I am using Orable DB in my application and SQL Developer Query Browser for UI Purpose.
Today I faced a very strage issue, I run a query in the query browser which gives me records successfully. But under the connection -> Table tree hierarchy, no tables are displayed.
From stackoverflow I got a solution from here : SQLDeveloper displays no tables under connections where it says tables
But under "Other Users" tree, it displays large list of schemas. So I am confused which schema is used by me query.
Any suggestion ??
Assuming that you are running a query that involves an unqualified identifier
SELECT *
FROM some_object
and that you haven't done something odd like changing the current_schema of the session, the object is either something that exists in your schema or is a public synonym.
SELECT owner, object_type, object_name
FROM all_objects
WHERE object_name = 'SOME_OBJECT'
will show you all the objects that you have access to with that name.
Related
Problem
I want to prevent a database user from discovering other tables through the use of queries like select * from pg_tables; by adding sanitization in the application that executes the query.
I'm busy investigating how to limit access to a PostgreSQL database for queries coming through an application layer where I can still sanitize a query with code. The user does not connect straight to the database. They can execute queries through an application layer (e.g. query is passed through as text and then executed by my application).
I've already enabled Row Security Policies (row level security) and the user is accessing their data through a view, so "access to data" has been solved (I believe). The problem I'm trying to solve now is to prevent them from "seeing" other tables in the database, especially the built-in PG tables.
The only grant the user has is grant select on my_view to my_user_role;
Assumption / attempted solution
My assumption is that a user can't access a table without explicitly writing it into the query, so if I were to look for certain keywords in the query string, I can reject a query without executing it. E.g. if the clause/characters "pg_tables" are anywhere in the query, then I can reject it. But, this feels naive.
const query = "select * from pg_tables;";
const flagged = query.includes("pg_tables");
if (flagged) throw Error("Not allowed!");
// Continue to run the user's query
^ This would work reliably if the only way to access a table like pg_tables is to type that out explicitly.
Question
Is there a way to access a table like pg_tables without naming it explicitly, in PostgreSQL [given the context above]?
An example of a similar situation in javascript is if you have a function fooBar(), then you can access it indirectly by calling global["foo" + "Bar"]() – hence not using the text "fooBar" exactly.
I have an Access query, which references a table: dbo_table2
However, I have moved this table to another database, so I need to fully qualify to restore the links.
SELECT table1.x, table1.y, table2.z
FROM dbo_table1
INNER JOIN dbo_table2
ON (dbo_ID = dbo_ID)
Both tables are being pulled from SQL tables.
In my Access query I have added table2 as a Linked Table.
But I'm unsure of Access syntax. If I was using SQL, I would simply use "newdatabaseDB.dbo.table2".
My question is how can I correctly name the table2 reference by fully qualifying the database and table name.
If you moved your table to another db, just Link that table in your current db. This way you can use just as it was local.
There is another option, using IN:
select * from clients in 'c:\test\mydb.mdb'
Also see https://stackoverflow.com/a/3123395/78522
Cracked it!
By creating a link to an external table in the database where the query was created, Access then treats the table in the queries as if it were local (so no fully qualification needed).
This problem scenario may sounds strange but I am trying to write a trigger to log the query type into another table and so far i havent been able to find anything on google
the database i am using is postgres
i.e.
if i have two tables; table1 and querylog(has a string field called querytype)
and a select query is executed on table1, i want to insert a row into the query log table with the querytype field populated with "select"
anyone have any idea how to reference the query type in a function that will be called by a trigger?
Triggers do not get called for SELECT queries, so that won't work.
If you want to audit queries, you can use the PostgreSQL log file or tools like pgaudit that hook into PostgreSQL to retrieve and log the information.
When running a simple catalog query:
SELECT *
FROM SYSCOLUMNS
I get back only a few hundred rows. This is DB2 7.1 on an AS400. There are dozens of schemas, more than a thousand tables in total. I expect this query to return several thousand rows, not a few hundred. The rows I do get back are only from my test schema and that of one other developer.
I am new to DB2 (20+ years in Oracle), so this is puzzling. The IBM doc says that SELECT is granted to PUBLIC on SYSCOLUMNS, so I should get everything, right? I don't know what the token "SYSCOLUMNS" is pointing to, a view, or local table (which would explain things). In my environment, every query to the database requires SCHEMA_NAME.TABLE_NAME, so this SYSCOLUMNS (with no schema name) is already an exception.
thanks in advance,
db
The answer will depend on what naming mode you're using.
*SQL mode: You qualify tables as SCHEMA.TABLE
*SYS mode: You qualify tables as SCHEMA/TABLE
(Behind the scenes, the schema maps to a library and the table maps to a file.)
In *SQL mode, if you don't specify a schema, the value of CURRENT SCHEMA is used. By default your CURRENT SCHEMA is your user profile, but you can change it like so:
SET CURRENT SCHEMA = SOMELIB
In *SYS mode, if you don't specify a schema, the library list is used to resolve the table name to a particular file.
Anyway, I'm going to guess you're in *SQL naming mode and your current schema is set to your test schema. Querying the un-qualified SYSCOLUMNS will give you the columns in your current schema.
I would try the following, which should widen the scope to all columns on the system:
SELECT * FROM QSYS2.SYSCOLUMNS
What I am trying to do is verify a URL. I just need to be able to select that single value from all databases that we have currently in SQL Server 2008. All the databases are the same, just multiple instances of the same database for different users.
I am looking to pull one item from one table in each database.
Each database contains a table SETTINGS and within that table a value for MapIconURL. I need that value from each table from within each database. I am looking at around 30 or so databases that would have this value.
So I found the "undocumented" Stored Proc sp_MsForEachDb and have working....to a point.
The code I am using is this:
EXEC sp_MsForEachDb 'use ?; SELECT "?" as databasename,SETTINGSKEYID, SECTION, NAME, INIVALUE, DESCRIPTION
FROM ?.dbo.SETTINGS
WHERE [NAME] = "MapIconURL"'
I have noticed that it is not selecting all the databases, but that it is also selecting the master table as well as other system tables, and am thinking that may be why it is not selecting all tables. Is there a way to exclude the system related tables?
If the number (and name) of the databases is fixed, then you could simply do:
SELECT MapIconUrl FROM db1.dbo.SETTINGS
UNION ALL
SELECT MapIconUrl FROM db2.dbo.SETTINGS
...
However, if either the number or names of the databases is not fixed, then you have to build the query dynamically.
First, run a query such as SELECT name FROM master..sysdatabases to get the names of the databases.
Then, loop over the result set (in T-SQL, use a CURSOR) and build your query and execute it (in T-SQL, use sp_executesql).