I am considering what information should be provided under Article 15 (3) GDPR regarding the use of Exasol and ExaPlus. I don’t have SELECT ANY DICTIONARY system privilege to figure out this question by myself.
What SQL queries are created with ExaPlus to produce the menu in the left side esp.:
(1) Users,
(2) Schemas (table & views,..),
(3) Connections,
(4) Roles?
Are these queries kept in System tables like EXA_DBA_AUDIT_SQL and EXA_DBA_AUDIT_SESSIONS? You can assume that Auditing flag is enabled.
What is the entry for USER_NAME in EXA_DBA_AUDIT_SESSIONS?
How to determine whether something was executed by ExaPlus or done by the user itself?
Is there a difference between the user's local history in ExaPlus and the entries in the Exasol system tables for the same user?
How could an administrator disable the auditing in EXA_DBA_AUDIT_SQL of technical ExaPlus menu building queries?
Graphical database clients like DB Visualizer, DBeaver, or Exaplus send queries to the Exasol database when the user clicks through the database browser to inspect schemas, tables, views, etc. These are queries on system tables like EXA_ALL_TABLES, EXA_ALL_COLUMNS and so on. Also auto-completion features in other clients send such queries.
When you look in the system table EXA_DBA_SESSIONS (or EXA_ALL_SESSIONS), you see that each Exaplus window opens two sessions: E.g., one with CLIENT = 'EXAplus 6.0.8' and one with CLIENT = '[Meta] EXAplus 6.0.8'. The requests for browsing the database are sent within the latter "Meta" session. Firstly, to not mix Meta queries and your own queries in the audit tables etc., and sencondly, to not block the schema browser when currently a query is running.
You can use the following query to find out which statemets were sent to the database within an Exaplus meta session:
SELECT q.sql_text
FROM EXA_DBA_AUDIT_SESSIONS s JOIN EXA_DBA_AUDIT_SQL q ON s.SESSION_ID=q.SESSION_ID
WHERE s.client LIKE '[Meta] EXAplus %';
For sessions of the SQL client DB Visualizer, you cannot distinguish so easy between user sessions and meta sessions. For the client DBeaver it's similar to Exaplus. You find a value like "DBeaver-Meta 6.0.1.201903251040" in the CLIENT column of EXA_ALL_SESSIONS, EXA_DBA_SESSIONS_LAST_DAY and EXA_DBA_AUDIT_SESSIONS.
Exaplus and other clients have a local history of queries. These are saved on the client machine. On the other hand, EXA_DBA_AUDIT_SQL is managed by the database. Each and every query that is sent to the database is written there. But only if auditing is enabled in database settings in Exaoperation.
It is not possible to selectively enable auditing. Either all or none of the queries are written in the system tables.
What you can do is periodically (e.g., once per night) insert all entries of the audit tables which do not belong to meta sessions in another table. And then use TRUNCATE AUDIT LOGS to empty the audit tables.
But usually, this is all not necessary, because both the user queries and the meta queries should be logged - or none of them.
Here are some queries that Exaplus sent to the Exasol database when clicking though schemas, tables, users, roles, and connections:
select COLUMN_NAME, COLUMN_TYPE, COLUMN_IS_DISTRIBUTION_KEY, COLUMN_DEFAULT, COLUMN_IS_NULLABLE, COLUMN_IDENTITY, COLUMN_COMMENT from SYS.EXA_ALL_COLUMNS where COLUMN_SCHEMA='RF' and COLUMN_TABLE='TEST' order by COLUMN_ORDINAL_POSITION;
SELECT GRANTEE, PRIVILEGE, ADMIN_OPTION from SYS.EXA_DBA_SYS_PRIVS;
