How can I add a new user with password in DB2 and grand him access to the database, to select,insert,update data ?
I need to do this from command line.
Unlike many other DBMSs, DB2 does not store users inside the database. Authentication is done either at the OS level, or through the use of authentication plugins.
Related
I have an existing API connected to an AWS PostgreSQL database that uses AWS Cognito for User authentication.
The goal is for users to insert data via the API with some field mapped to their Cognito id, and retrieve the same data. The idea would be for each user to only have access to the data 'owned' by them. Similarly to the way row level access works.
But I do not want to create a role for each user which seems to be necessary.
The idea would be that I need to somehow setup a connection to the PostgreSQL DB with the user_id without creating a user and handle the accessible data via a policy, or somehow pass the data to the policy directly.
What would be an ideal way to do this, or is creating a PG user for each user a necessity for this setup?
Thanks in advance
EDIT: I am currently querying the database through my backend with custom code. But I would rather have a system where instead of writing the code myself, the PostgreSQL system handles the security itself using policies(or something similar). I fully understand how PostgreSQL row-level-access works with roles and policies and I would prefer a system where PostgreSQL does the major work without me implementing custom back-end logic and preferably not creating thousands of PostgreSQL roles for the users.
You should not allow users to make a direct connection to the database.
Instead, they should make requests to your back-end, where you have business logic that determines what each user is permitted to access. Your back-end then makes the appropriate calls to the database and returns the response to the user.
This is a much 'safer' response because it prevents users having direct access to your database and it is also a better architecture because it allows you to swap-out the database engine for another one without impacting your service.
The database is for your application, not for your users.
I want to create multiple databases, say db_1, db_2, etc. I have a single user called dashboard.
Now, I have a dashboard, and I want to limit access to the dbs, i.e. I want to use a connectionString such that the user dashboard only has access to db_1 and another connectionString such that the user dashboard only has access to db_2.
For example, if I were to use mongosh "mongodb+srv://dashboard:MY_PASSWORD#IP_ADDRESS/db1?tls=true&authSource=admin&replicaSet=IP_ADDRESS", you can the change the database to db2 if you want to. But I want to prevent that - that connection should only have access to db1
This can be accomplished by creating different users with limits on what they read, but I was hoping this could be done via a single user.
You can do something like you are wanting if the user dashboard is a user on each individual database, and not in the more "global" admin database.
The authSource=admin in your query string tells MongoDB which database to use to authenticate, and since you are pointing to admin it will always use the same user, the one in the admin database.
If two users have the same name but are created in different databases, they are two separate users. If you want to have a single user with permissions on multiple databases, create a single user with a role for each applicable database.
https://www.mongodb.com/docs/manual/core/security-users/#authentication-database
So you'd need to create a separate dashboard user in each database.
The docs and steps here maybe helpful:
https://www.mongodb.com/docs/manual/tutorial/create-users/#create-additional-users-for-your-deployment
I have a server that will manage multiple Firebird databases. My users are allowed to have full access on all the objects for a single database but they are not allowed to create new database and no access to other databases in the same server. How do I configure for this scenario?
Since Firebird 3, users need to have an explicit privilege to create databases (Database DDL Privileges). So as long as you don't grant that privilege to a user, they cannot create a database (unless they have and apply the RDB$ADMIN role).
Giving a user access to everything in a database is harder to do. You'll need to define the access for each database object individually. The preferred way to do that, is to grant the necessary access to a role, and grant that role to the user. See SQL Privileges for details.
In Firebird 3 and earlier, users do not assume the rights of a role unless they explicitly specify that role on connect. Firebird 4 will introduce default roles, which will always be applied. It might be possible to use Firebird 3 privilege mapping to define a default role as well, but I'm not sure if that works.
Firebird does not provide a way to disallow a user to connect to a database: almost all rights are stored per database, so a user has to connect before the server knows which rights they have. If you want to disallow users to connect, you will need to create a custom ON CONNECT trigger to raises an exception for users that shouldn't be allowed to connect.
I'm new to google cloud.
I created a Google Cloud SQL Instance.
Added multiple DBs and few users.
How can I restrict an user to single database ?
and
How can I restrict an user to single database with ReadOnly permission ?
Take a look at this post in regards to restricting access to only one database for a user; and here you can find more information related to "Read Only" access using MySQL.
I want to implement database authentication in mongodb.
In order to do that, I found out that I need to first create an admin user and then create separate users for each of my database through mongodb client shell (manually or using a javascript file).
I was wondering if it is possible to add user to the individual databases from the spring application itself but did not get any useful pointers to do this. Is it that this approach is wrong because if this possible the application will always be able to access the database because it itself is creating the user, but external access will still be blocked.
Please let me know how this can be achieved or if it is an incorrect approach.
After you add a normal user via the MongoShell, you can then connect via your application and create either normal users, or read only users.
Note that a normal user can also add users, so the users your application adds may need to be down as read only users depending on your use case and needs.
In the MongoShell, adding a read only user can be done via
use myAppDB
db.addUser("JohnSmith", "CheddarCheese", true)