With SQL Server 2005 there is an option to grant a person access to Profiler for tracing SQL. This is done with the "GRANT ALTER TRACE" statement. The statement has to be executed at server level i.e. the master database.
The user in question only has access to certain databases on that server. The security problem that arises is that with the Profiler rights active, he can see the sql commands that are executed on the databases he has no rights for. Those SQL commands are executed by others users.
How do I configure security rules so that the person in question can use Profiler, but can only see the SQL statements that are executed on the databases he has the rights for? TIA!
I am going over the output of a Profiler trace and I've found that the duration for many occurrences of EventClass 15 (Logout) is several seconds, up to a maximum of 20 seconds. That seems excessive just to complete a logout, so my question is, does the duration figure reflect only the time to complete the logout operation or does it include the total time that the connection has been active for?
Anyone can tell me how I can take out the events which produce SSMS? (open query windows create three rows). I don't see anythinq filter for SSMS in filter events of profiler. I'm doing at trace and this is not confortable.
im trying to understand how the profiler works. so i started 2profilers,one listen to another and I saw the profiler is running:exec sp_trace_create @P1 output, 1, NULL, NULL, NULLwhich means @tracefile = NULLso where from the profiler read the results?!
HiI want read a trace file generated by SQL Server 2005 througr SQLServer 2000.But fn_trace_gettable function in SQL 2000 does not recognize the fileas of proper format.If there is some other tool or utility available through which i canread the file generated by SQL Server 2005.Or if I can get the file format of the file then I will write my owntool.ThanksPushkar
Greetings,I have been attempting to develop a useful and functional template fordatabase tracing/profiling that will enable me to collect metrics forperformance tuning. The database is used as an OLTP database as well asrunning reports. Below is a list of my trace properties and data columns.I would be interested to see other examples and strategies for the Profiler.thanxPerformanceExecution planSecurityAudit LoginAudit LogoutSessionsExisting ConnectionStored ProceduresRPC: CompletedTSQLSQL:Batch completedDATA COLUMNSEvent classtextdataapplication nameNTUsernameLoginNamesCPUreadwritedurationclient proc idSPIDStarttime
If a table has a trigger on it, and I am profiling.. on StmtCompleted... no filters... all teh stored proc code comes up, but, is there any way at all to see the same for trigger statements? I want to trace thru the proc and thru all trigger code also. Any ideas on work-around to trace trigger code, if Profiler can't do it? Thanks, Bruce
We have two servers each running SQL7. I cannot run a trace on one server from the other. Whatever server name I enter in the drop down box, the trace only records activity on the server that profiler is running on. Even if I put a non-existent server name in the box (!), the trace accepts the name but still only runs on the host server.
Can anyone provide with an example of how to script a profiler trace to have the data wind up in a SQL Table. The scripting mechnism that comes with SQL Server will not allow you to put the results in a table.
I've set the Duration of my trace to "Greater than or Equal to: 1000". However when I start my trace the Duration column is now empty. Prior to the setting, there were values showing in this column. Any ideas on how to fix this?
Is there a way to setup a trace to show only direct TSQL statements triggered on my server? note I don't want to capture Procedure calls or the statements called within the procs.
Actually many people are firing direct SQL statements on server. And some are coming from entity framework as well. I just want to capture those.
I have discovered trace output in MSSQLDATAMSSQL.1MSSQLLOG that I have not kicked off. It is at various times and limited to 20MB. So that tells me a server event is kicking off a pre-defined trace. The trace contains mostly hash warnings and sort warnings. I have looked through my Agent Jobs, Agent Alerts, and perfmon and don't find anything that is set up to kick off a trace under a specified condition. I have checked the job activity, SQL error logs, SQL server logs, and the server's event viewer for any odd events or event times that correlate with the times of the traces. I have checked each database's sys.sql_modules for a definition containing '%sp_trace%'. Where else can I check to find what would be triggering these traces?
Our app logins don't have permissions high enough to run traces, I verified:
You do not have permission to run 'SP_TRACE_CREATE'
I am the DBA, not a .NET programmer -- so I am lacking experience if there's anything on the .NET side.
