Can A User Be Granted Read Only Privileges For Stored Procedures
Apr 26, 2004Can a user be granted the ability to create stored procedures with read only capabilities? I wouldn't mind be able to UPDATE but simply need to read only.
ddave
Can a user be granted the ability to create stored procedures with read only capabilities? I wouldn't mind be able to UPDATE but simply need to read only.
ddave
A client has received the results of a security scan suggesting that Execute privileges granted to the certificate ##MS_AgentSigningCertificate## on the master database are a security hole which needs to be fixed. I'm unsure of the affect do doing this. We have a very vanilla sql server database, we don't use certificates, we just connect via jdbc to the db and do OLTP work. Are there basic functions associated with ##MS_AgentSigningCertificate## that will fail if I revoke privileges? We only need to be able to log on to a user database and do DML and basic backup and recovery.
Thanks for any info y'all can give me.
My goal is to write a DR plan where i am restoring all user databases onto a diffrent server in a event of hardware failure. I was trying to figure out a way to extract DDL of user accounts and their permissions on all user databases so i can simplify my DR documentation.Â
Â
This is the plan I came up with...to restore all system and user dbs on a different Physical SQLServer.
1. build named instance $PROD
2. restore master database
   - startup sqlserver in single user mode -m or DAC sqlcmd -S ServerName -U sa -P<xxx> –A
   net stop MSSQLSERVER$PROD
   net start MSSQLSERVER$PROD -m
   - restore database master from disk e:master.bak with replace;
  Â
3. start sqlserver normally
4. stop SQLServer agent
5. restore msdb
-restore database msdb disk e:msdb.bak with replace;
6. restart SQLServer
7. Restore User Databases.
8. Run Sp_change_users_login for all users
-Sp_Change_users_logins 'auto_fix','username'
I am curious what other people have done to implement read-only routing for a large number of procedures.
Basically figuring out when to call procedures that are read-only with read-only intent.
We have a user application that passes an encrypted string to a web service that directs it to our SQL Servers.
I've been tasked with finding a way to make this happen without changing the application.
The only thing I have been able to come up with is writing something (which I did) that will identify whether something is read-only or not and storing a big list.
Then having the web service look up the given procedure and adding the intent where needed.
The permissions granted to user 'domainusername' are insufficient for performing this operation. (rsAccessDenied)
Hi,
I wonder if anyone can help me?
I have installed and configured sql server 2005 express edition with advanced services on an xp box, with the aim of using reporting services.
I have set up reporting services successfully using the report manager, with my web services id = netwrokservice.
I can access both the report manager and report url locally, i.e while using localhost anjd on the machine. The problem arises however when i try to access
the reports from another machine, as i get the message:
"The permissions granted to user 'domainusername' are insufficient for performing this operation. (rsAccessDenied)"
when going to for example:
"http://servername/ReportServer/Pages/ReportViewer.aspx?%2fReport1&rs:Command=Render"
I have looked at various sites (including microsoft) in an attempt to find a solution to this and most sites give exmaples of how to configure the full
version of reporting services which i do not have. The things that I have managed to gleam and try are:
- open up security on dir: C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportServer to everyone and allow all access
- added my own username as a new role assigment in the report manager page
- added my own username to the reportserveruser and reportingserviceswebservicesuser roles, as indicated by microft:
http://msdn2.microsoft.com/en-us/library/ms365166.aspx, who state that "Custom authentication extensions and custom role assignments are not supported. You
must map existing Windows domain user and group accounts to predefined role definitions."
Can anyone suggest where to look next as I cannot believe that this should be this difficult?
Many Thanks in advance
I have granted execute on the dbo schema to a sql user so that he can execute available procedures in the dbo schema. However when he executes a procedure ie..
exec dbo.myproc
The following error is returned:
Msg 229, Level 14, State 5, Line 2
SELECT permission denied on object 'MyType', database 'Mine', schema 'dbo'.
MyType is a table
How can I correct this behavior?
I don't want the user to be able to access the tables except via the procedure calls.
I have problem with permissions
here is my error
http://img2.tapuz.co.il/forums/1_91537174.jpg
how can I give all the computers in the network the permission to see the reports.
thanks
I have an application that talks to an access db located on a 2000 server. I would like grant permissions to the application instead of a specific user. Any help would be great...
View 6 Replies View RelatedHi,
I am trying to deploy a reporting services report to remote reorting services server , i did the following :
in project property : http://192.xxx.xxx.xxx/reportserver
(NB: my pc and server are on the same domain)
and i assigned a permission for my user 'mydomainmyuser' on the virtual folder of the reporting service, but i got this error :
The permissions granted to user 'mydomainmyuser' are insufficient for performing this operation.I
I know it is a permission pb but please any idea to solve that ??
Thanks,
Tarek Ghazali
SQL Server MVP
I get an error message when deploying reports to the reportserver from microsoft visual studio.
error message : Error rsAccessDenied : The permissions granted to user '' are insufficient for performing this operation.
TargetServerURL : http://server.com/ReportServer$sql_2005
The Report server is configured to use a custom security extension. i can access the reportserver.
It looks like when i deploy the reports from VS. it does not pass any credentials to the report server. From the error message it looks like there is no username . How do i deploy reports to report server if we are using a custom security extension. How do i grant user rights to deploy report if we are using a custom security extension. Any idea. Thanks!
chi
Hi,
I wonder if anyone can help me?
I have installed and configured sql server 2005 express edition with advanced services on an xp box, with the aim of using reporting services.
I have set up reporting services successfully using the report manager, with my web services id = netwrokservice.
