I have SQL Server 7 database & I need to create some interface between users & database to let users see what is in the database, but not let them change or destroy data. Do I need to create some other database in-between users & the original database? Users can't program & want access to all data.management doesn't want to create a replication of the database. They want to let users have access through MS Word or Access. What could you advise me?
I need to set up 1 new user in SQL Server 2005 to be able to read specific tables in a db (db1).
The user will connect from MS access using odbc links (SQL Native client ot SQL Server driver)
I've tried to set up one and once logged on from the user workstation, I can only see sys. tables and INFORMATION_SCHEMA tables. None of the required db1 tables appear.
under Security/Logins I've created User1: SQL Server auth. with password default db = db1 server_roles = none user mapping = map, db1, user1,dbo securables = none status = grant, enabled
on the access db, the odbc link was set up with default db = db1
Ive finally gotten my report server setup to run. I can access the reports via IIS from a remote computer if I login as the server administrator. Ive given certain users permissions to the /Program Files/sql server/Reporting Services/ folder, however, when I try to enter their login info, from the IIS login prompt when i visit http://servername/ReportServer/ I am unable to login. How do I grant users permission to login to report server?
Hi, How can I provide a user read only access to all the databases on the server. I have 15 databases on the server. I know I can give db_datareader access in each database individually but that is time consuming and I have 10 servers for this to be done.
I have now succefully setup SQL Server Express on an Admin PC in my office and can see it and connect to it easily from my PC using my NT logon.
My application is complete and runs a treat for me connecting to the server from my PC.
I have now deployed the application using ClickOnce and it has all gone smoothly, except for other NT users gaining access to the database?
Within MSMSE I have clicked on Security-Logins and can see my NT login details are present and as me I can administrate the server/db.
I have added a few new logins and even tried to match them to my settings but from their computers the application fails to logon to the server/database.
Within the ODBC setup the server is visible for them but they cannot connect?
If I logon to their computer it works for me?
This section is new to me so I am struggling to get it to work, can anyone throw me a bone please?
Hello team, I have learned quite a bit from everyone here. I have decided to post a question for you guys and see what the best method is. Our Sr. DBA has asked me to get a list of all of our users permissions on all of our databases. We have about 20 SQL servers some of which have more databases and instances than I have fingers and toes. Can anyone recommend any solution to this problem? Perhaps there is a script I can download/write which will help me on this? Thanks in advance.
Hi,I have a web app, that runs fine, except for one particular section that uses a class called by an event in the code behind. The class resides as a dll in the bin folder. We had no problems during testing, when only one user was running this dll. Problems soon occurred when multiple users tried running it. Here's the error & stack: 06/02/2007 09:25:26 ==> cburns ==> There is already an open DataReader associated with this Command which must be closed first. at System.Data.SqlClient.SqlInternalConnectionTds.ValidateConnectionForExecute(SqlCommand command) at System.Data.SqlClient.SqlConnection.ValidateConnectionForExecute(String method, SqlCommand command) at System.Data.SqlClient.SqlCommand.ValidateCommand(String method, Boolean async) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader() at ESP.Validator.Data.DatabaseEvents.DatabaseEventManager.Read(IEventable eventObject, Int16 eventType, DateTime earliestDate, DateTime latestDate) in C:My PathValidatorValidator.NETDataDatabaseEventsDatabaseEventManager.cs:line 92 at ESP.Validator.Data.Translink.CATCard.GetDespatchDate() in C:My PathProjectsValidatorValidator.NETDataTranslinkCATCard.cs:line 94 at ESP.Validator.Data.Translink.ExistingSchemeEntitlement.ReadCards() in C:My PathProjectsValidatorValidator.NETDataTranslinkExistingSchemeEntitlement.cs:line 215 at ESP.Validator.Data.Translink.ExistingSchemeEntitlement.Read() in C:My PathProjectsValidatorValidator.NETDataTranslinkExistingSchemeEntitlement.cs:line 147 at ESP.Validator.Data.Translink.TranslinkApplicant.ReadEntitlements() in C:My PathProjectsValidatorValidator.NETDataTranslinkTranslinkApplicant.cs:line 369 at ESP.Validator.Data.Translink.TranslinkApplicant.Read() in C:My PathProjectsValidatorValidator.NETDataTranslinkTranslinkApplicant.cs:line 353 at ESP.Validator.Data.Translink.PrePrintedLetter.Read() in C:My PathProjectsValidatorValidator.NETDataTranslinkPrePrintedLetter.cs:line 282 at ESP.Validator.ValidationProcessor.Read(ValidationSubject subject) in C:My PathProjectsValidatorValidator.NETValidationProcessor.cs:line 82 at clear_applications_scan_applications.ProcessValidation() It seems the data reader is getting reused. We have ensured after each read the reader is closed. Though all users are using the same connection string. Could it be a connection pool problem, with the connection being overwritten during execution? Should i edit it according to the users logon?I am really at a loss for ideas, and I don't mind admitting I am a bit out of my depth with this one!! Any ideas/suggestions would be greatly appreciated. Thanks
Sorry about my English, it is not my natural language and thanks for your help. I have installed the Personal Site Starter Kit, everything work perfect except register users. When a new user try to register as a new user he receives an error, caused because the database is "read-only". In IIS the database has read and writing permissions and the directories where the aplication is. How can I change the database permissions?
Server Error in '/personalweb' Application.
Failed to update database "C:INETPUBWWWROOTPERSONALWEBAPP_DATAASPNETDB.MDF" because the database is read-only. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Failed to update database "C:INETPUBWWWROOTPERSONALWEBAPP_DATAASPNETDB.MDF" because the database is read-only.Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace:
I have a very long transaction that runs on the same database thatother users need to use for existing data. I don't care if they seedata from the transaction before it is done and am only using thetransaction because I need a way to roll it back if any errors happenduring the transaction. Unfortunately all tables affected in the longrunning transaction are completely locked and nobody else can accessany of the affected tables while it is running. I am using thetransaction isolation level of read uncommitted, which from my limitedunderstanding of isolation levels is the least strict. What can I do toprevent this from happening?Below is the output from sp_who2 and sp_lock while the process isrunning and another process is being blocked by it.SPID Status LoginHostName BlkBy DBName Command CPUTimeDiskIO LastBatch ProgramName SPID----- ------------------------------------------------------------------------------ ---------- ----------------- ---------------- ------- ------ ------------------------------------------ -----1 BACKGROUND sa. . NULL LAZY WRITER 0 006/09 15:42:52 12 sleeping sa. . NULL LOG WRITER 10 006/09 15:42:52 23 BACKGROUND sa. . master SIGNAL HANDLER 0 006/09 15:42:52 34 BACKGROUND sa. . NULL LOCK MONITOR 0 006/09 15:42:52 45 