There is an option for configuring ASP.NET application to store session info into SQL Server: https://learn.microsoft.com/en-us/previous-versions/ms178586(v=vs.140)
However it requires creating a new database(ASPState) with some script
I'm wondering is there an option for using the application database itself for providing session storage or are there any hardcoded requirements that db name should be ASPState and the only option is creating another database.
I'll first mention it's not a good idea to mix aspstate and user objects in the same database. The aspstate data is used quite heavily and can require significant SQL Server transaction log space for ephemeral data that never needs to be recovered. It would be better to have a dedicated database in the SIMPLE recovery model for session state instead of co-mingling data with different recovery requirements.
The name of the aspstate database is configurable. Specify the Aspnet_regsql -sstype c argument for a custom database and the database name with -d. For example:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_regsql.exe" -ssadd -sstype c -d YourUserDatabase -S YourSqlInstance -E
Below is an aspstate connection string example given the example above for Windows authentication. This can be identical to your normal user database connection string but here I added an explict application name to uniqueify the connection string so that session state uses a separate connection pool.
Data Source=YourSqlInstance;Initial Catalog=YourUserDatabase;Integrated Security=SSPI;Application Name=aspstate
You'll also need to grant permissions on the stored procedures used by session state unless you use a privileged account (a bad practice). Below is a script to do that via role membership:
USE YourUserDatabase;
GO
CREATE Role APSStateRole;
ALTER ROLE APSStateRole
ADD MEMBER [YourUserAccount]; --assuming user already exists
GRANT EXECUTE ON dbo.TempReleaseStateItemExclusive TO ASPStateRole;
GRANT EXECUTE ON dbo.TempInsertUninitializedItem TO ASPStateRole;
GRANT EXECUTE ON dbo.TempInsertStateItemShort TO ASPStateRole;
GRANT EXECUTE ON dbo.TempInsertStateItemLong TO ASPStateRole;
GRANT EXECUTE ON dbo.TempUpdateStateItemShort TO ASPStateRole;
GRANT EXECUTE ON dbo.TempUpdateStateItemShortNullLong TO ASPStateRole;
GRANT EXECUTE ON dbo.TempUpdateStateItemLong TO ASPStateRole;
GRANT EXECUTE ON dbo.TempUpdateStateItemLongNullShort TO ASPStateRole;
GRANT EXECUTE ON dbo.TempRemoveStateItem TO ASPStateRole;
GRANT EXECUTE ON dbo.TempResetTimeout TO ASPStateRole;
GRANT EXECUTE ON dbo.GetMajorVersion TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetVersion TO ASPStateRole;
GRANT EXECUTE ON dbo.GetHashCode TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetAppID TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetStateItem TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetStateItem2 TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetStateItem3 TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetStateItemExclusive TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetStateItemExclusive2 TO ASPStateRole;
GRANT EXECUTE ON dbo.TempGetStateItemExclusive3 TO ASPStateRole;
GO
Related
I am triyng to run this script on schema 1:
GRANT CREATE ANY TABLE TO schema2;
GRANT INSERT ANY TABLE TO schema2;
but I get this error :
GRANT CREATE ANY TABLE TO schema2
Error at line 1
ORA-01031: Nicht ausreichende Berechtigungen
what should I do now?
ORA-01031: insufficient privileges means that the user you are connected as doesn't have privileges to perform the action you are attempting to do. So in this case SCHEMA1 doesn't have the privileges to GRANT CREATE ANY TABLE to any schema.
If you connect as SYS, SYSTEM, or another privileged user, you can then run the grant GRANT CREATE ANY TABLE TO SCHEMA1 WITH ADMIN OPTION;. Then if you connect to SCHEMA1, you should then be able to run GRANT CREATE ANY TABLE TO schema2;. The same procedure will need to be done for the INSERT ANY TABLE privilege.
Is there an easy way to create a user and grant all privileges to all databases except a specific one?
