I installed my mariaDB and phpMyAdmin. I created a new user with all the Grand and Super priveleges. And I deleted the "root" user for savety. Perfect. As I follow an article: make a diffrent user for writing, a diffrent user for deleting, and so on. All for your website to use. Perfect. Than, when set and ready: do not have a userAccount who can do everything and anything for savety reasons. So I removed some priveleges for my new Grand Super User. **Oh oh, I ticked the wrong box** and now my Grand Super User can't see all the other users and can't create new users anymore. And now I am lost in logic. My DB is now handicaped as I can not toy around anymore with adding users and other settings. Now, *I believe*, I need to delete and install a new mariaDB on my Linux just to get **a** database back where I am in control. Am I now understanding correcly that for security reasons; it's best to have a userAccount for every single option, from creating new Users to adding an ellement to a table? And to give arbitrary names to all these userAccounts so not outsider(hacker) who sees these userAccounts gets any wiser?? Or am I completly missing the ball?

The issue I am having is I have 2 servers A and B. On A I have a dB, say it's called "MyDB"... On server B there are 2 dBs called "MyDB_Dev" and "MyDB_Test". These all were set up upon my arrival to the client. On server A and B there are Users, Rolls and schemas set up using the same name (e.g., User1, User2, User3, etc.) The issue is that the client wants to stand up a new dB on server B called "MyDB_Stage". What I did was run a backup of the production db and then restored it to server B. The issue is that the user rights will not allow them to log into the staging dB using their user id. What I don't understand is if I open the server user login list the login is not associated to the staging dB - seems fine because I should be able to simply add a check to the new dB, however, when I try it tells me the dB already is assigned that user. I then tried to delete the user from the dB but I get an error that the schema is being used by another login. For this system there are a lot of users, rolls, and schemas and I would hate to have to remove everything and have to put them back. Any advice?

There is a manual for configuring PostgreSQL on Windows with these commands:

C:\"Program Files"\PostgreSQL\12\bin\createuser.exe --username=postgres --superuser --pwprompt saleor

C:\"Program Files"\PostgreSQL\12\bin\createdb.exe --username=postgres --owner=saleor saleor

I'm going to do the same on Linux, but I'm not sure how. I know that I have to do:

> sudo su postgres
> psql 

psql (13.3)
Type "help" for help.

postgres=#

But I'm not sure what to do next. I appreciate any help.

I have such question. Is it possible to add logout functionality for current user IN SSRS web page in browser?

I have an application which is configured with the multitenancy strategy of "single database multi schema". Now I want to create a role which can have only specific permission that is to : 1. connect to the database 2. should be able to switch role. Please help/guide me to create the as per the above requirement. No other object (like other schema, tables those schema) in the database should be visible for this role. So that I can use this role to login and based on the tenant I can switch to another role which can have access to a particular schema only .

After restoring a database from another SQL server, set database comes with database users without login. Do these users have any actual functionality or they are practically dead users? I've looked around for information about this and I couldn't find conclusive answer to this question. The closest I got to an answer was this: > "When you attach a database created on another server, you transfer > the logins associated with it on the original server, but the SQL > logins are not transferred, as they are defined on the Server, not the > database. The database backup, or MDF and LDF files don't contain the > info about SQL logins, only about database users. Therefore, the error > message." Are these database users point of vulnerability. Is there a way for them to be used?

We have a read-only login account that unfortunately was created without proper planning, and now users throughout the company are using this login to access tables and views in our database. The database has grown to include private information we'd rather keep outside of this read-only login. Changing it to access only certain tables is not an option, as it will break other macros and other ODBC related access that could require access to tables we've not thought of. The database has hundreds of tables! Is there a way (auditing preferably), to record all tables or views the user has accessed? I'd rather use auditing than tracing, only due to the possible file size, but I am happy to be convinced on a better method. Has to be for SQL Server 2012 R2. Thanks **UPDATE** I've tried the SQL Audit methods described here , but I don't see options in SQL Server 2012 to audit SELECT for example. I've created a new audit and enabled it. Then I tried to create a new Server Audit Specification, but this is where I am stuck.

