Filemaker Pro defines two ways to get privilege information inside a Calculation step:
Get(CurrentExtendedPrivileges) and Get(AccountExtendedPrivileges)
The difference in the descriptions for the two functions is subtle (emphasis mine):
CurrentExtendedPrivileges: Returns a list of keywords, based on the account used to evaluate this calculation, for the enabled extended privileges.
AccountExtendedPrivileges: Returns a list of keywords, based on the account used to open the file, for the enabled extended privileges.
The wording implies that there is some way to evaluate the calculation using an account other than the one used to open the FM database file, kind of like the su command under linux. However, I cannot find how to do that in the FM help file.
The arguments to the two functions are the same - it doesn't appear that CurrentExtendedPrivileges takes an account name to be used for evaluation. So there must be some other script or calculation function that can be used to change the current account used for evaluation.
A script can be set to always run with full access privileges, regardless of the account calling the script - see the "Running scripts with full access privileges" part here: https://help.claris.com/en/pro-help/content/creating-editing-scripts.html.
During the execution of such script, there may be a difference between the results returned by the two functions. The help pages for both functions refer to exactly such situation:
Notes
If you are logged in and running a script that is set to run with full access privileges, Get(AccountExtendedPrivileges) returns the
extended privileges for your account access, but
Get(CurrentExtendedPrivileges) returns the extended privileges for
the Admin account.
https://help.claris.com/en/pro-help/content/get-currentextendedprivileges.html
Example 2
If you are logged in and running a script with full access privileges,
Get(AccountExtendedPrivileges) returns the extended privileges for
your account access. (By contrast, Get(CurrentExtendedPrivileges)
returns the extended privileges for the Admin account.)
https://help.claris.com/en/pro-help/content/get-accountextendedprivileges.html
Note that the same difference exists between the Get(AccountPrivilegeSetName) and Get(CurrentPrivilegeSetName) functions.
Related
I would like to delete a file from the server using plpgsql.
First I lo_import and lo_get the contents of the file, perform some updates/inserts, then lo_export the file to another folder.
Now what i would like to do after successful lo_export is to remove the original file.
Is there a way to do this?
PostgreSQL doesn't allow to manipulate with files native way. This is task for application server. The workaround can be done with some external procedures - stored procedures (functions) written in PLPerlu or PLPythonu (untrusted) language.
pl/pgSQL is a trusted language. That means that no access to files, the operating system or any network functionality is possible.
As Pavel pointed out, you must use an untrusted language. However functions in any untrusted language must be created by a superuser, no regular user can do that.
If your user role has pg_write_server_files permission, you can do COPY (select '') TO '/tmp/yourfilename', which deletes your file contents and creates a new text file with a single empty line at its place.
If your user role has pg_execute_server_program, you can run COPY (select '') TO PROGRAM 'rm -f /tmp/yourfilename' and your file will be gone.
Of course everything here must be carried on with great diligence. I assume if your user role has one of these permissions, then you are skilled enough to take all precautions.
/opt/IBM/db2_10_01/bin/db2ilist shows the instance db2inst1 exists. But, when I try to drop it using /opt/IBM/db2_10_01/instance/db2idrop it gives error:
The specified instance "db2inst1" does not exist. Specify an existing instance
name.
How to drop instance in such scenario
This can happen when Db2-instance removal was incorrectly performed, often if directories were manually removed or mount points unavailable etc.
To recover, study this page until you comprehend it.
Become root and run
db2greg -dump
Study its output carefully and ensure you comprehend the output (read the documentation carefully).
You may see the line that identifies the db2inst1 - so carefully verify that each detail matches your expectation and the documentation.
Take a secure backup of the global-registry-file. This is a vital step.
As root, run db2greg without any arguments and study the instructions. Your aim is to run db2greg -delinstrec with some additional options to identify the line to delete, via a comma-separated list of field=value tokens.
For example db2greg -delinstrec instancename=db2inst1,instancepath=... etc.
When db2greg -delinstrec completes successfully (it takes a couple of seconds), you can then run db2ilist and you should find that db2inst1 has disappeared.
Whenever I construct a report that uses an embedded dataset and try to use a parameter (such as #StartDate and #EndDate), I receive an error that states I must declare scalar values. However, this error only comes up if I set a data source that uses the "credentials stored securely in the report server" option. If I set the data source to use "Windows integrated security," I do not receive the error.
I am at a complete loss. These reports need to be accessed by a large amount of people. We have granted them "browser" privileges through an Active Directory Group through SSRS, including the data sources.
What is the best way to proceed? Is there an easy fix?
I generally deploy with the option already set by going into the Data Source and choosing 'Log on to SQL Server' section > 'Use SQL Server Authentication'> (Set your user and settings). When you use a windows user as your main user after you deploy there could be issues.
The other question would be does this work correctly at all times in Business Intelligence Development Studio, BIDS, and just not on the server? It is very interesting a permission issue alone would cause a scalar error to return. Generally when users have to get to the report they may still get the error but not storing the credentials merely asks them for credentials. It would help more to know the datasets and what they are returning or supposed to be returning. Generally a Start and End are typically defined as 'DataTime' in SSRS and are in a predicate like 'Where thing between #Start and #End' and there data is chosen from a calendar by a user. If you are binding them to other datasets and there is the possibility of a user selecting multiple values that could present an issue.
I took a look at the data source that had been set up by our DBA. It was set up as an ODBC connection. I changed it to Microsoft SQL. It works now. I do not understand why and would appreciate if a more seasoned individual might explain.
I have Postgresql DB on my pc and I'm trying to connect different database application to Postgresql but before that(An research issue), for each application, I need to see all the input parameter and all the queries corresponding to those input parameter that application can do.
How?
Look in the code of every application and see what calls are being made. In addition figure out all the parameter values that can be sent based on an almost infinite combination of characters and numbers the user can select from.
Or to remain sane turn on postgresql logging and let the users do their thing and analyse what calls are being made.
Is it possible to set a database role before running a report? I have a number of databases each containing a number of schemas with the same set of tables, where each schema has a number of roles to control read, write, data management and so on. None of these are default roles.
In sqlplus or TOAD I can do SET ROLE , before running a select statement. I would like to do the same in BIRT.
It may be possible to do this using the afterOpen event for the ODA Data Source, but I have not found any examples on how to get and use the native connection in JavaScript.
I am not allowed to add or change anything on the server end.
You can make an additional call to the database in the afterOpen method of the Data Source using Java. You can use JavaScript or a Java Event Handler to execute the SET ROLE statement, or to call a stored procedure that will execute it for you. This happens after the initial db connection is made, but before the Data Set query runs. It will be a little tricky to use the data source connection to make that call however, and I don't have the code right now to provide as an example.
Another way is to create a stored proc Data Set that will execute the desired command, and have that execute first. Drag and drop the Data Set into the report design, and make it invisible. It will run first before any other queries. Not the cleanest solution, but easy to do
Hope that helps
Le Birt Expert
You can write a login trigger and do a set role in this trigger ( PL/SQL: DBMS_SESSION.SET_ROLE). You can determine the username, osuser, program and machine of the user who want to log in.
The approach to use a stored procedure for setting the role won't work - at least not on Apache Derby. Reason: lifetime of the set role is limited to the execution of the procedure itself - after returning from the procedure the role will be the same as before the procedure has been called, i.e. for executing the report the same as no role would have ever been set.