.Net App Deployment Scenario: Privileges For Non-Admin Users
Sep 17, 2007
My VB.net application manipulates data in a local SQL Express database. When the app is installed, the database does not exist, but it cannot be created at run-time by anyone other than a user with administrator privileges. In addition, the application shares the data stored in SQL with a critical 3rd party component that can only reach the database via named DSN (also not existing prior to installation).
I see my primary SQL security options as being:
(1) Use SQL or Mixed Mode authentication with an admin-level username/password combination, or
(2) Create a db user/group with admin-level privileges and grant membership to all NT authenticated users
Secondary problem: Creating the DSN.
Does it make sense to create a Custom Action (.dll) that is called at the end of the installation process in order to create the database, the user security context and the named DSN?
Am I overlooking some built-in functionality provided by Visual Studio 2005 that will accompish some or all of this for me? I am aware that customizing the 'silent' installation of SQL Express to use a different authentication mode requires manifest tweaking -- I just don't know anything about setting up the appropriate security for this situation. Would you put the db and role creation stuff in a SQL script and execute it post-install?
Thanks in advance for any insight you can provide.
-T
View 1 Replies
ADVERTISEMENT
Feb 5, 2007
I am very new to the SQL database. I have the following query. I would appreciate if someone could clarify this for me:
I have created two users (user1 & user2) under the same login name test1 in SQL Server 2005 Database. Further I used the login name (test1) & password (******) of SQL Server in connection string to connect to database.
Now I want to know that how & where can I refer the user name (user1 or user2) to use its previliges.
How will I know that which user's privileges level is used in the connection.?
View 1 Replies
View Related
Apr 10, 2015
Is there any script to know users and their database roles privileges and server roles of particular database?
View 1 Replies
View Related
Apr 24, 2007
Hi to all, is my first post, i need a query or script to obtain all users and privileges from all my databases, someone to help me. I'm learning Administration SQL server 2005.
I know that sys.database_principals and sys.server_principals have information about that, but i need users - privileges of every database.
thank you
View 4 Replies
View Related
Aug 28, 2014
I am looking to write a script that would give the list of all active users in a database with their privileges.
Sample would look something like this.
Login User Schema IsdbOwner canWrite canRead
xyz xyz dbo N Y Y
View 2 Replies
View Related
Apr 25, 2007
I have a server with 3 SQL Server named instances on it - servername, servername/TST and servername/GOLDSTD. I have several databases on the default instance (servername) but users cannot access the databases unless they are given system admin privileges to their login. This occurs using both SQL Server Logins and Windows authentication logins. If I move the database to a different named instance (servername/TST), the problem no longer exists and users can connect with dbo privileges. Any suggestions or is this typical for default instances? Thanks in advance for any help
View 8 Replies
View Related
Oct 29, 2007
Hi all,
I am a Windows Sysadmin (Active Directory, infrastructure, etc) with light knowledge of SQL 2005. I can set up the database cluster on a shared storage device, I know how to get the heartbeat, do simple backups, etc.
My question pertains to disaster recovery. Right now, we use a product called DoubleTake to copy our database over and 'assume' the identity of the failed SQL server. There are two problems with this -- cost of the license of DoubleTake, and additionally, is it the best method?
I have read before, that you don't need to be a DBA to set up a DR scenario for SQL. My goal really is to have two databases -- one in our production location, and one in a DR location that is pretty much cold (for licensing issues).
If our production database should go down, then it would fail over to the DR site.
What is involved in doing this, what type of steps are required, do you NEED a DBA to manage this, or can a sysadmin (such as myself) take care of it? Also, is it worth having DoubleTake to do this job, and does it do a better or worse job, are there limitations, etc.
Thank you for any replies you can give, and please keep in mind that I'm far from a DBA .
View 5 Replies
View Related
Feb 13, 2008
We have a problem authenticating domain users contained in local machine user groups across multiple web servers in a scale out deployment.
When we originally setup our single SSRS database server we were told the a best practice is to add domain users to local user groups on the SSRS machine.
Now we want to add more web servers and create a scale-out deployment. So, we added the web servers and configured the scale-out deployment. But, only administrators can see the reports since all of our SSRS roles are assigned permissions such as "Machine1User_Group".
We were told that we have to create identical local groups on Machine2 and Machine3 and then add them to the SSRS roles. This is prohibitive since it would mean managing 3 identical user groups containing thousands of domain users.
Is there a better way to do this without using Domain User Groups?
Thank you for any assistance.
