How do I get the granted permissions for a stored procedure in sybase?
It depends on the form that you want that info in.
If you are writing SQL for some internal purpose, and you need that info as data for it, Kolchanov's answer is correct.
If you are merely performing DBA functions, then any number of DBA GUI tools (SybaseCentral comes with the CD; DBArtisan is much better) provide that info via an explorer window and clicks
If you only have character based access, use
sp_helprotect proc_name
Link to Sybase Online Manuals
Then go to: Adaptive Server Enterprise 15.5/Reference Manual: Procedures, nd follow the explorer.
If I wanted to check the permissions for object "whatever_[table|procedure]", I would run the following query:
Example for "whatever" being a table
Displaying result for:
---------------------
select permission = a.name
from master.dbo.spt_values a
, master.dbo.spt_values b
, sysprotects p
, sysobjects o
where a.type = "T"
and a.number = p.action
and b.type = "T"
and b.number = (p.protecttype + 204)
and o.id = p.id
and o.name = 'whatever_table'
permission
----------------------------
References
Select
Insert
Delete
Update
5 Row(s) affected
Example for "whatever" being a stored procedure
Displaying result for:
---------------------
select permission = a.name
from master.dbo.spt_values a
, master.dbo.spt_values b
, sysprotects p
, sysobjects o
where a.type = "T"
and a.number = p.action
and b.type = "T"
and b.number = (p.protecttype + 204)
and o.id = p.id
and o.name = 'whatever_procedure'
permission
----------------------------
Execute
1 Row(s) affected
Adaptive Server Enterprise 15.5 > Reference Manual: Tables > System Tables
sysprotects
sysprotects contains information on permissions that have been granted to, or revoked from, users, groups, and roles.
http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.infocenter.dc36274.1550/html/tables/X16615.htm
Related
I have an database in PostgreSQL called "myDatabase" which has hundreds of schema and which is installed in Linux server. I am using this DB for an SAAS application. Which has multiple schema users. I want to update a column value in a table for selected schema
There is a particular column 'Percentage' in a table called 'sales' which i want to update the column value for all the existing users(Schema). So i have written a script to update the values in all schemas, this script is working in windows server but when i trying to execute this script in linux server, it shows an error
enter code hereThe below script i have written,
DO
$do$
DECLARE
_schema text;
BEGIN
FOR _schema IN
SELECT quote_ident(nspname) -- prevent SQL injection
FROM pg_namespace n
WHERE nspname !~~ 'pg_%' and nspname between 'schema1' and 'schema50'
AND nspname <> 'information_schema'
LOOP
EXECUTE 'SET LOCAL search_path = ' || _schema;
UPDATE sales SET sales.Percentage = 15;
END LOOP;
END
$do$
The above script is working in windows server but it is not working linux server. The error is given below
ERROR: column "sales" of relation "sales" does not exist
LINE 1: UPDATE sales SET sales.Percentage = 5
^
QUERY: UPDATE sales SET sales.Percentage = 5
CONTEXT: PL/pgSQL function inline_code_block line 10 at SQL statement
SQL state: 42703
Any help will be appreciated
Do not specify table name before the column name in the update:
UPDATE sales SET Percentage = 15
Here is the example that demonstrates this:
laika=# create table a (i integer);
CREATE TABLE
laika=# update a set a.i = 1;
ERROR: column "a" of relation "a" does not exist
LINE 1: update a set a.i = 1;
^
laika=# update a set i = 1;
UPDATE 0
I have a project that I need to put an Internet Address and also add a new field called ShortName for all groups in the Notes NAB.
I am able to put the values and save the document , I tried with a doc.save and a computewithform. This is the Group form.
After the change, people in that group are no longer able to access the application.
Do you have an idea what I am doing wrong ?
User A is in group XYZ.
I added internetaddress xyz.com and a shortname text field xyzmigration
Application A is having an ACL with the group XYZ as editor. When User A tries to open the Application A, he get a not authorize. If I delete both values, User A is able to open the database.
Thanks for your help
$ServerAccess view validates Group documents and omits any Groups that has Shortname field present.
Normunds has the correct answer, but I want to add a suggestion: create a new group instead of modifying the existing group. I.e., if the group is "MyGroup", create a group named "MyGroup_Extended" and set it up with
Shortname = the value that you want
InternetAddress = the value that you want
Members = "MyGroup"
That way, you leave MyGroup untouched, but you still have a modified group document with the additional information added and the same member list.
