Access Permissions On Server Scoped Objects For Login
May 17, 2006
We are having problems with the response times from UPS WorldShip after switching from SQL Server 2000 to 2005.
I think that the problem can be fixed from the database end by setting the permissions correctly for the user/role/schema that is being used by WorldShip to connect to the server but, I'm not sure how to do it.
The Setup
Client
UPS WorldShip 8.0 running on XP Pro SP2
Connecting via Sql Native Client via SQL Server Login
Connection is over a T1 via VPN
Server -
SQL Server Standard Edition on Windows Server 2003
2x3ghz Xeon processors w/ 4gb ram
The user that is being used to connect runs under it's own schema and role and only needs access to two tables in a specific database on the server.
What UPS WorldShip seems to be doing is on a continual basis retrieving information about the layout of the database via calls such as the following
exec [sys].sp_tables NULL,NULL,NULL,N'''VIEW''',@fUsePattern=1
exec [webservices].[sys].sp_columns_90 N'CHECK_CONSTRAINTS',N'INFORMATION_SCHEMA',N'webservices',NULL,@fUsePattern=1
exec [webservices].[sys].sp_columns_90 N'COLUMN_DOMAIN_USAGE',N'INFORMATION_SCHEMA',N'webservices',NULL,@fUsePattern=1
This seems to happen whenever WorldShip contacts the database to find out information in order to be able to create a mapping to the database as well as exporting information to it. Because of the VPN connection these calls take anywhere from 20 seconds to 3 minutes.
I am fairly confident that the problem lies with these calls to the database which I was able to capture using the SQL Server Profiler. We have experimented with the following setups.
1. Connecting to SQL 2000 over VPN with SQL Native Client - No noticeable lag
2. Connecting to SQL 2000 over VPN with SQL Server 2000 driver - No Noticable lag
3. Connecting to SQL 2005 locally with SQL Native Client - No Noticable lag
4. Connectiong to SQL 2005 over VPN with SQL Native Client - Lots of lag
Our network admin has been testing the network connections over the VPN and it is very responsive with none of the long wait times found when using UPS WorldShip.
Now for a possible solution other than getting UPS to fix their software. I think that by limiting the tables and views that the login is able to see will cut down significantly on the lag times that are being experienced. The problem is that there were 264 items that were being returned by sp_tables. I was able to cut that down to 154. I am unable to disable access to any of the rest of the items because they are server scoped.
Take for example the INFORMATION_SCHEMA.CHECK_CONSTRAINTS view. When I try to deny access to it in any way I get the following error:
Permissions on server scoped catalog views or system stored procedures or extended stored procedures can be granted only when the current database is master (Microsoft SQL Server, Error: 4629)
Am I able to deny access to these types of object and if so how? Also, what objects should be accessable such as sys.database_mirroring, sys.database_recovery_status, etc?
View 18 Replies
ADVERTISEMENT
Nov 6, 2006
I'm making a copy of some tanles between 2 servers.
Server 1 requires a sql login
Server 2 is using Windows Auth.
I have a user on server 1 named "odbc" able to log in.
however my copy task fails, when I drill the error, it's lists the first user in server 1 alphabetically as the failed login???? but in my dts I am specifying the "odbc" user and password.
I think I have a permissions problem on server 1. So my Question, what minimum permissions does user "odbc" need to copy a table?
On server 1 I can copy from northwind to server 2 just fine..but any other db on server 1 causes the weird failure with the wrong username.
Any Ideas? I am not a DBA obviously :)
Thanks,
Carl
View 1 Replies
View Related
May 12, 2008
I am getting the error:
Cannot open database "aspnetdb" requested by the login. The login failed.
When I browse to my ASP.NET 3.5 LINQ web application on the IIS 6.0 server on Server 2003.
I imagine this is because while I granted SQL Server 2005 login and permissions to my database that the application stores its data in, I did NOT grant any rights to the service account the IIS Application Pool uses for its identity to the aspnetdb database on SQL Server which is where all my roles information is stored at.
