I am defining a new table where a column suppose to store name of the logged in user. How to grab logged in user name as default value for a column? Is it possible out of the box ?
You can use SYSTEM_USER variable to fill that.
I would recommend using ORIGINAL_LOGIN in case there is some impersonation going on. It will always get the user name that initiated the connection.
ORIGINAL_LOGIN
SYSTEM_USER
Related
The idea is to Update the status of the User on User's Table during the login process using a trigger. The LOGON trigger will only fire on that database only
It is possible to do? plus a trigger that will change that value when the user closes the session.
The purpose of this is to make sure that the PROCEDURE'S that check the condition and let the user know the 'it's not available', when the user isn't logged in.
This is for a school project, it's not ideal.
I want to reference app_user in query
(where username=(:APP_USER))
Now my query returns null values, I guess it's happening because my username col is varchar2. How to reference app_user in this situation?
you can use below:
where username=v('APP_USER')
Edit1:
for performance constraints, it is always recommended that you do it like this:
where username=(select v('APP_USER') from dual)
:APP_USER value depends upon the authentication model set in your application. If application is running using database authentication then the value of the user is the same as the database pseudo column USER. If the application uses an authentication scheme that requires the user to authenticate, the value of APP_USER is set by the authentication scheme, usually to the user name used during authentication.
Reference : Oracle documentation
apex make username uppercase try (where UPPER(username)=(:APP_USER))
The goal is to allow all the "Teachers" that have access to the Faculty table to have Select permissions to only their own social security number and not everybody elses. Do any of you know how I can perform something like this? I do have all my users setup as Windows Users and I have a windows group called Teachers, if that helps.
Not possible using the standard permissions in SQL server (that I am aware of)
You will need to implement this kind of constraint in your code.
You could in theory pass in the SS# and query based on this and raise an error if they do not match.
Social security numbers shoud be encrypted so they can't see each others numbers if they call up the record. You can use a decryption proc to allow them to decrypt that checks the userid against the profile id and will only decrypt if they match.
Implementing Row-level Permissions
Row-level permissions are used for applications that store information in a single table. Each row has a column that defines a differentiating parameter, such as a user name, label or other identifier. You then create parameterized stored procedures, passing in the appropriate value. Users can see only rows that match the supplied value.
The following steps describe how to configure row-level permissions based on a user or login name.
Create the table, adding an additional column to store the name.
Create a view that has a WHERE clause based on the user name column. This will restrict the rows returned to those with the specified value. Use one of the built-in functions to specify a database user or login name. This eliminates the need to create different views for different users.
' Returns the login identification name of the user.
WHERE UserName = SUSER_SNAME()
' USER_NAME or CURRENT_USER Return the database user name.
WHERE UserName = CURRENT_USER()
Create stored procedures to select, insert, update, and delete data based on the view, not the base tables. The view provides a filter that restricts the rows returned or modified.
For stored procedures that insert data, capture the user name using the same function specified in the WHERE clause of the view and insert that value into the UserName column.
Deny all permissions on the tables and views to the public role. Users will not be able to inherit permissions from other database roles, because the WHERE clause is based on user or login names, not on roles.
Grant EXECUTE on the stored procedures to database roles. Users can only access data through the stored procedures provided.
I have delete trigger on table, in which I use function HOST_NAME() to retrieve user who executed action then I checked that user exists in User table if not then I throw Raiserror. Action is perform from ASP.NET web application where I dynamically add "Workstation Id" to connection string to have current logged user name in delete trigger.
The problem is that I sometimes must run some scripts manually from SSMS and Host_Name() contains the name of current logged user in sql server, but this user doesn’t have corresponding row in User table and then Raiserror occurred. The question is how can I run delete script from SSMS and doesn’t have Rairserror?
Answer is very simple, make your custom function which overriding Host_Name() and if Host_Name() contains user of name XYZ then I return constant name of system user which has corresponding row in User table.
I have one database table which contains 8 columns. One of the columns is called IsAdmin (its data type is Bit). I have to show the user list in a grid view if and only if the signed-in user is an admin.
How can I do this? Which clause is used for this?
Not entirely sure that I understand you correctly. Is the "user list" that you're looking to display also the table that you're selecting from? My understanding is that this is what you need:
if exists (
select *
from MyUserList
where IsAdmin = 1
and UserName = SUSER_NAME()
)
begin
select *
from MyUserList /* Or whatever you need to do if the user is admin */
end
else
begin
/* Do whatever you need to do if the user is not an admin */
end
To me, doesn't sound like you need a clause but should be handled by business logic in your application.
e.g. if you only want to show the list if the signed-in user is an admin, then there's no point in running the query if the user is NOT an admin - it's a roundtrip to the db that is unneccessary.
Instead, in your application just have some logic that says "if signed-in user is an admin the populate the grid view, else don't"
I would probably recommend that this be done in the application instead of in SQL. Let the application do the checks on who is an admin and place that into a session or cookie and when the page loads do a check of the session/cookie to ensure the user is an admin and if they are show the information.
If you want it in SQL you should provide some additional information such as table structure and table names.
Matt
The solution is too simple,as you need to select specific data if the user is in role of admin and else another data may be selected or nothing, so do the following code :
select * from [UserList] where IsAdmin = #UserRole and UserID = #UserID
In this case you will select data relevant to this user ID and his role.
Hope that this is helpful according to my understanding of the problem.