Application Roles - Changing Password

Mar 13, 2007

Hello,

 

in SQL Server 2005 I have an application role that is being used to limit access to my server data from third party applications. Everything is working well, except changing the Application role password.

I set up a small form that allows an administrator to change the App Role password through the front end app. I cannot, however, seem to get the Password field in my approle to accept a parameter.

For example:

declare @newpassword varchar(128)

set @newpassword = 'foo'

ALTER APPLICATION ROLE MyApplicationRole

with PASSWORD = @newpassword

This procedure gives me a syntax error in the last line. It will accept a string in quotes but not a varchar parameter.

 

Ideas?

View 3 Replies


ADVERTISEMENT

Schemas, Users, Logins, Database Roles, Application Roles

Mar 5, 2006

Hello,

I am new user of SQL Server. I have some problems with these words. I want to make my database works in my specified permissions. I will specify permissions with schemas and these schema wants an owner. I want this owner should be my user. When creating a user it needs a valid login. I am selecting my login and it occurs and error says this login has an different user. I am specifying permissions with roles. But i can't make association all of them. I hope i told my problem to you as well. If you explain these words to me and tell me how can i do my database's works with my own schemas, users and roles i'll be grateful. Thanks for advices.

Happy coding...

View 4 Replies View Related

Fixed Database Roles Vs Application Roles

Aug 24, 2006

After reading Books Online, I am still confused with Database Role vs Application role.

My intention is to control the end users' authority on the database, where the end users will access through Winforms client application. With proper assignment of schema and database roles to an user, I believe this will enough to control the permisison of an user.

If this is the case, why Application role exists? When and why should I use Application Role? How is it different from Fixed Database Role?

View 14 Replies View Related

Changing From Users To Roles

Apr 2, 2008

Guys,

I have 2 users emp_rw (read write) and emp_ro in the database through which application accesses the database.

Now I would like to replace this users with roles and assign emp_rw, emp_ro to roles. Which roles should be created -
database roles or application roles what is the difference between application and database roles.

currently I execute the below statement to grant rights on database objects to emp and emp_ro users, can this be changed
to grant rights to role instead of user.

grant execute on <function name, procedure name> to emp_ro

Any suggestions and inputs would help.

Thanks

View 1 Replies View Related

Using SQL Application Roles From ASP.NET

Nov 1, 2004

Hi there

Can anyone point me to a good tutorial or give me a run down on using Sql Application roles from my asp.net application. Books Online only give a run down on how to set it up - not how to implement or use it from my code. MSDN no help. Google - same thing.

Any help greatly appreciated.

Thanks in advance

View 2 Replies View Related

Application Roles?

Mar 20, 2008

We have a distributed app that creates it's own instance of sqlexpress when installing. This prevents anyone with sa rights on another instance from accessing our data directly (HIPAA compliance concerns). We are currently looking into making our app easier to install, and want to be able to attach our database to existing instance (if one exists), but still prevent the sa account of that instance from directly accessing/viewing our data. Are application roles the way to accomplish this, is there another way, or is this even possible?

Thanks in advance.

View 5 Replies View Related

Security- Application Roles

Jul 17, 2000

We are looking to make our applications as secure as possible. I am interested in how well Application Roles work to make security tighter.

Have you used Application Roles. If you have, I'd like to know if it helped provide better security or not and if it did, how was it implmented in you production environment. I already know how to get it set up, I'm just wondering if it's really worth the trouble.

Thanks!

View 2 Replies View Related

Application Roles For Sql 2000 And VB6

May 22, 2003

I may need to setup an application role(s) fro a SQL 2000 db that is being front-ended by VB6. There are 2 types of functions needed, and admin role with access to all tables, and a user role with access to only specific tables. I know from just a straight db roles, I could set up 2 roles, set their rights, and then add the users to these roles. My questions is if I need the same functionality for an Application role, do I need 2 Application roles, one for the admin, and the other for the user?

