Creating user in multiple databases
Hi All,
I want to create an user in multiple Databases (100+)
Could any one can share the script .
Oracle DB Version - 9.2.0.6,9.2.0.7 & 10.2.0.2
Os - Hp Unix.
Kindly help me out from this.
Thanks,
Ram.
895188 wrote:
Hi
Thanks a lot for your reply
I can follow your command but my requirement is to do the same in all 100+ databases which is a pain ful proces, So looking for script to create an user in all databases in one shot.
You need to connect to each DB; one at a time.
Realize that "script" is Operating System dependent & you decided not to share your OS with us.
We had an common server which can able to connect all the databases individually, by using the TNS Entries.
I am glad you have this since it will be needed to complete your task.
Similar Messages
-
Program to Create Users in Multiple Clients at Once
Hello experts.
We have a multi-client architecture and I have to frequently create users in many of them at once.
Is there a fast way or does anybody have ABAP code to create users in multiple clients by while also an existing users Roles?
We have a program to copy the users, but I still have to go into every system and assign roles. This is very tedious, so I would appreciate any help.Hello Valhalla,
Try this way:
BAPI_USER_CREATE1 is remote enabled so you can create RFC destination for the all the system
you want to create users.
Load all the rfc destination in one table.
Load all the users need to be created in one table.
Loop at rfc_dest_tab.
loop at users_tab.
CALL FUNCTION 'BAPI_USER_CREATE1' DESTINATION rfc_dest_tab-RFC_DESTINATION
EXPORTING
USERNAME = users_tab-USERNAME
NAME_IN =
LOGONDATA =
PASSWORD =
DEFAULTS =
ADDRESS =
COMPANY =
SNC =
REF_USER =
ALIAS =
EX_ADDRESS =
UCLASS =
TABLES
PARAMETER =
RETURN =
ADDTEL =
ADDFAX =
ADDTTX =
ADDTLX =
ADDSMTP =
ADDRML =
ADDX400 =
ADDRFC =
ADDPRT =
ADDSSF =
ADDURI =
ADDPAG =
ADDCOMREM =
GROUPS =
PARAMETER1 =
EXTIDHEAD =
EXTIDPART = .
ENDLOOP.
ENDLOOP.
This will create required user in remote SAP systems.
Hope this solves your issue!
Thanks,
Augustin.
Edited by: Augustarian on Aug 22, 2009 11:52 AM
Edited by: Augustarian on Aug 22, 2009 11:52 AM -
How to create user in Express database through express command
Hi
In our application we need add/delete new user to the OFA. Is there any way of doing this through the automated express.? Is there any Express command to add new user ?
If so,Please let me know how to do that.
Thanks
MurugesanMurugesan ,
You are using pure Express and OFA, and you are not using Oracle OLAP, right ?
If you create an user in OFA super administrator database, using the front-end as usual, you could see using express monitor command RECAP what commands were performed thru the API. But don´t forget to check which command fires the task USER_UPDATE that goes to the task processor, to update user information at the shared database.
You can also take a look at the OFA API document available for download at metalink, it could give you some more help.
Flavio -
Creating Views on multiple databases
In our database environment we have three databases Prod, Test, and Dev. Can anyone tell me if there is any value to ensuring that all three databases have exactly the same views on each of them all the time.(most views are fairly simplistic). Also is there an easy way to copy the views or tables from one database to the others quickly without rerunning the scripts on each database. Thanks.
Arjen,
I am a bit confused by what it is you need. It appears you may have Entity Object and View Objects mixed up. Entity Objects are one-to-one with database tables. So, for every table one Entity Object, and the other way around. Associations are, pretty much, one-to-one with foreign keys on the database. So, if two tables have a foreign key between them, the two Entity Objects will have an Association between them. In that respect, Entity Objects and Associations are usually 'strictly defined' by the database model.
The layer of View Objects and View Links is where you 'get design control' in the Business Components arena. A View Object can be based on zero, one or more Entity Objects. Viewlink, defining 'Master-Detail' relationships between View Objects (and NOT Entity Objects!!) can but don't have to be based on Entity Associations (i.e. foreign keys), but can be based on any attribute in the 'Master' view to any attribute in the 'Detail' view.
In this respect, your statement that you want to "make a master-detail between entity1 and view1" makes no sense. It sounds like you need to create a View2, and then make a View Link between View1 and View2.
Kind regards,
Peter Ebell
JHeadstart Team -
1 user license access multiple database
Hi all...
I have a question :
In SAP B1 8.8, can 1 user license (for 1 physical user) access multiple databases?
Multiple database is created for Head Office and Branches.
Since Finance Accounting Manager is centralized at Head Office, so the Manager must have access to multiple databases.
Can only 1 user license applied to this Finance Accounting Manager?
Regards,Hi Ingrid,
Finance/Logistic/CRM Limited will perform as professional user license in the multiple db accessing in one server except the functionality authorization. You must make sure that all the users that use the Finance/Logistic/CRM Limited license have the same user code in the dbs
JimM
<ultra - said it once> -
Modify Script to Create User Role on Single Database.
