I created a new user - CK - with Toad on 10g XE. An error popup when I use CK to login: ORA-01045: user CK lack create session privilege. What privilege do I should give to CK?
BTW: but I can use SqlPlus to login
You need to grant CREATE SESSION to the user you are trying to login as:
GRANT CREATE SESSION ON [object] TO [user];
The CREATE SESSION privilege is granted to users in order to create a session to the database. Without a session, you can't connect the database. If you're curious, you could read this Ask Tom: When not to use CREATE SESSION"...
Here's a good read on granting/revoking privileges.
Related
is it possible to create PostgreSQL user so that he can connect and see only one specific database? So that he could only see one database (he couldn't see the others). Ideally, I could also set the visibility of the tables in the database.
I create user like this:
create user user with encrypted password 'password';
GRANT CONNECT ON DATABASE db TO user;
although I have given the user connect privilege to only one database, he can see all other databases :(
By default the connect privilege to every database is granted to the role public, so you need to run:
revoke connect on database ... from public;
for all other databases. Make sure you grant connect back to existing users.
Another option is to restrict connections for this specific user through pg_hba.conf
I have created a new sql account and assigned it dbmanager and loginmanager roles. It can be used to create new databases but I am not able to access the database afterwards with that user. When right clicking the new database to run a query, the login prompt apears and says that the security principal %user% can access the database under the current security context.
I am not able to alter or grant user any access to the DB now that I can't even run any queries.
The purpose here is that I have a powershell script that creates the databases and handles the automation under a spesific SQL user. What am I missing?
The login might lacks the necessary permissions to connect to the specified database. Logins that can connect to this instance of SQL Server but do not have particular database rights inherit the guest user's permissions. This is a security feature that prevents users from connecting to databases where they do not have permissions. When the guest user does not have CONNECT permission to the identified database and the trustworthy attribute is not set, this error message appears. When the guest user does not have CONNECT authorization to the listed database, this error message appears.
You can connect to the database in one of the following ways:
Grant the specific login access to the named database.
Grant the CONNECT permission to the database named in the error message for the guest user.
Enable the TRUSTWORTHY property on the database that has authenticated the user.
Please refer to the Microsoft Document for this error: MSSQLSERVER_916
I created a new connection in Oracle SQL Developer. Under this new connection, I created a new user. Now, I'm trying to grant roles and System privileges to this new user. I get the following error while trying to grant system privileges to the new user:
The new user has been granted all the roles successfully. However, I'm unable to grant all system privileges to it.
UPDATE:
I followed this and this links to grant sysdba privilege to the new user using the command prompt. I'm able to grant sysdba to this new user. However, when I try to grant all system privileges from the Oracle sql Developer, I get the same error (specified in the screenshot above). I am trying to grant all the system privilege to the new user because I'm getting following error while trying to access the tables of the database.
Recently I had to change my OS to Windows 10. Earlier I had Windows 7 and I didn't have any of this issues. Is this issue related to OS? Is there any problem to use Oracle SQL Developer in Windows 10?
Please refer to this blog
The ORA-01031: "insufficient privileges" error occurs when you attempt
to execute a program or function for which you have not been granted
the appropriate privileges.
For the DBA, the ORA-01031 can happen if the target OS executables do
not have read and execute permissions (e.g. (770) in UNIX/Linux), and
ensure that the oracle user is a member of the dba group (e.g.
/etc/group). There are similar permission in the Windows registry.
Inside Oracle, the "ORA-01031: insufficient privileges" error can be
avoided by signing on "as sysdba" with unlimited database privileges.
The oerr utility notes this on the ORA-01031 error:
ORA-01031: insufficient privileges
Cause: An attempt was made to change the current username or password
without the appropriate privilege. This error also occurs if
attempting to install a database without the necessary operating
system privileges. When Trusted Oracle is configure in DBMS MAC, this
error may occur if the user was granted the necessary privilege at a
higher label than the current login.
Action: Ask the database administrator to perform the operation or
grant the required privileges. For Trusted Oracle users getting this
error although granted the appropriate privilege at a higher label,
ask the database administrator to re-grant the privilege at the
appropriate label.
You should be connected as SYS or SYSTEM in order to grant SYSDBA. Are you?
For example:
connect sys/pwd#db as sysdba
grant sysdba to santobedi;
Connect as sysdba
bash-4.2$ $ORACLE_HOME/bin/sqlplus / as sysdba
show user will show user as 'SYS'
show con_name will display CDB$ROOT
SQL> alter session set container=PDB19;
Session altered.
SQL> grant sysdba to ggadmin;
Grant succeeded.
I want to install an application (Odoo) that uses PostgreSQL, but it needs you create a superuser Role to allow the aplication process instalation create its own database. I just created an Azure PostgreSQL database (PaaS), but the user it creats is not a Superuser, and can't create a superuser role. Is there a way to get my admin user a Superuser?
To explain the users and roles a little better for Azure Database for PostgreSQL:
By default, when a server is created we have the following 3 roles defined, which you can also see when you run SELECT rolname FROM pg_roles; –
azure_pg_admin
azure_superuser
server admin login – the admin login the user created the server with – which by default is a member of azure_pg_admin.
Ours is a managed PaaS service and Microsoft is the azure_superuser. We don’t grant superuser privileges to the user.
With that as baseline, there is at least one role (user) at any given time that is part of azure_pg_admin group i.e. server admin login. This user can create databases, create custom roles and customize privileges, and create additional users that are member of azure_pg_admin. A user is either a part of this group or not. Any user outside this group will not have those privileges.
Hope that helps answer your question.
Saloni
When we postgres as service then we cannot be superuser but can enable extensions allowed
Azure console => Azure Database for PostgreSQL flexible server => => Server parameters => azure.extensions => => Save
On this site SQLDude talks about Application roles for MSSQL Server.
A more secure approach you could use for this is called "Application Roles". When connecting from an application you assume a particular role and only that role is granted privileges required in the database. So all apps connect via this mechanism and don’t give out SQL or NT logins for any unauthorised use. You will have to call sp_setapprole in your application with a password, once the connection is established. Once this call succeeds then the connection gets the privileges of the application role and loses privileges of the actual user, which is what we want. So if someone tried to connect to the database from SSMS or SQLCMD, they will access the DB using their credentials, which won’t have the required permissions on the tables, since only the application role has the rights on the tables. This is more secure & reliable approach, but one that requires application code change and as a DBA you will have to create the application role in SQL Server.
However i can't find the equivalent for PostgreSQL?
Is there something like this available in PostgreSQL?