BACKGROUND sa. . master TASK MANAGER 0 506/09 15:42:52 56 BACKGROUND sa. . master TASK MANAGER 0 006/09 15:42:52 67 sleeping sa. . NULL CHECKPOINT SLEEP 0 1206/09 15:42:52 78 BACKGROUND sa. . master TASK MANAGER 0 206/09 15:42:52 89 BACKGROUND sa. . master TASK MANAGER 0 006/09 15:42:52 910 BACKGROUND sa. . master TASK MANAGER 0 006/09 15:42:52 1011 BACKGROUND sa. . master TASK MANAGER 0 106/09 15:42:52 1112 BACKGROUND sa. . master TASK MANAGER 0 006/09 15:42:52 1251 sleeping SUPERPABLOAdministratorSUPERPABLO . PM AWAITING COMMAND 1813307 06/09 16:10:34 .Net SqlClient Data Provider 5152 sleeping SUPERPABLOAdministratorSUPERPABLO 54 PM SELECT 30 506/09 16:10:16 .Net SqlClient Data Provider 5253 RUNNABLE SUPERPABLOAdministratorSUPERPABLO . master SELECT 0 306/09 16:09:44 SQL Profiler 5354 RUNNABLE SUPERPABLOAdministratorSUPERPABLO . PM UPDATE 10095206 06/09 16:10:02 .Net SqlClient Data Provider 5456 RUNNABLE SUPERPABLOAdministratorSUPERPABLO . PM SELECT INTO 151 2706/09 16:10:33 SQL Query Analyzer 56(17 row(s) affected)spid dbid ObjId IndId Type Resource Mode Status------ ------ ----------- ------ ---- ---------------- -------- ------51 5 0 0 DB S GRANT52 5 0 0 DB S GRANT52 5 1117963059 4 PAG 1:7401 IS GRANT52 5 1117963059 4 KEY (5301214e6d62) S WAIT52 5 1117963059 0 TAB IS GRANT54 5 1117963059 0 TAB IX GRANT54 5 1852025829 0 TAB IX GRANT54 5 1181963287 3 PAG 1:9017 IX GRANT54 5 1117963059 4 KEY (5301934930a4) X GRANT54 5 1117963059 3 KEY (530187fc93f3) X GRANT54 5 1117963059 4 KEY (530154df71eb) X GRANT54 5 0 0 DB [BULK-OP-LOG] NULL GRANT54 5 0 0 FIL 2:0:d U GRANT54 5 1117963059 2 KEY (1d0096c50a7d) X GRANT54 5 1117963059 2 KEY (1b004a9a6158) X GRANT54 5 1117963059 2 KEY (1800a435d44a) X GRANT54 5 1181963287 6 PAG 1:8745 IX GRANT54 5 1181963287 4 PAG 1:8923 IX GRANT54 5 1181963287 2 PAG 1:8937 IX GRANT54 5 1117963059 4 KEY (5301112b0696) X GRANT54 5 0 0 PAG 1:10889 IX GRANT54 5 1181963287 5 PAG 1:8859 IX GRANT54 5 1181963287 6 PAG 1:10888 IX GRANT54 5 0 0 PAG 1:10891 IX GRANT54 5 0 0 PAG 1:10893 IX GRANT54 5 0 0 PAG 1:10892 IX GRANT54 5 0 0 PAG 1:10894 IX GRANT54 5 0 0 PAG 1:10882 IX GRANT54 5 1117963059 3 KEY (530135fbce35) X GRANT54 5 1117963059 0 RID 1:7387:57 X GRANT54 5 1117963059 0 RID 1:7387:59 X GRANT54 5 1117963059 0 RID 1:7387:61 X GRANT54 5 1117963059 3 KEY (5301406ad2bc) X GRANT54 5 1117963059 4 PAG 1:7401 IX GRANT54 5 0 0 PAG 1:7387 IX GRANT54 5 1117963059 2 PAG 1:7389 IX GRANT54 5 1117963059 3 PAG 1:7391 IX GRANT54 5 1117963059 0 RID 1:7387:10 X GRANT54 5 1117963059 0 RID 1:7387:56 X GRANT54 5 1117963059 0 RID 1:7387:58 X GRANT54 5 1117963059 0 RID 1:7387:60 X GRANT54 5 1117963059 3 KEY (530144afbed8) X GRANT54 5 1117963059 4 KEY (530115ee6af2) X GRANT54 5 1117963059 3 KEY (5301c6cd88ea) X GRANT54 5 1149963173 0 TAB IX GRANT54 5 1181963287 0 TAB X GRANT54 5 1117963059 4 KEY (5301d2782bbd) X GRANT54 5 1117963059 3 KEY (5301015bc9a5) X GRANT54 5 0 0 DB S GRANT54 5 0 0 DB [BULK-OP-DB] NULL GRANT54 5 1117963059 4 KEY (5301501a1d8f) X GRANT54 5 1117963059 2 KEY (1c00f3a2b6c5) X GRANT54 5 1117963059 2 KEY (1a002ffddde0) X GRANT54 5 0 0 PAG 1:7411 IX GRANT54 5 1117963059 2 KEY (1900c15268f2) X GRANT54 5 0 0 PAG 1:10840 IX GRANT54 5 1181963287 4 PAG 1:10841 IX GRANT54 5 0 0 PAG 1:10842 IX GRANT54 5 1117963059 3 KEY (5301059ea5c1) X GRANT54 5 0 0 PAG 1:10820 IX GRANT54 5 1181963287 4 PAG 1:10821 IX GRANT54 5 1181963287 5 PAG 1:10874 IX GRANT54 5 1181963287 5 PAG 1:10876 IX GRANT54 5 0 0 PAG 1:10877 IX GRANT54 5 1181963287 5 PAG 1:10878 IX GRANT54 5 0 0 PAG 1:10849 IX GRANT54 5 0 0 PAG 1:10850 IX GRANT54 5 1117963059 2 KEY (1700f225b712) X GRANT54 5 1117963059 4 KEY (5301214e6d62) X GRANT56 5 0 0 DB S GRANT56 1 85575343 0 TAB IS GRANT
I have been struggling with this for a while and cannot get it right. I have read countless articles on the internet as well as MSDN documentation about SQL Server 2005 and no success so far.