Hi All,
Below is the script to create user role on database. Here problem is when I execute this script, it creates user role for all database within an instance and I want it to create user role only on 2 database say TEST1 and TEST2
Can anyone help me to modify the script?
--===================================================================================
-- Description
-- Database Type: MSSQL
-- This script creates a role called 'gdmmonitor' for ALL databases.
-- It grants some system catalogs to this role to allow Classification and Assessment on the database.
-- It then adds a user called "sqlguard" to all databases and grants this user gdmmonitor role.
-- before runnign this script
-- you MUST CREATE A SQL LOGIN CALLED 'sqlguard'
-- This sqlguard login doesn't need to be added to any database or given
-- any privilege. The script will take care of that.
-- Note:
-- If you wish to use a different login name (instead of 'sqlguard') you need to change
-- the value of the variable '@Guardium_user' in the script below;
-- (Look for the string: "set @Guardium_user = 'sqlguard'" and replace the 'sqlguard')
-- after runnign this script
-- Nothing to do, the script already creates the db user
-- User/Password to use
-- User: sqlguard (or any other name, if changed)
-- Pass: user defined
-- Role: gdmmonitor
--===================================================================================
PRINT '>>>==================================================================>>>'
PRINT '>>> Creating role: "gdmmonitor" at the server level.'
PRINT '>>>==================================================================>>>'
-- Change to the master database
USE master
-- *** If a different login name is desired, define it here. ***
DECLARE @Guardium_user AS varchar(50)
set @Guardium_user = 'sqlguard'
DECLARE @dbName AS varchar(256)
DECLARE @memberName AS varchar(256)
DECLARE @dbVer AS nvarchar(128)
SET @dbVer = CAST(serverproperty('ProductVersion') AS nvarchar)
SET @dbVer = SUBSTRING(@dbVer, 1, CHARINDEX('.', @dbVer) - 1)
IF (@dbVer = '8') SET @dbVer = '2000'
ELSE IF (@dbVer = '9') SET @dbVer = '2005'
ELSE IF (@dbVer = '10') SET @dbVer = '2008'
ELSE IF (@dbVer = '11') SET @dbVer = '2012'
ELSE SET @dbVer = '''Unsupported Version'''
IF (@dbVer != '2000')
BEGIN
-- This privilege is required to peform a specific MSSQL test.
-- Test name: SQL OLEDB disabled (DisallowAdhocAccess registry key)
-- Procedure execute: EXEC master.dbo.sp_MSset_oledb_prop
-- Purpose: To display provider property, not changing anything.
PRINT '==> Granting MSSSQL 2005 and above setupadmin server role'
EXEC master..sp_addsrvrolemember @loginame = @Guardium_user, @rolename = N'setupadmin'
END
SELECT @dbName = DB_NAME()
PRINT '==> Starting MSSql ' + @dbVer + ' role creation on database: ' + @dbName
-- find any members of the role if they exist
CREATE TABLE #rolemember (membername VARCHAR(256) NOT NULL)
INSERT INTO #rolemember
SELECT DISTINCT usr.name FROM dbo.sysusers usr, .dbo.sysmembers mbr
WHERE usr.uid = mbr.memberuid
AND mbr.groupuid = (SELECT uid FROM .dbo.sysusers WHERE name = 'gdmmonitor')
-- Drop the Role Members If they exist
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Dropping the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Dropping member: ''' + @memberName + ''''
exec('EXEC sp_droprolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the role if it exists
IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = 'gdmmonitor')
BEGIN
PRINT '==> Dropping the role gdmmonitor on: ' + @dbName
exec sp_droprole 'gdmmonitor'
END
-- Create the role
PRINT '==> Creating the role gdmmonitor on: ' + @dbName
exec sp_addrole 'gdmmonitor'
-- Grant select privileges to the role for MSSql Common
PRINT '==> Granting common SELECT privileges on: ' + @dbName
GRANT SELECT ON dbo.spt_values TO gdmmonitor
GRANT SELECT ON dbo.sysmembers TO gdmmonitor
GRANT SELECT ON dbo.sysobjects TO gdmmonitor
GRANT SELECT ON dbo.sysprotects TO gdmmonitor
GRANT SELECT ON dbo.sysusers TO gdmmonitor
GRANT SELECT ON dbo.sysconfigures TO gdmmonitor
GRANT SELECT ON dbo.sysdatabases TO gdmmonitor
GRANT SELECT ON dbo.sysfiles TO gdmmonitor
GRANT SELECT ON dbo.syslogins TO gdmmonitor
GRANT SELECT ON dbo.syspermissions TO gdmmonitor
-- Grant execute privileges to the role for MSSql Common
PRINT '==> Granting common EXECUTE privileges on: ' + @dbName
GRANT EXECUTE ON sp_helpdbfixedrole TO gdmmonitor
GRANT EXECUTE ON sp_helprotect TO gdmmonitor