View 3 Replies
View Related
Sep 4, 2015
Ive successfully cloned an SSRS VM Server within a scale out deployment to REPLACE a current physical machine. This wasn't too difficult.
The issue im having now is in creating a new SQL 2014 Environment with 3 SSRS nodes. Ive taken the time to build one up. Changed all my config files, installed all components etc & tweaks needed within my company...
I have now hit a brick wall though. Ive cloned this first server twice to give me 3 nodes. This is a new environment so the issue I have is that the rsreportserver.config files all now have the same InstallationID. I dont have any existing nodes to overwrite these files with. So when I attach the nodes to the database they will update the keys table with the same InstallationID as the first node and none will work.
Any way to force the SSRS setup to re-generate an installation ID - by repair maybe? Or is this something I can manually just make up?
View 0 Replies
View Related
Mar 17, 2008
Originally posted this in the performance point forum, the error actually occurs if link direct to the reporting web site as well. The reports are being created in the report builder, from the web service.
-----
Attempting to add a report services report into a performance point dashboard page. Everything is installed on one box.
When the admin logins load the page, everything works great.
When a non-admin loads the page, everything except the report generates, and the following error kicks off:
An error has occurred during report processing. (rsProcessingAborted)
Cannot create a connection to data source 'dataSource1'. (rsErrorOpeningConnection)
Login failed for user '####'
The user login in question has been given browse access to everything in the report services web. I'm not sure where or how to grant whatever access is necessary for this to work properly.. and really I was hoping that any authenticated user at the dashboard level would be able to view the report so I didn't have to do security twice.
Can anyone point me in the right direction?
View 4 Replies
View Related
Aug 9, 2007
Hi,
When we generate a report with an account that is in the admin group it takes 2-3 seconds but when we do it with another user it takes over 2 minutes... any reason for this?
(The "Report is being generated" thing, by the way)
Not sure if my question is clear, I've been looking and searching for the past 2 hours but can't find anything remotly close to that problem... any help would be appreaciated!
Thanks
View 1 Replies
View Related
May 30, 2007
Can I get ordinary users to create reports rather than admin using a web browser interface?
View 2 Replies
View Related
Jun 12, 2015
Is SQL Server sensitive to Domain group name? Like "Domain Admin"?
I have user that belong to "myDomainDomain Admin" group. Group is in SQL as sysadmin but user cannot login using domain credentials. When I move that user to a different domain group which that group is in SQL again as sysadmin my user is able to login.Â
Environment: SQL 2008 Standard Edition.Â
View 12 Replies
View Related
Sep 24, 2014
Is there a way to backing up SQL DB without having to stop users from connecting to it.
View 5 Replies
View Related
Jul 22, 2015
I'm trying to find out what tables are being used in a Database.
I don't want the last User but the User and the Dates.
I have a script that return the last user but that is not going to work.
The following script returns the last user but not all users and the Login Name:
ITH LastActivity (ObjectID, LastAction) AS
(
SELECT object_id AS TableName,
last_user_seek as LastAction
FROM sys.dm_db_index_usage_stats u
WHERE database_id = db_id(db_name())
[Code] .....
View 2 Replies
View Related
Mar 6, 2008
Based on our database infrastructure, we need to secure our SQL databases. The security issue concerns on allowing a limited number of Domain Admin users to access the SQL databases.
We tried certain ways, based on the documents in the Microsoft web site, but we couldn€™t reach to the point of preventing the Domain Admin users accessing the SQL databases.
Thanks in advance.
View 5 Replies
View Related
Mar 12, 2015
I am quite new to SSIS but managed to build a package which imports text files in to SQL. The text files are generated after users complete a manufacturing process on a machine.
The SSIS package is stored in the SSIS catalog and currently a SQL Agent tasks runs every evening to import new files that have been created during the day. Users have now requested the ability to run the import process as soon as they have finished their manufacturing runs as they may want to query the data to looks up stats etc.
What is the best way to do this considering all of the users are not SQL guys and wont have direct logins into the SQL Server or access to SQL Server Management studio. They will have access to the PC where the files are generated, so I ideally I need a batch file which they can just execute to import their new files.
I have seen lots of things on the web about running dtsexec but as the package is stored in the SSIS Catalog, how can I execute this remotely?
View 6 Replies
View Related
Sep 9, 2015
Our development team wanted to create a database user for each application user in the application and use these for granular data access control, which at first, sounded like a good idea but our initial testing ran into some interesting results.