What I want is a database with multiple SCHEMAS, DATABASE ROLES and USERS in order to have a finer grade of security to access the various objects.
My schemas are (in order to simplify the situation and provide an example of the setup):
- [dbo] the standard DBO schema which is always default. Contains public objects. - [com] a special module integrated into the system - [ofc] contains objects used by back-office only - [aud] contains objects used for auditing, etc.
Each of these schemas has their fair share of tables, views, functions and stored procedures which have been created appropriately (i.e. CREATE TABLE [ofc].[Addresses]), in other words prefixed by the name of the schema to which they belong.
Then I have created various database roles (don't confuse them with SQL2005 application roles) as follows:
- PublicRole mostly used for viewing, no data alterations - WorkerRole used by front end processes that need write access to data in [dbo] and [aud] - OfficeRole used by back-office for dealing with backoffice data (basically [ofc], [aud] stuff) - AdminRole used by application administrator
Each of these database roles has been defined with owner 'dbo', none of them own any schemas. And last but not least to each of these roles I have selected the above named schemas (dbo, ofc, aud) as securables and for each of those securables schemas I have then given the correct set of GRANT/DENY on the Alter, Control, Delete, Execute, Insert, References, Select, Update, Take ownership and View definition.
As an example, the PublicRole role has been given the following permissions (Y=GRANT, N=DENY):
Table #1 of Application Permissions [dbo] [com] [ofc] [aud]Alter N N N N Control N N N N Delete N N N N Execute Y Y N Y Insert N N N Y References Y Y N Y Select Y Y N Y Update N N N Y Take ownership N N N N View definition N N N N
And I have the following minimum set of database users defined (the server login has the same name):
- upublic, assigned to PublicRole - uworker, assigned to WorkerRole - uoffice, assigned to OfficeRole - uadmin, assigned to AdminRole
As I understand when I assign these users to a particular custom Database Role, the users inherit the permissions granted to THAT role thus liberating me from having to assign the permissions to each and every user account on the same role.
What I expected was that when I logged in to the database with the upublic user account I would at least be able to view (SELECT at least) ALL the objects with the exception of those in th e[ofc] schema. Unfortunately the account is not able to access ANYTHING at all, I get an error like
"The SELECT permission has been denied on object XYZ, database DB, schema 'dbo'"
So, when I use Management Studio to look at the properties I selected the PublicRole and it showed the upublic user as a member of the role (Members of this role). So far so good.
Then when I switch to the Securables page for this role it shows all the schemas I defined and for each of them the same list shown in Table #1 except it has two lines for each permission, the first for Grantor dbo and the second for Grantor upublic. The first has the same permissions I assigned to the role (as shown on Table #1) but the 2nd does not show a checkmark on either GRANT or DENY!!! For example ([x] = checked, [ ] unchecked):
What am I doing wrong here? Apparently I then have to repeat the whole grant/deny for EACH and EVERY USER I define when the idea was that I would grant/deny on the database role and every member of that role would inherit those permissions automatically.