Postgres running in RDS accessible only through an EKS cluster... thus I have a (generic) pod in our cluster which allows me to access our postgres instance. I need to alter the password of the role I'm currently using/logged in as (a root user). The problem is that when I try to alert the user or role postgres says the user/role doesn't exist even though I can clearly see it AND I'm logged in as the user! I'm logged into postgres as root (OS level) and I'm as the postgres root user (not postgres, but a super user which I'll call ABcDeFGh in this question)

postgres=> select user;
   user   
----------
 ABcDeFGh
(1 row)

postgres=> select rolname, rolsuper from pg_roles;
          rolname          | rolsuper 
---------------------------+----------
 pg_monitor                | f
 pg_read_all_settings      | f
 pg_read_all_stats         | f
 pg_stat_scan_tables       | f
 pg_read_server_files      | f
 pg_write_server_files     | f
 pg_execute_server_program | f
 pg_signal_backend         | f
 rds_superuser             | f
 rds_replication           | f
 rds_iam                   | f
 rds_password              | f
 rds_ad                    | f
 rdsadmin                  | t
 ABcDeFGh                  | f
 rdsrepladmin              | f
 rdstopmgr                 | f
(20 rows)

The user I'm logged in as is ABcDeFGh. Even specific queries (btw, I'm not a postgres guy so)

postgres=> \dg ABcDeFGh
           List of roles
 Role name | Attributes | Member of 
-----------+------------+-----------

postgres=> \dg abcdefgh
           List of roles
 Role name | Attributes | Member of 
-----------+------------+-----------

postgres=> \du abcdefgh
           List of roles
 Role name | Attributes | Member of 
-----------+------------+-----------

postgres=> \du ABcDeFGh
           List of roles
 Role name | Attributes | Member of 
-----------+------------+-----------

but this (list truncated):

postgres=> \du
                                                                 List of roles
      Role name      |                         Attributes                         |                          Member of                          
---------------------+------------------------------------------------------------+-------------------------------------------------------------
 ABcDeFGh            | Create role, Create DB                                    +| {rds_superuser}
                     | Password valid until infinity                              |

and this (list truncated):

postgres=> \dg
                                                                 List of roles
      Role name      |                         Attributes                         |                          Member of                          
---------------------+------------------------------------------------------------+-------------------------------------------------------------
 ABcDeFGh            | Create role, Create DB                                    +| {rds_superuser}
                     | Password valid until infinity                              |

(and now I just noticed that \du and \dg are the same thing or seem to be aliases of one another) So this is very confusing and frustrating. As one can see, I'm using both all lower case and the case sensitive version of the name for alter and \dg. The error I get when trying to change the password is either role or user does not exist. It clearly seems to exist.

alter role 'ABcDeFGh' with password '' valid until '2023-01-02T00:13:34+00:00';                                                                                                                                                                                                    
ERROR:  syntax error at or near "'ABcDeFGh'"

All documentation I've been able to find fails to explain what might be going on here. The user clearly exists because I'm logged in as the user. I really hate wasting my time on this kind ambiguous garbage from software.

I have a txt file on my local PC. I run localy Java app which connects to remote MSSQL. Now I need to bulk insert from that text file into my database table. However, SQL login can't read my file. I get: > Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Cannot > bulk load because the file "D:/My_Files/my_file.txt" could not be opened. > Operating system error code 21(The device is not ready.) I set permissions on My_Files folder for 'Everyone'. I can't create a Windows user with the same name like SQL login because it is too long for Windows user. Is there a solution?

Where is the password saved when creating a contained user for the Azure SQL database (PaaS)? For example: CREATE USER taiobtest WITH password='PVHz3U4A$LNytQF^'; GO For server logins I can get it from sys.sql_logins:password_hash column. My use case is refreshing non-production from production backup. I need to script out the database contained users and all relevant permission before the restoration. Once restored clean up production database users/permission and reinstate non-production users and permissions.