Our target user base was about 15 million users with an estimated 1% concurrency rate, and finding no MS documentation on an upper limit to the number of users a database can have we began some load testing to see how the database performed. In the hundreds of thousands of users range our test database had a hard time performing well under light loads (even without any concurrent connections).
When we purged the users and reverted back to just a handful of service accounts, performance went back to "normal" under the same loads. I began to wonder if this is a situation where throwing more hardware at the problem would overcome the issue or if there is a practical upper limit to the number of users a single database can handle well.
(There were of course other cons to this arrangement and I certainly was never going to expand the users tree in the object explorer for a database like this, but we thought it a solution worth investigating.)
What is the largest number of users any of you have had in a single database?
View 3 Replies
View Related
Oct 21, 2015
I have a requirement to delete all the orphans users for the databases. The issue I am having is with when database principal owns a schema in the DB, User cannt be dropped.
How do I transfer it to DBO in case I am looping multiple databases. This is what I got so far .
declare @is_read_only nvarchar (200)
Select @is_read_only = is_read_only from master.sys.databases where name='test' /* This should be a parameter value */
IF @IS_READ_ONLY= 0
BEGIN
Declare @SQL as varchar (200)
[Code] .....
View 4 Replies
View Related
Aug 15, 2007
Hi,
Please can you let me know which of the following 2 is a better method to deploy SSIS packages
File System deplyment OR SQL Server deployment
What are the advantages of one over the other?
Thanks,
Mrinali
View 4 Replies
View Related
Nov 28, 2004
Hi,
in mixed mode,
is there a way to prevent access from user SA to a specific database?
thanks
View 1 Replies
View Related
May 29, 2004
I have just noticed something very discomforting.
I was told that a user with DBO privileges is able to alter their own database. A conversation of course began to where I was in disagreement with him. The ultimate test of course would be setup the scenario. To my surpise he was right!
I checked the BOL documentation and my concerns were verified.
I have checked permissions on the user I created as well as on a user that previously exists on the MSSQL Server. Only DBO permissions were given to the tested users.
I thought maybe this had something to do with the autogrow setting which is a setting we would enable on a dedicated MSSQL Server but not on a shared MSSQL Server. I toggled this option and the DBO was still able to make size changes to their database.
This is very upsetting as we charge for additional reserved database space. Aside from that, we wouldn't want to have a user with unlimited resources to the server. I could easily fill up a hard drive if I were to update the autogrow setting of the database as DBO and run an infinite loop that would insert data into tables.
I then tested the ability for a user to restore a backup and to my surprise it worked without error for the DBO only privileged user. The DBO user was also able to restore previously dated databases assuming that they knew the file name which would not be hard to guess since it is appended with a date stamp (My_Database_20042905.BAK).
Why is this? Is there a way to correct this and prevent the DBO user to only have access to their database but not the above mentioned type privileges?
View 2 Replies
View Related
Jul 28, 2015
We have an existing SSRS server, and have just created a new child domain. We'll be migrating users from the parent to the child, and want to add the users of that new domain with access to SSRS. In the parent domain they are able to access, but after migration with the child domain account, they cannot.
I have added the group CHILDDomain Users with a system user role on SSRS, and PARENTDomain Users was already there.
Is there any additional step I should/could take to get this active?
View 5 Replies
View Related
Mar 6, 2008
I have had this issue just pop up. I have local users who can connect fine, but my users that require connection by VPN cannot connect. I get the server not available or access denied error. I did confirm that the VPN'ers are connected to the network correctly and can see that their shares and mappings are correct. Any ideas? Thanking you all in advance!!
View 6 Replies
View Related
Feb 21, 2008
Basically to defend against SQL injection I want to be able to stop basic users or admins from being able to drop tables or doing other damaging activities. I'm using ms sql express, how can I do this? A friend mentioned that he uses MySql and user privileges can be set up in this way.
View 2 Replies
View Related
Jun 26, 2001
Is there a way to alias a table such that a particular user with privileges on that table (created by another user - not 'dbo') does not have to qualify it with the owner name? I am seeking a database level solution. Thanks.
View 1 Replies
View Related
Sep 3, 1998
I`m having a privileges problem when I go into enterprise manager.
I am unable to do things like create an index. I believe every time I open enterprise manager it is logging
me in as a user other than sa. How can I change this setting so that when I open enterprise manager I`m loggged
in as sa?