I have set up a link from ACCESS to a SQL 7.0 database using ODBC (File DSN saved on a shared DRIVE). The link works well only from the workstation where the link was created. But How can I create a link so a group of users can view the linked table in ACCESS without type a password? Any suggestion is appreciated.
I want to make data changes in read_only database , that's why i must set database read_write. While database is at read_write mode, i want to be sure that no one makes change in database.
For this aim, i write the code below, but i suspect that after setting the database read_write, till the setting database single_user ,is it possible get DML script from another user. Is the code below enough for this operation. Or is there another way?
Reminding: Read_only database can not be set single_user mode. That's why, first you must set database read_write.
The code;
use master alter database xxx set read_write with rollback immediate alter database xxx set single_user with rollback immediate
use xxx update tablexxx set columnxxx=yyy use master alter database xxx set read_only with rollback immediate alter database xxx set multi_user with rollback immediate
Hi, I'm writing a program to access a SQL server and my problem is that if I use a user that isn't an administrator the login is failed.
It specifies the " DomainUserName "
Maybe it wouldn't have bothered me so if I didn't see it working on the last server I had. Unfortunatly, that one was formatted and I wasn't the one installing the SQL server on it.
Does anybody know how to make the SQL server more tolrant to users?
OBJECTIVE: I would like to read a text file from SQL Server 2000, read the text file content, and load its conntents in a RichTextBoxTHINGS I'VE DONE AND HAVE WORKING:1) I've successfully load a text file (ex: textFile.txt) in sql server database table column (with datatype Image) 2) I've also able to load the file using a Handler as below: using System;using System.Web;using System.Data.SqlClient;public class HandlerImage : IHttpHandler {string connectionString;public void ProcessRequest (HttpContext context) {connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["NWS_ScheduleSQL2000"].ConnectionString;int ImageID = Convert.ToInt32(context.Request.QueryString["id"]);SqlConnection myConnection = new SqlConnection(connectionString);string Command = "SELECT [Image], Image_Type FROM Images WHERE Image_Id=@Image_Id";SqlCommand cmd = new SqlCommand(Command, myConnection);cmd.Parameters.Add("@Image_Id", System.Data.SqlDbType.Int).Value = ImageID;SqlDataReader dr;myConnection.Open(); cmd.Prepare(); dr = cmd.ExecuteReader();if (dr.Read()){ //WRITE IMAGE TO THE BROWSERcontext.Response.ContentType = dr["Image_Type"].ToString();context.Response.BinaryWrite((byte[])dr["Image"]);}myConnection.Close();}public bool IsReusable {get {return false;}}}'>'> <a href='<%# "HandlerDocument.ashx?id=" + Eval("Doc_ID") %>'>File </a>- Click on this link, I'll be able to download or view the file WHAT I WANT TO DO, BUT HAVE PROBLEM:- I would like to be able to read CONTENT of this file and load it in a string as belowStreamReader SR = new StreamReader()SR = File.Open("File.txt");String contentText = SR.Readline();txtBox.text = contentText;BUT THIS ONLY WORK FOR files in the server.I would like to be able to read FILE CONTENTS from SQL Server.PLEASE HELP. I really appreciate it.
Hiya - this might be a bit of a simple question but please bear with me! I have looked reasonably hard for this but can not find an answer:
I have an MSSQL 2000 server running on PC-A and would like to limit certain users (e.g. admin) to be only able to logon when using the actual PC-A machine.
I am aware that you can acheive this in MySQL with the "insert into user (host, user, password) values (localhost, username, password);" command. Is there an equivalent way to do this in MSSQL?
Ok I created a database SQL is the engine and Access XP is the gui. When the users try to access the databae they get error message, it opens up but they cant open the forms for some reason. I was wondering if this had to do with me have Access XP and them having Access 2000, but I highly doubt it because when I had a user log on to my machine (which has access xp) they still were not able to access the forms. Can someone help me out PLEASE PLEASE PLEASE... this is so frustrating :(
One thing I'm noticing is that the users connection keeps dropping???
I'm trying to set up SQL Server so that people with Enterprise Mgr can create a DB registration to their DB only (sql.yoursite.com). Are there any tutorials out there for doing this?
