What is the SQL to delete a SQL User from a database?
DROP USER [UserName]
You can prefix this with an existence check if required.
IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'UserName')
There are some requirements to be met before dropping Users (e.g. they can't own any objects). Full Details here.
Related
Is it possible to grant select permission on sql table with some conditions.
For example grant select where table.id = < 50
supplemented: i am talking about ms sql
It's not possible directly.
Though to achieve this task, you can create a View initially with required conditions and then Grant select permission to that particular view.
For more details:
mysql GRANT + WHERE
Aer, you haven't said anything about DB engine (which one you are using: Oracle / MS SQL Server / MySQL etc.).
In Oracle for instance you are Granting / Revoking privileges to specific object, and there is no way to limit the output result (with out of the box GRANT statement).
In SQL Server you are able to grant row-level permissions for individual users with some additional effort: https://msdn.microsoft.com/en-us/library/bb669076(v=vs.110).aspx
Example:
CREATE SCHEMA Security
GO
CREATE FUNCTION Security.userAccessPredicate(#UserName sysname)
RETURNS TABLE
WITH SCHEMABINDING
AS
RETURN SELECT 1 AS accessResult
WHERE #UserName = SUSER_SNAME()
GO
CREATE SECURITY POLICY Security.userAccessPolicy
ADD FILTER PREDICATE Security.userAccessPredicate(UserName) ON dbo.MyTable,
ADD BLOCK PREDICATE Security.userAccessPredicate(UserName) ON dbo.MyTable
GO
enter code here
CREATE VIEW vw_MyTable
AS
RETURN SELECT * FROM MyTable
WHERE UserName = SUSER_SNAME()
GO
In general from the concept perspective if you want to limit users to only certain amount of rows you should do the following:
The basic way would be :
Prevent users (or group) from accessing the base table.
Define a view on top of that table that shows only the rows these users are supposed to see.
Give users SELECT permission on the view.
I am connected to a oracle database with a read only user and i used service name while Setting up connection in sql developer hence i dont know SID ( schema ).
How can i find out schema name which i am connected to ?
I am looking for this because i want to generate ER diagram and in that process at one step it asks to select schema. When i tried to select my user name , i dint get any tables as i guess all tables are mapped with schema user.
Edit: I got my answer partially by the below sql Frank provided in comment , it gave me owner name which is schema in my case. But I am not sure if it is generic solution applicable for all cases.
select owner, table_name from all_tables.
Edit: I think above sql is correct solution in all cases because schema is owner of all db objects. So either i get schema or owner both are same. Earlier my understanding about schema was not correct and i gone through another question and found schema is also a user.
Frank/a_horse_with_no_name Put this in answer so that i can accept it.
Call SYS_CONTEXT to get the current schema. From Ask Tom "How to get current schema:
select sys_context( 'userenv', 'current_schema' ) from dual;
To create a read-only user, you have to setup a different user than the one owning the tables you want to access.
If you just create the user and grant SELECT permission to the read-only user, you'll need to prepend the schema name to each table name. To avoid this, you have basically two options:
Set the current schema in your session:
ALTER SESSION SET CURRENT_SCHEMA=XYZ
Create synonyms for all tables:
CREATE SYNONYM READER_USER.TABLE1 FOR XYZ.TABLE1
So if you haven't been told the name of the owner schema, you basically have three options. The last one should always work:
Query the current schema setting:
SELECT SYS_CONTEXT('USERENV','CURRENT_SCHEMA') FROM DUAL
List your synonyms:
SELECT * FROM ALL_SYNONYMS WHERE OWNER = USER
Investigate all tables (with the exception of the some well-known standard schemas):
SELECT * FROM ALL_TABLES WHERE OWNER NOT IN ('SYS', 'SYSTEM', 'CTXSYS', 'MDSYS');
How about the following 3 statements?
-- change to your schema
ALTER SESSION SET CURRENT_SCHEMA=yourSchemaName;
-- check current schema
SELECT SYS_CONTEXT('USERENV','CURRENT_SCHEMA') FROM DUAL;
-- generate drop table statements
SELECT 'drop table ', table_name, 'cascade constraints;' FROM ALL_TABLES WHERE OWNER = 'yourSchemaName';
COPY the RESULT and PASTE and RUN.
I am writing a query that will return
if a table or stored proc exists within a database
if a particular role has been assignned execute permissions to execute that particular stored proc.
I guess I need to query the master database and wiggle thru that to get to the database and the table or stored proc that I am looking for. How can I get a 'true / false' if execute permissions have been assigned to a particular role on that object?
USE YourDatabase
/*To find out if it exists*/
SELECT OBJECT_ID('dbo.spFoo') /*Will be NULL if it doesn't exist or you don't have
permission to see the object*/
/*To find out the permissions on it take a look at the following system views*/
select * from sys.database_permissions p
inner JOIN sys.database_principals dp
on p.grantee_principal_id = dp.principal_id
where major_id=object_id('dbo.spFoo')
I am looking for the best way to check that a database login exists in SQL Server 2005. I am currently using
IF suser_sid('loginname') IS NOT NULL
but suser_sid() returns a value in some cases where a login does not exist.
In SQL 2000 we use
SELECT * FROM [Master].[dbo].[sysxlogins] WHERE [name] ='loginname'
but that table does not exist in SQL 2005.
There is a similar question about checking the existence of Users, which is helpful, but I am looking for the existence of Logins.
For sql2005...
select * from master.sys.syslogins WHERE [name] ='loginname'
syslogins is not recommended by Microsoft. It's better to use sys.server_principals.
select * from sys.server_principals where name = 'login_name'
What is the SQL query to select all of the MSSQL Server's logins?
Thank you. More than one of you had the answer I was looking for:
SELECT * FROM syslogins
Is this what you're after?
select * from master.syslogins
On SQL Azure as of 2012;
logins:
--connecct to master
--logins
SELECT * from sys.sql_logins
--users
SELECT * from sys.sysusers
and users on a specific database:
--connect to database
SELECT * from sys.sysusers
Also note that 'users' on Azure SQL now (2022-11-17) have more 'login' type properties and creating a user on a Azure SQL database with a password is now possible, so it is less likely to require creating logins in 'master'.
EXEC sp_helplogins
You can also pass an "#LoginNamePattern" parameter to get information about a specific login:
EXEC sp_helplogins #LoginNamePattern='fred'
Starting with SQL 2008, you should use sys.server_principals instead of sys.syslogins, which has been deprecated.
#allain, #GateKiller your query selects users not logins
To select logins you can use this query:
SELECT name FROM master..sysxlogins WHERE sid IS NOT NULL
In MSSQL2005/2008 syslogins table is used insted of sysxlogins
Selecting from sysusers will get you information about users on the selected database, not logins on the server.
sp_helplogins will give you the logins along with the DBs and the rights on them.
Select * From Master..SysUsers Where IsSqlUser = 1
Have a look in the syslogins or sysusers tables in the master schema. Not sure if this still still around in more recent MSSQL versions though. In MSSQL 2005 there are views called sys.syslogins and sys.sysusers.