View 1 Replies View Related

Application Roles In SQL 2005

Jun 13, 2006

We have an an application that was written using OLE DB (ADO) against a SQL 2000 Server that uses an Application role to give rights to the database objects. It connects, calls sp_setapprole and goes on. If the database needs to LOCK a record, it is creating a new ADO Connection and instantiating the Approle again. This model has been working fine up til now.

Now we are installing a SQL 2005 server for the latest version of the product we are working on and are running into an error. The error is
Error: 18059, Severity: 20, State: 1.
The connection has been dropped because the principal that opened it subsequently assumed a new security context, and then tried to reset the connection under its impersonated security context. This scenario is not supported. See "Impersonation Overview" in Books Online.


It's happening when the second ADO Connection for locking a record is being created and the sp_setapprole is being executed.

One of my questions is what is the problem with executing the approle on a different connection? Our code has not changed, so obviously SQL 2005 is doing something different. The other is What can we do to correct this?

Is the resource pooling different? We had problems in the beginning with approles and figured out through research that we needed to add OLE DB Services=-2 to the connection string to turn off resource pooling.

Is there an extra step to using Approles in SQL 2005?

Any help would be greatly appreciated as we need to resolve this ASAP.



Thanks,

David

View 5 Replies View Related

Usin Application Roles

Apr 30, 2007


I want to test Application Roles security for our project, I guess it serves the purpose.
But the quesion I have is if a developer who can look at the application code know's the "Password" can he set the password from Query Analyser and get acess to the database.


Thanks!

View 4 Replies View Related

Changing Publisher-subscriber Roles On SQL Server 6.5

Sep 14, 1999

Hi Nerds
There are 2 production servers (SQL Server 6.5). One is publisher and the other one is subscriber. Data is replicated from publisher to subscriber which is a transaction based replication. Each day at 8:00PM data comes into publisher and the updations,replication,backup,reporting are carried out till 11:00AM next day. The subscriber server is used as a reporting server and the publishing server is used as the data warehouse server.
I want to cleanup a table on the publisher. Since it is replicated on the subscriber, can I do delete operation on the subscriber, make the subscriber server a publisher and the publisher server a subscriber, do replication from publisher(new) to subscriber(new) and again change publisher to subscriber and subscriber to publisher without affecting the production line of the databases. I have to do this between 11:00AM to 8:00PM.
Pranav.

View 1 Replies View Related

Application Roles And Module Signing

Feb 12, 2007

Hi, Am migrating my SQL 2000 legacy app to SQL2005 and am dealing with restrictions on the underlying system tables. Have taken advice that Granting VIEW state to all users is heavy handed (especially meta data access at SERVER level). Now looking at Module signing which is great. I can supply SP's which target the few System table/ information schema fields that I require. Now I Sign the Sp's cool, now I grant exec rights to the application role (doesn't work). Create a db role and put my users in it, okay grant role exec on Sp's (fine they work).

However my application runs under an application role always, so my users rights are ignored and it appears that its only the users not the approles who can benefit from the module signing ? I know I can switch too and from approle using cookies but I seem to be going round in cirlces here.

Essentially is there any 'EASY' and 'CONTROLLED' way that my application user who has no rights, who immediately switches to the application role can see the dbName (All rows ) from master.sysdatabases ?

Thansk for any advice

View 7 Replies View Related

Application Roles For Cross-Database Joins

Aug 25, 2005

I have an application that segregates data into two differentdatabases. Database A has stored procs that perform joins betweentables in database A and database B. I am thinking that I have reachedthe limits of Application Roles, but correct me if I am wrong.My application creates a connection to database A as 'testuser' withread only access, then executes sp_setapprole to gain read writepermissions. Even then the only way 'testuser' can get data out of thedatabases is via stored procs or views, no access to tables directly.Anyone know of a solution? Here is the error I get:Server: Msg 916, Level 14, State 1, Procedure pr_GetLocationInfo, Line38Server user 'testuser' is not a valid user in database 'DatabaseB'The system user is in fact in database A and B.thanksJason Schaitel

View 4 Replies View Related

SQL 2005: Pooling, Application Roles And SQL Server Error 18059

Nov 24, 2007

Hi all:

[Posting this in the security forum because in this forum I found a related post.]

