DB query to check Account status of the user
DB query to check Entitlement status of the user
DB query to check Role and Access Policy mapping.
Please let me know if anyone have these queries?
For Account status
SELECT usr.usr_login,obj.obj_name,ost.ost_status
FROM orc, usr, obj, oiu, ost, obi WHERE orc.orc_key = oiu.orc_key AND oiu.usr_key = usr.usr_key AND oiu.ost_key = ost.ost_key
AND oiu.obi_key = obi.obi_key AND obi.obj_key = obj.obj_key AND obj.obj_name='ABC' order by usr.usr_login
Entitlement status of the user
select usr.usr_login,ENT_LIST.ent_display_name,
ENT_LIST.ent_value,ENT_ASSIGN.ent_status
from ENT_ASSIGN, usr, ENT_LIST where usr.usr_key = ent_assign.usr_key and
ENT_LIST.ent_list_key = ENT_ASSIGN.ent_list_key
and ENT_LIST.ent_value like 'ABC' order by usr.usr_login,ENT_DISPLAY_NAME;
Role and Access Policy mapping
select pol.pol_name, poc.poc_field_value from pol, poc where poc.pol_key = pol.pol_key AND poc.poc_field_name = 'ABC' order by pol.pol_name, poc.poc_field_value
To check Role assigned to User
select usr.usr_login, ugp.ugp_name from usg usg left outer join usr usr on (usg.usr_key = usr.usr_key)
left outer join ugp ugp on (ugp.ugp_key = usg.ugp_key)
where ugp_name ='ABC'
Related
I have made this query for widget. It is working properly if i pass the value directly(ie. ad_role_id). But it is not running when i use dynamic parameter(:role).
for this i have done entry in parameters too.
Please give me some suggestion on it.
hql query:
SELECT ORG.name AS orgName
,INV.documentNo AS documentNo
,INV.invoiceDate AS invoiceDate
,BP.name AS name
,DT.name AS Doctype
,INV.grandTotalAmount AS grandTotalAmount
FROM Invoice INV,
DocumentType AS DT,
BusinessPartner AS BP,
Organization AS ORG
WHERE ORG.id = INV.organization
AND BP.id = INV.businessPartner
AND INV.transactionDocument = DT.id
AND INV.salesTransaction = 'N'
AND INV.id not in (select distinct e.invoice from InvoiceLine e )
AND INV.organization.id IN (select o.id
from Organization AS o,ADRoleOrganization AS arg,ADRole AS ar
where arg.organization = o.id
and ar.id = arg.role
and arg.role = :role)
Probably your parameter configuration for role was not correct.
use Default_Filter_Expressions and configure role as fixed value in parameter.
http://wiki.openbravo.com/wiki/Projects:Selector/Default_Filter_Expressions
I have two User entities u1 and u2
Which have a WorkspaceMember relation by WorkspaceMember.user -> user
And a Workspace entity which contains Workspace.members -> [WorkspaceMember...]
Now what I'm trying to create is a JPQL query which firsts finds two WorkspaceMember entities by their User property and then finding the Workspaces that contain both WorkspaceMember entites.
Here is my query so far which is not working at all - I hope someone can help me on this one as i have not found any suitable example.
String sql = "SELECT wm1 FROM WorkspaceMember wm1 WHERE wm1.user = :user1 AND " +
"SELECT wm2 FROM WorkspaceMember wm2 WHERE wm2.user = :user2 AND EXISTS " +
"(SELECT ws1 FROM Workspace ws1 WHERE (wm1 MEMBER OF ws1.members) AND (wm2r MEMBER OF ws1.members))";
Seconf approach also not working:
String sql2 = "SELECT ws FROM Workspace ws WHERE EXISTS (SELECT wm1 FROM WorkspaceMember wm1 WHERE wm1.user = :user1 AND wm1 MEMBER OF ws.members) AND (SELECT wm2 FROM WorkspaceMember wm2 WHERE wm2.user = :user2 AND wm2 MEMBER OF ws.members)";
Thanks,
Gerrit
I am working on a page where we need to visually compare the schema of same table across the two database-one in sql server and other in mysql.I have to include indexes as well.
now mysql query shows info along with indexes -
select column_name,column_type,table_name,column_key
from INFORMATION_SCHEMA.COLUMNS where table_name = 'tbl_ClientDN'
But for sql server the same query does not return indexes-
select * from INFORMATION_SCHEMA.COLUMNS where table_name = 'tbl_ClientDN'
so i need query to compbine the result of -
sp_helpindex 'tbl_ClientDN'
how to get column_key showing indexes in mssql query.
any suggestion ?