select OBJECT_NAME, OBJECT_TYPE, OBJECT_ID, CREATED,LAST_COMMIT, OWNER, OBJECT_COMMENT, OBJECT_IS_VIRTUAL from SYS.EXA_ALL_OBJECTS where ((OBJECT_TYPE = 'TABLE') or (OBJECT_TYPE = 'VIEW')) and (ROOT_ID = 35510272);
select "OBJECT_NAME", "OBJECT_TYPE", "SCHEMA_NAME", "OBJECT_COMMENT"from SYS.EXA_SYSCAT;
SELECT GRANTEE, GRANTED_ROLE, ADMIN_OPTION from SYS.EXA_DBA_ROLE_PRIVS;
select OBJECT_NAME, OBJECT_TYPE, OBJECT_ID, CREATED,LAST_COMMIT, OWNER, OBJECT_COMMENT, OBJECT_IS_VIRTUAL from SYS.EXA_ALL_OBJECTS where ((OBJECT_TYPE = 'TABLE') or (OBJECT_TYPE = 'VIEW')) and (ROOT_ID = 35510272);
SELECT GRANTEE, GRANTED_CONNECTION, ADMIN_OPTION from SYS.EXA_DBA_CONNECTION_PRIVS;
SELECT C.CONSTRAINT_TYPE C_TYPE, C.CONSTRAINT_NAME C_NAME, ORDINAL_POSITION, COLUMN_NAME, REFERENCED_SCHEMA, REFERENCED_TABLE, REFERENCED_COLUMN, CONSTRAINT_ENABLED FROM SYS.EXA_ALL_CONSTRAINT_COLUMNS CC join SYS.EXA_ALL_CONSTRAINTS C on C.CONSTRAINT_SCHEMA = CC.CONSTRAINT_SCHEMA and C.CONSTRAINT_TABLE = CC.CONSTRAINT_TABLE and C.CONSTRAINT_NAME = CC.CONSTRAINT_NAME WHERE C.CONSTRAINT_SCHEMA like 'RF' and C.CONSTRAINT_TABLE like 'TEST' and CC.CONSTRAINT_SCHEMA like 'RF' and CC.CONSTRAINT_TABLE like 'TEST' ORDER BY C.CONSTRAINT_NAME,ORDINAL_POSITION
select OBJECT_NAME, OBJECT_TYPE, OBJECT_ID, ROOT_ID, CREATED, LAST_COMMIT, OWNER, OBJECT_COMMENT from SYS.EXA_DBA_OBJECTS where ((ROOT_ID = 35510272) and ((OBJECT_TYPE = 'FUNCTION') or (OBJECT_TYPE = 'PROCEDURE') or (OBJECT_TYPE = 'SCRIPT')));
Related
I want to find out what the owner is of my postgres database schema. I tried
select * from information_schema.schemata s order by schema_name
But when I use a visual database client for our postgres database, there appear to be more schemas than the results of the query above. How can I see owners of these 'hidden' tables? I suspect it has something to do with the owner of the schema not granting others to see the schema, but I just can't figure that out.
try:
select r.rolname as schema_owner, ns.* from pg_namespace ns join pg_roles r on ns.nspowner = r.oid
I'm writing (in .NET) a login screen that allows the login to connect to a SQL Server. Once they've put in the server name and their credentials, it should then show a list of databases for them to connect to, but, the databases need to be of the right structure. This will be identified within each database by the existence of a ref.Config table, and a row in that table with appropriate values. There may be a whole bunch of other databases on the server for other purposes. I don't know at designtime.
Ideally what I'd like to do is something like this:
SELECT m.name
FROM MASTER.sys.databases m
CROSS APPLY (SELECT *
FROM {m.name}.INFORMATION_SCHEMA.TABLES t
WHERE t.TABLE_SCHEMA = 'ref'
AND t.TABLE_NAME 'Config') dbs
CROSS APPLY (SELECT *
FROM {m.name}.ref.Config c
WHERE c.KeyName = 'DatabaseMagicNumber'
AND c.KeyValue = '12345678') config
WHERE HAS_DBACCESS(m.name) = 1
ORDER BY m.name
Where m.name gets substituted into the subqueries after evaluation (I know the above isn't valid SQL). Is there a way to do this, or do I have to run a query on each database? I am unable to have a stored procedure on the server at this point. Ideally I just want one SQL statement that will return the names of all databases that conform to the structure I expect.
What are the information_schema tables and sys tables in SQL Server? What are the differences between them?
Both INFORMATION_SCHEMA and sys objects are both metadata catalogs that are available in SQL Server.