I have a problem with SQL Server 2005 and application roles and pooling. I needed to use application roles and I needed to use pooling at the same time for an application. I am using sp_setapprole and sp_unsetapprole. In order to ensure that the application role is always set and unset by the application, I actually developed a custom Data Provider based on the SqlClient Data Provider. I have a custom Connection and Command class that wrap the SqlClient versions. Upon opening my custom Connection class, I execute the sp_setapprole stored procedure. Upon closing or disposing the connection, I call sp_unsetapprole.

This works fine in 99% of my tests. However, I have three or four methods (always the same ones, but one only fails ever so often) that fail, but only under the following circumstances:


Pooling is turned on (but pool size doesn't matter)

I am using my custom Data Provider (using System.Data.SqlClient does not cause this issue... but I am also not using approles then)

When other tests have run in the same test run. I.e. when I run the failing methods by themselves in a test run, there is no problem.
So it seems to me that the problem is related to using application roles with pooling turned on. For scalability reasons, we cannot turn pooling off. When the methods fail, I see the following two (2) entries in the SQL Log:


Error: 18059, Severity: 20, State 1.

The connection has been dropped because the principal that opened it subsequently assumed a new security context, and then tried to reset the connection under its impersonated security context. This scenario is not supported. See "Impersonation Overview" in Books Online.
I understand the error message somewhat. However, I am not sure why the "reset" of the connection occurs. My code does not call reset anywhere, so it must be something that happens in the background.

I am reviewing code to see if there is possibly a situation where the sp_unsetapprole procedure does not get called or does not get called successfully, but there is a lot of code (in many custom components).

I would like to know if anyone has a suggestion on how to solve this problem, or, find the code that may be causing the problem.

Thanks in advance,

SA.

View 3 Replies View Related

Changing The Sa Password

Aug 6, 1998

I`m running SQL 6.5 with standard security. We`re running NT 4.0. I am a member of the NT Admin group - which, of course, has sa privileges in SQL Server. I changed the sa password (via Enterpise Manager on my client machine); and it worked. I tested the password change by connecting to ISQL/w - both on my client machine and at the server machine.

However, when I attempted to connect to the server via Enterprise Manager (SEM) - on my client machine - my login attempt failed. But at the server machine, I connected just fine.

Somehow, even though we`re using standard security, I`m getting locked out of SEM because of the new password. Changing the sa password back to what it had been resolved the problem; but the old password was only meant to be temporary.

Any suggestions or explanations?

View 3 Replies View Related

Changing SA Password

Mar 27, 2007

Is there a thread that says what should we be looking for if I change password for SA?

I am new to the org here and have to clamp down on the SA logins.

This is what comes to my mind:

1.Client apps:
====================
a.Hard coded into VB apps
b.File DSNs
c.System DSNs

2.Web app:
================
a.Hard coded into .asp and .aspx
b..inc files that have collective connection strings.
c.Possible use of file DSNs
d.Possibly use of system DSNs

3.Ad-hoc Queries by Users
===============================

4.Maintenance Plans and Jobs etc.
=======================================
a. DTS packages
b. Replication

Is there anything else that you can add to this list will be helpful.
Regards
Paresh

Regards
Paresh Motiwala
Boston, USA

View 4 Replies View Related

Changing SA Password

Jun 9, 2007

Is there any strategy I should follow in order to change the SA password.Experts answers only. Thanks

=============================
http://www.sqlserverstudy.com

View 20 Replies View Related

Changing SA Password

Oct 5, 2007

After I have changed the SA password and attempt to login I get the following error.