My question is what are the MINIMUM permissions needed for this database so it can perform its roles related functions?
I'm using Windows Authentications with the SQL Role provider for authorization.
Thank you.
EDIT: I think I only need to open the aspnetdb database and add my login to the aspnet_Roles_FullAccess role. Is that correct?
View 2 Replies
View Related
Jun 5, 1999
Question for you. Due to some testing within our environment, I've restored a database a few times
today. Now, when I look at the databases that logins have access to, some have the correct
access to databases and others have no access anymore. This all has happened since I've
restored the database. What happened? It isn't even with the 1 database that I restored that
this is happening. When I look, most users don't have access to any database anymore... All the groups I have
set up and the permissions assigned within the database themselves are fine, just the
login doesn't have access to a database. Did I do something wrong? If so, please let me know
so I can correct it before another restore is necessary.
Thanks so much!
Toni Eibner
View 2 Replies
View Related
May 14, 2008
I had created three users for my centeralized database server.
usernames are
1.sa
2.production
3.praveen
I had given the permissions as follows
for production i given the permissions for each database
dddatawriter,datareader, db_executor,public
for praveen i had given full permissions
for sa I want full permissions so i had given each and every thing
my aim is as follows. i want permissions according to this one.
for production he is not able to change the coloumn name,he is not able to backup database or restore database, and also he is not able to change password of any logins
For this one i got it correctly . but while coming to praveen login
He is able to do anything regarding database . but i don't want to give permissions to chnage passwords of his login and at the same time any login . can you give any idea regarding this permissions.
For sa i want to full permssions he is able to change passwords of any login .
please kindly help me in this
View 7 Replies
View Related
Jul 2, 2007
After installing SQL Server Express I can now connect using my Windows authentication but am unable to create a database because all BUILTINUsers only have public permissions. I don't have the sa password and there are no other users or user groups set up which I could use to upgrade my permissions. So I can't do much of anything with SQL Server.
For background, I'm setting this up on a personal laptop running Windows Vista. I'm one of only two users on the machine and I have an Administrator user account.
Any help is appreciated.
View 11 Replies
View Related
Jun 22, 2007
Hi,
I recently installed an evaluation copy of SQL Server 2005 Enterprise Edition on my local machine and during the installation I used Local System system account for the SQL Server service and set the server to use Mixed Mode authentication.
I am able to connect to this local server Database Engine with my Windows login through SQL Server Management Studio and am able to perform sysadmin tasks. My question is why?
My thinking was that even though my Windows login would provide me a connection to the server, I would still have to manually add this login to the sysadmin server roles but after checking the sysadmin role, my Windows login isn't in there. The Windows login is not found under Security - Logins in SSMS either.
Can someone tell me should details for the login be visible on the server and why it seems to have sysadmin permissions ?
Thanks
View 1 Replies
View Related
Apr 27, 2000
I would like to compare two databases objects permission setting in SQL6.5. One is in production box and another one is in backup server. What is better and quick way to do this? Any system table is available for this information?
Thanks in advance.
Stella
View 1 Replies
View Related
Jan 25, 2008
I need to understand the permissions that a CLR stored procedure needs when it accesses tables. In a dbo TSQL stored procedure it has owner permissions on all dbo tables, so there is no need to grant permissions on tables to the database user.
Some developers recently implemented a CLR stored procedure that returned an error with update permission denied on table name. Once I granted the user account update permission on that table, it was able to execute OK.
I have been looking for a good explanation for the way the permissions to database objects need to be setup for CLR stored procedures. For example, could I have said to modify the procedure to use the EXECUTE AS clause, instead of granting the user account direct permission on the table? Does anyone have any links to good articles on this subject?
Edit:
I have a feeling I'm on my own trying to figure out how this works. I've been searching the web for hours, and I haven't found anything that directly addresses this.
