Not able to insert into MSSQL through grails application - sql

I cannot get my simple grails application to do an insert into my table through a user that I created, even though I was able to run the query in SQl management studio just fine.
I get this error:
The INSERT permission was denied on the object 'mini_user', database 'Mini_test', schema 'dbo'
InvalidDataAccessResourceUsageException: could not insert: [com.grailsinaction.MiniUser]; SQL [insert into mini_user (version, date_created, password, profile_id, user_id) values (?, ?, ?, ?, ?)];
I am able to run the above query in management studio without any errors.
Here is my Grails configuration, although the problem seems to be on the SQL server side.
dataSource {
pooled = true
driverClassName = "net.sourceforge.jtds.jdbc.Driver"
dialect = "org.hibernate.dialect.SQLServerDialect"
}
test {
dataSource {
url = "jdbc:jtds:sqlserver://127.0.0.1:1433/Mini_test;instance=SQLEXPRESS;user=tester2;password=tester2"
}
I also placed the jtds-1.3.1.jar in "lib" (If I can figure this out, Ill probably switch to a maven dependency) and placed a runtime string in buildconfig.groovy.
dependencies {
runtime 'net.sourceforge.jtds:jtds:1.3.1'
}
Here is my attempt to give "tester2" any and all access:
I dont know what else to try. It seems like I have given that user unlimited access, so I'm not sure where these permission issues are coming from.

I noticed you are not specifying the database name in your conf file.
This is what mine looks like:
dataSource {
url = "jdbc:jtds:sqlserver://server1:1433;databaseName=MyDbName"
username = "user"
password = "*******Pass"
// logSql=true
}
Also, make sure that the User Mapping has been set up in the Security at the Server level and not just under the security at the DB level.

I didnt look carefully enough at the permissions. I had "db_denydatareader" and "db_denydatawriter" checked. Very simple...

Related

How to Impersonate Impala queries on Superset

I'm setting up Superset (0.36.0) in production Mode (with Gunicorn), and I would like to set up impersonate while running Impala queries on my Kerberized Cluster, to each user of Superset have privilegies on tables/databases like he has on Hive/Hue/HDFS. I've tried to set "Impersonate the logged on user" to true in my database config, but it's not changing the user that is running the query, it's always using the celery-worker user.
My database config is:
Extras:
{
"metadata_params": {},
"engine_params": {
"connect_args": {
"port": 21050,
"use_ssl": "True",
"ca_cert": "/path/to/my/cert.pem",
"auth_mechanism": "GSSAPI"
}
},
"metadata_cache_timeout": {},
"schemas_allowed_for_csv_upload": []
}
My query resume in Cloudera Manager (5.13):
How can I enable Impersonate correctly in my Superset? Maybe there is something related to the config impala.doas.user in HiveServer2 connection, but I don't know how to config this properly.
I faced the same issue and I was to get it working for hive. The issue seems to be in the file hive.py located under the path ${YOUR_INSTALLATION_PATH}/superset/db_engine_specs
If you just comment out line 435, it should work. Unfortunately, I don't understand python well enough to tell you the exact reason.
I found this by brute force by running the source code and putting log statements
if (
backend_name == "hive"
# comment this line
# and "auth" in url.query.keys()
and impersonate_user is True
and username is not None
):
configuration["hive.server2.proxy.user"] = username
return configuration
Alternatively, if you do not want to modify the source code, you can modify the URL while creating the data source in superset as :
hive://<url>/default?auth=NONE ( when there is no security )
hive://<url>/default?auth=KERBEROS
hive://<url>/default?auth=LDAP

How to create script using Liquibase without providing the db details like url, user-name, password and driver?

