We are using Google Cloud SQL for our project but facing some administrative issues around it .
In our cloud DB We have two users like :
root% (any host)
root182.68.122.202
Now we need "SUPER" user access on these two users to perform some admin tasks like modifying the variable 'max_allowed_packet' to higher limit and other related stuff to optimize our functioning .
Like I want to execute one of the command :
SET GLOBAL max_allowed_packet=32*1024*1024;
But I couldn't find a way from the Google Cloud Console or from the MYSQL itself to get it done as I am getting an error prompting:
"SQL Error (1227) : Access denied ; you need (atleast one of) the SUPER privilege(s) for this operation."
I have even tried a hack to do the direct changes in the "mysql.user" table (making YES to the SUPER privilege) but all futile .
Can you please let me know how can I perform this tasks on my DB ? What is the way to grant these Super Access to the desired users .
According to Google’s Cloud SQL documentation, the root user has all privileges but SUPER and FILE. It’s a characteristic of the Google Cloud SQL.
But rest assured! You have three other ways of easily changing that global "group by" variable that has been slowing your progress. There’s a neat explanation on this Configuring database flags this will guide.
I hope this helps others!!!
Google Cloud SQL does not support SUPER privileges, which means that GRANT ALL PRIVILEGES statements will not work. As an alternative, you can use GRANT ALL ON %.*.
You can edit your running instance.
From the left menu in the SQL section :
view your instance detail by clicking on the concerned line
click on the "Edit button", in the configuration block, edit the "add database flags" add a new item by choosing in the defined list
Don't forget to save your new flag by hitting the "save" button
Related
Halp! I am writing an internal macOS app for our IT staff to perform some org-specific tasks, and am also adding some shortcuts for simple, but common tasks that they do. One of those tasks is to rename a user when migrating between domains. This app has a Privileged Helper available (via SMjobBless) to perform most of the tasks. However, it appears that this helper tool, despite its privileged execution context, is unable to rename a user's home directory.
My first attempt at implementing this specific task in the helper was to run a short shell script via Process() (a technique used successfully for dozens of other tasks in this helper).
let script = """
set -e
mv '\(homeDirPath)' /Users/\(toUsername)
dscl . -change /Users/\(fromUsername) NFSHomeDirectory '\(homeDirPath)' '/Users/\(toUsername)'
dscl . -change /Users/\(fromUsername) RecordName \(fromUsername) \(toUsername)
"""
I get the following output on stderr (/Users/newname verified to not exist):
mv: rename /Users/oldname to /Users/newname: Operation not permitted
Trying this as a non-root user gives a different error: mv: rename /Users/oldname to /Users/newname: Permission denied
Okay, weird. Add whoami to the top of the script to double check the user context: root. Well... interesting. Wth, I can do this just fine via sudo in my user session.
Then I try using FileManager thinking there might be some SIP interference or sandboxing for child processes of a launchdaemon (despite not finding any docs that say this), but I still get an error - but more verbose this time:
Error: “oldname” couldn’t be moved because you don’t have permission to access “Users”.
I've tried searching for documentation for whatever restriction I am up against, but I'm at a loss. The directory doesn't appear to be under SIP's protection, and I can't find any docs for daemon sandboxing outside of the app store (the parent app does not have the App Sandbox capability enabled). Can anyone point me in the right direction?
Update: It doesn't appear to be affected by 10.14's Privacy Protection. Adding the helper to "Full Disk Access" doesn't resolve. Perhaps I am adding the helper incorrectly: had to change the build target to 10.14 (which will be a problem), then dragged the helper binary from within the App bundle into the list. I cannot add it from /Library/PrivilegedHelperTools/ - it is greyed out as an option to add.
Update 2: Correction, it does appear to be FDA related. iTerm was in the FDA list. Removing it causes it to throw Operation not permitted, then adding it back resolves. So I'm now chasing down how to properly add the helper to the FDA list.
Okay, it's confirmed - Mojave's Privacy Protections apply even to privileged tools. The solution was to make the helper binary executable by all so it can be allowed to be added to the Full Disk Access table.
Hopefully, this helps someone in the future who is initially puzzled by what they're seeing.
Here's to hoping that Apple adds a standardized, easier method for the user to grant this access to helpers.
I am currently working on with a solution that would be able to clone/copy/backup my existing rep:policy. 'Cause when we do some jobs it accidentally removed. I am trying to apply this kind of fix, but am failing to. It says it is an invalid path.
javax.jcr.security.AccessControlException: OakAccessControl0006: Isolated policy node. Parent is not of type [rep:AccessControllable]
final Workspace ws = session.getWorkspace();
ws.copy("/etc/commerce/products/abccompany/TvPackChannelMap/rep:policy","/tmp/nxt/TvPackChannelMap/rep:policy");
Are there other ways that I can be able to take the rep:policy thru code?
You need to make sure that your job does not touch the permissions or the rep:policy, this is the best way forward for you.
The exception could be because of /etc/commerce/products/abccompany/TvPackChannelMap/rep:policy does not exist or the user whose session you are using does not have read access to the node.
Make sure the path is correct, copy paste it to your CRX/DE to make sure it exists.
I have tried to use your code to copy a rep:policy from one node to another, works fine. But I would not* recommend copying permissions that way. The best practice is to use the Access Control Management API for all things permissions.
