Storing full name of database user - sql

I have a QT application which uses database with several users (teachers in my case). I also have a table with teachers' names and information about them. Teacher logs in with his username and password at the beginning and then I need his full name somewhere in the program.
How should I retrieve it? Is there some way to store it in the table of db users? Or should I add column with username to my Teachers table? (It is my first application where I use databases so I'm sorry if this was asked before, I have no idea what I should google)
Database structure: https://yadi.sk/i/EmNwwsl7ia5JS

It's better to add two columns, for first name and last name, in the table where the username exists. So by using the username we can fetch the full name from the table.

Related

How to assign the IDs to the referring table and how to display this correctly? (SSMS)

I am in the process of creating an audit plan using ERD, going off the below image you can see that there's a permissions table with four FK columns referring to the other four tables PK column. I am just confused as to how the IDs will relate to the other tables and how will it show up correctly in the permissions table?
For the Users table, I imported the data from 'master.sys.server_principals.
For the Instance table, I imported the data by using ##SERVERNAME.
For the Databases table, I imported the data from master.sys.databases.
For the Object Types table, I imported the data from master.sys.objects.
Now, I am currently on the permissions table and stuck at this point because I am wondering how will the IDs match from the four other tables (mentioned above and shown in the image link below) to this permissions table. I know I need to query from master.sys.database_permissions to get the information for both columns 'Permissions_Permission_Name' and 'Permissions_Object_Name' but it's just the other four ID columns which I am confused about...(you can ignore the column Permissions_ID)
I'm going to use the Answer field, because there is no space in the Comment editor. This answer is an answer to only part your question, two of the four tables (Databases and Users) I can relate to system tables.
First and foremost: when filling in Id's, you would generate the other table records first, keep the Identity Id's generated, and finally create a new Permission record and fillin the correct indexes there, in each Id field. That counts for any such change when a table contains indexes to other tables. Suppose you know.
Issue is, your structure differs from the system tables. You will need more "permission" records than master.sys.database_permissions, because MsSQL registers these as permissions per principal (role) not permissions per user.
I solved two of the four:
The user is connected to a principal role via master.sys.database_role_members. The Id of the user role can be found in your source as master.sys.database_permissions.grantee_principal_id and the corresponding users that have this principal_id are listed in master.sys.database_role_members.
Your permission a database (ONE database) is defined in your Permission record. The database name in this database record should map to a database on your server. In that database, you will find database_permissions.sys.server_principals. users that have the permissions are (again) found in master.sys.database_role_members.
I'm not sure what you intend to do with the other 2 tables, Instances and Object Types.
Refer ms-docs about the subject at https://learn.microsoft.com/en-us/sql/relational-databases/system-catalog-views/sys-database-permissions-transact-sql?view=sql-server-ver15

Linking user accounts to primary key values in Oracle Apex

Im brand new to Apex and fairly new to SQL. I made a database that has teachers and students. I want to make an oracle apex application such that when teachers make a new course students can sign up to it. However, since there are many teachers how do i make a form in Apex so that it knows what teacher i am referring to? I wouldnt expect teachers to have to enter their teacher_id (primary key) but dont know what to do.
I made a sequence and trigger so that when a teacher makes a new course listing, a new row goes to the database. What i am stuck on is how apex can identify which teacher is posting that. I have tried to make different users as well but have no idea how to link a teacher user account on apex to a teacher_id (primary key) value in my database so that whenever a specific teacher logs into the apex application, the database knows their teacher_id and uses that automatically whenever a teacher_id is required.
Any form of guidance will be helpful (even a link to a useful youtube video that addresses my problem - I have searched to no avail thus far).
Thanks.
A simple option would be to identify teachers (and students) by their usernames (they use to log in into your Apex application). In Apex, it is then referenced as :APP_USER variable. As there can't be duplicates (obviously), it will be unique so there won't be any confusion.
So, alter the users table and - along with their ID (which you already have) - add the USERNAME column (or APP_USER, or whatever you want to name it).
Based on the information that you have provided, I gather that you have got the tables for the teacher in place. Also, I understand that this table has a primary key of teacher_id.
Now in the course creation form, you can have a field that is mapped to this primary_key column. For display purposes, you can make this field resolve the teacher name (instead of the teacher_id) value. You can achieve this by associating the field with a List of Values (either via a Shared Component).
There are multiple configuration options to achieve this. Here is a link to help you get started on this.
Oracle Apex - LoVs
Once, you have the field render user-friendly data, if you would like it to be auto-populated based on the logged in user, you can take the approach that #Littlefoot has suggested above and link the :APP_USER with the teacher_id and use that to set the default value into this field.