CODO ERGO SUM
View 5 Replies
View Related
Mar 14, 2007
Hello,I am trying to write a script using SQL Server 2000 to list all of theroles that have any permissions on a specified object (view, table,sp, etc.). Essentially I am trying to script what is displayed whenone selects the 'list only users/user-defined database roles/publicwith permissions to this object' option under 'manage permissions' inEM but without showing individual users, only roles. I've looked atthe system sp's and the information_schema views but none of thoseseem to give this information. Am I going to have to look directly atthe system tables? If anyone has a script that does this for aspecified object or can point me to more specific information on howto do this I'd appreciate it. Thanks!Bruce
View 2 Replies
View Related
Nov 8, 2007
I'm trying to identify the objects in master that the role public has select permissions on, but when I run this query, I get 4 results where the default schema is null and the major_id column does not correspond to any records in the sys.all_objects table. Where else can I look to find what objects these are. DBO is listed as the grantor.
I appreciate your help.
SELECT *
FROM SYS.DATABASE_PERMISSIONS P,
SYS.DATABASE_PRINCIPALS R
WHERE P.GRANTEE_PRINCIPAL_ID=R.PRINCIPAL_ID and
permission_name='SELECT' and class_desc='OBJECT_OR_COLUMN' and
r.name='public'
order by r.name desc
View 9 Replies
View Related
Aug 12, 1998
If I want to easily and quickly grant all permissions to a group of objects
for one user (or group), how can I do this with the tools provided?
In 6.5, I could right-click the user or group and click the "Grant All" button.
In 7.0 this is either missing or has been moved.
Thanks!
Jim
View 1 Replies
View Related
Nov 22, 2006
Hi,
SQL Server Security is not my strong point so forgive me for asking stupid questions.
I have a bunch of tables and sprocs within a schema 'MySchema'. I have a user 'MyUser' defined in the database.
I would like to give MyUser permission to SELECT from tables and EXECUTE all sprocs in MySchema. What is the simplest way of doing that? Will the following:
GRANT EXECUTE ON SCHEMA::[MySchema] TO [MyUser] WITH GRANT OPTION AS [db_owner]
GRANT SELECT ON SCHEMA::[MySchema] TO [MyUser] WITH GRANT OPTION
accomplish that? (I can't test it out at the moment because our DBA isn't around and I don't have permission)
With best practices in mind - is what I am doing here considered "ok". Any suggestions/comments are welcome.
-Jamie
P.S. Can anyone recommend any documentation that talks about what best practices should be in the use of schemas. BOL is a bit sparse. Thanks.
View 5 Replies
View Related
Apr 24, 2008
While trying to execute a stored procedure I am getting error that 'SELECT permission denied on table .......' The DBA has given execute permission for the sp and still the same error. What needs to be done. When permissions are given through the SP it implies that the objects are given permissions ?
Putting in db_datareader group will give permission to read from all tables across all the databases in the server. We want that the user should be able to read data from only those tables called in the sp. Normally in SQL 2000 we used to give EXECUTE permissions to the sp only. This in turn would be enough for that user to get data while executing the sp.
View 5 Replies
View Related
Aug 6, 2002
I am converting a multitude of Access databases from 2.0/95/97 to xp and at the same time moving to a client/server model using SQL Server.
This is the first time I have used SQL Server and I am having problems that seem to be related to permissions: I am unable to select, go to, update or delete a record via the application I have built. This may be a flaw in my development skills or a problem with permissions. I cannot find how to apply universal permissions to every column in every table (which is what i want at this point) and any changes that I do make are not reflected in Access.
Any ideas are gratefully received.
View 6 Replies
View Related
May 9, 2007
I have created an adp, and have created stored procedures for all of my forms. In the SQL Server database I have given my users permissions as db_datareader and db_datawriter, however they were unable to open any of my forms because they didn€™t have execute permissions on my stored procedures. I finally had to give them permissions as db_owner so they could use my forms. Do I have to give them db_owner permissions to execute my stored procedures? I know I can go in and assign them execute permissions for my stored procedures, but there has to be a better way. Does anyone know how to give users execute permissions on stored procedures without having to give them db_owner permissions or having to grant execute permissions for each stored procedure individually?