You can check, install and use the access control tool from netcentric. It offers a jmx interface for exporting AC entries and maybe also some APIs you could use to implement your custom solution.
The Other approach is to retrieve the ACL permissions through the query language.
For example, SELECT * FROM [rep:ACL] or SELECT * FROM [rep:ACE] where [rep:principalName] is not null should give you the results.
For more information, I would recommend you to check the ACS commons ACL Packager Implementation which is available on GitHub.
Reference Link - https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/bundle/src/main/java/com/adobe/acs/commons/packaging/impl/ACLPackagerServletImpl.java
This question is about Dataiku DSS .
I'm having trouble opening a mongoDB collection and connecting it as a dataset in Dataiku.
There's an option of using Python script but I'm not sure how to do it.
This is a very late answer but the following page explains how to connect to mongoDB in Dataiku DSS:
https://www.dataiku.com/learn/guide/connecting/dss-and-mongodb.html
You have to be administrator of the instance.
The main steps are:
Go to Administration->Connections
New connection->MongoDB
Fill the Host, Database name, User, Password fields
Grant the appropriate rights (probably write access, and specific groups).
Click the Test button to make sure everything is ok, then save it.
I have a legacy application created in Oracle Forms.
It's a 10g Oracle database, and Forms 6i. Database works OK, I've set up TNS names correctly, tnsping works, I can connect using sqlplus and sql developer.
I think that Forms is also OK, since it gives me a form where the user should input credentials.
The problem is Forms users can't connect. That very first form that is being called has line:
LOGON('user','pass#TNS', false);
this line gives me form_failure, but I don't know what is the problem. Credentials are definitely correct.
If I try like this:
LOGON('user','pass#TNS', true);
then forms gives me an additional generic dialog to login if the former was unsuccessful. That won't let me in also (I've tried a lot of user/pass combos).
I also did some debugging (as much as I know in forms developer) but without success.
I would appreciate very much any help or something that could point me in right direction.
It is usually TNS problem, you have multiple tns files, double check all of them
TNS_ADMIN is not required
In researching this scenario, all I could find was a suggestion that you contact Microstrategy, send them your metadata DB and ask them for the password.
This CAN'T be the only way.
Is there no way to simply reset the password in some fashion? Looking at the DSSMDUSRACCT table in the metadata DB, this appears to hold (at first glance anyway) a hashed/encrypted password, but I don't believe this is correct, as every entry for every account is the same in the PASSWD field.
Can someone suggest an alternative beyond sending a database to Microstrategy?
There isn't any alternative. We ended up in similar scenario and had Microstrategy reset the password. Password is not easily recoverable from Medadata since it is secured.
I'm not sure how many projects you have in your metadata or if you have access to another user that may have all privileges; but another option would be to create a new database, use MSTR configuration wizard to populate metadata tables, then duplicate the project across project sources into the new metadata that was just created. The Administrator user in this new metadata will have a blank password. If this is not an option then I recommend to open a support ticket (as others have suggested).
One of the things which one can try is to see any command manager script or system manager workflow. Every MicroStrategy environment may have atleast one of the above two things running in their environment. If you check the file, you may see the password for the administrator user. But in case if there is none of these being used then contacting MicroStrategy support would be the right thing to do.
Thanks,
Nikhil.
Benedict's right, there's no way they would keep passwords in plaintext in the metadata. You'll have to send it to them in a support ticket. It can take quite a few days, but they get the job done.
as soon as you get it reset use object manager, create a configuration object package for the administrator account and anytime you forget it, just redeploy the package to reset it.
You could try using the MicroStrategy Object Manager to copy the Administrator user from another project source/server to this environment.
This should do the trick if you have at least one other user with the right administrative privileges.
The other day I wanted to login to one of our applications. However, I forgot my username and password. I tried using the forgot password wizard but had no luck.
The steps I am about to walkthrough will work with most web applications with average logon security measures. It may not work with MicroStrategy, but should work if the input password is not externally verified.
So this is how I got access:
First I logged into my database manager -If you don't have access to
this... run a scan for 'password' on your server root. For Linux I
write sudo grep 'password' -roni or try: db_pass, dbpass,
database_password, etc as other search terms... The -roni will apply various filtering and
options to the search... aka line number, file name and etc. After
getting some results... find a likely file and open it to see if you
have your database details in there.
Login to your database manager. Find the table associated with your account. (This will usually have the name X_users If the password isn't hashed, just take it and login with it... if it is hashed... copy the hashed value to your clipboard.
Change the directory to your chosen applications root.
Run the scan with the search term 'password' or 'md5(' ...this will hopefully bring up a login controller file.
Edit the line within the function that takes your login input. Change the value 'md5($#####)' with '$#####', (aka removing the md5hashing of your input).
Reload the login page. Now, enter your username and hashed password copied from the database and login.
If done correctly you should now be logged into your web app.
Change the password of the account. Now go back to the login controller file and undo the chnages.
This might not be applicable with your app in question, but it's worth a shot! ....and if it isn't appropriate for your scenario... it could still be very helpful for someone else with a similar problem and different application. I just thought there's a small chance it may help someone who's locked out of one of their web applications. Rather than having to reinstall and lose data.
I'd be happy for you to improve on this or give some feedback.