This is SQL 2005 64-bit running active/passive on a Win2003 clustered pair.
How on earth can a Profile Trace be run where SSE 2005 is installed??? In the past, with MSDE, we always installed the 'tools' on a local workstation, so that we had EnterPrise Manager and its suite of tools...no problem. Yet, with Management Studio Express (err...Distress?), there's no way to do this! I've scoured the net, and I see threads where people have done it, yet, no one seems to be clear...including Microsoft...on how to obtain this MOST IMPORTANT of all tools for an SQL deployment.
I am attempting to create a new trace but I get the following error message: "failed to start a new trace".
I have been doing some digging and as I understand it, I had to find the directory Profiler uses for temporary files. So, I typed the following in the command window "SET TMP" and I received the following reply:
C:UsersRossAppDataLocalTemp
Now, according to the forum: [URL] ...
I am supposed to check that the system folder pointed to by the TMP environment variable exists and is not crammed with files.
Well, when I went to the directory C:UsersRossAppDataLocalTemp, it is indeed full of both files and directories. The size is 16.3 MB and has 133 files and 63 folders.
When I had a look at the Environment Variables window and chose TMP the value is "%USERPROFILE%AppDataLocalTemp" which according to my limited understanding is the equivalent to C:UsersRossAppDataLocalTemp.
So, what I am wondering is am I supposed to totally clear out this directory? I am not too keen on doing this because I don't want to stuff my PC up.
This is for SQL Server 2005 SP4 Build 5266. We have been having performance issues in production. There are tight deadlines to be met and it is important that they are solved promptly.
Yesterday we replicated the situation in the acceptance testing environment. The jobs take 8 hours to run and we started at 2:00 PM.
Just before the jobs ran I set up an SQL Server Profiler trace to catch processes with a duration of longer then 12 seconds. I set it to save the results to a database table.
Last night I checked the table at 5:00 PM and there were entries in the table. However, I could be mistaken.
At 9:00 PM I checked the table and it was empty.
This morning I arrived at work and checked SQL Server Profiler. The trace was running and within SQL Server Profiler, there are 100s of results. I stopped the trace. However, checking the table, it is empty.
I thought I would be able to save the trace results to a file. When I chose "Save As" from the file menu, all the options are greyed out (trace file, trace template, trace table, etc).
The results are there but there is no way of saving them and no way of exporting them. How could this have happened?
Is there a location, where SQL Server Profiler saves the results in a temporary space. I may be able to open them and retrieve them. How can I save the results? Why are all my options greyed out?
Set up a trace with the events RPC:Completed, SQL:BatchCompleted, SQL:BatchStarting, and SQL:StmtCompleted.
When I issue the statement: SELECT * FROM XyzView there is nothing captured in Profiler. If I script out the view and then execute the select statement that defines the view, it does show up in Profiler.
I've tried adding a lot of the other events, i.e. SP:StmtCompleted and the various other StmtStarting events and the trace still does not capture anything.
Am I capturing the wrong events or is this known behavior? My goal is to see what the overhead is for using a view versus persisting the results of the view as a table and referencing that instead. The view in question is against static data, joins 9 tables, and is referenced a lot.
I can use the stats generated when I execute the select that defines the view but I still find this to be curious behavior so I assume I'm doing something wrong.
I am trying to load all the MDX queries that run on a Analysis Server instance into a database for further analysis. A SQL Profiler is setup which captures the MDX queries, and when I am loading the Profiler info to database, some of the queries are not coming up in full length.The TextData field doestn't show full MDX query. When loading to the database, the field is next data type. Is there any workaround to get the complete MDX query?
Hi there - can anyone advise on the following issue. We have recently performed some server side tracing on a particular SQL instance over 24hr period. We are now attempting to load these into a database for analysis. Here lies the problem.
When we are loading the profiler trace files (one at a time) into the database the transaction log is growing at an excessive rate. Even though the database is in SIMPLE mode.