I am still in the development phase of my project and having to assign users or groups with each stored procedure I create could really be a pain. Can someone please help me?
View 1 Replies
View Related
Apr 12, 2007
I just spent the better par of 3 days creating a prototype in ASP.Net 2.0 and SQL Server Express only to discover that nobody from outside can see it...
ERROR with impersonation=true
User does not have permission to perform this action.
ERROR with impersonation=false
Unable to open the physical file "c:inetpubwwwroot------.mdf". Operating system error 5: "5(Access is denied.)".An attempt to attach an auto-named database for file c:inetpubwwwroot-----.mdf failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.
What makes this so difficult?
What am I missing?
View 9 Replies
View Related
Jul 20, 2005
How would I, using a sql script, copy permissions assigned to a useror a role in one or more databases to another user or a role in theirrespective databases?Help appreciated
View 2 Replies
View Related
Feb 11, 2008
Using Management Studio how do you script only user and object permissions? I don't want to script the corresponding "Create" statements for each object, only their permissions. This was possible in 2000.
Thanks, Dave
View 5 Replies
View Related
Jun 13, 2008
where can check for SQL Server service account write access permissions ??????
and if it don't has permission How can i set the write access permissin.
Thanks & Best Regards
Madhu
View 3 Replies
View Related
Sep 18, 2007
Hello team, I have learned quite a bit from everyone here. I have decided to post a question for you guys and see what the best method is. Our Sr. DBA has asked me to get a list of all of our users permissions on all of our databases. We have about 20 SQL servers some of which have more databases and instances than I have fingers and toes. Can anyone recommend any solution to this problem? Perhaps there is a script I can download/write which will help me on this? Thanks in advance.
View 10 Replies
View Related
May 6, 2008
After I run a SSIS package which is a "Trasfer SQL Server Objects Task", the database users has lost all mapping to SQL server login. I've tried various options inside the package, however, to my surprise, sometimes the user settings at SOURCE database is lost! I won't suppose to change anything in the SOURCE database after running a data transfer... Anyone knows what's wrong?
Thanks in advance!
Options:
DropObjectsFirst - TRUE
IncludeExtendedProperties - FALSE
CopyData - TRUE
ExistingData - Replace
CopySchema - TRUE
UseCollation - FALSE
IncludeDependentObjects - TRUE
CopyAllOBjects - TRUE
CopySqlServerLogins - TRUE/FALSE (both tried)
CASE 1:
CopyDatabaseUsers - TRUE
CopyDatabaseRoles - TRUE
Result - the user-login mapping at destination DB is lost.
CASE 2:
CopyDatabaseUsers - FALSE
CopyDatabaseRoles - FALSE
Result - the user-login mapping at SOURCE DB is lost.
View 7 Replies
View Related
Jan 6, 2008
Re: Possible Vista-only security issue opening a TCP connection to SQL2005
Please help. I have a problem that appears to be rare. I'm testing the culmination of a year's work and the error I'm getting is at the most basic level (the SQL connection) while everything else so far is working as coded.
My client is Windows Vista, apparently no firewall (I say apparently as in recent years MS have put more and more facades over the actuality of the operating systems), my server is Windows 2003 Server b3790 SP2 with SQL 2005 Standard 1399.06, again no firewall.
PortQuery 2.0 reckons that the server is listening on port 1433, too, so it doesn't seem like a firewall issue.
Nothing reported in either Event Viewers.
Here's the stack dump:
Unhandled Exception: System.Data.SqlClient.SqlException: An error has occurred while establishing a connection to the server. When connecting to
SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider:
TCP Provider, error: 0 - An attempt was made to access a socket in a way forbidden by its access permissions.)