I created the ddl scripts using liquibase by providing the input data base change log.
The code looks like this
private void toSQL(DatabaseChangeLog d)
throws DatabaseException, LiquibaseException, UnsupportedEncodingException, IOException {
FileSystemResourceAccessor fsOpener = new FileSystemResourceAccessor();
CommandLineResourceAccessor clOpener = new CommandLineResourceAccessor(this.getClass().getClassLoader());
CompositeResourceAccessor fileOpener = new CompositeResourceAccessor(new ResourceAccessor[] { fsOpener, clOpener });
Database database = CommandLineUtils.createDatabaseObject(fileOpener, this.url, this.username, this.password, this.driver,
this.defaultCatalogName, this.defaultSchemaName, Boolean.parseBoolean(this.outputDefaultCatalog),
Boolean.parseBoolean(this.outputDefaultSchema), this.databaseClass,
this.driverPropertiesFile, this.propertyProviderClass, this.liquibaseCatalogName,
this.liquibaseSchemaName, this.databaseChangeLogTableName, this.databaseChangeLogLockTableName);
Liquibase liquibase=new Liquibase(d, null, database);
liquibase.update(new Contexts(this.contexts), new LabelExpression(this.labels), getOutputWriter());
}
and my liquibase.properties goes like this
url=jdbc\:sqlserver\://server\:1433;databaseName\=test
username=test
password=test#123
driver=com.microsoft.sqlserver.jdbc.SQLServerDriver
referenceUrl=hibernate:spring:br.com.company.vacation.domain?dialect=org.hibernate.dialect.SQLServer2008Dialect
As you can see, Liquibase is expecting a lot of db parameters such as url,username,password,driver, which I will not be able to provide.
How can I achieve this without providing any of the parameters. Is it possible?
No, it is not possible. If you want liquibase to interact with a database, you have to tell it how to connect to that database.
I investigated a little about the liquibase operation in offline mode. It goes like this.
Running in offline mode only supports updateSql, rollbackSQL, tag, and tagExists. It does not support direct update, diff, or preconditions as there is nothing to actually update or state to check.
An offline database is “connected” to using a url syntax of offline:DATABASE_TYPE?param1=value1&aparam2=value2.
The following code will suffice
this.url=offline:postgres?param1=value1&aparam2=value2;
this.driver=null;
this.username=null;
this.password=null;
Hence not providing the db details. Offline url can be made up from the store type.

SQL - Another "SELECT Permission was denied on the object" Issue

(I know SO has well over a dozen questions with the same/similar title and I promise I've already gone through every one of them to no avail. I might have missed one or two minor details but I suspect my problem could be something more deep rooted. Enough said for intro)
Anyway, I have a database (let's call it FooDB) that I restored from a backup database. I can do whatever I want with it using SQL Server 2012 Management Studio, including SELECT, INSERT, or DELETE on any of the record, columns, or tables.
What I'm having trouble with is when I try to run a simple query against the same database, I get the following error:
An error has occurred.","ExceptionMessage":"The SELECT permission was denied on the object 'BarTable', database 'FooDB', schema 'dbo'."
There's a lot more to the stack trace but I won't post it here unless necessary. I'm using Visual Studio 2012 Ultimate and in one of the class files I specified the connection string as follows:
using (SqlConnection con = new SqlConnection("Data Source=.\\SQLEXPRESS;" +
"Initial Catalog=FooDB;" +
"Integrated Security=true;"))
{
con.Open();
using (SqlCommand command = new SqlCommand("SELECT TOP 3 * FROM BarTable", con))
using (SqlDataReader reader = command.ExecuteReader())
{
while (reader.Read())
{
... // code in this block is not shown as it is irrelevant to the issue
}
}
}
Heeding to various suggestions I came across on SO, I tried the following:
In SQL Server Management Studio, I selected 'Security' -> 'Logins' -> Right-click on the Windows login name and open the 'Properties' dialog -> In 'Server Roles' page, I selected dbcreator, public, serveradmin, setupadmin, and sysadmin
While on the same 'Properties' dialog from above, I selected 'User Mapping' page, then checked the 'Map' checkbox for the database (FooDB), and assigned the following database role membership: db_accessadmin, db_backupoperator, db_datareader, db_datawriter, db_ddladmin, db_owner, db_securityadmin, and public
From the Object Explorer of the Server Management Studio, I selected 'Databases' -> 'FooDB' -> 'Security' -> 'Users' -> Then I right-clicked the Windows login name and selected 'Properties' to open the 'Database User' dialog. Then I selected 'Owned Schemas' page and checked db_backupoperator, db_datareader, and db_datawriter
While on the same dialog from above, I selected 'Membership' page, and checked db_accessadmin, db_backupoperator, db_datareader, db_datawriter, db_ddladmin, db_owner, and db_securityadmin
That's all I can think of at this moment. Again, from within the SQL Server Management Studio (after logging in with the same Windows Authentication and server name) I can do whatever I want to with the database. But from within my C# class, it seems I can connect to the database but I lack the privilege to perform any action.
This is something I've been wrestling with unsuccessfully for almost a week. What gives?
Is the server authentication set to SQL server and Windows Authentication mode?
To do so, right click on the SQLServer -> properties -> security.
Edit: Dint mean database, did mean the SqlServer
Have you tried running sp_change_users_login .
Sometimes when you restore a DB it creates new sid (security ids) for the users. When it does that, the DB user and the Server login look the same, but internally the sids don't match. sp_change_users_login will fix that.
Details on how to use the stored procedure can be found here:
https://msdn.microsoft.com/en-us/library/ms174378.aspx
Try this initially - you will have to edit it slightly to fit your user and login name:
EXEC sp_change_users_login 'update_one', 'YourDBUserName', 'YourServerLoginName';