GRANT EXECUTE ON sp_helprolemember TO gdmmonitor
GRANT EXECUTE ON sp_helpsrvrolemember TO gdmmonitor
GRANT EXECUTE ON sp_tables TO gdmmonitor
GRANT EXECUTE ON sp_validatelogins TO gdmmonitor
GRANT EXECUTE ON sp_server_info TO gdmmonitor
-- Check if the version is 2005 or greater
IF (@dbVer != '2000')
BEGIN
-- Grant select privileges to the role for MSSql 2005 and above
PRINT '==> Granting MSSql 2005 and above SELECT privileges on: ' + @dbName
GRANT SELECT ON sys.all_objects TO gdmmonitor
GRANT SELECT ON sys.database_permissions TO gdmmonitor
GRANT SELECT ON sys.database_principals TO gdmmonitor
GRANT SELECT ON sys.sql_logins TO gdmmonitor
GRANT SELECT ON sys.sysfiles TO gdmmonitor
GRANT SELECT ON sys.database_role_members TO gdmmonitor
GRANT SELECT ON sys.server_role_members TO gdmmonitor
GRANT SELECT ON sys.configurations TO gdmmonitor
GRANT SELECT ON sys.master_key_passwords TO gdmmonitor
GRANT SELECT ON sys.server_principals TO gdmmonitor
GRANT SELECT ON sys.server_permissions TO gdmmonitor
GRANT SELECT ON sys.credentials
TO gdmmonitor
--This is called by master.dbo.sp_MSset_oledb_prop.
--By defautl it should have already been granted to public.
GRANT EXECUTE ON sys.xp_instance_regread TO GDMMONITOR
GRANT EXECUTE ON sys.sp_MSset_oledb_prop TO GDMMONITOR
END
-- Re-add the dropped members
IF EXISTS (SELECT 1 FROM #rolemember)
BEGIN
PRINT '==> Re-adding the role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Re-adding member: ''' + @memberName + ''''
exec('EXEC sp_addrolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- END of role creation on database
PRINT '==> END of role creation on: ' + @dbName
PRINT ''
-- Change to the msdb database
USE msdb
set @memberName = ''
SELECT @dbName = DB_NAME()
PRINT '==> Starting MSSql ' + @dbVer + ' role creation on database: ' + @dbName
-- find any members of the role if it exists
TRUNCATE TABLE #rolemember
INSERT INTO #rolemember
SELECT DISTINCT usr.name FROM .dbo.sysusers usr, .dbo.sysmembers mbr
WHERE usr.uid = mbr.memberuid
AND groupuid = (SELECT uid FROM .dbo.sysusers WHERE name = 'gdmmonitor')
-- Drop the Role Members If they exist
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Dropping the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Dropping member: ''' + @memberName + ''''
exec('EXEC sp_droprolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the role if it exists
IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = 'gdmmonitor')
BEGIN
PRINT '==> Dropping the gdmmonitor role on: ' + @dbName
exec sp_droprole 'gdmmonitor'
END
-- Create the role
PRINT '==> Creating the gdmmonitor role on: ' + @dbName
exec sp_addrole 'gdmmonitor'
-- Grant select privileges to the role for MSSql Common
PRINT '==> Granting common SELECT privileges on: ' + @dbName
GRANT SELECT ON dbo.sysobjects TO gdmmonitor
GRANT SELECT ON dbo.sysusers TO gdmmonitor
GRANT SELECT ON dbo.sysprotects TO gdmmonitor
GRANT SELECT ON dbo.sysmembers TO gdmmonitor
GRANT SELECT ON dbo.sysfiles TO gdmmonitor
GRANT SELECT ON dbo.syspermissions TO gdmmonitor
GRANT SELECT ON dbo.backupset TO gdmmonitor
-- Check if the version is 2005 or greater
IF (@dbVer != '2000')
BEGIN
-- Grant select privileges to the role for MSSql 2005 and above
PRINT '==> Granting MSSql 2005 and above SELECT privileges on: ' + @dbName
GRANT SELECT ON sys.all_objects TO gdmmonitor
GRANT SELECT ON sys.database_permissions TO gdmmonitor
GRANT SELECT ON sys.database_principals TO gdmmonitor
GRANT SELECT ON sys.sysfiles TO gdmmonitor
-- Grant execute privileges to the role for MSSql 2005 or above
PRINT '==> Granting MSSql 2005 and above EXECUTE privileges on: ' + @dbName
GRANT EXECUTE ON msdb.dbo.sp_enum_login_for_proxy TO gdmmonitor
GRANT SELECT ON sys.database_role_members TO gdmmonitor
END
IF (@dbVer > '2000' and @dbVer < '2012')
--This sp is not available in SQL 2012
BEGIN
GRANT EXECUTE ON sp_get_dtspackage TO gdmmonitor
END
-- Re-add the dropped members
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Re-adding the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Re-adding member: ''' + @memberName + ''''
exec('EXEC sp_addrolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the temporary table
DROP TABLE #rolemember
-- END of role creation on database
PRINT '==> END of gdmmonitor role creation on: ' + @dbName
-- Role creation complete
PRINT '<<<==================================================================<<<'
PRINT '<<< END of creating role: "gdmmonitor" at the server level.'