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, SqlConnection owningObject)
at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject)
at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart)
at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)
at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options)
at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
at System.Data.SqlClient.SqlConnection.Open()
at Robot.Data.Support.ExecuteStoredProcReader(String connectionString, String procName, IDictionary`2 parameters) in P:Visual Studio 2005ProjectsRobotRobot.DataSupport.cs:line 44
at Robot.Data.Analytics.FetchableCollection.ExecuteByIYLT(String criterion) in P:Visual Studio 2005ProjectsRobotRobot.Data.AnalyticsFetchableCollection.cs:line 78
at Robot.Data.Analytics.FetchableCollection.Robot.Core.Interfaces.IFetchable.Fetch(String criterion) in P:Visual Studio 2005ProjectsRobotRobot.Data.AnalyticsFetchableCollection.cs:line 49
at Robot.Data.Analytics.FetchableCollection.Fetch(String criterion) in P:Visual Studio 2005ProjectsRobotRobot.Data.AnalyticsFetchableCollection.cs:line 41
at Robot.Data.Analytics.AnalyticsDalc.Prefetch(String criterion, AnalysisTypeEnum analysisType) in P:Visual Studio 2005ProjectsRobotRobot.Data.AnalyticsAnalyticsDalc.cs:line 167
at Robot.Data.Analytics.AnalyticsDalc.FillRankedCollection(RankedCollection& emptyRc) in P:Visual Studio 2005ProjectsRobotRobot.Data.AnalyticsAnalyticsDalc.cs:line 115
at TestHarness.Program.Main(String[] args) in P:Visual Studio 2005ProjectsRobotTestHarnessProgram.cs:line 35
And here's the connection string, which is built using the SqlConnectionStringBuilder:
"Data Source=192.168.2.2;
Initial Catalog=Research;
Integrated Security=False;
Persist Security Info=False;
User ID=usr_research_dalc_www02;
Password=usr_research_dalc_www02;
Pooling=True;
MultipleActiveResultSets=True;
Network Library=dbmssocn;
Application Name="Analytics Data Access Layer""
I have tried an old project which used to connect to the same server using a more basic connection string (it was a project which populated my Research db with fake data) and it also fails. When I ran this project successfully I'm pretty sure it was on an XP client.
I have also ran my TestHarness .exe on another client (WinXP) and it appears to pass this point and raises an exception that I believe is caused at a later point - so it looks like a Vista client issue.
Thanks in advance for your help,
Luke
P.S. Some losely related thoughts; the MSDN forum system still logs me out on Vista when I try to submit a thread, please sort this out! You can't expect your customers to run around deleting cookies. Also, when will you finally deprecate the default Named Pipes!? And finally, having that "does not allow remote connections" error spewed out with all connection errors is a really bad design choice, in my opinion.
View 4 Replies
View Related
Jan 6, 2006
How can I get a list of all objects (like tables, views, stored procedures, etc) accessible by a login (user), or vice versa?
View 1 Replies
View Related
Feb 27, 2007
Hello all :)
First, sorry for my english but I don't practice everday
So,
I'm a new user of Microsoft SQL 2005 and I'm testing some functionalities in SSIS.
I used the Transfer Objects Task to copy one database to another.
The both db's are on the same instance.
I chose these options for the transfer
-SourceConnection : My_Instance
-SourceDatabase : My_DB
-DestinationConnection : My_Instance
-DestinationDatabase : CopyOfMy_DB
-DropObjectsFirst = True
-IncludeExtendedProperties = Fasle
-CopyData = True
-ExistingData = Replace
-CopySchema = True
-UseCollation = True
IncludeDependentObjects =False
CopyAllObjects = True
The others options are set on FASLE
When I execute the package, I got an error message, the logins are dropped. I cannot connect to the database engine, even with my admin account.
I have to restore the master database !
So my question is : why this SSIS task drop all the logins in sql server in place of just copy one database??????
What's the solution for this problem?
Thanks for your comments !
Matt
View 2 Replies
View Related
Aug 18, 2015
I have trying to execute the Sendmail task in my development envinorment i face this error..I have given the clear details error message below,Please have a look.