Not able to connect to OpenOffice Base - User lacks privilege or object not found Exception

I am trying to connect to an OpenOffice Base database from Java and execute a query, and have not been able to.
These are the steps I followed:
1) Created a Database 'TestDB.odb' in OpenOffice, and a table 'Movies' with columns (ID, Name, Director)
2) Downloaded hsqldb jar file and inclued in project build path
3) Used the following code to connect to it:
String file_name_prefix = "C:/Documents and Settings/327701/My Documents/TestDB.odb";
Connection con = null;
Class.forName("org.hsqldb.jdbcDriver");
con = DriverManager.getConnection("jdbc:hsqldb:file:" + file_name_prefix, "sa","");
Statement statement = con.createStatement();
String query1 = "SELECT * FROM \"Movies\"";
ResultSet rs = statement.executeQuery(query1);
Althoug I'm able to connect to the Database, it throws the following exception on trying to execute the query:
org.hsqldb.HsqlException: user lacks privilege or object not found: Movies
Tried googling, but have not been able to resolve my problem. I'm stuck and it would be great if someone could guide me on how to fix this issue?
You cannot connect to an .odb database. The database you have connected to is in fact a separeate set of files with names such as TestDB.odb.script, etc.
Check http://user.services.openoffice.org/en/forum/viewtopic.php?f=83&t=17567 on how to use an HSQLDB database externally from OOo in server mode. You can connect to such databases with the HSQLDB jar.
OLD thread.
I lost 2 days of my life until I changed the property:
spring.jpa.properties.hibernate.globally_quoted_identifiers = false
I was using mysql before and then I changed to hsqldb in order to run some tests. I kinda copied and pasted this property without looking and then you know - Murphy's law ...
I hope it helps.

Logon failed for login 'user' due to trigger execution

I am getting this error randomly on an asp.net web application I have deployed. I am not using any triggers in the database so I am not sure what to do. This came up over the weekend when no one was in the application, it just randomly happened. Please help this is mission critical
This is the first instance of where I get the error:
public static Guid LoginUser
{
get
{
Guid g = new Guid();
MembershipUser m = Membership.GetUser();
if (m != null)
g = (Guid)m.ProviderUserKey;
return g;
}
}
Login failed comes is generated at the server level, not the database level.
That is, you may have a LOGON trigger. You'd check for this in sys.server_triggers.
Now, there is at least one known issue described on MS Connect as well as some investigation+potential fix by Pinal Dave (YMMV)
You could double check for the presence of triggers with:
use YourDb
select * from sys.objects where type = 'TR'
EDIT: This looks like ASP.NET membership, which ends up in a user database (it's not SQL Server logins.) Can you see what connection string the ASP.NET membership provider uses? It's usually in the Web.config, for example:
<providers>
<add name="AspNetSqlMembershipProvider"
...
connectionStringName="<<connection string>>"