Allowing users to access only the data they are authorized to access.
0
votes
0answers
11 views
MySQL on Unix, should administrator accounts join the operating system “mysql” group?
When I install MySQL via Yum, it automatically creates the mysql operating system user and group. Then mysqld executes as mysql (instead of as root), and all the files in the data directory are owned ...
0
votes
0answers
16 views
which role-permission database design?
I want to manage roles and permissions. Most of designs on web look like this
tables:
Users
Roles
UserRoles
Permissions
RolePermissions
Here, what is permissions? I am thinking for such a design ...
1
vote
1answer
56 views
Login failed for user Error: 18456 State: 10
In one of my vb.net applications I am getting the error Login failed for user 'user'.
But the user has full permission (sysadmin). Also this error happens intermittently.
Error log has the following:
...
2
votes
3answers
56 views
SQL Server grant permissions to STANDBY database
So, first: the setup. We have SQL Server 2012 (ServerA) running in domain A. We have SQL Server 2012 (ServerB) running in domain B, separate subnet, no trusts. These are completely separate domains ...
3
votes
2answers
44 views
Can I grant privileges to a role without specifying an object?
I am trying to create a role to simplify granting a set of privileges that I often give to users. I am wondering if there is any way to grant these privileges on only the objects owned by their schema ...
0
votes
1answer
30 views
Permissions on sys.syslogins
I've got the following scenario:
( loggend in on SQL-Server with full admin-privileges )
Creating LogIn, User, Role and associate them.
IF NOT EXISTS( SELECT "name" FROM "master"."dbo"."syslogins" ...
0
votes
2answers
40 views
SQL Server AD groups membership seems cached - how to flush to test? [duplicate]
I am configuring a new, fully AD group based security scheme on an existing SQL Server 2008.
When I change the group to which I belong to test my configs, it seems that there is quite a delay between ...
1
vote
0answers
49 views
How do I maintain more audit history?
I created a SQL Server audit and when I view the audit logs I only see today’s audit. I am saving it to a file and I want to store audit for one year. Is there a way to store database and server audit ...
5
votes
3answers
467 views
Best practices to encrypt all the data
I'm working in a project, where the client is afraid their own employees (ie.: junior I.T. guys who the client does not trust) querying the database to get sensitive information.
The database is a ...
2
votes
1answer
23 views
MySQL: Securing Access using Stored Procedures
I'm new to using MySQL. I'd like to use stored procedures to help secure my database when accessing it from a web service (i.e., grant only proc execute to the web service account).
What permissions ...
1
vote
1answer
36 views
In creating view use SQL Security definer or invoker?
CREATE VIEW syntax is
CREATE
[OR REPLACE]
[ALGORITHM = {UNDEFINED | MERGE | TEMPTABLE}]
[DEFINER = { user | CURRENT_USER }]
[SQL SECURITY { DEFINER | INVOKER }]
VIEW view_name ...
3
votes
2answers
64 views
Create database role to allow read access to all tables; write access to some
We have a database with over 1000 tables. I need to create a role that allows read only on all tables, as well as write access to two specific tables.
I was messing around with database roles, but ...
3
votes
1answer
118 views
Linked server available to users without permissions
I have users seeing a linked server which they are not supposed to see.
The linked server is defined so that only I will have access to it, but everybody can see and use it.
I have created the ...
0
votes
1answer
48 views
Security Concerns of SQL Server Express for Web e-Voting web application
I am building a database driven web application. The web application is basically an E-Voting website, where users can register and vote on things that concern their community ... etc.
The database ...
0
votes
2answers
40 views
Is there any way to connect to one server and utilize a linked server using Windows authentication and NTLM?
I currently have SQL Server 2005 (Server A) that has a SSAS 2005 linked server (Server B). The powers that be do not want to enable Kerberos authentication, so I'm stuck with NTLM.
The problem is ...
2
votes
1answer
26 views
Debugging SSAS Timeouts
I have a drill-through problem apparently related to security. Users in one role are seeing timeout failures when trying to invoke a drill-through action. They have permission on the action through ...
1
vote
2answers
46 views
Where should I look for details about 'access denied' errors?