Do I need a login table?

Hey guys I have a simple database question. Say I am emulating a university login system.
If i have a student table and faculty table, can I just store the password directly in the corresponding table? For example student table has such attributes as (student_ID - primary key), First_name, Last_name, Classification, and now I would add a password field.
If I create a login table i'm just effectively copying over thousands of potential records. Is there any benefit to creating a login table with say (primary key STUDENT_ID,FACULTY_ID) and a password field for authentication purposes?
Can I increase security on just one table? What is the better approach?
As one student contains only one password, there maintains one to one relationship so there is no need of splitting the table for one to one relationship.
If there is one to many relation, breaking the table will be good such as for storing multiple phone numbers or multiple address of a user.....
You need to decide upon whether only students will be allowed to login into your system.
What about admin user, teachers, etc?
even if there is a remote possibility that a non student will log into the system it is advisable to create a login table with userid and password stored in MD5 encryption

put login and password in one table or in multiple tables for each type of user?

I have different 3 types of users and each type of user can have columns and relationships with tables that another type doesn't, but all of them have login(Unique) and password,
how would you do:
create a table for each type or
create one table for all of them or
create a table for all of them only for login and password and separate for all the other things and bind them with a FK
something else
Number 3 is the best of the options you suggested (updated slightly for clarification):
create a table for all of them for login and password and anything else that is shared and a separate table for all the other things that are not shared and bind them with a FK
Except don't store the password, store a hashed version of a salted password.
An alternative might be to assign groups and/or roles to your users. This might be more flexible than a fixed table structure, allowing you to add new roles dynamically. But it depends on your needs whether this is useful for you or not.
As Aaronaught pointed out, in the main table you need an AccountType to ensure that a user can only have one of the roles. You must remember to check the value of this column when joining the tables to ensure that a user has only one role active.
A unique constraint on the foreign key ensures that a user can only have a role once.

SQL database design suggestion : Naming a database table

I have to create a table and store Active Directory SIDs representing an User or a Group.
How would you name the category representing both an User and a Group ?
Edit 1.
Table will contain four columns : ID ( PK ), SID's Name, SID's value and another column for SID's Type ( 0 for User, 1 for Group ).
Please suggest the table name, not only the columns names.
Active Directory uses the term "principal" or "security principal" for both. That also includes computers.
Here's a grahpic image from the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 that shows the hierarchy.
(source: microsoft.com)
So I would probably call my table Principals and have the three columns you mentioned:
PrincipalName (string)
SID (string or binary)
PrincipalType (0 for User, 1 for Group)
From most verbose to least:
ActiveDirectorySecurityIdentifiers
ActiveDirectorySIDs
ADSIDs
Good practices dictate that table names be plural and that the names should represent and describe the contents of the tables. Depending on your level of comfort any one of the above should do just fine.
When I recently had to do this (linking a DB user table to the AD accounts) I simply named the column ADSID.
I found this made good sense for us since we were querying using DirectorySearcher and the name for that property in the LDAP database is objectSid, so our queries looked like:
deSearch.Filter = "(&(objectSid=" + ADSID + "))";
Although, as I cut an paste that code from my project, I do wonder if maybe objectSid would have been a good column name too?
As far as naming the table, I hope you are storing additional information beyond the AD details here? Otherwise, why are you duplicating the AD database?
If you are storing additional information, then you should name the table according to whatever domain/business object is modelled by the table.
As I said, I was storing the data for users, so my table was simply called [Users].
Finally - perhaps you would benefit from normalising this out into a [Groups] and a [Users] table?