[Send Mail Task] Error: An error occurred with the following error message: "Failure sending mail.  System.Net.WebException: Unable to connect to the remote server  System.Net.Sockets.SocketException: An attempt was made to access a socket in a way forbidden by its access permissions ".Alternatively  i use the  SMTP connection to create the subscription as well,its working properly.
Here we are accessing SMTP connection manager as Virtually.Here in my client network we are using Macafee Anti virus ,We have excluded the Rsconfigration file in the excluded list.I dont know why this problem occures again using Sendmailtask in ssis?
View 2 Replies
View Related
Jul 20, 2005
Hi there...I use SQL server integrated security so when a user opens a database inaccess it prompts the username & password in a small popup box onconnection, but I'd like to use my own customised form for theauthentication process, is this possible? I do know that this login popboxis displayed before any forms are loaded, can it be said that on databaseconenct that the form is opened? How will I transfer the values entered intothe login form to the sql server for authentication?Thanks alot in advanceRudi Groenewald
View 3 Replies
View Related
Nov 20, 2013
passing serialised objects to a stored procedure for the purpose of data inserts. I see this as being a way to handle multiple row inserts efficiently.
However, in my limited use of XML data I am not so sure how to link the data when I have a dependency on another "object" within the serialised XML.
Below is a code snippet showing what I have so far.
The first insert statement works fine - but how to retrieve the identifier created by the DB - I want to use an SQL statement that finds the record in the table based on the XML representation (of the PluginInfo), allowing me to insert the ConfigurationInfo with the correct reference to the PluginInfo
DECLARE @Config NVARCHAR(MAX)
DECLARE @Handle AS INT
DECLARE @TransactionCount AS INT
SELECT @Config = '
<ConfigurationDirectory >
<ConfigurationInfo groupKey="Notifications" sectionKey="App.Customization.PluginInfo"
[code]....
View 1 Replies
View Related
Mar 8, 2008
Dear all,
I wrote the below script to add a SQL server login account that is the db_datareader, db_datawriter, and granted permission on all stored procs, functions, and views on all databases within a server.
Code Snippet
USE master
GO
SET NOCOUNT ON
DECLARE @database_name sysname
DECLARE @object_name sysname
DECLARE @object_type char(2)
CREATE TABLE #databases (DATABASE_NAME sysname, DATABASE_SIZE int, REMARKS varchar(254))
INSERT #databases EXEC sp_databases
-- ++++++++++++++++++ add SQL Server Login ++++++++++++++++++
IF EXISTS (
SELECT 1 FROM master.dbo.syslogins
WHERE [name] = 'WEB_USER2'
) BEGIN
DECLARE db_cur CURSOR LOCAL FAST_FORWARD FOR
SELECT DATABASE_NAME FROM #databases
OPEN db_cur
WHILE 1 = 1
BEGIN
FETCH db_cur INTO @database_name
IF (@@FETCH_STATUS <> 0) BREAK
EXEC ('USE ' + @database_name +';
IF EXISTS (
SELECT 1 FROM sysusers
WHERE [name] = ''WEB_USER2''
) BEGIN
EXEC sp_revokedbaccess ''WEB_USER2''
END
')
END
CLOSE db_cur
DEALLOCATE db_cur
EXEC sp_droplogin 'WEB_USER2'
END
EXEC sp_addlogin
@loginame = 'WEB_USER2',
@passwd = 'password'
-- ++++++++++++++++++ loop thro' all User-Databases ++++++++++++++++++
DECLARE db_cur CURSOR LOCAL FAST_FORWARD FOR
SELECT DATABASE_NAME FROM #databases
WHERE DATABASE_NAME NOT IN ('master', 'model', 'tempdb', 'msdb', 'distribution', 'ASPState')
OPEN db_cur
WHILE 1 = 1
BEGIN
FETCH db_cur INTO @database_name
IF (@@FETCH_STATUS <> 0) BREAK
PRINT ''
PRINT 'Current database=' + @database_name