This question derives from Deploying a new database on a new server, an msbuild ssdt rookie issue.
Since I have a permission denied error, I expect to find which user is failing to access so I can ...
1
vote
2answers
59 views
How can I run a T-SQL Script using SQL Credentials?
I need to develop a T-SQL insert script for use on a remote SQL 2005 Express instance but I would like the script to include the necessary SQL credentials so all the user has to do is execute the ...
2
votes
0answers
34 views
Server permissions of an activation stored procedure of a Server Broker queue
I have a stored procedure that queries the sys.dm_exec_requests view. In the stored procedure the view only returns one row, while the stored procedure needs to see all of them. The MSDN article on ...
-1
votes
1answer
57 views
Why does fn_my_permissions return empty rowset? [closed]
If I run this query:
select * From fn_my_permissions(NULL, 'SERVER')
This is what I'm getting:
entity_name subentity_name permission_name
------------- --------------- ...
2
votes
1answer
29 views
Use users / logins from another database
Is it possible to use logins/users from one database(F) in another(S) one? I know I can copy it but, when I add user to (F) database I have to copy again them all (or add the same user to (S) ...
5
votes
1answer
80 views
SA permissions issues with many nested objects
I have a broker application that's relatively complicated.
Today, after I made some changes, I started getting the error:
The server principal 'sa' is not able to access the database 'XYZ' under ...
2
votes
1answer
115 views
If the users need INSERT/UPDATE/DELETE permissions, is Windows auth still more secure than SQL Server auth?
Some background first:
The problem described below wouldn't exist at all if the database in question would have been built with a DBA's mindset:
Data access only through views and stored procs --> ...
1
vote
1answer
45 views
Restrict access for Windows administrator in PostgreSQL
Is there a way to protect PostgreSQL from user with Windows administrator rights?
Like this question but for Postgres.
2
votes
1answer
41 views
Need help to design model with multiple rights
For a website, I have multiple elements that need to be moderated by many different users.
Until now, I have always used Role-Based Access Control (RBAC) model but I want a more flexible model. I ...
1
vote
2answers
51 views
Auto Disable a SQL Server User
I have a SQL Authentication User: JOHNDOE
I would like this account to auto-expire or auto-disable after X days or at a certain date/time. Any suggestions or best practices to do this?
2
votes
3answers
156 views
Working Linked Server Query fails in sp_send_dbmail
Take the following example:
EXEC msdb.dbo.sp_send_dbmail
@recipients = '[email protected]' ,
@query = 'SELECT TOP 10 * FROM LINKEDSERVERA.DATABASE.dbo.TABLE' ,
@attach_query_result_as_file = N'True' ...
5
votes
3answers
145 views
How does “Be made using the login's current security context” pass the users password to remote server
Say you have a SQL Server with a "Linked Server" to another server - said "Linked Server" is set to use "Be made using the login's current security context" as its authentication model.
How does the ...
0
votes
2answers
55 views
Pull Subscription: process cannot read file due to OS error 5
I am trying to migrate a working pull subscription for transactional replication from one subscribing server to a new one. The subscribing server is at another site and is connected via a VPN tunnel. ...
0
votes
0answers
44 views
EXECUTE AS over Linked Servers
I have a front end that logs into the DB as "logInA", and only has permission to "schemaA" stored procs, which use EXECUTE AS "logInB", (I have also tried EXECUTE AS 'DBO'), to handle all the business ...
2
votes
2answers
87 views
Linked Server Risks
I'm implementing a new feature which requires data from databases on multiple servers. I just need to union data from all these servers and sort it. The two options that come to mind are:
Use linked ...
0
votes
1answer
75 views
BUILTIN\Administrators allowing access via linked server but not locally
We have two servers:
LYNDB01 & LYNDB02
On LYNDB01 we have a database called db_ExampleDatabase
We have created a Linked Server on LYNDB02 to LYNDB01 using no mappings and the "Be made using the ...
2
votes
1answer
43 views
Find application password expiration date
I changed password of my application on one sql server?
when I am using Login property command I am getting last login date.
I want to know when my application password is going to expired in SQL ...
0
votes
1answer
165 views
Granting privileges to dbms_crypto
I'm trying to grant proper privileges for using DBMS_CRYPTO.