I've tried this
CREATE USER 'demo'#'%' IDENTIFIED BY 'QbSv9qUj2EJ8mxm2';
GRANT ALL PRIVILEGES ON *.* TO 'demo'#'%';
REVOKE ALL ON id8694160_sqless.* FROM 'demo'#'%'; -- this is the DB I don't want the user to have access to
SHOW GRANTS FOR 'demo'#'%';
But I get the following error:
Error Code: 1141. There is no such grant defined for user 'demo' on host '%'
Is this even possible?
According to the documentation:
Global privileges are granted using *.* for priv_level. Global privileges include privileges to administer the database and manage user accounts, as well as privileges for all tables, functions, and procedures. Global privileges are stored in the mysql.user table.
Database privileges are granted using db_name.* for priv_level, or using just * to use default database. Database privileges include privileges to create tables and functions, as well as privileges for all tables, functions, and procedures in the database. Database privileges are stored in the mysql.db table.
It means that the privileges you grant with GRANT ALL PRIVILEGES ON *.* TO 'demo'#'%'; is represented by one row in the mysql.user table. Revoking privileges for only one database from these global privileges means removing the global privileges from the mysql.user table and add one database privilege for each database except the id8694160_sqless database, in the mysql.db table.
I'm quite sure the REVOKE statement does not do this but you can manually give privileges to all databases except one with a request such as :
INSERT INTO mysql.db
SELECT '%',schema_name,'demo','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y'
FROM information_schema.schemata
WHERE NOT schema_name = 'mysql'
AND NOT schema_name = 'information_schema'
AND NOT schema_name = 'performance_schema'
AND NOT schema_name = 'id8694160_sqless';
FLUSH PRIVILEGES;
While trying to remap schema in impdp i am getting this error.
ORA-31631: privileges are required
ORA-39122: Unprivileged users may not perform REMAP_SCHEMA remappings.
Priviledges are granted to users inside sql shell.
I am executing as oracle user how to grant priviledge to it.I am executing impdp after doing su - oracle
Grant imp_full_database role to the database user and then import
I am transitioning an application from Dev to QA. I have created an sql file to populate the database in the QA environment. In the QA environment I am using windows authentication on the db. My user has minimal permissions. I am comin up with the error
EXECUTE permission denied on object 'aspnet_CheckSchemaVersion', database 'QADB', schema 'dbo'.
when I try an log in. I noticed my db creation script has:
"CREATE ROLE [aspnet_Membership_BasicAccess] AUTHORIZATION [dbo]"
When I change the permissions of my user to dbo, the problem goes away.
I do not wish for my user to be dbo. Does anybody know what I can do to remedy this?
Grant the user the execute permission on the stored procedure, or better still, make sure the user is a member of the role and grant execute permissions to the role.
GRANT EXECUTE ON aspnet_checkscemaversion TO aspnet_membership_basicaccess
My webapp needs to read, write (INSERT, UPDATE, DELETE), and execute stored procedures on a SQL 2008 database with five schemas.
I created a user that authenticates through SQL, and granted the user db_datareader, db_datawriter, and db_procedureexec through Security -> Logins -> (Username) Properties -> User Mappings. I then configured the app to connect to the database using the username and the proper password, but upon attempting to execute a stored procedure, got this error:
The EXECUTE permission was denied on the object '(stored procedure name)', database '(new database)', schema '(schema 1)'.
Finding this user in the Security section of the database, I made it the owner of the five schemas in the DB.
Did I grant too many privileges? Should an application-level user be a schema owner in order to read, write, and exec procedures?
No, an app user should not need to be a schema owner in order to read, write and exec procedures.
You can say things like:
GRANT EXEC ON SCHEMA::whatever TO [user];
This will allow them to execute procedures in the [whatever] schema. In order to not require transitive privileges (e.g. say your procedures execute dynamic SQL), you can consider setting them to EXECUTE AS OWNER.
You don't want to grant an application user ownership of a database. This essentially gives them cart blanche. What you should do is to grant db_datareader and db_datawriter roles to the user, and grant execute on all applicable stored procedures and functions.