Suppose I created a db user with create role myuser login password 'xyz'; and allowed typical read and write db permissions. If a malicious user finds these login credentials (and has access to db), what is the worst he can do to the Ubuntu server where the db lives? (e.g. can he get access to the OS shell? can he install something? can he remove non-db files? ...)

I have an MS-SQL installation, controlling different databases. This can be accessed using Microsoft SQL Server Management Studio 18. For doing that, I use Windows authentication. In there, I have different databases. One of them has the following permissions (while checking "Properties", "Permissions"): Users or roles: Name Type ANALYSE User Permissions for ANALYSE: Permission Grantor Grant With_Grant Deny ... Connect False False False ... Connect dbo True False False I have modified the "Grant" column checkbox, but that modification is not taken into account. I'm doing this because I want "ANALYSE" to be capable of accessing that particular database (I'm working with a connectionstring in a C# Entity Framework related program and I'd like to perform as least as possible source code modifications). When I access that database while having logged in as "ANALYSE" I get the following error message: TITLE: Microsoft SQL Server Management Studio ------------------------------ The database is not accessible. (ObjectExplorer) ------------------------------ BUTTONS: OK ------------------------------ Two questions: - In order to access that database, is it correct trying to check the "connect" feature in the "permissions" page? If not, what else do I need to do? - When I click a checkbox, how can I make sure that this gets stored instead of not taken into account? **Edit: screenshots for better understanding** As can be seen in the following screenshots, one "Connect" permission is granted, and all tables are indeed called "dbo.", nevertheless simply opening the database is not working: Permissions screenshot: The error message appears when I click on the + at the left of DB_Name:

I setup a test user in a SQL Instance. I tested logging in from within the Windows Server and it worked fine. So password is fine and permissions are fine. From my PC I attempted to connect to SQL Server instance from SQL Management and this "Login Failed for User 18456" appears every time. I checked Windows firewall on the server and this seems fine. I escalated this with the server support team who too say their firewall has also been set to allow my IP address access to SQL Server ( I have to trust this guy as he seemed quite adamant). I tested using telnet and no error message, just the blank screen... not sure if this is a good test or not though from browsing the internet this is a good indication the firewall is allowing access on port 1433. I know the above login credentials work as I tested this (with Powershell and SQL Management from within Windows server). I also tested other credentials and that failed / worked too (PC / Windows respectively). Normally when I have issues like this I am able to deal with firewall issues as I have admin access to the servers but on this occasion I do not and it is now becoming frustrating. Not expecting much but I am becoming desperate now. Can someone help?

Can anyone help, please? I would like to use Steve Kusen's script at Script DB Level Permissions v4.3 to loop through all the user databases automatically, using Aaron Bertrand's sp_ineachdb. Has anyone got this to work? Kindly advise on how to do it, please. Thank you

I'm running command grant all privileges on *.* to 'username'@localhost identified by 'strong password';, but I get the error: >ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'identified by 'strong password'' at line 1. I can add a user separately and then assign it the privileges on the database, but I'd like to add the user and assign privileges in a single command. MySQL version: | version | 8.0.23-0ubuntu0.20.04.1 | | version_comment | (Ubuntu) | | version_compile_machine | x86_64 | | version_compile_os | Linux | | version_compile_zlib | 1.2.11 |

I work on MySQL. For making my database more secure I created new user and than deleted 'root' user which had all privileges. I think I did not give full privileges to new user. That's why it is giving error whenever I try to update a table in database. UPDATE command denied to user 'crm_user'@'localhost' for table In case I lost the superuser (in my case it was root) how can I retrieve or get all privileges to get control on my DB. DB is installed on my VPS so I have full control whatever need to do but I have no idea what to do. Please help. Thanks

currently I already have user like this 'app_user'@'10.148.0.0/255.255.240.0' and I have the trigger with definer like this CREATE DEFINER=app_user@10.148.0.0/255.255.240.0 TRIGGER usertable_delete_audit but when apps insert data i got this error trigger command denied to user 'app_user'@'10.148.0.0/255.255.240.0' for table user table. i already make sure about the grants this user already full grant. GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON this impact from user with specific host ? i mean because the user have grant like this 10.148.0.0/255.255.240.0. And the trigger only can give the access from specific ip from server apps ? my server apps ip 10.148.0.57 i using mariadb version 10.4

