I have a backup of database (IBM DB2 v. 9.7)
After restore command I cannot access some of the tables due to privileges issues.
On the original db client and database we have a user: userx with admin privileges and on the new db client we have a usery also with admin privileges.
restore is done but I cannot access the database tables
Can somebody explain me what is the problem
thank you
In version 9.7, authorities like DBADM do not have data access privilege, because of the separation of duties. This is granted via SECADM.
Check the authorizations via the authorizations view: http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/topic/com.ibm.db2.luw.sql.rtn.doc/doc/r0022658.html
Check the priviles granted to "userX" and mimic those privileges to "usery".
Related
I am using PostgreSQL as my database along with Prisma as my ORM.It seems to be giving an issue while running the 'prisma migrate' command on the server which seems to be an issue of user database privileges not being present.What are the basic user privileges that are required for Prisma while using Postgres apart from the option of giving full admin rights?
Database user needs to have a CREATEDB privilege for using migrate commands in PostgreSQL.
Here's a reference to privileges needed for each supported database: Reference.
I want to grant read/write privileges to new user only to one database, so he can't access other databases.
After I created new user with:
sudo -u postgres createuser <username> What privileges this user get?
Is this all I need:
GRANT ALL PRIVILEGES ON my_db TO new_user; to get access to only one database?
What is the best way to do this?
Using PostgreSQL 10
By default, PUBLIC (everyone) is allowed to connect to all databases. So you'd have to revoke that privilege and hand out CONNECT more judiciously.
In addition to that, you'd have to make sure that every user has CREATE on all schemas in “his” database and the necessary privileges on all tables, because privileges on the database itself are not enough to access the objects in the database.
It could be the simplest solution to use REASSIGN OWNED to give the user ownership of all objects in “his” database.
I'm new to Google Cloud SQL. I created two postgres DBs with two new users (one created from web dashboard and one created from commandline). My goal is to prevent the two users to be able to modify each other DB, but I cannot get it to work.
Here is what I want:
UserA all privileges on DB_A
UserA no privileges on DB_B
UserB all privileges on DB_B
UserB no privileges on DB_A
I already tried to grant/revoke permissions from psql prompt, but in the end I still be able to create/drop tables in DB_A as UserB.
Is it possible to achieve what I want? Am I missing something?
Postgres on Cloud SQL is standard Postgres, so it's just like any other Postgres instance:
To give a role all privileges:
GRANT ALL ON <db_name> TO <role_name>;
To remove all privileges:
REVOKE ALL ON <db_name> TO <role_name>;
The Postgres docs on privileges does give the follow caveat for:
The special privileges of an object's owner (i.e., the right to modify
or destroy the object) are always implicit in being the owner, and
cannot be granted or revoked
So keep that in mind - if UserA owns both databases, they can always modify them.
I created a new connection in Oracle SQL Developer. Under this new connection, I created a new user. Now, I'm trying to grant roles and System privileges to this new user. I get the following error while trying to grant system privileges to the new user:
The new user has been granted all the roles successfully. However, I'm unable to grant all system privileges to it.
UPDATE:
I followed this and this links to grant sysdba privilege to the new user using the command prompt. I'm able to grant sysdba to this new user. However, when I try to grant all system privileges from the Oracle sql Developer, I get the same error (specified in the screenshot above). I am trying to grant all the system privilege to the new user because I'm getting following error while trying to access the tables of the database.
Recently I had to change my OS to Windows 10. Earlier I had Windows 7 and I didn't have any of this issues. Is this issue related to OS? Is there any problem to use Oracle SQL Developer in Windows 10?
Please refer to this blog
The ORA-01031: "insufficient privileges" error occurs when you attempt
to execute a program or function for which you have not been granted
the appropriate privileges.
For the DBA, the ORA-01031 can happen if the target OS executables do
not have read and execute permissions (e.g. (770) in UNIX/Linux), and
ensure that the oracle user is a member of the dba group (e.g.
/etc/group). There are similar permission in the Windows registry.
Inside Oracle, the "ORA-01031: insufficient privileges" error can be
avoided by signing on "as sysdba" with unlimited database privileges.
The oerr utility notes this on the ORA-01031 error:
ORA-01031: insufficient privileges
Cause: An attempt was made to change the current username or password
without the appropriate privilege. This error also occurs if
attempting to install a database without the necessary operating
system privileges. When Trusted Oracle is configure in DBMS MAC, this
error may occur if the user was granted the necessary privilege at a
higher label than the current login.
Action: Ask the database administrator to perform the operation or
grant the required privileges. For Trusted Oracle users getting this
error although granted the appropriate privilege at a higher label,
ask the database administrator to re-grant the privilege at the
appropriate label.
You should be connected as SYS or SYSTEM in order to grant SYSDBA. Are you?
For example:
connect sys/pwd#db as sysdba
grant sysdba to santobedi;
Connect as sysdba
bash-4.2$ $ORACLE_HOME/bin/sqlplus / as sysdba
show user will show user as 'SYS'
show con_name will display CDB$ROOT
SQL> alter session set container=PDB19;
Session altered.
SQL> grant sysdba to ggadmin;
Grant succeeded.
A fresh installation of PostgreSQL 9.3 (according to the YUM Installation manual on the PostgreSQL wiki) on CentOS 6 (64-bit) will not grant permissions to any users.
I log in to the postgres user and open psql, then I create a role for my default user:
CREATE ROLE <name> WITH PASSWORD '<password>';
and then try to grant it privileges on the default postgres database:
GRANT ALL ON DATABASE postgres TO <user>;
which gives the expected output, but the user does not have any permissions on postgres.
The output of \dp <user> is quizically empty as well. Additional testing shows that I cannot give any users permissions. However, when I try to drop a role that has been granted these nonexistent permissions, it says
ERROR: role "<user>" cannot be dropped because some objects depend on it
DETAIL: privileges for database postgres
I am at a loss. I did also check to make sure the postgres Linux user has the appropriate file permissions on the PostgreSQL data directory.
Presumably you're expecting too much of GRANT ALL ON DATABASE postgres TO <user>;
ALL in this context means that the command is equivalent to:
GRANT CREATE,CONNECT,TEMPORARY ON DATABASE postgres TO <user>;
And the way you create the ROLE, it cannot login to any database anyway (you can check this with \du).
It could if it was created with:
CREATE ROLE name WITH LOGIN PASSWORD 'pass';
or use ALTER ROLE name WITH LOGIN later on.
Starting from this, to give the user permissions to create objects in the database, other forms of GRANT should be used.