Whenever I call it from package it gives me error:
PLS-00201: identifier 'DBMS_CRYPTO' must be declared
User already has privileges:
...
2
votes
1answer
53 views
Oracle Database: View schema without access to data
In Oracle Database 10g, I need to create a user with these permissions:
user can access schema to be able to read table names and columns
user can not select (get) any data from any table
Is this ...
-4
votes
2answers
470 views
How database administrators can see my requests to SQL Server?
I'm a SQL Server 2008 user. I have access to some tables. I need to request few columns from table as I usually do. But I need to do it once (for example) in 5 seconds and system administrators ...
-1
votes
1answer
44 views
best database for a real estate system [closed]
Which is the best database suits for a real estate system.
Considering the storage space, security, crash recoveries, speed etc.
There will be around 1000 fields and trillions of rows!!!
1
vote
1answer
71 views
One call to `decryptbypassphrase` for decrypting all columns
If I use ENCRYPTBYPASSPHRASE to encrypt the full table then how can I decrypt full table easily by using DECRYPTBYPASSPHRASE?
Actually I have to use DECRYPTBYPASSPHRASE ('passphrase', column_name) ...
3
votes
2answers
50 views
disallow SET command in a postgresql server
Im planning to publish my postgresql server to a few untrusted clients.
I dont want them to modify any runtime setting, like work_mem or something risky to my server. In general I assume the ...
5
votes
1answer
86 views
How is SQL Server host identity ensured?
When I connect to some e-commerce website with my browser I use HTTPS that uses a certificate that (more or less) guarantees that example.com is indeed example.com.
Now I connect to a SQL Server ...
4
votes
2answers
202 views
Securely generate a UNIQUEIDENTIFIER in SQL Server
I intend to be using a UNIQUEIDENTIFIER as an access key that users can use to access certain data. The key will act as a password in that sense.
I need to generate multiple such identifiers as part ...
13
votes
6answers
599 views
Why should an application not use the sa account
My first question ever, please be gentle. I understand that the sa account enables complete control over a SQL Server and all the databases, users, permissions etc.
I have an absolute belief that ...
0
votes
1answer
319 views
Login Failed for Domain\ServerName$ when trying to create a new SQL Server Reporting Services Application in SharePoint 2013
Basic setup:
All of the following is installed on Domain\Servername:
SharePoint 2013 Standalone Install (Trial version)
Currently using an instance of SQL Server 2012 SP1 Express for basic
...
0
votes
1answer
18 views
Cannot create perlplu function
Running PostgreSQL 9.1.8 on Xubuntu 12.04, installed from the repos.
From the shell, I have executed:
createlang plperl db_name;
createlang plperlu db_name;
As the superuser running psql, I have ...
0
votes
2answers
219 views
Secure Linked Server - Non privledged user possible? Registry corruption?
Is it possible to use a non privledged Windows domain account to impersonate itself in a linked server?
And why would it be unable to read the registry for available network protocols?
Overview: ...
6
votes
2answers
176 views
Limit connection rights on SQL Server
I have an app to deploy in production that uses 'honor system' security. That is, all users connect to the DB using a SQL user/passwd credential and the app manages permissions itself. The latter part ...
0
votes
1answer
30 views
Giving permission for each table within a database
I want to give different permission for different tables within a single database for a user.For example a user has full permission to a table while for another table only read permission.How it can ...
1
vote
1answer
61 views
clusterdb stopped working for PostgreSQL database in Ubuntu 12.04 server
After a fresh PostgreSQL install (version 9.2) on my Ubuntu server 12.04, clusterdb utility stopped working. I used the same config files as I used with version 9.1.
Below is the actual command:
...
3
votes
3answers
163 views
Is it ever harmful to set a database owner in SQL Server?
There are a bunch of databases on one of our SQL servers that have no owner. Generally speaking, is it harmful to give them one? For example:
USE dbName;
GO
EXEC sp_changedbowner 'sa';
GO
I know ...
0
votes
2answers
58 views
Changing passphrase for EncryptByPassPhrase
I am using EncryptByPassPhrase to encrypting some columns.
If I want to change the passphrase in the future, how can I change it?