PRINT '<<<==================================================================<<<'
PRINT ''
PRINT '>>>==================================================================>>>'
PRINT '>>> Starting application database role creation'
PRINT '>>>==================================================================>>>'
use master
DECLARE @databaseName AS varchar(80)
DECLARE @executeString AS varchar(7950)
DECLARE @dbcounter as int
set @dbcounter = 0
DECLARE DatabaseCursor CURSOR FOR SELECT name from sysdatabases where name not in ('master', 'msdb')
and not (status & 1024 > 1)
--read only
and not (status & 4096 > 1)
--single user
and not (status & 512 > 1)
--offline
and not (status & 32 > 1)
--loading
and not (status & 64 > 1)
--pre recovery
and not (status & 128 > 1)
--recovering
and not (status & 256 > 1)
--not recovered
and not (status & 32768 > 1)
--emergency mode
OPEN DatabaseCursor
FETCH DatabaseCursor INTO @databaseName
WHILE @@Fetch_Status = 0
BEGIN
set @dbcounter = @dbcounter + 1
set @databaseName = '"' + @databaseName + '"'
set @executeString = ''
set @executeString = 'use ' + @databaseName + ' ' +
'PRINT ''>>>==================================================================>>>'' ' +
'PRINT ''>>> Starting MSSql ' + @dbVer + ' role creation on database: ' + @databaseName + ''' ' +
'PRINT ''>>>==================================================================>>>'' ' +
'/* Variable @memberNameDBname must be declare within the string or else it will fail */ ' +
'DECLARE @memberName' + cast(@dbcounter as varchar(5)) + ' as varchar(50) ' +
'/*find any members of the role if it exists*/ ' +
'CREATE TABLE #rolemember (membername VARCHAR(256) NOT NULL) ' +
'INSERT INTO #rolemember ' +
'SELECT DISTINCT usr.name FROM dbo.sysusers usr, dbo.sysmembers mbr ' +
'WHERE usr.uid = mbr.memberuid ' +
'AND groupuid = (SELECT uid FROM dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'/*Drop the Role Members If they exist*/ ' +
'IF EXISTS (SELECT * FROM #rolemember) ' +
'BEGIN ' +
'PRINT ''==> Dropping the role members on: ' + @databaseName + ''' ' +
'DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember ' +
'OPEN DropCursor ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'WHILE @@Fetch_Status = 0 ' +
'BEGIN ' +
'PRINT ''==> Dropping member: '' + @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'exec(''EXEC sp_droprolemember ''''gdmmonitor'''', '''''' + @memberName' + cast(@dbcounter as varchar(5)) + ' + '''''';'') ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'END ' +
'CLOSE DropCursor ' +
'DEALLOCATE DropCursor ' +
'END ' +
'/*drop the role if it exists*/ ' +
'IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'BEGIN ' +
'PRINT ''==> Dropping the gdmmonitor role on: ' + @databaseName + ''' ' +
'exec sp_droprole ''gdmmonitor'' ' +
'END ' +
'/* Create the role */ ' +
'PRINT ''==> Creating the gdmmonitor role on: ' + @databaseName + ''' ' +
'exec sp_addrole ''gdmmonitor'' ' +
'/* Grant select privileges to the role for MSSql Common */ ' +
'PRINT ''==> Granting common SELECT privileges on: ' + @databaseName + ''' ' +
'GRANT SELECT ON dbo.sysmembers TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysobjects TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysprotects TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysusers TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysfiles TO gdmmonitor ' +
'GRANT SELECT ON dbo.syspermissions TO gdmmonitor ' +
'/* Check if the version is 2005 or greater */ ' +
'IF (' + @dbVer + ' != ''2000'') ' +
'BEGIN ' +
'/* Grant select privileges to the role for MSSql 2005 and above */ ' +
'PRINT ''==> Granting MSSql 2005 and above SELECT privileges on: ' + @databaseName + ''' ' +
'GRANT SELECT ON sys.database_permissions TO gdmmonitor ' +
'GRANT SELECT ON sys.all_objects TO gdmmonitor ' +
'GRANT SELECT ON sys.database_principals TO gdmmonitor ' +
'GRANT SELECT ON sys.sysfiles TO gdmmonitor ' +
'GRANT SELECT ON sys.database_role_members TO gdmmonitor ' +
'END ' +
'/* Re-add the dropped members */ ' +
'IF EXISTS (SELECT 1 FROM #rolemember) ' +
'BEGIN ' +
'PRINT ''==> Re-adding the gdmmonitor role members on: ' + @databaseName + ''' ' +
'DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember ' +
'OPEN DropCursor ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'WHILE @@Fetch_Status = 0 ' +
'BEGIN ' +
'PRINT ''==> Re-adding member: '' + @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'exec(''EXEC sp_addrolemember ''''gdmmonitor'''', '''''' + @memberName' + cast(@dbcounter as varchar(5)) + ' + '''''';'') ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'END ' +
'CLOSE DropCursor ' +
'DEALLOCATE DropCursor ' +
'END ' +
'/* drop the temporary table */ ' +
'DROP TABLE #rolemember ' +
'PRINT ''<<<==================================================================<<<'' ' +
'PRINT ''<<< END of role creation on: ' + @databaseName + ''' ' +
'PRINT ''<<<==================================================================<<<'' ' +
'PRINT '' ''' +
'PRINT '' '''
execute (@executeString)
FETCH DatabaseCursor INTO @databaseName
END
CLOSE DatabaseCursor
DEALLOCATE DatabaseCursor
-- Adding user to all the databases
-- and grant gdmmonitor role, only if login exists.
PRINT '>>>==================================================================>>>'
PRINT '>>> Add and Grant gdmmonitor role to: ''' + @Guardium_user + ''''
PRINT '>>> on all databases.'
PRINT '>>>==================================================================>>>'
USE master
/* Check if @Guardium_user is a login exist, if not do nothing.*/
IF NOT EXISTS (select * from syslogins where name = @Guardium_user)
BEGIN
PRINT ''
PRINT '************************************************************************'
PRINT '*** ERROR: Could not find the login: ''' + @Guardium_user + ''''
PRINT '*** Please add the login and re-run this script.'
PRINT '************************************************************************'
PRINT ''
END
ELSE
BEGIN
DECLARE @counter AS smallint
set @counter = 0
-- This loop runs 4 time just to make sure that the @Guardium_user gets added to all db.
-- 99% of the time, this is totally unnecessary. But in some rare case on SQL 2005
-- the loop skips some databases when it tried to add the @Guardium_user.
-- After two to three executions, the user is added in all the dbs.
-- Might be a SQL Server bug.
WHILE @counter <= 3
BEGIN
set @counter = @counter + 1
set @databaseName = ''
set @executeString = ''
DECLARE DatabaseCursor CURSOR FOR SELECT name from sysdatabases
where not (status & 1024 > 1)
--read only
and not (status & 4096 > 1)
--single user
and not (status & 512 > 1)
--offline
and not (status & 32 > 1)
--loading
and not (status & 64 > 1)
--pre recovery
and not (status & 128 > 1)
--recovering
and not (status & 256 > 1)
--not recovered
and not (status & 32768 > 1)
--emergency mode
OPEN DatabaseCursor
FETCH DatabaseCursor INTO @databaseName
WHILE @@Fetch_Status = 0
BEGIN
set @databaseName = '"' + @databaseName + '"'
set @executeString = ''
set @executeString = 'use ' + @databaseName + ' ' +
'/*Check if the login already has access to this database */ ' +
'IF EXISTS (select * from sysusers where name = ''' + @Guardium_user + ''' and islogin = 1) ' +
'BEGIN ' +
'/*Check if login already have gdmmonitor role*/ ' +
'IF NOT EXISTS (SELECT usr.name FROM dbo.sysusers usr, dbo.sysmembers mbr WHERE usr.uid = mbr.memberuid ' +
'AND mbr.groupuid = (SELECT uid FROM dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'AND usr.name = ''' + @Guardium_user + ''') ' +
'BEGIN ' +
'PRINT ''==> Granting gdmmonitor role to ' + @Guardium_user + ' on database ' + @databaseName + ''' ' +
'execute sp_addrolemember ''gdmmonitor''' + ', [' + @Guardium_user + '] ' +
'PRINT '' ''' +
'END ' +
'END ' +
'IF NOT EXISTS (select * from sysusers where name = ''' + @Guardium_user + ''' and islogin = 1) ' +
'BEGIN ' +
'PRINT ''==> Adding user [' + @Guardium_user + '] to database: ' + @databaseName + ''' ' +
'execute sp_adduser [' + @Guardium_user + '] ' +
'PRINT ''==> Granting gdmmonitor role to ' + @Guardium_user + ' on database ' + @databaseName + ''' ' +
'execute sp_addrolemember ''gdmmonitor''' + ', [' + @Guardium_user + '] ' +
'PRINT '' ''' +
'END '
execute (@executeString)
FETCH DatabaseCursor INTO @databaseName
END
CLOSE DatabaseCursor
DEALLOCATE DatabaseCursor
END -- end while
-- Required for Version 2005 or greater.
IF (@dbVer != '2000')
BEGIN
-- Grant system privileges to the @guardium_user. This is a requirement for >= SQL 2005
-- or else some system catalogs will filter our result from assessment test.
-- This will show up in sys.server_permissions view.
PRINT '==> Granting catalog privileges to: ''' + @Guardium_user + ''''
execute ('grant VIEW ANY DATABASE to [' + @Guardium_user + ']' )
execute ('grant VIEW ANY DEFINITION to [' + @Guardium_user + ']' )
END
PRINT '<<<==================================================================<<<'
PRINT '<<< Finished Adding and Granting gdmmonitor role to: ''' + @Guardium_user + ''''
PRINT '<<< on all databases.'
PRINT '<<<==================================================================<<<'
PRINT ''
END
GOThanks a lot Sir... it worked.
Can you also help me in troubleshooting below issue?
This script is working fine on all databases except one MS SQL 2005 database. build of this database is 9.00.3042.00
SA account with highest privileges is been used for script execution. errors received are as follow:
>>>==================================================================>>>
>>> Creating role: "gdmmonitor" at the server level.
>>>==================================================================>>>
==> Granting MSSSQL 2005 and above setupadmin server role
==> Starting MSSql 2005 role creation on database: master
(0 row(s) affected)
==> Dropping the gdmmonitor role members on: master
==> Creating the role gdmmonitor on: master
Msg 15002, Level 16, State 1, Procedure sp_addrole, Line 16
The procedure 'sys.sp_addrole' cannot be executed within a transaction.
==> Granting common SELECT privileges on: master
Msg 15151, Level 16, State 1, Line 117
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 118
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 119
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 120
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 121
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 122
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 123
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 124
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 125
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 126
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
==> Granting common EXECUTE privileges on: master
Msg 15151, Level 16, State 1, Line 130
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 131
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 132
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 133
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 134
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 135
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 136
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission. -
[ask] Multiple database for a user
Hi,
pardon for my very basic question since i'm new in database world. Currently I've been playing with XE and I cannot find a complete documentation on the subject, therefore I venture myself to ask some basic tasks of XE, such as:
1. Can a user have multiple database (or schema) or only 1?
2. If it can have multiple database, how can them be viewed?
3. How can I delete one of them if no 1 is true?
4. How can I delete a table?
5. Where can I find a thorough documentation on XE besides tutorial?
Best Regards,
Joeuser11357901 wrote:
Hi,
pardon for my very basic question since i'm new in database world. Currently I've been playing with XE and I cannot find a complete documentation on the subject, therefore I venture myself to ask some basic tasks of XE, such as:
1. Can a user have multiple database (or schema) or only 1?User infact IS a schema , and so schema IS user. They don't own the database;they belong to only one database,although they could
perform some actions on other databases
2. If it can have multiple database, how can them be viewed?You can access objects on remote database B with the user from database A by using database links
3. How can I delete one of them if no 1 is true?N/A
4. How can I delete a table?If using SQL, then DROP command is the one you want. DELETE command is used to delete row/s from a table, not to delete table
5. Where can I find a thorough documentation on XE besides tutorial?oracle.tahiti.com would be the best choice
>
Best Regards,cheers -
Hi,
I am trying to craete user in portal which is ending up with error " an error occured in the persistance.the original message was LDAP- error code 50-00000005 SecErr DSID-03151E04, Problem 4003(Insuff_Access_Rights) data 0 : something like taht.
I am new to this creating users.
The UME config shows
Datasource: Microsoft ADS(Deep heirarchy)+database
Data Source file name: dataSourceConfiguration_Ads_deep_writable.db.xml
What does the above config means? If i create a user under sys admin in portal, where is the user getting created? is it the portal DB or LDAP?
Thanks in advance.Hi,
if i want to create some portal users in portal DB, what should be the UME configuration?
if you want to create user in portal database then you have to use UME confiuration as DATABASE ONLY.
pls refer the below link
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/7e/a2d475e5384335a2b1b2d80e1a3a20/content.htm
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/38/caeaf49cce45d0a11fb8d7fef151b0/content.htm
Thanks
Anil -
Hi,
We are in the process of consolidating several databases on a single instance of SQL Server 2012.
Databases are developed by outside vendors; they have to be able to install and support their databases but they shouldn't be able to do any thing with the other databases.
When I tried to migrate the first database, the vendor told me that on the former server he used the sa account in some batch.
On a previous thread
https://social.technet.microsoft.com/Forums/sqlserver/en-US/dc1f802f-d8de-4e2b-87e5-ccb289593fb7/security-for-multiple-applications-on-a-single-sql-server-2012-instance?forum=sqlsecurity
it was suggested to me that I create a login for each vendor and that this login should map a user in their respective databases.
To test, I simulated the process in a test database:
1 - I create the login and I scripted the command:
USE [master]
GO
/* For security reasons the login is created disabled and with a random password. */
/****** Object: Login [M02_Test] Script Date: 2014-12-02 16:23:58 ******/
CREATE LOGIN [M02_Test] WITH PASSWORD=N'ÈS^y¡¶=Å€"+y¤j|úªhÖféÎЕœEu
c', DEFAULT_DATABASE=[M02], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
ALTER LOGIN [M02_Test] DISABLE
GO
2 - I create the user and scripted it
USE [M02]
GO
/****** Object: User [M02_Test] Script Date: 2014-12-02 16:29:41 ******/
CREATE USER [M02_Test] FOR LOGIN [M02_Test] WITH DEFAULT_SCHEMA=[dbo]
GO
Questions:
What should we do with te scrambled password: is it saved as it was entered and should it be kept somewhere in a safe place?
