I'm working on a Qt/C++ open source project that uses MySQL databases. One class will be used during initial configuration (first run) where the user will be able to select a database. Is there a way to provide a list of all databases on a host without logging in and executing a SHOW DATABASES; transaction? I want to get a list of all databases on the host, not just those owned by a particular user. The only way I know of to do this is to execute SHOW DATABASES; as root on a specific host, but I don't want to require the user to have root access except in certain situations where it is absolutely necessary.
The idea is to have a dialog that lets the user select the default database they want to use during subsequent sessions and provide the user/pass that goes with it. Bonus points if I can get the owner of each database too. (for instance, have the program display that database foo is owned by johndoe while database foo2 is owned by janesmith) Once the user has made a choice, the dialog will then write this info to that user's program configuration file which gets read on normal startup.
Can this be done or will I have to find some workaround such as making the user provide a login/password first and showing a list of databases owned by that account? That would be relatively cumbersome but easy.
You can't execute MySql queries without logging in. That said it is possible to create a user which has very minimal privileges.
You can create a user with just enough privileges to show the list of databases and run the query as that user, then when the user has logged in change the connection string.
There is a SHOW DATABASES grant which allows just that : http://dev.mysql.com/doc/refman/5.0/en/privileges-provided.html#priv_show-databases
Normally you define a user for the application with read-only privileges and after fetching the information needed you present it to the user and then ask for his credentials. I'm just oversimplifying and not going over the specifics of how this is done.
Related
I have multiple databases which have the same exact schema (different data on each one, database per customer of a SaaS platform).
I would like to create a Dashboard (with charts, datasets) which could be populated by the permissions of the logged in user.
This means the dashboard will query the data from a specified source database, instead of a pre-defined one.
The premise is basically to de-couple a chart / dataset from a database and allow it to be parametrised.
This is a case that is not really supported by Superset, but there's one workaround that I can think of that might work: you can define a DB_CONNECTION_MUTATOR in your superset_config.py that routes to a different database depending on the user.
In your superset_config.py, add this function:
def DB_CONNECTION_MUTATOR(uri, params, username, security_manager, source):
user = security_manager.find_user(username=username)
if url.database = "db_name" and user and user.email.endswith("#examplea.com"):
uri.host = "host-for-examplea.com"
return uri, params
In the function above we're changing the host of the SQLAlchemy URL to host-for-examplea.com if the user has an email ending in #examplea.com.
To make it work, create a default database (which we called db_name in this example), and create all the charts/dashboards based on it. Then, users should be redirected to specific databases by the DB_CONNECTION_MUTATOR.
One serious problem that might happen is with caching, though. You should make sure that all caches are disabled to prevent users from seeing data from other databases.
I have a report from power bi, which has a direct connection to the server to obtain the data (analisys services). To access the data from my account I use the on premises data gateway, which works correctly and I can view the data in the web app. The problem appears when the report to another user (both having the pro account). From the account of the other user you can see that a report was shared, but when you open it the following error appears: "Error executing the query because the cube or some internal structures have not been processed (or do not exist)" .Also grant owner permissions to the cube to the user in question. Any clue where it might be failing?
I think you should Map usernames for this connection.
Go to settings -> Manage gateways
Under your gateway cluster you should have your data source (if not you can add a new one and it's quite straight forward to set up, just choose analysis services, write in database name of server and credentials) and then you should go to Users tab.
There you can see Map usernames where you need to Replace the account to which you want to share with an account that has permissions in SSMS.
For example you want to share to example#elpmaxe.com and you have granted permissions in SSMS to user named example.elpmaxe, so in map usernames you would replace example#elpmaxe.com with example.elpmaxe
The answer was easy but finding it was difficult. The issue was that even though you had assigned the role in the cube to the user who wanted to share the report, you had not given them read permission (assuming the role had already been assigned). It is a basic problem but if you are a beginner in analysis services it can get complicated.