-- add user to databases
EXEC ('USE ' + @database_name +';
IF EXISTS (
SELECT 1 FROM sysusers
WHERE [name] = ''WEB_USER2''
) BEGIN
EXEC sp_revokedbaccess ''WEB_USER2''
END
')
EXEC ('USE ' + @database_name +'; EXEC sp_grantdbaccess ''WEB_USER2''; ')
-- add user to db_datareader
EXEC ('USE ' + @database_name +'; EXEC sp_addrolemember ''db_datareader'', ''WEB_USER2''; ')
-- add user to db_datawriter
EXEC ('USE ' + @database_name +'; EXEC sp_addrolemember ''db_datawriter'', ''WEB_USER2''; ')
-- grant permission on Stored proc, Scalar function, Inlined table-function, Table function, View
-- !! coz EXEC is a self-contained batch, so must use GLOBAL
EXEC('USE ' + @database_name +';
DECLARE obj_cur CURSOR GLOBAL FAST_FORWARD FOR
SELECT [name], [type] FROM sysobjects
WHERE [type] IN (''P'', ''FN'', ''IF'', ''TF'', ''V'')
')
OPEN obj_cur
WHILE 1 = 1
BEGIN
FETCH obj_cur INTO @object_name, @object_type
IF (@@FETCH_STATUS <> 0) BREAK
-- PRINT 'object=' + @object_name + '; type=' + @object_type
IF LTRIM(RTRIM(@object_type)) = 'P' OR @object_type = 'FN'
BEGIN
-- EXEC on Stored proc, Scalar function
EXEC('USE ' + @database_name +'; GRANT EXEC ON dbo.' + @object_name + ' TO WEB_USER2 ')
END
ELSE
BEGIN
-- SELECT ON table function, View
EXEC('USE ' + @database_name +'; GRANT SELECT ON dbo.' + @object_name + ' TO WEB_USER2 ')
END
END
CLOSE obj_cur
DEALLOCATE obj_cur
END
CLOSE db_cur
DEALLOCATE db_cur
DROP TABLE #databases
plz revise it if you have better idea! Thx!
View 4 Replies
View Related
May 17, 2004
I hope this is a nice fat ball that someone can knock out of the park...
We've recently started to upgrade our development servers from Win2k to Windows Server 2003. Naturally, the SQL Server boxes receive MS SQL Server 2000 SP3a. Our database users now cannot restore to their own databases.
We usually grant each login the 'dbcreator' server role (and hope the developers are too busy to realize everything else it allows). Each user's login is dbo in his/her database. Typically one developer will produce a reference dump file, and all the other developers load it as they need it.
If a user executes a restore, it trundles along happily until almost the end, spitting out an error. Here's a sample:
100 percent restored.
Processed 376 pages for database 'bobdb', file 'Data' on file 1.
Server: Msg 916, Level 14, State 1, Line 68
Server user 'bob' is not a valid user in database 'bobdb'.
Server: Msg 3013, Level 16, State 1, Line 68
RESTORE DATABASE is terminating abnormally.
Oh, and this worked with SQL Server 2000 (any patch) on Windows 2000 Server.
Developers reload their databases so often (and DBA resources are so spare) that routing all restores through a DBA will bring development to its knees. So, each developer must be able to restore dumps to their own database.
Help? Which server roles/permissions/GRANTs do we need to provide our developers with the power they need? (and not the powers they don't need!)
View 11 Replies
View Related
Oct 3, 2005
I am trying to set up a secure system and would like some advice on how to do it as it is a bit tricky.
View 14 Replies
View Related
Sep 26, 2007
Hi,
I created a new sql server login, but didn't assign it any permissions in any databases.
When I login with this new login, it logs into the master database, and is able to select tables from the system databases, such as master, msdb.
This seems very wrong to me. How can I turn these default permissions off for new logins? I thought it might have something to do with the guest account, but not sure how to best handle this.
Thanks
View 3 Replies
View Related