I have created a function in a postgreSQL(v10.10) database to create new users or update existing ones. As parameters you pass the username, password, role memberships, first name and last name. In my case the function is called by an external program with connection to this database. Basically it works, but strangely only passwords are taken over which contain only lower case letters and do not start with a number. As soon as the password contains uppercase letters, special characters or the password begins with a number, the user is created, but the login data is supposed to be wrong when trying to connect afterwards. I have already written the password in that function into a logging table. There the password is also identical with the given password parameter(e.g. uppercase, numbers, etc.), but a login still does not work. Thats my function I am using:

DECLARE
v_role TEXT;
v_timestamp TIMESTAMP;
v_status TEXT;

BEGIN
	v_timestamp := NOW();
	--check ob Nutzer bereits angelegt, dann create oder alter
	IF NOT EXISTS (
      SELECT FROM pg_catalog.pg_roles  
      WHERE  rolname = v_username) 
	  THEN --Neuanlage
	  	--lege Nutzer an
    	EXECUTE FORMAT('CREATE USER %I WITH PASSWORD ''%I''', v_username, v_password);
		EXECUTE FORMAT(E'COMMENT ON ROLE %I IS ''%s %s \nAngelegt am:\n%s''', v_username, v_vorname, v_nachname, to_char(v_timestamp, 'DD.MM.YYYY HH24:MI:SS'));
		v_status := 'neuanlage';
		
	  ELSE --Änderung
	  --ändere bestehenden Nutzer
	    EXECUTE FORMAT('ALTER USER %I WITH PASSWORD ''%I''', v_username, v_password);
		EXECUTE FORMAT(E'COMMENT ON ROLE %I IS ''%s %s \nUpdate am:\n%s''', v_username, v_vorname, v_nachname, to_char(v_timestamp, 'DD.MM.YYYY HH24:MI:SS'));
		--entferne Mitgliedschaft aus bestehenden Gruppen
		FOR v_role IN
        SELECT rolname FROM pg_roles WHERE pg_has_role( v_username, oid, 'member')
    	LOOP
			IF v_role != v_username THEN
        		EXECUTE(FORMAT('revoke %I from %I', v_role, v_username));
			END IF;
    	END LOOP;
		v_status := 'update';
	END IF;
	--füge zu Gruppen hinzu
	FOREACH v_role IN ARRAY v_roles LOOP
        EXECUTE FORMAT('GRANT %I TO %I', v_role, v_username);
    END loop;
	
	--Protokollierung
	INSERT INTO verwaltung.roles_protokoll (roles, status, timestamp, username, password) VALUES (v_roles, v_status, v_timestamp, v_username, v_password);
	
    RETURN 1;
    -- Simple Exception
EXCEPTION
    WHEN others THEN
        RETURN 0;
END;

Do you have any ideas what's going wrong in there?

I'm setting up new users in an Azure MSSQL Contained Database. I want new users to be forced to reset their password on the first login. I see the ability to set a new password documented https://learn.microsoft.com/en-us/sql/t-sql/statements/alter-user-transact-sql?view=sql-server-ver15 but I do not see the ability to force the reset. Any ideas?

I hope this question is specific enough to be allowed and not doomed as opinion-based: I'm fairly new at administrating postgres databases. My basic approach was to create a new user / role for each real-world user. I thought it would be advantageous for use-cases, where users simultaneously access the same database. However, I realised this has some disadvantages in terms of granting access-right to future tables. I am now suspecting that my concept (separate user-account for each real-word user ) is not the "usual way". I could imagine, that it is sufficient to have just a generic user / role, and each real-world user uses that same generic role to connect, create, read, write, modify data and tables? Can postgres handle such a setup just fine even in the case of concurrent read/write-actions? Is this second concept (one user-account for many users) just fine and frequently applied? Thanks in advance for your help (or for pointing out appropriate www-sources I have missed).