We are loading the traces using the command:
INSERT INTO sqlTableToLoad SELECT * FROM ::fn_trace_gettable('MytraceFileName', DEFAULT)
Can anyone advise how we could possibly get round this issue as we're running out of space due to the transaction log.
Is there anyway I could run an Audit trace on SQl Server which records SQL Server System Admin Login/Logout , failed login and machine names I don't want the trace window to show on screen however would like a file generated for later viewing. Also due to Firewall issues we have, We don't have SQL tools enabled to connect to that server.
Is there a kind of log to trace the change on DB user, such as when the password/permission is changed, etc. If yes, how can i get this log; If no, is there a way to achieve this thing?
i am testing some encryption scenarios ,in profiler the statements like "OPEN KEY" and all "Encrypt" and "Decrypt" functions are removed automaticly from the trace and replaced with a comment ,create a trace and try the code i attached , you will see in profiler trace that that all encryption related commands are commented out ,this is what expected.
but now go to the batch and comment out the "SELECT @rrr' statment, and run the batch ,this batch will fail beacuse "@rrr" is not declared, now go back to profiler and you will see that for the failed batch all the encryption command are NOT COMMENTED OUT !!! esspecially important is the visibility of the password of the open key command.
seems like a very dangerous bug to me!!!
CREATE CERTIFICATE test1 ENCRYPTION BY PASSWORD = 'pGFD4bb925DGvbd2439587y' WITH SUBJECT = 'Sammamish Shipping Records', EXPIRY_DATE = '10/31/2009'; GO
CREATE SYMMETRIC KEY Key09 WITH ALGORITHM = TRIPLE_DES ENCRYPTION BY CERTIFICATE test1; GO declare @Str nvarchar(100) declare @Enc varbinary(max) set @Str = 'encrypt this' OPEN SYMMETRIC KEY Key09 decryption by CERTIFICATE test1 WITH PASSWORD = 'pGFD4bb925DGvbd2439587y'
SET @Enc = EncryptByKey(Key_GUID('Key09'), @Str); ---select @rrr select CONVERT(nvarchar(100), DecryptByKey(@Enc)) go
I just upgraded my SQL 2000 server to SQL2005. I forked out all that money, and now it takes 4~5 seconds for a webpage to load. You can see for yourself. It's pathetic. When I ran SQL2000, i was getting instant results on any webpage. I can't find any tool to optimize the tables or databases. And when I used caused SQL Server to use 100% cpu and 500+MB of ram. I can't have this.Can anyone give me some tips as to why SQL 2005 is so slow?
I am unable to install 32-bit SQL Server Integration Services on the server due to something that was left behind by the 64-bit version.
I've uninstalled SQL Server 2005 64-bit and when I try to install the 32-bit version of Integration Services, I get this error: "Failed to install and configure assemblies C:Program Files (x86)Microsoft SQL Server90DTSTasksMicrosoft.SqlServer.MSMQTask.dll in the COM+ catalog. Error: -2146233087 Error message: Unknown error 0x80131501 Error descrition: FATAL: Could not find component 'Microsoft.SqlServer.Dts.Task.MessageQueueTask.ServCompMQTask' we just installed."
I can't seem to figure out how to resolve this problem with the COM+ and I can't remember if Integration Services is required.
I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.
The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says: Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.
For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;
in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.
My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?
The article also says:
"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."
So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.
I can only get one result at a time but not both:
either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.
I have some production boxes on Win 2000 32-bits OS and some production servers have been upgraded to Win2003 64-bit OS runing SQL Server 2005. There are also a number of Win2003 32-bit OS running SQL 2005.
The issue is that when linking the 64-bit production servers to the 32-bit boxes running SQL 2005 / Win 2003 OS, the linking seems to succeed, but I am unable to see a number of entries in sys.objects. Typically, these objects are User Stored Procedures.
Moreover, the linking seemed to have worked, but data extraction does not take place between the servers. However, there are no errors. The objects (user stored procs) exist on the 64-bit side, but linking does not actually happen.
Microsoft KB has addressed this in SQL 2000 case in this KB article, but has not suggested a solution for SQL 2005.
