I am working on a secure view and share in snowflake.
So, I need to grant reference_usage of each DB to share before granting view permission to share.
My view has like 7-8 databases in its statement(due to joining) and so I need to grant all these DB reference usage permission to share.
One way of doing this, I can run the below command for each database.
grant reference_usage on database db_XYZ to share share_ABC;
Is there any command in snowflake to grant permission to all databases at once?
No, the REFERENCE_USAGE privilege must be granted individually to each database.
https://docs.snowflake.com/en/sql-reference/sql/grant-privilege-share.html#usage-notes
Of course, you can write a script to generate and execute grant commands for all databases.
Related
I have an Oracle user user1 and a schema schema1. I want to give permissions insert, update and delete to this user on this schema.
I only find in the documentation that I can give permissions on this schema tables.
Is there a way to give permission on whole schema?
You can add roles and privileges to the user or use the grant command.
https://docs.oracle.com/javadb/10.8.3.0/ref/rrefsqljgrant.html
You can also use the GRANT ALL PRIVILEGES TO {USERNAME} command.
I want to import schema to my new host. First I had created new user account:
CREATE USER test IDENTIFIED BY test;
What kind of privileges I need to grant to have super role?
(create schema, tables, packages, triggers...etc)
It's one privilege to grant me access to all of them?
You should grant only those privileges that are required for a newly created user to work. One by one.
CREATE SESSION is the first one; without it, user can't even connect to the database.
CREATE TABLE is most probably also required, if user TEST is going to create his own tables.
That's enough to get it started. Once it appears that user needs to create a procedure, you'll grant CREATE PROCEDURE. And so forth.
There are/were roles named CONNECT and RESOURCE which contained the "most frequent" privileges one needed, but their use is - as far as I can tell & in my opinion - discouraged.
I would like to know if there is a way to grant permissions to, for example, create table on a schema, from a different user.
I want to do this without granting DBA role, nor granting "ANY" permissions (grant create any table to XXXX).
I use this occasionally to satisfy devs who want a read-only account. This will create DDL that will give appropriate select or execute permissions. It would not be difficult to modify that to include update and delete.
How can I grant permission to specific users in Hive?
When I try with different users and set the permission with the GRANT statement, then these users were able to change the permission on create, update and any kind of operation on the objects(database, tables etc).
So how can I configure Hive such that only the selected user is able to grant permission?
I'm using Oracle's 10g version.
In the database, I would like to create a configuration table and fill it with data.
Then the other users can not change anything in it, and even better that it was not at all visible to other users. Is it possible to somehow hide the table?
Regards
Create a separate schema for that table. Create a package that provides an API to your configuration data (e.g. to get a value that is needed by another program).
Revoke CREATE SESSION privilege from that schema (i.e. just don't grant any privileges to the schema at all). Don't grant any privileges on the table. The only users who will be able to see the table are those with DBA privileges.
The only thing that database sessions will be able to do is execute the package, IF they have been granted EXECUTE privilege on it.
If you do not grant enough privileges to other users, they could not see your objects.