I have an existing MS SQL 2005 server which is used to maintain data that has been collected from various sources around a plant. A new system has been added on our network where the data is provided in a daily MS Access database. The name of the MS Access database changes every day.
I would like to use the job manager to run a Stored Proc every night to extract the daily data from the MS Access database. Is there any way to do this.
is there a master table that i could querry to buiild a report on the users who have acces to the various databases on the SQL server. I am trying to use master.dbo.syslogins but that is not generating what i need.
I have a web application that runs on IIS on Windows XP professional. I have reached the max number of connections to the IIS website. So, I tried the approach of disabling HTTP Keep-Alives.
All is fine and dandy until my Business Intelligence Studio report project attempts to set the parameters for a report using report viewer at which point I get the following error message:
"The request failed with http status 401: access denied."
How can I fix this? I have posted this over at the asp.net forums, but I figured I would check here to see if anyone else has solved this problem.
System.Data.SqlClient.SqlException .... because the database is read-only
( I'm putting this here so searches can find it easier)
I got this idea from a related thread, but they used a NETWORK user that is obsolete in 2007.
I found that you have to edit the actual file properties on the ASPNETDB.MDF and ASPNETDB.LDF files so that the ASPUSER has full access. i.e. on the file properties, security tab, hit the Add button and type in ASP.NET then return. Back at the security properties, click on the 'Full Control' checkbox at the top. That took care of it for me.
This was after checking the IIS control panel for the properties on the folder that contained my application and App_Data folders to be sure that the "Write" checkbox was already checked, it was
Of course this assumes that you have installed the express version of SQL from Microsoft
Hello, We have SQL Server 2005 with 300+ databases in it. It was set up by the conractor. How can I create new account with read-only access to all databases? Is there any "quick" method of doing it (like in Sybase, it is very easy). I've created new login, but I do not see where can I set up the permissions properly. Thanks
Hi guys, We have a scenario where there are about 50 tables in our database and we want to build an intranet web application for users to with the office to access those tables. Users ability to access tables falls into diferent category:
Some users can NOT view some tables at all Some users can ONLY view some tables but not insert/update any field Some users can view and also insert/update some tables (in the same time they might not have view(select) permision on some other tables) Now, what is the right way to implement this. I say we have to have a Role, RolePermission, User, UserPermission inside our database to implement this (something which would look like the Roles and Users inside MSSQL) and we only have one user for our Database (MachineName/ASPUSER) to access the database and all the tables within My colleague says NO, instead of creating all these tables and implement this, we add every user of our application as a Database user inside MSSQL in the Databse Users. All the web application I have seen so far, DNN, CommunityServer, ... the have tables to implement all these and they don't add users inside the MSSQL. Now which way is the way to go with, and what problem might we fall into if we use SQL users, is this possible at all. How can I convince him that we have to make and use our own tables to manage this. Thanks for any help,Mehdi
We are currently using Crystal reports but are considering using SQL RS. We need to know if there is a restriction on simultanoeus access to the same report by multiple users? What happens when multiple users try to access the same report simultaneously? If reports can be accessed simultaneously, do the requests queue up or are they processed concurrently?
Hi guys, I want to give someone read only permission to our SQL server so they can log in and look at the database structure and query a few tables. I've set up the user but the problem is that when I connect in SQL server remotley, it shows all the other DB's on the server even though it is restricting access to them. Can these other DB's be hidden so that only the DB the user has access to shows up?
I have a data file that I converted from Access to SQL Server using theupsizing wizard. I then attached the tables to the Access front end using anODBC connection. I have one table that is read only for some reason. I'mnot sure how that happened, it went through the same procedures as the othertables in terms of upsizing and connecting. The original table was not readonly or hidden or anything else, it had full permissions.I've tried disconnecting and reconnecting the table but still the samething. In SQL Server, the permissions are the same as all the other tables.I can't seem to figure out what's making this one read only.I'm using SQL Server 2005 Express and Access 2003. Any ideas would begreatly appreciated.Thanks!