And another thing: In order to make those groups that you already altered functional again, you should run a simple agent against all of the groups that does this:
FIELD ShortName := #DeleteField;
FIELD InternetAddress := #DeleteField;
After the help of some answers that I got here. I checked the view $ServerAccess. The selection formula is checking for a field Shortname and that is what was causing my problem. I will create another field name and we will be able to use this field instead of ShortName. allfields := #DocFields;
test1 := 0;
test2 := 0;
#For(i:=1; i < #Elements(allfields); i:=i+1; test1 := test1 + #If(#UpperCase(allfields[i]) = "LISTNAME";1;0));
#For(i:=1; i < #Elements(allfields); i:=i+1; test2:=test2 + #If(#UpperCase(allfields[i]) = "SHORTNAME";1;0));
SELECT (test1 < 2 & test2 = 0 &Type = "Group" & (#IsUnavailable ( GroupType)|GroupType="0" : "2":"3":"4")) & Form="Group" & #IsUnavailable($Conflict)
Thanks for your help.
In SQL injection, why should you use 0 or 1=1, isn't this automatically evaluated as 1 in boolean operation? I don't understand why we should write it that way. Can someone explain?
Thanks in advance
Because it makes the condition always true.
For example, if someone's SQL code is:
string query = "SELECT * FROM Users WHERE Password = '" + somePassword + "'";
(Username clause omitted for brevity.)
Then you can enter something like this as the password:
' OR 1 = 1;--
Which would make the resulting query:
SELECT * FROM Users WHERE Password = '' OR 1 = 1;--'
The semicolon ends the statement, and -- denotes a comment so everything thereafter is ignored. So it simplifies to:
SELECT * FROM Users WHERE Password = '' OR 1 = 1
This will match all records in the table. Always. Because 1 = 1 is always true. Depending on how the application handles this response, you may be logged in. Perhaps even as the first user in the table, which is likely to be the admin user.
For SQL-injectable code, it's basically a universal password. (Provided you guess a correct username, which isn't difficult.)
Edit: I just noticed the 0 part of your question as well. This would be used when you expect the injected value to be looking for a number rather than a string. For example, consider a similar SQL statement:
string query = "SELECT * FROM Users WHERE Id = " + someID;
The leading 0 in the injected value prevents a syntax error. So the resulting query would be:
SELECT * FROM Users WHERE Id = 0 OR 1 = 1
Same concept as above. This will match all records every time.
Here is a brief explanation for this:-
select title, text from news where id=$id
In the example above the variable $id contains user-supplied data, while the remainder is the SQL static part supplied by the programmer; making the SQL statement dynamic.
Because the way it was constructed, the user can supply crafted input trying to make the original SQL statement execute further actions of the user's choice. The example below illustrates the user-supplied data β10 or 1=1β, changing the logic of the SQL statement, modifying the WHERE clause adding a condition βor 1=1β.
select title, text from news where id=10 or 1=1
so the query will still get executed
I am trying to present data from SQL Server in an Excel sheet so that operational users can understand the data. Here's how the data looks in SQL Server:
PersonId Name Address Role Organization
1 John Smith 123 Main St Donor Library
1 John Smith 123 Main St Member Ballet
2 Jane Doe 333 Main St Member Orchestra
As you can see the database contains a one-to-many relationship between a person and the role they play in an organization.
In my Excel I want to show the person record only once and somehow show that this person plays multiple roles and these are the roles.
There are lots of group concatenation methods out there. Some use dynamic sql and others use xml. Here's a simple one if you have a short list of roles known in advance. And this way you can control the order of the listing really easily.
select *,
(
select
substring(
coalesce(min(case when r.Role = 'Donor' then ', Donor' end), '') +
coalesce(min(case when r.Role = 'Member' then ', Member' end), '') +
...
coalesce(min(case when r.Role = 'XXXXXX' then ', XXXXXX' end), '')
, 3, 300)
from PersonRoles pr
where pr.PersonId = p.PersonId
) as Roles
from Person p
I'm not sure how organization fits into your problem but it appears to me that it's part of the role. You should be able to use pr.Role + ' ' + pr.Organization in the case logic for that.
We have created a bunch of users in CRM 2011 using the SDK. However, we added their Security Role records through the database.
Everything seems to work fine, until these users started to save their own User Dashboards and Advanced Finds.
The users could create their own User Dashboards. However, once they created them, they could not see them. They were not in their list of Dashboards - only the System Dashboards where there.
There were no errors in the event viewer or even the trace logs.
I used SQL Profiler to see what it was doing and I discovered it was checking the PrincipalEntityMap table for principals that had an objecttypecode of 1031 - which is the User Dashboard (called UserForm).
