I have a schema in MySQL '_users' which includes 1 table with two columns (username, telephone number). For simplicity lets assume that i have 4 store procedures.
SP_Find user: Return the user telephone number (Select)
SP_Add user: Add a new user and telephone number (Insert)
SP_Delete user: Remove user (Delete) - delete row
SP_Update user: Change the users telephone (Update)
I have one user in MySQL. In order for the C# connection to work i need to give to the user: 1) under the Administration Tab - Global Privileges - SELECT and 2) under the Schema Privileges - EXECUTE in '_users'.
When i try to remove the first one, the C# request to run any procedure is denied. I don't want to give 'Global Privileges - SELECT' to the c# app because ti will have access to Select through all schemas.
I would like to give access to my C# app only to run the stored procedures. How can i do this?
Related
I have an ASP.NET MVC app hosted on Azure. I use OpenIdConnect/Owin and Azure AD Integrated to authenticate. I have an error log table with a UserId column that only displays the SA username. I also have tables with CreatedBy/ModifiedBy columns that only display the SA username. These records are created via stored procedures.
I already granted execute access to my user account, but the columns continue to be set to the SA username. The only thing that I can think of is a connection string that is causing the value to only be the SA username.
How can I get the stored procedures to run as the user that created/updated the records to set the UserId, CreatedBy and ModifiedBy columns to its username?
UPDATE: I have narrowed down the reason for this. When I deploy the application to Azure, under Publish -> Settings -> Databases, connection strings are entered for the DbContexts. Currently, I have one as Data Source=tcp:servername.database.windows.net,1433;Initial Catalog=dbname;User ID=myusername;Password=StrongPassword123;Encrypt=True;TrustServerCertificate=False
I previously tried the following: Data Source=tcp:servername.database.windows.net,1433;Initial Catalog=dbname;Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Authentication=Active Directory Integrated;, but got the error "The format of the specified domain name is invalid."
How can I get the stored procedures to run as the user that
created/updated the records to set the UserId, CreatedBy and
ModifiedBy columns to its username?
You don't. You pass those values into the stored procedure. Think of it this way: do you think csharpdev has write permissions on the Stack Overflow database? Of course not; the back end code passes your user id into the sproc that creates the record.
How to create user oracle database using C# not using SQL manually input username,password? I want to create Oracle database user using C# language into Visual Studio Form.
When I click Create button then it should automatically create database username and password using C# language. Please help me.
enter image description here
Well, that's not a straightforward task. I don't speak C# so I'll comment only Oracle side of story.
New users are created by another, privileged user (i.e. the one that is granted CREATE USER privilege) - not every user is capable of doing it. For example, SYS is, but SYS is special and you shouldn't use it at all, but create another user and grant it privileges required to perform such actions (one option is to grant it DBA role).
Now, connected as that privileged user, you'd run a CREATE USER command which looks like this:
create user oliur --> this is username
identified by oliur_pw --> this is password
default tablespace users
temporary tablespace temp
profile default
quota unlimited on users;
List of available tablespaces is
select tablespace_name from dba_tablespaces;
Once you do that, you should grant some initial privileges to newly created user. Otherwise, he won't be able to do anything, not even connect to the database. That would be CREATE SESSION privilege. Some other privileges:
grant create session to oliur;
grant create table to oliur;
grant create procedure to oliur;
...
Perhaps you could create a stored procedure, which resides in the privileged user's schema. You'd pass username (as a parameter), and it would create user with that name. As of the password, you can set it to be the same as username, something constant, encrypted, etc. - it's up to you.
Note that such a procedure has to utilize dynamic SQL (EXECUTE IMMEDIATE) because otherwise you can't perform DDL from a procedure.
This is how it might look like:
create or replace procedure p_create_user (par_username in varchar2) is
begin
execute immediate ('create user ' || par_username ||
' identified by ' || par_username ||
' default tablespace user_data ' ||
' temporary tablespace temp' ||
' profile default' ||
' quota unlimited on user_data');
execute immediate ('grant create session to ' || par_username);
end;
/
In Oracle, call it like this:
begin
p_create_user('oliur');
end;
/
PL/SQL procedure successfully completed.
OK, let's connect as oliur:
SQL> connect oliur/oliur#kc11g
Connected.
Cool, success! Can we do something else?
SQL> create table test (id number);
create table test (id number)
*
ERROR at line 1:
ORA-01031: insufficient privileges
Nope, missing privileges to do that.
Now, as of C# part of the story, you just have to figure out how to call an Oracle procedure, but I hope that this is way simpler task than the above.