Stay away from INFORMATION_SCHEMA.COLUMNS, especially for indexes, since things like filtered indexes and included columns are not part of the definition. I talk about this in more detail here:
The case against INFORMATION_SCHEMA views
You want to use sys.indexes and sys.index_columns for this. For example:
DECLARE #tablename NVARCHAR(512) = 'dbo.tbl_ClientDN';
SELECT
[Index] = i.name,
[Column] = c.Name,
[Type] = i.type_desc,
PK = i.is_primary_key,
[Unique] = i.is_unique,
[Unique Constraint] = i.is_unique_constraint,
[DESC] = ic.is_descending_key,
[INCLUDE] = ic.is_included_column,
[Filtered] = i.filter_definition -- only for SQL Server 2008+
FROM
sys.indexes AS i
INNER JOIN
sys.index_columns AS ic
ON i.[object_id] = ic.[object_id]
AND i.index_id = ic.index_id
INNER JOIN
sys.columns c
ON ic.column_id = c.column_id
AND ic.[object_id] = c.[object_id]
WHERE
i.[object_id] = OBJECT_ID(#tablename)
ORDER BY [Index], ic.index_column_id;
If you want to do this for all tables at once, then simple changes:
SELECT
[Table] = QUOTENAME(OBJECT_SCHEMA_NAME(i.[object_id]))
+ '.' + QUOTENAME(OBJECT_NAME(i.[object_id])),
[Index] = i.name,
[Column] = c.Name,
[Type] = i.type_desc,
PK = i.is_primary_key,
[Unique] = i.is_unique,
[Unique Constraint] = i.is_unique_constraint,
[DESC] = ic.is_descending_key,
[INCLUDE] = ic.is_included_column,
[Filtered] = i.filter_definition -- only for SQL Server 2008+
FROM
sys.indexes AS i
INNER JOIN
sys.index_columns AS ic
ON i.[object_id] = ic.[object_id]
AND i.index_id = ic.index_id
INNER JOIN
sys.columns c
ON ic.column_id = c.column_id
AND ic.[object_id] = c.[object_id]
ORDER BY [Table], [Index], ic.index_column_id;
More information available in the topics sys.indexes and sys.index_columns.
You also might want to take a look at Kimberley L. Tripp's sp_helpindex2.
EDIT
In general I agree with #BrianWhite's comment. If you are spending any effort on this at all, you should be using a tool for this instead of re-inventing the wheel and trying to write it yourself. Troubleshooting this one query you've probably already spent, in terms of time, the cost of a good tool. Please read this post:
The cost of reinventing the wheel
Perhaps you are after sp_help
http://msdn.microsoft.com/en-us/library/ms187335.aspx
Simply entering
sp_help myTableName
should give you all the data you could want.
i have created the following ruby script that logs into a mysql database and returns order information based on what username and password the user has entered. my question is how would i go about preventing sql injections? i know that the way it is written at the moment leaves it wide open to attacks but i am new to ruby and am not sure how to go about preventing this.