A connection was successfully established with the server, but then an error occurred during the login process. (provider:Shared Memory Provider, error: 0 - No process is on the other end of the pipe.) (Microsoft SQL Server, Error:233)

If I change the password back I can login without any problems. I need to change the SA password.

Thanks for any suggestions.

View 6 Replies View Related

Changing Sa Password On SQL Breaks SMS

May 31, 2002

Hello all,

When I changed the SQL sa account password (it was blank) and then tried to connect to SMS remotely via SMS Administrator Console, I get Connection Failed. It seemed to work for a about 20 minutes and then I get "Connection Failed" when I try to run the console remotely. I used the SQL Enterprise Manager to change the sa password and then I used the SMS Administrator Console to set its SQL Server account to sa with the new password under Site Properties. When I switched it to a blank password in SQL and SMS, it started working again.

From the Application Event Log I seem to be getting a lot of these messages (even now - and it's working):
"The description for Event ID ( 1001 ) in Source ( SQLCTR70 ) could not be found. It contains the following insertion string(s): SQL Server not running."

I have also gotten: "The Open Procedure for service "NM" in DLL "nmperf.dll" failed. Performance data for this service will not be available. Status code returned is DWORD 0. "

I don't see any messages from SMS in Event Viewer.

What am I doing wrong?

TIA for you assistance.

View 1 Replies View Related

User Changing Password

Jul 7, 2000

Can the user change their password in Enterprise Manager? When they follow the documentation, this does not seem to work
unless they are sa: (I know about sp_password....we are trying to find a GUI method for typical user.)

Expand a server group; then expand a server.
Expand Security; then click Logins.
In the details pane, right-click the login to modify, and then click Properties.
In Password, on the General tab, enter a new password.
Confirm the password.

View 2 Replies View Related

Cannot Start After Changing Password

Aug 4, 1999

Hi all,

I am using Administrator to log in the WinNT and I have just changed the password
of the Administrator. After that, I discover that I cannot use all function in the sql server.
Althougt the server is still running, I cannot open the database, login the security manager.

I have checked that the SQL Executive in NT service is assigned to local system account.
As you know, there is no place for inputting password. Where can I change the password
in order to let the function of sql server run again?

Thanks

View 1 Replies View Related

Changing The Mssql Password

Jul 10, 2004

I have SQL Server 2000 the Microsoft SQL Enterprise Mangaer version 8.0 and I don't know the password of sa account and I found this page where it shows how to change it and I tried it but it didnt work for me. Password didnt change
So what to do? Is there any way to see the current pw?

View 3 Replies View Related

Sa Password Keep Changing Automatically

Aug 17, 2004

I am working with MSDE, but some how the password for sa keep changing by itself. I can reset it by logging in windows authentication mode using osql, but the next day the password does not work again.
Please give me some suggestions

Mik

View 6 Replies View Related

Can't Connect Via EM After Changing Sa Password?

Jan 6, 2005

A client of mine changed his SA password "because it hadn't been changed in a while". :mad: Now nobody can get into Enterprise Manager - opening EM or trying to right-click > Connect on the server yields an error:


A connection could not be established to SERVER1.

Reason: login failed for user 'sa'.

Please verify SQL Server is running and check your SQL Server Registration
properties (by right-clicking on the SERVER1 node) and try again.


Of course, if I right-click on the SERVER1 node, I get the same message.

My client remembers the password he set; I managed to use it to get into Query Analyzer, which I thouhght was weird. But no luck with Enterprise Manager. It's just trying to log in as sa without prompting for a pw.

I already tried running sp_Password in Query Analyzer to change the pw back to what it was. Still can't connect to the SQL Server via Enterprise Manager.

What can I do?

View 3 Replies View Related

Changing Guest Password?!!!