My program creates databases and tables at runtime. My understanding of Schema is it is a conceptual folder for multiple databases and databases tables. So I wrote some meaningless code just to test out what schema would do to my code.
My program use SQL Server Authentication instead of Windows Authentication, and create database and tables under the username of TmpUser instead of sa.
If I create a table by CREATE TABLE TmpTable, I get dbo.TmpTable for table name. If I explicitly type a new schema in CREATE TABLE abc.TmpTable, I then get the following exception because the schema does not exist:
SqlException: The specify schema name either does not exist or you do
not have permission to use it
I went into SSMS and manually create a schema by executing CREATE SCHEMA abc. SSMS outputs saying the schema of abc has been successfully created. But in SSMS Object Explorer > Security > I see no Schema name nor anything else named abc.
Where is my Schema? If abc was not created, then why was CREATE SCHEMA abc executed and what did it create?
I went back to Visual Studio and CREATE TABLE abc.TmpTable again, still I receive the same exception.
Your TmpUser has no right to access the schema.
Option 1
CREATE SCHEMA abc AUTHORIZATION TmpUser;
Quoted from https://learn.microsoft.com/en-us/sql/t-sql/statements/create-schema-transact-sql:
"AUTHORIZATION owner_name
Specifies the name of the database-level principal that will own the schema. This principal may own other schemas, and may not use the current schema as its default schema."
TmpUser will own the schema, therefore will have permission to access it.
Option 2
Explicitly granting permission to the TmpUser:
GRANT SELECT, UPDATE, DELETE, INSERT SCHEMA abc TO TmpUser;
See usage on https://learn.microsoft.com/en-us/sql/t-sql/statements/grant-schema-permissions-transact-sql
It's like Option 1, but you can fine grain permissions.
Option 3
Put TmpUser to some database roles, e.g. db_datareader:
USE MyDatabase
GO
ALTER ROLE db_datareader ADD MEMBER TmpUser
TmpUser will have read access to all schemas in the database.
Option 4
It is similar to Option 3, but instead of using built-in roles, create your own one:
USE MyDatabase
GO
CREATE ROLE myrole
GRANT SELECT, DELETE, INSERT, UPDATE, EXECUTE TO myrole
ALTER ROLE myrole ADD MEMBER TmpUser
Users in myrole will have read/write/execute access to all schemas in the database.
I am creating bank application project in this project i am using sql server2008, vs2010(.net) now my problem is account login page, user enter 3 time wrong password account is blocked today only , next day(date changing) automatically activate that account how to write the code pls help me.
Thank u
hemanth
Have a column AccountLockedUntil (which is a DATETIME NULL or similar), and set it to the following midnight when the threshold is reached. When validating the credentials, check to make sure it is either NULL or that the current time is past whatever is stored there. When the user logs in successfully, set it to NULL.
To keep track of the number of failed logins, I would have a complete audit log table (logging both successful and failed attempts) plus a corresponding field on the user accounts table which counts the current number of failed logins. Strictly speaking this is a violation of database normalization, but the audit table will get huge very quickly so you don't want to have to search through that more than necessary, and certainly not on every login attempt.
Create a table called LoginEvents. When a user attempts to login create an entry here (with the user id, date and a success/fail flag). When you load the log in page, check this table for three (or more) entries that have fail = true and that have date >= today's date - 1. If there is are three or more show them an error message saying their account is blocked.
I created a login to connect to SQL SERVER.
create login bobLogin with password = 'bobpass' , default_database = bobDB
but when i am connecting sql server using this, it does not connects? because it needs a user.
so i created a user:
create user bobDB_USER for login bobLogin
then i connected to sql server using bobLogin & tried to create table:
create table bobDbTable(eid int)
which gives permission denied error;
so i granted permission:
GRANT CREATE TABLE TO bobDB_USER
then i again connected using bobLogin, & tried to create a table but it gave error:
The specified schema name "dbo" either does not exist or you do not have permission to use it.
why so? its creating the table in the dbo schema, thats why? so how do i grant him this permission ?
i dont want to create a new schema. is it necessary?
You would need to GRANT ALTER ON SCHEMA::dbo TO bobDB_USER to allow objects to be created in the dbo schema.
I would also use a Role too.
create role bobDB_ROLE
EXEC sp_addrolemember 'bobDB_ROLE', 'bobDB_USER'
GRANT ALTER ON SCHEMA::dbo TO bobDB_ROLE
However, you could addbobDB_USER into db_owner if it requires these rights
EXEC sp_addrolemember 'db_owner', 'bobDB_USER'
Note: end user permissions are quite different to admin type rights. If 'bobDB_USER' is an end user, then they should not be creating objects