#!/usr/bin/ruby
#Import mysql module
require "mysql"
begin
#Establish connection to mysql database as the operator user.
connection = Mysql.real_connect("localhost", "operator", "", "rainforest")
#Allow Multi line statements
connection.set_server_option(Mysql::OPTION_MULTI_STATEMENTS_ON)
#Prompt user for username
puts "Please Enter Your Customer Username:"
#Get username entered and store to variable
username = gets.chomp
#Prompt user for password
puts "Please Enter Your Customer Password"
#Get password entered and store to variable
password = gets.chomp
#Specify SQL query that returns order if user entered data matches data held in customer table
customerQuery = connection.query("SELECT O.order_ID, O.date_ordered, C.customer_name, P.product_name
FROM orders As O
INNER JOIN customer As C ON O.customer_ID=C.customer_ID
INNER JOIN product As P ON O.product_ID=P.product_ID
WHERE C.customer_name = '" + name + "' AND C.customer_password = '" + password + "'")
#If query returns a row then user has entered correct login details
if customerQuery.num_rows > 0 then
#tell user they have successfully logged in
puts "User Successfully Authenticated: Hello " + username + ". Here are your orders: \n**********"
#Print all row data containing users order details to screen
while row = customerQuery.fetch_row do
puts row
puts "**********"
end
else
#if no rows return, user has entered incorrect details, inform them of this by printing to screen
puts "User Authentication Unsuccessful:Incorrect Username or Password, Please Try Again"
end
#close connection to database
connection.close
end
Use a prepared statement instead of string concatenation/interpolation:
p = connection.prepare(%q{
select o.order_id, o.date_ordered, c.customer_name, p.product_name
from orders as o
join customer as c on o.customer_id = c.customer_id
join product as p on o.product_id = p.product_id
where c.customer_name = ?
and c.customer_password = ?
})
customerQuery = p.execute(name, password)
if customerQuery.num_rows > 0
customerQuery.each do |row|
#...
end
else
#...
end
If you absolutely must use string interpolation for some bizarre reason, then use connection.quote:
customerQuery = connection.query(%Q{
select o.order_id, o.date_ordered, c.customer_name, p.product_name
from orders as o
join customer as c on o.customer_id = c.customer_id
join product as p on o.product_id = p.product_id
where c.customer_name = '#{connection.quote(name)}'
and c.customer_password = '#{connection.quote(password)}'
})
But really, don't do this unless you have no other choice. And in this case, you don't have to use string manipulation for this.
Mysql Version Works
UPDATE results SET rCARRIER = (
SELECT cellCarrierName
FROM tblImportedTempTable, user, cellCarrier
WHERE
userEmployeeNumber = tblImportedTempTable.EMPLOYEENUMBER
AND userId = results.rUserId
AND results.rPHONENUMBER = tblImportedTempTable.PHONENUMBER
AND CARRIER = cellCarrierId )
I have written this sql that works fine in MySql(above) and fails in access 2003(below) any suggestions? Is one or both of the 2 nonstandard sql? Does Access hav an admin problem?
Sorry the field and table names are diferent this is the ACCESS version.
Access version
UPDATE tblWorkerPhoneNumber SET tblWorkerPhoneNumber.PhoneCarrier = (
SELECT PhoneCarrierType.CarrierName
FROM tblImportedPhoneCarrier, tblWorkerMaster, PhoneCarrierType
WHERE
tblWorkerMaster.EmployeeNumber = tblImportedPhoneCarrier.Emp
AND tblWorkerMaster.WorkerID = tblWorkerPhoneNumber.WorkerID
AND tblWorkerPhoneNumber.PhoneNumber = tblImportedPhoneCarrier.Cell
AND tblImportedPhoneCarrier.CarrierCode = PhoneCarrierType.CarrierID )
Error Message
Operation must use and updateable query
Thanks
In MS Access, something like this:
UPDATE tblWorkerPhoneNumber
INNER JOIN tblWorkerMaster ON tblWorkerMaster.WorkerID = tblWorkerPhoneNumber.WorkerID
INNER JOIN tblImportedPhoneCarrier ON tblWorkerPhoneNumber.PhoneNumber = tblImportedPhoneCarrier.Cell
INNER JOIN PhoneCarrierType ON tblImportedPhoneCarrier.CarrierCode = PhoneCarrierType.CarrierID
SET tblWorkerPhoneNumber.PhoneCarrier = PhoneCarrierType.CarrierName
WHERE tblWorkerMaster.EmployeeNumber = tblImportedPhoneCarrier.Emp
(Might need to change the join conditions; I'm not familiar with your schema)