I want to export the different privileges in a DB2 9.7 database as DDL.
I found the following in the documentation:
https://www.ibm.com/support/knowledgecenter/SSEPGG_9.8.0/com.ibm.db2.luw.admin.gui.doc/doc/t0021930.html
Authorization statements: Generates SQL authorization (GRANT) statements for the database objects.
When I try to issue the command
db2look -d DatabaseName -u user
I get the following error:
SQL0552N "USER1" does not have the privilege to perform operation
"BIND". SQLSTATE=42502
When I try to give DBADM to the user1, I get the following error:
db2 "GRANT DBADM ON DATABASE TO USER USER1"
DB21034E The command was processed as an SQL statement because it was not a valid Command Line Processor command.
During SQL processing it returned:
SQL4707N Workload "SYSDEFAULTUSERWORKLOAD" cannot service the request
because the workload is not allowed to access the database or is disabled.
Reason code: "" SQLSTATE=5U020
I face this problem after restoring the database from a backup.
It seems that https://www-01.ibm.com/support/docview.wss?uid=swg21568865
did the trick:
db2set DB2_RESTORE_GRANT_ADMIN_AUTHORITIES=ON
Allows the instance user to execute the command.
Related
I am trying to use the Database Migration Service to migrate an existing database into CloudSQL.
When I start the migration, I receive the following error:
finished setup replication with errors: [api_production]: error importing schema: failed to restore schema: stderr=pg_restore: while PROCESSING TOC: pg_restore: from TOC entry 3997; 0 0 DATABASE PROPERTIES api_production postgres pg_restore: error: could not execute query: ERROR: permission denied to set parameter "log_min_duration_statement" Command was: ALTER DATABASE api_production SET log_min_duration_statement TO '500ms'; pg_restore: warning: errors ignored on restore: 1 , stdout=
How can I continue the migration, ignoring the SET PARAMETER statement?
I have finally been able to start the migration by resetting the parameters on the source database (setting them to match was insufficient).
This can be done from a postgres console on the source database:
reset log_min_duration_statement;
ALTER DATABASE <database_name> RESET log_min_duration_statement;
ALTER DATABASE postgres RESET log_min_duration_statement;
The Database Migration Service is a managed Google Cloud service, it has restricted access to certain system procedures and tables that require advanced privileges.The 'postgres' user is the most privileged user available in Cloud SQL, but it is not a Postgres superadmin. See public docs for more information about PostgreSQL Users.
There are some other parameters that you could run the "ALTER Database" command to change; however, "log_statement" and "log_min_duration_statement" are unfortunately not examples of these parameters.
The PostgreSQL documentation also documents this in particular "Certain variables cannot be set this way, or can only be set by a superuser."
However, you can change the particular setting in Console via the Flags on the database edit screen and remove these statements from the Migration job,to avoid these failure errors.
Please refer to the documentation to know more about configuring database flags.
I have a AWS RDS PostgreSQL 13 server with some databases. I have to create an empty copy of one database (empty means schema (tables, views, functions) + security (users, roles)).
Is pg_dump -s what I am looking for?
Thanks!
pg_dump -d db_name -s. You will also need to do pg_dumpall -g to get the global data e.g. roles. This will get all global data for the Postgres cluster, so you may have more then you need for the particular database.
Postgres allows the use of any existing database on the server as a template when creating a new database. I'm not sure whether pgAdmin gives you the option on the create database dialog but you should be able to execute the following in a query window if it doesn't:
CREATE DATABASE newdb WITH TEMPLATE originaldb OWNER dbuser;
Still, you may get:
ERROR: source database "originaldb" is being accessed by other users
To disconnect all other users from the database, you can use this query:
SELECT pg_terminate_backend(pg_stat_activity.pid) FROM pg_stat_activity WHERE pg_stat_activity.datname = 'originaldb' AND pid <> pg_backend_pid();
When I try to take PostgresDump (AWS RDS) the following error I am getting:
ERROR: permission denied for relation dms_stats_detailed
pg_dump: error: query was: LOCK TABLE table_name IN ACCESS SHARE MODE
I am having admin permission though (with Master User).
You need to run pg_dump with a database user (the -U option) that has permission to read the tables you are dumping.
I have this database triviaDB that i am connecting to from a flask-sqlalchemy 'postgresql://devuser:devpass#localhost:5432/triviaDB'however it's giving me a programing error psycopg2: auth not allowed.
so i use the following commands in psql to try and give devuser authorization on this database but here is the problem
when i run GRANT ALL PRIVILEGES ON DATABASE triviaDB to devuser; iget this error:
ERROR: database "triviadb" does not exist
when i quote the db name GRANT ALL PRIVILEGES ON DATABASE 'triviaDB' TO devuser; i get this :
ERROR: syntax error at or near "'triviaDB'"
If the DB name was created with upper cases, you need to use double quotes:
GRANT ALL PRIVILEGES ON DATABASE "triviaDB" to devuser;
I'm getting error "no permission for read/select access to DATABASE" when I try to connect to a Firebird database with a user different than SYSDBA, lets say user SOM.
If I create a new database with SYSDBA on the same server, then grant access to the objects there to SOM, it is connecting without problem, but for this particular database - not. I tried to give all rights, including to the system objects to SOM (I'm using the great IBExpert where this is possible), no success.
c:\Program Files\Firebird\Firebird_2_5\bin>isql -user SOM -password secret
Use CONNECT or CREATE DATABASE to specify a database
SQL> connect "c:\data\data.fdb";
Database: "c:\data\data.fdb", User: SOM
SQL> select * from exampletable ;
Statement failed, SQLSTATE = 28000
no permission for read/select access to DATABASE
Command error: select * from exampletable
I was unable to find way to grant anything to object DATABASE.
What could be the reason is that the problematic database was restored via gbak, version 2.5 from Firebird 3 database (downgrade on this way from Firebird 3 to 2.5).
A possible solution is to restore the database with user SOM, but I don't want that the user SOM is the owner of the database. If I do a backup and restore with SYSDBA, the same problem comes back again.
Solution provided in the firebird-support mailing list:
Attach as SYSDBA and run
UPDATE RDB$DATABASE SET RDB$SECURITY_CLASS = NULL
have you tried gbak from 2.5 to BACKUP FB 3 database?
FB 3 running
place gbak from 2.5 to fb 3 folder, as gbak25. Or, do as you wish, but gbak from 2.5 need to use fbclient.dll from 3.0
gbak25 -b -g -v db.fdb db.fbk -user ... -pass ...
then restore this backup on 2.5.