I have a employee_database and under employee_database I have tables salary_table and bonus_table. Right now emp_role has full access on employee_database. I would also like to give select access to hr_role on bonus_table. How can I achieve this in sentry?
SHOW GRANT ROLE emp_role;
1 hdfs://localns/emp emp_role ROLE * false
2 employee_database emp_role ROLE * false
GRANT SELECT ON TABLE emp_database.bonus_table to role hr_role;
SHOW GRANT ROLE emp_role;
1 hdfs://localns/emp emp_role ROLE * false
2 employee_database emp_role ROLE * false
I don't get error when I run the above grant but i don't see the grant in the list.
Related
I have a table that displays user profile and users assigned.
Example
Profile User
-------- -----
ProfileA UserA
ProfileA UserB
ProfileA UserC
ProfileB UserA
ProfileB UserD
ProfileC UserB
ProfileD UserE
I am trying to create a query to verify that a group of specific users are not in the profile and display those profiles.
Example:
I want to display the profiles where UserA and UserC are not assigned to.
Output Example:
Profile
--------
ProfileC
ProfileD
I am trying to create this query in MS Access.
Presumably, you have a table of profiles. If so, use not exists:
select p.*
from profiles as p
where not exists (select 1
from user_profiles up
where up.profile = p.profile and up.user in ('UserA', 'UserC')
);
If you don't have a separate table -- which would seem odd to me -- you can do this with the profiles in your table. But in this case, conditional aggregation is a simple method:
select profile
from user_profiles
group by profile
having sum(iif(user in ('UserA', 'UserC'), 1, 0)) = 0;
I'm trying to make a query that shows the users and all the roles that they have. I already know how to ask about the roles of one particular user:
SELECT oid, rolname FROM pg_roles WHERE
pg_has_role( 'name_of_user', oid, 'member');
Any idea how to do it?
run psql -E to see statements behind meta commands in psql:
vao=# \du
********* QUERY **********
SELECT r.rolname, r.rolsuper, r.rolinherit,
r.rolcreaterole, r.rolcreatedb, r.rolcanlogin,
r.rolconnlimit, r.rolvaliduntil,
ARRAY(SELECT b.rolname
FROM pg_catalog.pg_auth_members m
JOIN pg_catalog.pg_roles b ON (m.roleid = b.oid)
WHERE m.member = r.oid) as memberof
, r.rolreplication
, r.rolbypassrls
FROM pg_catalog.pg_roles r
ORDER BY 1;
**************************
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+-----------
ro | Cannot login | {}
rw | Cannot login | {}
vao | Superuser, Create role, Create DB, Replication, Bypass RLS | {ro,rw}
My question revolves around using an Oracle Database to manage a mapping between Raw Entitlements to Business Friendly Roles.
Basically, I have two tables:
Mapping Table - this would contain what entitlements are required to fit into a particular applicationrole. Note that you must have ALL of the entitlements for a particular applicationrole to have it. Also, this could change on any day, so queries need to be dynamic in the sense that it could be 3 entitlements = a role or 10 entitlements = a role.
Application ApplicationRole Resource Action
--------------------------------------------------------
Test1 Admin appserver1 admin
Test1 Admin appserver2 admin
Test1 Admin appserver3 admin
test2 ReadOnly appserver1 ro
test2 ReadOnly appserver2 ro
Accounts Table - this table would contain raw data from servers, like what accounts exist on what servers:
Account Resource Action Application
-------------------------------------------------
abc123 appserver1 admin Test1
abc123 appserver2 admin Test1
abc123 appserver3 admin Test1
test2 ReadOnly appserver1 ro
What I am aiming for is to find what applicationroles (business friendly grouping) are applicable to my accounts. In this example, account abc123 has 3 entitlements, for appservers 1, 2 and 3, and has the admin entitlement. Looking at the mapping table, I can now say this account has applicationrole "admin". However, account test2 only has ro on a single server, and the mapping says it needs ro on two servers to have the role "ReadOnly", therefore, account test2 does NOT have the role.
The output from a query on this same data should look like:
Account Application ApplicationRole
----------------------------------------------
abc123 Test1 Admin
Later on, I'll also want a query that returns the opposite;all accounts that DON'T fit into a role. E.g.
Account Application Resource Action
----------------------------------------------
test2 test2 ReadOnly appserver1
Let me know if I can provide any more info! I can't really find what I am after online, seems pretty hard to search for.
Thanks guys! :)
EDIT:
I've managed to write up this query and it seems to work for the first part; not sure if it's the best way though, and any guidance would be great :)
SELECT *
FROM TEMP_USERDATA b
LEFT JOIN TEMP_MAPPINGTABLE a
ON a.application = b.application
AND a.oresource =b.oresource
AND a.action =b.action
WHERE (SELECT COUNT(c.application||c.oresource||c.action)
FROM temp_mappingtable c
WHERE c.application=a.application) =
(SELECT COUNT(DISTINCT application||oresource||action||account)
FROM temp_userdata
WHERE temp_userdata.application=a.application
);
Try this:
;WITH mapingdata AS ( SELECT application,
applicationrole,
resource,
action,
COUNT ( * ) AS rowcount
FROM temp_mappingtable
GROUP BY application,
applicationrole,
resource,
action),
WITH userdata AS ( SELECT account,
resource,
action,
application,
COUNT ( * ) AS rowcount
FROM user_data
GROUP BY account,
resource,
action,
application)
SELECT *
FROM mapingdata m, userdata u
WHERE m.application = u.application
AND m.resource = u.resource
AND m.action = u.action
AND m.rowcount = u.rowcount;
Have two tables : Applicant , Applies
//APPLICANT
A#
-------------
1
2
3
4
5
//APPLIES
A# POSITION
---------------------
1 GM
2 CEO
3 DIRECTOR
3 MANAGER
So i create the user like this:
CREATE USER TEST IDENTIFIED BY TESTING;
GRANT CREATE SESSION TO TEST;
Now i want grant select to TEST on table APPLICANT which have at least 1 record in APPLIES table using follow query:
SELECT a.A#,COUNT(a.A#) FROM APPLICANT a
INNER JOIN APPLIES ap ON a.A#=ap.A#
HAVING COUNT(a.A#)>0 GROUP BY a.A#;
how i grant to user TEST? with select clause condition
GRANT SELECT ON APPLICANT WHERE (SELECT.......) TO TEST;
Fail to work, errors come out.
I have three tables, Roles, Permissions, and Role_ Permissions
Table Roles has the following: id, role_name
Data: id, role_name
1, Accounting
2, Order_Entry
3, Shipping
Table Permission has: id, permission _name
Data: id, permission _name
1, Admin
2, Super_User
3, Read_Write
4, Read_Only
Table Role_ Permissions has:
role_id (FK from Roles),
permission_id (FK from Permissions)
I need to create a matrix that looks like this:
Heading: Roles Admin Super_User Read_Write Read_Only
Columns/Rows: Accounting X X
Order_Entry X X
Shipping X X
The 'X' represent that there is a permission for that role. Blanks, of course, mean there is no permission for that role
Can this be done in SQL