Would that do the job for the vendor who used sa before?
Thanks for your adviceI'm not sure why you would save the script. Why not create the login, in one way or another give the vendor the password. Keep the login disabled until needed.
I don't recall exactly what we said last time, but it occurs to me that the application setup things on server level. Jobs is the prime thing that comes to mind, but there could be other things.
Now, here is an important observation. As long as the vendor's application was alone on the server, that was OK, and it was OK to give the vendor sysadmin rights. In this situation this is less OK, and as we said, you should only give the vendor db_owner
in the database.
But the vendor will need to tell you what they do on server-level. They should know this - unless they sell their app as a "alone-on-a-server application". (And there are indeed such applications out there, even from Microsoft.) But there is a
risk that they will bill you extra if you make their installation more difficult.
Maybe you will have to give some vendors sysadmin for the installation, but in such case, you should ask them why they need it. If they don't, give them db_owner, and they will have to find out their hard way. (And you don't pay them for learning
their own application.)
Erland Sommarskog, SQL Server MVP, [email protected] -
Multiple database users, ORM, entity framework, best practices
Hello everyone!
You've already helped me several times, however I must ask for an advice once more.
I was assigned to develop .NET application with Data Access Layer and I've decided to use Oracle Database Software to provide sample data.
As I'm absolute novice considering creating DAL I'd be grateful if you can examine my plan in terms of security and reliability:
My database:
1) I've created database with sample tables and relations between them. All tables belongs to databaseAdmin.
2) I've created HR and Manager database users and granted them some privileges on certain databaseAdmin's tables. My intention is to reduce access to unnecessary tables. If my application user want to make some changes to Customers table it should be enough to connect to database as HR.
And now I'd like to map my database using Entity Framework in my application. And that's where I have a problem:
-If I create Entity Model basing on databaseAdmin tables I get perfect model, however every Entity SQL query would be executed on behalf of databaseAdmin, which breaks my idea of hiding unnecessary tables.
-If I create Entity Model for HR and Manager users, my models could overlap on tables that both users have access to and no connection between tables would be generated (as from their point of view those tables are just some tables that belong to databaseAdmin)
Could you help me with this deadlock? Or maybe my assumptions about multiple database users are incorrect? Please, bear in mind I'm a novice.
I was trying to find a solution in web, and there're tons of data discussing technical aspects of Entity Framework etc., but not so many documents about conceptual model of database.hi Michael,
Thanks for you posting!
Sorry for I am not totally understanding your issue. Maybe two points need your confirm:
1. I confuse with the "Service controller"? IS your meaning MVC controller? Or ServiceController(http://www.codeproject.com/Articles/31688/Using-the-ServiceController-in-C-to-stop-and-start
2.whether The type of ID in the model is match to the database ? In other words, Is the type of IDin .edmx matched to the database?
By the way, it seems that this issue is more related to EF. You could post this issue on EF discussion for better support.
Thanks & Regards,
Will
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
How to create user other than 'sa' to connect database server in SAP SBO
I want to ask how the step for create user other than 'sa' to connect database server in SAP SBO? Until now I use 'sa' (default) for connect to database server in SAP SBO application.
Can I do that?You may create multiple SQL users to give full right to B1 database instead of using 'sa' user.
However, the preferred way would be by Use Trusted connection when you set the connection to SQL Server. In this way, you just need one more user for SQL. A group of window users could use this SQL access to connect database server.
Thanks,
Gordon -
How to create a user in UME Database using web dynpro java custom application
Hi,
Can you please suggest me how to create a user in UME Database using web dynpro java custom application.
My Requirement is user can register his/her user id in SAP Portal 7.3 UME database.
Please suggest me.
Thanks and Regards,
AmitHi Amit,
Generated Documentation (Untitled)
This is what you're looking for, there's no real cook-book -- though Amey mentioned there might be some material on SDN, perhaps some tutorials.
You should be looking into com.sap.security.api.IUserFactory, methods newUser(String) which gives you and IUserMaint and commitUser(IUserMaint, IUserAccount) -- IUserAccount can be obtained using com.sap.security.api.IUserAccountFactory, method newUserAccount(String)
Hope it helps,
D. -
How do i create multiple databases on the same unix box?
Hello experts.
Please send me some guidelines on how to create multiple databases on the same unix box and how to configure their startups including listeners.
Please also, list me the possible precautions to takes especially if the existing database is a production one!
thanks very much for you reply
Best Regards
YogeerajHello,
I tried the following:
svrmgrl> startup nomount pfile=I:\d01\oracle\admin\cmttest\pfile\init.ora
then
svrmgrl> CREATE DATABASE cmttest
LOGFILE 'i:\d01\oracle\oradata\cmttest\redo01.log' SIZE
1024K,'i:\d01\oracle\oradata\cmttest\redo02.log' SIZE 1024K
MAXLOGFILES 32
MAXLOGMEMBERS 3
MAXLOGHISTORY 1
DATAFILE 'i:\d01\oracle\oradata\cmttest\system01.dbf' SIZE 50M REUSE
MAXDATAFILES 254
MAXINSTANCES 1
CHARACTER SET WE8ISO8859P1
NATIONAL CHARACTER SET WE8ISO8859P1;
Then when i try to run both databases:
svrmgrl> set instance cmttest
ORA-12500: TNS: Listener failed to start a dedicated process
===================
I am doing something wrong.
please help
Regards
Yogeeraj -
How many users/ schemas can we create in an oracle database?
How many users can we create in an oracle database? Or how many users can oracle handle?
Problem-
I have to store information of ontologies (I will use countries instead) in db.
I have to store information regarding countries.
I have 13 tables in all to maintain for each country.
Now there are two approaches:
1) keep only 13 tables. Have an extra column in each table to indicate that a particular
row stores information for which country.
2) create a new user/ schema for each country. So we can get rid of the extra column
needed in 1st approach.
I have used the second approach. This is because number of entries in each table for a
given country will be large.
So initially when the s/w is installed I create a central-user. Each time data for new
country has to be entered central-user creates a user/ schema, and creates tables for
this user/ schema. The central user can access the tables of all the countries by
country_name.table_name. By this approach I believe searching would be easy.
If there is any flaw in my approach kindly mention it.
Thank youThere is no (practical at least) limit to the number of users & schemas you can have in Oracle.
Your approach, however, is not going to scale nearly as well as the first option you outlined (adding a column). You are going to end up caching every possible variation of the various queries you're going to be executing because you will be referring to so many different tables, which is going to mean that you are doing a lot more work to parsing statements and generally churning through the shared pool. If you create enough users, you're liable to start hitting ORA-04030 errors because your shared pool is so fragmented.
Additionally, you're likely going to end up with a whole lot of dynamically generated SQL to accommodate new schemas getting added over time which is going to cause you even more pain. Figuring out dynamically what table to join in is a heck of a lot more difficult for the programmer to write and for the database to handle than simply passing in a different country code.
If you're concerned about having too much data, you can have your cake and eat it to by adding the country column and partitioning the tables based on country.
Justin
One other item I forgot to mention is maintainability. Having dozens or hundreds of "identical" schemas makes maintenance a huge pain because something like adding a new column now requires dozens or hundreds of separate DDL statements. You're almost guaranteed that some schema isn't going to be in sync-- it's going to miss a column or miss an index, etc.
Message was edited by:
Justin Cave -
How to create a user for a database
hi all,
in the default ORCL database (oracle 10g) how can i create a new user. i did the below steps.
1. connecting as sysdba and creating a user
2. create user kumar identified by kumar;
3. create connect,resource to kumar.
but after this when i tried to connect the ORCl database with user 'kumar' it is giving me the ora-01017 error.
please help me how to create a user to a db using sqlplus.
Thanks,
Kumar.Kumar_9985 wrote:
hi all,
im looking into wrong database. in my system along with orcl another db 'practice' is there. as both are having same ports(1521) and this 'practice' is default database when i connected as 'conn / as sysdba'. instead of this i should have been done as 'conn sys/sysdba@orcl as sysdba'.
sorry for posting this as issue.Has nothing to do with port 1521. That is not used by the database, it is used by the listener. And if you are configured properly (actually, if you are configured by default), the same listener listens on port 1521 for connection requests to all databases on the server.
If you were connecting to the wrong database with 'conn / as sysdba' it's because you had the wrong environment value for ORACLE_SID. In fact, with that connection request, you weren't useing the listener at all. When you added "@orcl", the connection request looked up "orcl" in the tnsnames file, and asked the OS network stack to pass the request on to whatever was using PORT= at HOST=. And that should have been (and obviously was) the listener.
Maybe you are looking for
-
The operation can't be completed because the item "libsmime3.dylib" is in use. This is the error message I get when i try to install the 7.0.1 update. I found a cisco folder on my MAC and tried to Trash it. It won't leave. Maybe I need it... Some of
-
ApplicationIntent and Report Builder
I have a SQL Server 2012 AlwaysOn AG setup including the read-only intent for a secondary. I setup a data source to point to the Listener with the data source type of Microsoft SQL Server entry to include ApplicationIntent=ReadOnly. The Test connecti
-
Can someone please help me? I am having trouble activating my iPhone.
I attach my iPhone to my computer through the USB and the cradle. iTunes opens fine and it shows my iPhone. When the iPhone window opens I get the following error. We could not complete your iTunes store request. The network connection timed out. Mak
-
Line item is repeating while printing
Hi Experts, In my sales order, i have only one line item in the document but while printing it repeating for more than 150 times. Can anyone please give me the solution?
-
Query regarding backup of database
Dear Developers, Greetings Of The Day !!! On button click from my swing application I want to take backup of database. How I can proceed with java. Any help would be appreciated Regards