Oct 18, 2005

Hi,
I know this seems odd but is there any way to change the guest's password?
I know this is paradoxical regarding the nature of guest user but if there is any way please clarify me!
-Thanks

View 3 Replies View Related

Changing Lost SA Password

Jul 23, 2005

I just started a new job and no one seems to know the SA password.Here's my plan to change it:1. I've run a trace for a couple of days to verify that there are nojobs or processes that are connecting as SA and that would break if Ichanged the password.2. Before the changing the password I am going to bulk copy out thesysxlogins row for SA so that if things go wrong I can reinset the olddata with the old unknown password (will that work?).3. Log on to the console as Windows administrator and changing the SApassword.Does that make sense? Anyone have any other suggestions?Thanks.

View 1 Replies View Related

Cannot Access Database After Changing Password

Dec 11, 2006

that sounds obvious but I'm stuck...
I have an ASP.net application which someone else started and I continue.
on the SQL server there was a user X which was used to access the database from the ASP website.
 I accidently changed the password in the SQL server and now I cant restore the prior settings
(trying to reset password to blank or embedding the username and password in the connection string didnt work).
it stops on "connection.open" with -  "SQLException Login failed for user 'X'"
any ideas why that happens and how I can fix it?
 
thanks

View 1 Replies View Related

Changing SA Password In SQL Server 2005

Dec 14, 2005

How do you change the SA password in SQL Server 2005?
 
Thanks.
Doug

View 1 Replies View Related

Prevent User From Changing Password

Apr 17, 2011

Is there a way to prevent a particular user with SQL login from changing their password?

We have an application where we only want to prevent a certain user from changing their password but do not want to use windows authentication?

View 14 Replies View Related

Changing The Domain User Password

Apr 8, 2004

Is there an automatic way of changing the Domain user password getting used for running the SQL Server as a Domain user account? I'm taking about EM---Security----Domain User name and the password getting used for running the SQL Server?

View 1 Replies View Related

Changing 'sa' Password Breaks Replication

Apr 17, 2008

We are currently using continuous transactional replication from an OLTP type database to a Reporting database. We recently changed the 'sa' password for the first time since replication was introduced and now the Replication Log Reader job fails to start.

This is the error from the Job Log:

Message
2008-04-14 15:18:24.894 Copyright (c) 2005 Microsoft Corporation
2008-04-14 15:18:24.894 Microsoft SQL Server Replication Agent: logread
2008-04-14 15:18:24.894
2008-04-14 15:18:24.894 The timestamps prepended to the output lines are expressed in terms of UTC time.
2008-04-14 15:18:24.894 User-specified agent parameter values:
-Publisher OASV-SQL1
-PublisherDB georgiaoas
-Distributor OASV-SQL1
-DistributorSecurityMode 1
-Continuous
-XJOBID 0xCE146F975BC43043AB1ECBF42F801C43
-XJOBNAME OASV-SQL1-georgiaoas-1
-XSTEPID 2
-XSUBSYSTEM LogReader
-XSERVER OASV-SQL1
-XCMDLINE 0
-XCancelEventHandle 00000730
-XParentProcessHandle 0000075C
2008-04-14 15:18:25.034 Status: 0, code: 20015, text: 'Login failed for user 'sa'.'.
2008-04-14 15:18:25.034 Login failed for user 'sa'.


When we change the 'sa' password back to the previous value, we can start the Log Reader without issue.

We have tried restarting the SQL Server Agent process without success. We have not restarted the SQL Server process due to the server hosting production databases.

Any ideas?

View 1 Replies View Related

Changing Windows/SqlServer2005 Password

Jun 3, 2008

I have changed my windows password on my workstation, and the result is that I cannot now access the local databases and services resident on my workstation. I can still access all remote servers, but all attempts to access the local machine have failed. I even changed the password back to the original password, but this has had no effect.

Has anyone had any experience similar to this one? I am at a loss for things to try at this point.

View 12 Replies View Related

Changing XP Password Affects SQL Server?

Apr 27, 2006

hi folks,

has anyone experienced this issue?

When one changes the login password for XP, all the SQL Server groups are removed the next time you log into SQL Server 2000.

Is this a bug or a security feature, is there any way around it?

thanks for any help!

View 11 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved