access it in dba
CREATE SERVER myserver FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host 'localhost', dbname 'dbb', port '5432');
CREATE USER MAPPING FOR postgres
SERVER myserver
OPTIONS (user 'user', password 'password');
CREATE FOREIGN TABLE users (
username char(1))
SERVER myserver
OPTIONS (schema_name 'public', table_name 'users');
CREATE FOREIGN TABLE users (users char(1));
Now i can execute all select/update queries in dba.
Approach 2:-
Can be achieved by creating two schemas in same db, below are the steps:
create two schemas ex app_schema, common_schema.
Grant access:
GRANT CREATE,USAGE ON SCHEMA app_schema TO myuser;
GRANT CREATE,USAGE ON SCHEMA common_schema TO myuser;
Now set search path of user as below
alter user myuser set search_path to app_schema,common_schema;
Now tables in common_schema will be visible to myuser. For example let say we have a table user in common_schema and table app in app_schema then below queries will be running easily:
select * from user;
select * from app;
This is similar to synonyms in oracle.
Note- Above queries will work PostgreSQL 9.5.3+
I think you don't need synonyms in Postgres the way you need them in Oracle because unlike Oracle there is a clear distinction between a user and a schema in Postgres. It's not a 1:1 relationship and multiple users can easily use multiple schemas without the need to fully qualify the objects by exploiting Postgres' "search path" feature - mydb.public.mytable.
If the tables are supposed to be in a different database in PostgreSQL as well, you'd create a foreign table using a foreign data wrapper.
If you used the Oracle synonym just to avoid having to write atable#dblink, you don't have to do anything in PostgreSQL, because foreign tables look and feel just like local tables in PostgreSQL.
If you use the synonym for some other purposes, you can either set search_path to include the schema where the target table is, or you can create a simple view that just selects everything from the target table.
Im new with SQL Server, i have programmed several stored procedures and i have the next problem. For example, i have 2 tables (Role and User), and when i try to delete a role, logically the procedure shows me the error (547) because there are a foreign key on "User Table". So, what i need is finding a way to delete that role. If it would be necessary delete all the user whose role is that i gonna delete or if its possible to reassigne a new role for that user who belongs to the role which i wanna delete.
I hope you understand what i want to do more or less. I search a simple example how to do that.
Thanks!
Deleting users with role 5:
Delete From Users Where RoleID = 5
Or updating:
Update Users Set RoleID = 6 Where RoleID = 5
Then deleting role itself:
Delete From Role Where ID = 5
Hi Experts
How I can prevent database user deleting any data in tables using triggers?
I want just Admin delete Data from tables
Thanks
Umm take away that users permission? If you don't want them doing something, 'disallow' them that right... thats why we have permissions.
Here are details on how to revoke permissions:
http://msdn.microsoft.com/en-us/library/ms186308.aspx
Any particular reason you want to use triggers?
You could simply remove the DELETE permission from the users you want to restrict. Have a look at the "Permissions" section here: http://msdn.microsoft.com/en-us/library/ms189835.aspx
EDIT: Since you say you do want to use triggers (but I really think you should reconsider) you can create a table such as:
CREATE TABLE Restricted_Users
(
user_name VARCHAR(40) PRIMARY_KEY -- Use a size appropriate to your requirements
)
Create INSTEAD OF DELETE triggers on all your tables (that's going to be a chore) which checks for the USER_NAME() in the Restricted_Users table and if they EXIST you can call RAISERROR to cause the transaction to be rolled back and display a message to the user.
Remember you will have to maintain these triggers on all new tables added to the database as well as maintaining the list of users in the Restricted_Users table whenever you add/remove users from the database.
It would be a lot simpler to use the permission system available in SQL Server (it's what it's designed for) using roles with appropriate permissions set for the tables. Then, when adding new users you only have to assign them to the appropriate role and the delete permissions are handled for you.