I want to assigned basic read-only permissions for a PostgreSQL database role that must access from an Application server like Glassfish.
For a production system, you can use the configuration described in this post :
What GRANT USAGE ON SCHEMA exactly do?
Related
I have created a RDS instance for Microsoft SQL Server, while creating the instance I have master user named admin.
Now the issue is I have created a new user with these privileges added to it:
PROCESSADMIN
SETUPADMIN
DB_OWNER
According the documents given in the below link
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.MasterAccounts.html, we should have access to create databases with the above privileges, but I am not able to create a new database with this user.
Can anyone guide me if I am missing something here?
Is it possible to get SQL Server Management studio to use Azure Keyvault to get the connection parameters (server and credentials)?
I've created a key vault, added username and password secrets, now I'd like SSMS to go and get those values so the user never knows them.
I fear the short answer is no but there might be a better way of doing this than using a KeyVault.
I think the solution would be to add the user to the database as an Azure Active Directory user. There are instructions here Add Azure Active Directory User to Azure SQL Database
Go to the SQL server, select Active Directory Admin in the Settings
section
Click Set Admin and choose a user (I'm assuming you if you're setting
all of this up)
Click Save. I forgot this bit first time round.
Now you can sign in to the database with Azure Active Directory -
Password or Azure Active Directory - Universal with MFA
Right click on System Databases/master and create a new query
Run CREATE USER [a.name#example.com] FROM EXTERNAL PROVIDER;
And the user will be added to the database. I'm assuming that you'll still need to set permissions and the like but I think this would give you a simpler solution with more control over what people can do.
Your users might find Azure Data Studio even easier.
https://learn.microsoft.com/en-us/sql/azure-data-studio/download-azure-data-studio?view=sql-server-ver15
This has an Azure section where you can log in with your Azure credentials. Once signed in you can at least discover resources on your Azure subscription and if your account has been granted access as above it's then possible to run queries without any further authentication.
Is it possible in any of the existing LDAP servers to edit a schema in one of the editors available? Like JXplorer, Apache Directory Studio, LDAP Admin?
I tried with OpenLDAP and all of the above tools (I run the server with -F option) but it looks like it's not possible to modify schema - add new attributes, add descriptions etc.
I would be grateful if any of you have some experience with this.
Cheers
Some LDAP servers allow (authorized users) to change the schema by sending LDAP modify operation affecting the so-called subschema subentry directly, but not OpenLDAP.
In OpenLDAP you have two possible configuration methods:
Static file configuration usually with schema files being simply included (aka slapd.conf) which requires slapd to be restarted to make configuration changes effective
Dynamic configuration backend back-config (aka cn=config) for which you can also define ACLs restricting access to your LDAP admins
The dynamic configuration method allows to tweak the schema via LDAP making it effective without server-restart. But you have to modify the multiple LDAP entries in sub-tree cn=schema,cn=config which you can do with any generic LDAP client.
Since schema descriptions usually reference other schema descriptions the order is important. Standard LDAP does not know about order of entries beneath an entry or order of attribute values. Therefore OpenLDAP implements an extension specified in draft-chu-ldap-xordered.
where the Roles class store the roles that he creates, what is the type of role providers that support this class?
is it SqlRoleProvider?
here I think you will find the answer to your question.
read this section in the article:
Using SqlRoleProvider
If you want to store roles in SQL Server, you
use the SqlRoleProvider. By default, roles are stored in a database
named Aspnetdb in a SQL Express database instance in the \app_data
folder beneath your application's virtual directory root folder. You
can also configure the SqlRoleProvider to use a local or remote
instance of SQL Server.
We have a traditional UV account. Data files in one directory, application programs & subroutines in another directory. Our latest projects is implementing JDBC and in order to fully access the subroutines from java, I belive I need to create a schema on the existing uv account.
How can I do this? I tried logging in as uvadm and create a schema. Get the following error:
CREATE SCHEMA TEST;
UniVerse/SQL: "uvadm" is not an SQL user.
Can anyone help?
They're both admin, per the docs, but a UniVerse Admin is simply someone who has r/w perms on the underlying files used in creation (uvadm and/or root).
Who Is a UniVerse Administrator?
To
perform most administration tasks, you
must be logged on as a UniVerse
Administrator. On UNIX systems,
UniVerse administrators must log on as
root or as uvadm. On Windows systems,
UniVerse administrators must log on as
a member of the Administrators group.
You can then use UniVerse Admin and
UniVerse administration commands to
perform UniVerse administration.
However, a UniVerse SQL admin is the person who has read/write permissions on the CATALOG. If you can't create a catalog it is probably because you don't have r/w perms on the directory you're in, because the catalog is just a file.
When you installed UniVerse, who did you say the owner of uvsql is - uvadm or root? The only way I know to resolve this problem is to go through a reinstallation to allow answer uvadm so all the files within SQL will be setup and cataloged properly.