I am facing a unique problem. My service account has BigQuery data view permission for a view (table_type). But no permission for parents tables from which view is created. Now, How can I query on the view table without the parent table's permission?
You can use so called authorized views for this
Giving a view access to a dataset is also known as creating an authorized view in BigQuery. An authorized view allows you to share query results with particular users and groups without giving them access to the underlying source data. You can also use the view's SQL query to restrict the columns (fields) the users are able to query.
See the tutorial for Creating an authorized view
Related
I created a view in Redshift that unions two queries, and it works great. We've thought of a third query that would be worthwhile to add in. eg
CREATE VIEW stem_alumni as
SELECT name, email
FROM students
WHERE graduated < 2019 AND major = 'Engineering'
UNION
SELECT name, email
FROM alumni
WHERE current_employer = 'Google'
The problem is when I try to add a third query in
UNION
SELECT name, email
FROM professors
WHERE department = 'Engineering'
it'll persist for maybe an hour, but then revert to just the original query.
I've run CREATE OR REPLACE VIEW... and dropping/recreate and get the same result.
How do I get an updated view definition to persist?
Adding more context
I created the view using DBeaver, a local SQL client using my specific Redshift credentials. The view is called by Periscope, our cloud-based BI tool using shared credentials. Querying the view in Periscope or separate DBeaver windows will eventually revert the view to its original definition.
Redshift shouldn't have a 'memory' of the view's prior DDL that it could revert to. I'm inclined to agree with the comments that something else is overwriting the updates to the view's DDL after you have committed them.
You should be able to see if something is overwriting the view, by querying the stl_query table:
SELECT q.starttime
, u.usename
, q.querytxt
FROM pg_user u
JOIN stl_query q ON u.usesysid = q.userid
WHERE POSITION('<view_name>' IN q.querytxt) > 0
ORDER BY q.starttime DESC
;
This table only contains recent query information (2-5 days according to the Redshift Documentation), so if you haven't experienced this behavior from the view within that timescale, you may need to force it to occur again in order to troubleshoot who/what is altering the DDL.
Additionally, if the view is being overwritten by a user other than yourself, you will need to query stl_query using a super user account (by default, non-super users will only be able to view information for queries that they themselves have executed).
I am trying to create a view in Redshift.But when I close the session and again reopen it then given view is not present.How can I create a view that exists even if my session expires?
Views are not session dependent. They'll exist in storage like any other table.
Are you prefixing your create view [] statement with a schema name i.e. create view schemaname.viewname? If not, the view will either get created in your public schema or the default schema search path.
A way to troubleshoot is to go through the different schema listed and then find out where your view has been created.
If you find your view in public schema, you'll get to know that if no default search path is set and schemaname is not mentioned while creating tables/views, it gets created in the public schema by default.
If you find your view in any other schema, you'll get to know what your search path is.
Views are persistent.
Some possible reasons why you can't see the view:
You are connecting as a different user who has a different Schema search path
You are connecting to a different database
You created the view in a different schema and when you reconnected you went to a default schema
Adding to previous answers, the view dependencies (tables that are used in the view definition) might be dropped and view is dropped consequently.
I would like to create a forms in my Access database which will save data to existing tables. This data entry form will save all valid data to the specified tables.
Now I would like to restrict the table from direct entry, i.e. no one can edit/update data directly in tables.
So please suggest me know can I do this.
You can not make something readonly AND not readonly. The forms need the tables to be writable.
What you can do is hide the tables, see: http://office.microsoft.com/en-gb/access-help/show-or-hide-database-objects-HP005188361.aspx.
If you need the tables for lookups you can make a readonly query based on the table. You have to change the query type to snapshot.
The scenario : an Oracle 11g database containing some sensitive user data that could result legal liabilities if disclosed to the wrong party.
The desired effect : only a certain user, connecting from a certain IP, can see the column that contains this sensitive user data
I am not sure that hidden columns or virtual columns are the right ways to do this. It seems that Fine-Grained Access Control could help. I am not sure of what is the best solution. The restriction by IP is probably done at the listener level?
The question :
How can we restrict the visibility of a column so it is only available only to a specific user? All the other users would never see the column, not even when doing a "DESC TABLE_WITH_SENSITIVE_DATA"
Thanks for any tips.
Simplest way to do this is to create a view on the table that does not contain all of the columns. Don't grant select on the table, but only on the view.
The "proper" way to do this is with Fine-Grained Access Control (Virtual Private Database), which can replace the contents of columns with a NULL if certain conditions are not met.
See the example here: http://docs.oracle.com/cd/B28359_01/network.111/b28531/vpd.htm#autoId17
You can probably build this sort of functionality yourself if you're feeling both impoverished and skilled.
Do you the ability to modify roles and create views? Perhaps you could create two separate views and grant access to two different roles for that table. All users that are restricted from seeing the sensitive data would belong to a "restricted" role and the others would have access to the "unrestricted" role. You would need to grant privileges on each view to the appropriate role.
It is important to note that there are restrictions on updating the underlying data associated with a view. As explained here, views that contain set operators, aggregates and GROUP BY DISTINCT and joins and not modifiable.
I want to get view list for which the current user has select privilege. I understand that we cant get privilage details for views directly unlike tables. In case of tables I have view called 'ALL_TAB_PRIVS'.
How to get the list of view objects those are accessable for current user?
Thanks in Advance.
The ALL_TAB_PRIVS view includes VIEWS in its result set. In fact it includes all objects, so it will also show you procedures on which you have EXECUTE privileges.
Quite why it is called ALL_TAB+PRIVS rather than ALL_OBJ_PRIVS I don't know. I agree it's confusing. However it is correctly documented in the Oracle Reference.
Incidentally, there is a view USER_TAB_PRIVS which shows you the privileges of the current user without having to restrict on GRANTEE.