The INFORMATION_SCHEMA set of views are the ANSI/ISO standard catalogs for metadata. Most RDBMSs support the majority of INFORMATION_SCHEMA views, and each view exposes essentially identical information regardless of the vendor. In SQL Server, most, if not all the INFORMATION_SCHEMA views are views that go back to the sys tables in one way or other. In SQL Server, you can see the underlying VIEW definitions by running queries like:
SELECT OBJECT_DEFINITION(OBJECT_ID('INFORMATION_SCHEMA.TABLES'))
Which returns:
CREATE VIEW INFORMATION_SCHEMA.TABLES
AS
SELECT
DB_NAME() AS TABLE_CATALOG,
s.name AS TABLE_SCHEMA,
o.name AS TABLE_NAME,
CASE o.type
WHEN 'U' THEN 'BASE TABLE'
WHEN 'V' THEN 'VIEW'
END AS TABLE_TYPE
FROM
sys.objects o LEFT JOIN sys.schemas s
ON s.schema_id = o.schema_id
WHERE
o.type IN ('U', 'V')
The sys tables and views are the original metadata catalog views and tables that were, AFAIK, created by Sybase (the vendor that Microsoft purchased SQL Server's original code base from). Most RDBMSs have an equivalent set of catalog tables, but the specific table names are all different between vendors. In SQL Server, these tables along with the later addition of the dynamic management views (DMVs) are what Microsoft created to capture a database's metadata for system and user use.
In SQL Server, since the the INFORMATION_SCHEMA views typically point back to the sys tables and due to the ISO definitions for those views, it is not uncommon for the INFORMATION_SCHEMA views do not contain all metadata or all objects that you're looking for. (Personally I think Aaron's bias in that article is a little overblown, but he's probably been bitten by the issue more than I have and he also probably works on more complexly configured databases than I do.)
That said, however:
SELECT OBJECT_DEFINITION(OBJECT_ID('sys.tables'))
Returns:
CREATE VIEW sys.tables AS
SELECT o.name, o.object_id, o.principal_id, o.schema_id, o.parent_object_id,
o.type, o.type_desc, o.create_date, o.modify_date,
o.is_ms_shipped, o.is_published, o.is_schema_published,
isnull(ds.indepid, 0) AS lob_data_space_id,
rfs.indepid AS filestream_data_space_id,
o.property AS max_column_id_used,
o.lock_on_bulk_load, o.uses_ansi_nulls, o.is_replicated, o.has_replication_filter,
o.is_merge_published, o.is_sync_tran_subscribed, o.has_unchecked_assembly_data,
lob.intprop AS text_in_row_limit,
o.large_value_types_out_of_row,
o.is_tracked_by_cdc,
o.lock_escalation_option AS lock_escalation,
ts.name AS lock_escalation_desc,
o.is_filetable,
o.is_memory_optimized,
o.durability_option as durability,
d.name as durability_desc
FROM sys.objects$ o
LEFT JOIN sys.sysidxstats lob ON lob.id = o.object_id AND lob.indid <= 1
LEFT JOIN sys.syssingleobjrefs ds ON ds.depid = o.object_id AND ds.class = 8 AND ds.depsubid <= 1 -- SRC_INDEXTOLOBDS
LEFT JOIN sys.syssingleobjrefs rfs ON rfs.depid = o.object_id AND rfs.class = 42 AND rfs.depsubid = 0 -- SRC_OBJTOFSDS
LEFT JOIN sys.syspalvalues ts ON ts.class = 'LEOP' AND ts.value = o.lock_escalation_option
LEFT JOIN sys.syspalvalues d ON d.class = 'DOPT' AND d.value = o.durability_option
WHERE o.type = 'U'
Which is clearly returning a lot more detailed information, and notice that INFORMATION_SCHEMA.TABLES returns both user tables and views, while sys.tables only returns user tables.
Personally, I find the INFORMATION_SCHEMA views much better organized and much easier to use for ad hoc queries to find tables by name or columns by name, but there are some corner cases where you have to go to the sys objects tables and there are some situations where missing objects in the INFORMATION_SCHEMA views can bite you. If I'm looking for a reliable and complete set of items then I use the sys tables (specifically sys.objects or sys.all_objects) but those require a lot more work to get readable results. The INFORMATION_SCHEMA views have done a lot of that work for you already.
INFORMATION_SCHEMA.TABLES view allows you to get information about all tables and views within a database. By default it will show you this information for every single table and view that is in the database.
Kindly visit this: https://www.mssqltips.com/sqlservertutorial/196/informationschematables/
Sys tables contain the all-important meta data, the data about your data. This data includes information about table names, column names, and data types, so that SQL Server can properly process queries and return result sets. System tables contain information about valid users and their permissions, so data can be secure, and information about your SQL Server configuration, so you can predict and control the system's behavior.
I am logged into my application from system. I perform refresh from one user and copy paste
from the other. refresh has mainly a set of select queries and copy paste is having more of insert queries.
refresh as such takes one minute or less to perform but when copy-paste is being done from other system it takes a lot of time or waits for the copy paste to complete and only then it completes.