After connecting SAP HANA to Power BI, every time I want to display the data in a chart or a tab I get this error message :
error old DB or odbc [SAP AG][LIBODBCHDB32 DLL][HDBODBC32] general error : 258 insufficient privileges
Note that the system user has all the privileges
Can you clarify your use case? If you are SYSTEM, I assume you are using something like HANA Express Edition. Are you using Power BI to select against a Calculation View? If so, you'll need at the very least SELECT on the _SYS_BIC schema (which is also a grossly large GRANT to do, however who cares if this is a sandbox.)
You may also need to grant SYSTEM some Analytic Privileges if it is a calculation view and you did not blank out that option.
Again, this is somewhat speculative unless you can be more specific what type of catalog object you are selecting against in HANA.
The HANA SYSTEM user is the root database administration user. It does not and should not have access to the application data at all.
To use reporting tools with your application data you need to create a DB user and assign this user the read privileges for the DB objects you want to access.
Using SYSTEM for this (or really for anything else than bootstrapping the system) is not recommend and leaves a gaping security hole.
Besides the mentioned security issue with SYSTEM user for just reporting I agree that you should check and assign the analytic privileges on reporting objects to reporting user. Because they must be granted explicitly: there's no "view all" SQL analytic privilege in HANA, so no superuser that can view everything via any Calculation view.
To figure out the problem object you should set trace level to debug for your reporting user and indexserver.authorization component.
I'm developing a small website with Flask & Flask-Login. I need an admin view to monitor all user's online status. I added an is-online column in user db collection and try to update it. But I didn't find any callbacks to handle session expires. How to solve it or any better idea?
Thanks!
FYI, Counting Online Users with Redis | Flask (A Python Microframework) - http://flask.pocoo.org/snippets/71/.
You could get away with checking if users last activity time is bigger(older) than session life time.
if that's the case, you will go on an update their is_online status.
the way i have handled the problem in my application was, since i had a last_activity field in db for each user, to log when they have done what they have done, i could check that value vs session life time.
One very crude method is to create a separate stack that pushes and pops when a user logs in. Assuming that session id and userid on your db is not tied together (i.e., you have separate session id and user id), you can maintain a ledger of sorts and push and pop as sessions are created and destroyed.
You will have to put special emphasis on users running multiple sessions on multiple devices...which is why i put a caveat saying this is a rather crude method.
I have an authentication backend based off a legacy database. When someone logs in using that database and there isn't a corresponding User record, I create one. What I'm wondering is if there is some way to alert the Django system to this fact, so that for example I can redirect the brand-new user to a different page.
The only thing I can think of is adding a flag to the users' profile record called something like is_new which is tested once and then set to False as soon as they're redirected.
Basically, I'm wondering if someone else has figured this out so I don't have to reinvent the wheel.
I found the easiest way to accomplish this is to do exactly as you've said. I had a similar requirement on one of my projects. We needed to show a "Don't forget to update your profile" message to any new member until they had visit their profile for the first time. The client wanted it quickly so we added a 'visited_profile' field to the User's profile and defaulted that to False.
We settled on this because it was super fast to implement, didn't require tinkering with the registration process, worked with existing users, and didn't require extra queries every page load (since the user and user profile is retrieved on every page already). Took us all of 10 minutes to add the field, run the South migration and put an if tag into the template.
There's two methods that I know of to determine if an object has been created:
1) When using get_or_create a tuple is returned of the form (obj, created) where created is a boolean indicating obviously enough whether the object was created or not
2) The post_save signal passes a created paramater, also a boolean, also indicating whether the object was created or not.
At the simplest level, you can use either of these two hooks to set a session var, that you can then check and redirect accordingly.
If you can get by with it, you could also directly redirect either after calling get_or_create or in the post_save signal.
You can use a file-based cache to store the users that aren't yet saved to the database. When the user logs in for the second time, you can look in the cache, find the user object, and save it to the database for good.
Here's some info on django caching: http://docs.djangoproject.com/en/dev/topics/cache/?from=olddocs
PS: don't use Memcached because it will delete all information in the situation of a computer crash or shut down.