I am currently making a website using node.js/PostgreSQL, and it needs to create copies of a template database that has many specific access privileges, or otherwise it won't work properly. I am currently using this query to do it:
CREATE DATABASE test WITH TEMPLATE db_template OWNER user1
This works really well, except for the fact that the access privileges for the database object do not copy over. I was hoping someone knew of a way to make it so the template also copies over the privileges, or a query to copy privileges from one database to another.
Related
I am trying to create a users model for my application sign in with Mongoose / MongoDB. Based on how I see it when I deploy to Atlas or Mlab, it auto generates a users collection but for the purpose of database authentication - like this user has read access, write access, admin, etc. What is the convention for creating application users? Do I also use the same users collection but add additional schema properties or do I make a different one altogether like app_users. Thanks!
Are you using the test or admin database? You should create a new database for your application. When you create a new database it will not come with any predefined collections or such, so you can start blank (which is what I assume you want?).
You don't need to explicitly create a new database. Just point your driver to a database name you want for your app. Or in the mongo CLI type use myAppDb and you can start adding collections there.
More details here https://docs.mongodb.com/manual/mongo/#working-with-the-mongo-shell
I am currently working within Postgres, and am in the process of creating some users. Whilst creating these user and testing them I've noticed that they're able to view more Schemas than they have access to. In addition to this they can view restricted Schemas tables, views, and functions. This isn't ideal.
When creating users and their permissions is there a way to have a user setup in such a way that they're only able to view certain Schemas and not all Schemas at large within our database?
I should also mention that these users would be viewing our postgres database utilizing either PgAdmin, or Tableau.
Yes. Use the command GRANT USAGE ON [schemaname] TO [username] or REVOKE USAGE ON [schemaname] FROM [username] to control access to the Schema itself.
You might need to do REVOKE USAGE ON [schemaname] FROM public to remove the default access permissions as well.
I suggest reviewing https://www.postgresql.org/docs/current/static/sql-grant.html for the full set of GRANT commands available as you may need to grant/revoke read/write access on some tables as well.
I have an application where security and data theft are primary concerns. I am using Postgres 9.4 on RDS by AWS.
I have several users who need read permission on the db. I know that these users can essentially write a script to scrape all the data from the db but is there a way to deny them from using the pg_dump utility.
I am not sure what code examples I can provide for the same.
Is there any alternate strategy to use here? To share db data with developers without allowing them to take dumps of the same?
Requires upload user information from Active Directory.
I found on the Internet a few additions that provide this opportunity: multicorn and ldap_fdw.
The problem is that I can not figure out how to filter the result
For example multicorn allows you to specify the directory where to search (path) and the object of the search (objectClass). But this is not enough. It is necessary to restrict the people who are in a particular group.
How to do it?
Postgres uses LDAP only to check password. You must still create roles with proper Postgres options, heritage and grants.
To create roles dynamically from LDAP rather than creating them manually without password, you can use a tool like ldap2pg.
Using ldap_fdw or multicorn should not be useful for this. These extensions are meant to expose foreign data to APP, not to extend Postgres internals.
Cheers,
We have a desktop application that uses a local database (SQL Server 2012 LocalDb).
We do not want the end user to be able to modify the database directly, and we want to restrict viewing the database contents to certain users.
Moreover, we want to restrict certain actions that can be performed from within the applications depending on the authorization level of the user that is logged in.
How can the first requirement be fulfilled? Is it possible through code-first?
Can the second requirement be integrated with the first?
Currently this is not supported out of the box, however since EF 6 you can create your own migration steps this way you could encapsulate granting rights to certain users and this way you can manage the user rights with migration steps.
About creating a migration step you can read this post: http://dolinkamark.wordpress.com/2014/05/03/creating-a-custom-migration-operation-in-entity-framework/
and you can find a post which has an example closer to your question: http://romiller.com/2013/02/27/ef6-writing-your-own-code-first-migration-operations/