I am using oracle 10g database.I have been using oracle sql develepor (monitor session) to see the real time queries but not have been able to use it effectively.
Can you please tell me:
How to see conflicting queries if at all.
How to see locks acquired by variuos queries.
how long it takes to complete one query.
Any other suggestion or any other approach or tool that i may use .
How to see conflicting queries
In Enterprise Edition, you can use the Enterprise Manager to track the bloking sessions, and the participating queries. (Enterprise Manager for 10g documentation)
You can also write SQL queries for this, like detailed in this article: Tracking Oracle blocking sessions
SQL from the article (listing blocking sessions):
select blocking_session, sid, serial#, wait_class, seconds_in_wait
from v$session
where blocking_session is not NULL
order by blocking_session;
Listing the active queries (from Ask Anantha):
SELECT a.USERNAME, a.STATUS, b.sql_text
FROM V$SESSION a
INNER JOIN V$SQLAREA b ON a.SQL_ADDRESS= b.ADDRESS;
Recommended reading : V$SESSION table
How to see locks acquired by variuos queries.
This query will tell you the session IDs (From Oracle forum):
set linesize 150;
set head on;
col sid_serial form a13
col ora_user for a15;
col object_name for a35;
col object_type for a10;
col lock_mode for a15;
col last_ddl for a8;
col status for a10;
break on sid_serial;
SELECT l.session_id||','||v.serial# sid_serial,
l.ORACLE_USERNAME ora_user,
o.object_name,
o.object_type,
DECODE(l.locked_mode,
0, 'None',
1, 'Null',
2, 'Row-S (SS)',
3, 'Row-X (SX)',
4, 'Share',
5, 'S/Row-X (SSX)',
6, 'Exclusive',
TO_CHAR(l.locked_mode)
) lock_mode,
o.status,
to_char(o.last_ddl_time,'dd.mm.yy') last_ddl
FROM dba_objects o, gv$locked_object l, v$session v
WHERE o.object_id = l.object_id
and l.SESSION_ID=v.sid
order by 2,3;
How long it takes to complete one query
You can track it with this SQL from SearchOracle
SELECT *
FROM
(select
username,opname,sid,serial#,context,sofar,totalwork ,round(sofar/totalwork*100,2) "% Complete"
from v$session_longops)
WHERE "% Complete" != 100
Any other suggestion or any other approach or tool that i may use
Well, Google comes to mind...
I'm responsible for some test database servers. Historically, too many other poeple have access to them. They run on SQL Server 2005.
I've been writing queries and wrapping them in scripts so I can run a regular audit of rights. Finding out which users had Administrator rights on the server itself was fine, as was finding out who had the sysadmin role on their login - it was a single line query for the latter.
But how to find out which logins have a User Mapping to a particular (or any) database?
I can find the sys.database_principals and sys.server_principals tables. I have located the sys.databases table. I haven't worked out how to find out which users have rights on a database, and if so, what.
Every Google search brings up people manually using the User Mapping pane of the Login dialog, rather than using a query to do so. Any ideas?
Check out this msdn reference article on Has_Perms_By_Name. I think you're really interested in examples D, F and G
Another idea... I fired up SQL profiler and clicked on the ObjectExplorer->Security->Users. This resulted in (approx) the following query being issued.
SELECT *
FROM
sys.database_principals AS u
LEFT OUTER JOIN sys.database_permissions AS dp
ON dp.grantee_principal_id = u.principal_id and dp.type = N'CO'
WHERE (u.type in ('U', 'S', 'G', 'C', 'K'))
ORDER BY [Name] ASC
select * from Master.dbo.syslogins l inner join sys.sysusers u on l.sid = u.sid
This will get you what users are mapped to which logins within a single database.
Here's how to do this. I ended up finding reference to a sproc in the MSDN docs. I pulled this from the sproc and wrapped it in a loop of all the databases known to the instance.
select DbRole = g.name, MemberName = u.name
from #NAME.sys.database_principals u, #NAME.sys.database_principals g, #NAME.sys.database_role_members m
where g.principal_id = m.role_principal_id
and u.principal_id = m.member_principal_id
and g.name in (''db_ddladmin'', ''db_owner'', ''db_securityadmin'')
and u.name not in (''dbo'')
order by 1, 2
This then reports the users that have DBO who perhaps shouldn't. I've already revoked some admin access from some users that they didn't need. Thanks everyone!