How do these records get created?
I can write a SQL script to populate the database with these missing records.
What I would like to know is why they are missing? Any ideas?
Where do the records for PrincipalEntityMap come from?
Because we created the UserRole (i.e. User Security Role) records through the database and not through the SDK - we missed some POA (Principal Object Access) related records.
There are a number of stored procedures that can be called to re-initialise these records.
We have written a script to reset these records for all users:
-- This will create PrincipalEntityMap for users - if they are not there:
INSERT INTO PrincipalEntityMap (ObjectTypeCode, PrincipalId, PrincipalEntityMapId)
SELECT 1031, sup.PrincipalId, NEWID()
FROM SystemUserPrincipals sup
INNER JOIN SystemUser su ON su.SystemUserId = sup.SystemUserId
WHERE
(sup.PrincipalId = su.SystemUserId) AND
(sup.PrincipalId NOT IN
(
SELECT pem.PrincipalId
FROM PrincipalEntityMap pem
WHERE pem.ObjectTypeCode = 1031
)
)
DECLARE #PrincipalTable TABLE (PrincipalID uniqueidentifier)
DECLARE #CurrentPrincipalID uniqueidentifier
DECLARE #UserIds VARCHAR(60)
DECLARE #Type INT
BEGIN TRANSACTION ResetPrincipalEntitiyMap
BEGIN
SET #Type = 8
INSERT INTO #PrincipalTable (PrincipalID)
SELECT sup.PrincipalId
FROM SystemUserPrincipals sup WITH (NOLOCK)
INNER JOIN SystemUser su WITH (NOLOCK) ON sup.SystemUserId = su.SystemUserId AND sup.PrincipalId = su.SystemUserId
WHILE EXISTS (SELECT PrincipalID FROM #PrincipalTable)
BEGIN
SELECT TOP 1 #CurrentPrincipalID = PrincipalID
FROM #PrincipalTable
ORDER BY PrincipalID ASC
EXEC p_PrincipalEntityMapReinit #CurrentPrincipalID, #Type
EXEC p_PrincipalAttributeAccessMapReinit #CurrentPrincipalID, #Type
SET #UserIds = cast(#CurrentPrincipalID AS VARCHAR(50))
EXEC p_SystemUserBuEntityMapReinit #UserIds
DELETE FROM #PrincipalTable WHERE PrincipalID = #CurrentPrincipalID
END
END
COMMIT TRANSACTION ResetPrincipalEntitiyMap
Please Note: Always perform inserts/updates/deletes of Security
Related entities (User, UserRole, Team, TeamRole, etc.) through the
SDK - rather than the database. The SDK does some weird stuff in the
background that will be missed if you use SQL.
While trying to resolve the common/constant problem with exchange server side sync on CRM 2013 (error code E-Mail-Server: Crm.80044151 when sync of contacts, tasks and appoitments is enabled), we've also tried to reinit the principal-tables using your script.
For CRM2013/15, it had to be modified slightly, because the signature of SP p_PrincipalEntityMapReinit has changed.
Here's the updated TSQL - maybe it helps someone else (in our case, it didn't :( ):
DECLARE #PrincipalTable dbo.EntityIdCollection
DECLARE #CurrentPrincipalID uniqueidentifier
DECLARE #UserIds VARCHAR(60)
DECLARE #Type INT
BEGIN TRANSACTION ResetPrincipalEntitiyMap
BEGIN
SET #Type = 8
INSERT INTO #PrincipalTable (id)
SELECT sup.PrincipalId
FROM SystemUserPrincipals sup WITH (NOLOCK)
INNER JOIN SystemUser su WITH (NOLOCK) ON sup.SystemUserId = su.SystemUserId AND sup.PrincipalId = su.SystemUserId
EXEC p_PrincipalEntityMapReinit #PrincipalTable, #Type
WHILE EXISTS (SELECT id FROM #PrincipalTable)
BEGIN
SELECT TOP 1 #CurrentPrincipalID = id
FROM #PrincipalTable
ORDER BY id ASC
EXEC p_PrincipalAttributeAccessMapReinit #CurrentPrincipalID, #Type, 1
SET #UserIds = cast(#CurrentPrincipalID AS VARCHAR(50))
EXEC p_SystemUserBuEntityMapReinit #UserIds
DELETE FROM #PrincipalTable WHERE id = #CurrentPrincipalID
END
END
COMMIT TRANSACTION ResetPrincipalEntitiyMap