View 2 Replies
View Related
Jan 12, 2006
Hi. I'm trying to test something on a test db I have installed on my pc, but I am unable to process as I'm doing it. So, basically what I want is to give execute privilege on a procedure to a user, so the user can execute this procedure without having the privileges explicity granted on it (what this procedure do is to truncate a table on which the user has no access). As I've read, SQL Server stored procedures privileges runs with the definers permissions, not the one that is actually executing the procedure. So, what I'm doing is this: in query analyzer, logged in as sa, I did
use test
create table t ( a integer )
create procedure can_truncate as
truncate table t
sp_addlogin 'jmartinez',''
sp_grantdbaccess 'jmartinez','jmartinez'
grant execute on can_truncate to jmartinez
Then I went to connect again, as jmartinez and did:
exec can_truncate
and I get
Server: Msg 3704, Level 16, State 1, Procedure can_truncate, Line 2
User does not have permission to perform this operation on table 't'.
So, I wonder what more permissions would user jmartinez need in order to execute this procedure successfully. I hope you all understand what I am trying to achieve.
Thanks!
View 8 Replies
View Related
Oct 1, 2007
Is there any way I can give a user read only access to the database, yet have privilges to run a trace.
Any suggestions and inputs would help
Thanks
View 1 Replies
View Related
May 4, 2006
I am trying to get a DTS package to be run from the command line withthe dtsrun utility. The DTS package is stored in the database. The userI supply is a user in the database. I get an error stating "SQL Serverdoes not exist or access denied." It looks to me like the SQL Serverinstance does exist because it tries to start the package. I get"DTSRun: Executing". If I put in a server that is non-existent, I do notget that message. I also know that my username and password are correct.Here is output from my attempt to run dtsrun for my DTS pkg (server,user, password change to protect my db security):C:>dtsrun /Sserver_name /Uuser /Ppass /Npkg_nameDTSRun: Loading...DTSRun: Executing...DTSRun OnStart: DTSStep_DTSExecuteSQLTask_1DTSRun OnError: DTSStep_DTSExecuteSQLTask_1, Error = -2147467259 (80004005)Error string: [DBNETLIB][ConnectionOpen (Connect()).]SQL Serverdoes not exist or access denied.Error source: Microsoft OLE DB Provider for SQL ServerHelp file:Help context: 0Error Detail Records:Error: -2147467259 (80004005); Provider Error: 17 (11)Error string: [DBNETLIB][ConnectionOpen (Connect()).]SQL Serverdoes not exist or access denied.Error source: Microsoft OLE DB Provider for SQL ServerHelp file:Help context: 0DTSRun OnFinish: DTSStep_DTSExecuteSQLTask_1DTSRun: Package execution complete.I suspect that my user I am connecting to the database with does nothave privileges to execute the DTS package. I cannot determine, fromBOL, what privs I need to grant to this user to let them execute thispackage. Any ideas?TIA,Brian--================================================== =================Brian PeaslandJoin Bytes!http://www.peasland.netRemove the "nospam." from the email address to email me."I can give it to you cheap, quick, and good.Now pick two out of the three" - Unknown
View 5 Replies
View Related
Aug 11, 2006
I am having trouble with providing the minimum security to a user. After issuing the following:
GRANT EXECUTE ON SCHEMA :: DBO TO skillsnetuser;
I test the permissions with
exec as login = 'skillsnetuser'
exec prcElmtList 1, 1, 102268
revert;
and receive this message
Msg 229, Level 14, State 5, Line 2
SELECT permission denied on object 'Org', database 'SNAccess_Dev', schema 'dbo'.
The principal that owns the dbo schema is dbo and is the principle for all procedures and tables in that schema.
What can I do to shed some light on what is causing this access problem?
View 10 Replies
View Related
May 25, 2008
After installing Express, I tried running the QuickStart utility and received an error that I have insufficient privileges to create. I am the administrative user on my laptop and don't understand why I am unable to run the utility.
I did have an instance previously and had no problems with it until it was corrupted somehow.
I am running on Vista.
Any help will be greatly appreciated.
View 12 Replies
View Related
Sep 28, 2015
I am trying to revert back to Windows 7 after upgrading to Windows 10, however it will not let me and the following message occurs: "Remove new accounts.Before you can go back to a previous version of Windows, you'll need to remove any user accounts you added after the most recent upgrade. The accounts need to be completely removed, including their profiles.You created one account (NT SERVICEMSSQLSERVER) Go to Settings> Accounts> Other users to remove these accounts and then try again".However I did not create any new users and there are no other users listed in the Accounts section.
View 2 Replies
View Related