I can access both the report manager and report url locally, i.e while using localhost anjd on the machine. The problem arises however when i try to access
the reports from another machine, as i get the message:
"The permissions granted to user 'domainusername' are insufficient for performing this operation. (rsAccessDenied)"
when going to for example:
"http://servername/ReportServer/Pages/ReportViewer.aspx?%2fReport1&rs:Command=Render"
I have looked at various sites (including microsoft) in an attempt to find a solution to this and most sites give exmaples of how to configure the full
version of reporting services which i do not have. The things that I have managed to gleam and try are:
- open up security on dir: C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportServer to everyone and allow all access
- added my own username as a new role assigment in the report manager page
- added my own username to the reportserveruser and reportingserviceswebservicesuser roles, as indicated by microft:
http://msdn2.microsoft.com/en-us/library/ms365166.aspx, who state that "Custom authentication extensions and custom role assignments are not supported. You
must map existing Windows domain user and group accounts to predefined role definitions."
Can anyone suggest where to look next as I cannot believe that this should be this difficult?
Many Thanks in advance
Hi, I've scoured the forums and tried just about every answer to this problem without any success. What I have is SQL Server 2005 installed on a single machine, and trying to deploy reports to the same machine for testing purposes. When I try to deploy the report I receive the permissions error. Here's what I've gotten to at this point:
I can get to the reports URL (http://machine/Reports)
I can login to Reporting Services via SQL Server Management Studio as the administrator. (Windows Authentication)
I have added my login to the Home Folder-->Permissions in SQL Server Management Studio, and all reports are set to inherit the home folder's permissions
In Reporting Service Configuration Manager the Windows Service Identity is set to Local System, and for web service identity - ASP.NET Service Account is set to NT AuthorityNetworkService; Report Server and Report Manager are set to DefaultAppPool.
In IIS I tried enabling Anonymous Authentication
Current Application pools are set to "Classic" for Managed Pipeline mode (I did this to actually be able to login to Reporting Services via SQL Server management studio; having this set to integrated gives me an error)
What gets me is that this is entirely self-contained on one machine, that I set up as an administrator. So why do I get a permissions error when I am the admin on this machine deploying to this machine?
Hi,
I wanted to deploy my Sql 2005 reports to my local machine and want it to get viewed by all the users through Asp.Net application.
User can directly view the reports by clicking on the direct link to report but when they try to view it using application having Report Viewer, running on iis it gives acess denied 401 error and can't view the reports
If I make my application to run on default port then it works fine
If I give rights to <particularMachineNameASPNET> then that user can view the report but if there are 100 users then will i Add 100 such entries???
I think I am making mistake in this case.
Any response will be appriciated.
-Thanks,
Digs
i finally got SSRS(SQL Server Reporting Services) to install properly and and it was working before i had to restart my PC
after restarting my PC i went back to the Domain/Reports$SQLExpress and the menus where Blank it just showed the help link and the border. so i opened the Domain/ReportServer$SQLExpress and it said
The permissions granted to user 'DOMAINOwner' are insufficient for performing this operation.(rsAccessDenied) Get Online Help
and there is no Login Box Popping up How do i get it to Login - Its set to use Windows Authentication what sould i doo please help ive had one problem after another with this SSRS
Basically to defend against SQL injection I want to be able to stop basic users or admins from being able to drop tables or doing other damaging activities. I'm using ms sql express, how can I do this? A friend mentioned that he uses MySql and user privileges can be set up in this way.
View 2 Replies View Relatedis there a sql query i can type in to list all the user stored procedures for the tables within my database?
or do i have to find them manually and how?
Dear all,
How to find out how many user stored procedures are there in a single Database in sql server.
Thanks,
msrs
Is it possible to grant all privilege for all tables of a specified database through script? Because i have to send the script to user side and i can't do it manually in Enterprise Manager.regards,
View 1 Replies View Related
hi,
I created a View,like the following:
Create View viewSecure
as select * from sales.customer
go
Grant select on viewSecure to Andrew
go
Exec as login='Andrew'
Select * from viewSecure
go
Revert
go
Alter Authorization On viewSecure to Jerry
go
Exec as login='Jerry'
Select * from viewSecure
go
but, I received the error 'SELECT permission denied on object 'Customer', database 'AdventureWorks', schema 'Sales'.
Meanwhile, I re-granted Select Privilege to Andrew, I got the same error.
I know Alter Authorization command means to change the owner of an object. I got 3 questions need your help.
1. An user owned an object, if he may have no any privileges to this object?
2.Why I got the same error after re-granted Select privilege to Andrew?
3.How to pass privileges from one user to another?
Thanks a lot.
Hi There,
I've written an inline table-valued function in SQL such as the following:
ALTER FUNCTION dbo.GetCityByID( @CityID int)
RETURNS TABLE
AS
RETURN(
SELECT
Name,
Url
FROM Cities
WHERE (CityID = @CityID) )
suppose that Cities table includes three fields (CityID, Name, Url).
By the way I wrote a store procedure as follow:
ALTER PROCEDURE MyProcedure ( @MyID int)
AS
SELECT
CountryID,
OriginCityID,
DestCityID
FROM
MyTable
WHERE (MyID = @MyID)
The OriginCityID and DestCityID are related to CityID in Cities table. I wanna get the name
and url of each city by its ID through this stored procedue by making relation to Cities table.
so I call GetCityByID function in my stored procedure like this:
ALTER PROCEDURE MyProcedure ( @MyID int)
AS
SELECT
CountryID,
dbo.GetCityByID(OriginCityID),
dbo.GetCityByID(DestCityID)
FROM
MyTable
WHERE (MyID = @MyID)
this procedure dosn't work an returns error.
What's your solution for getting information from Cities table for OriginCityID and DestCityID?
Thank you in advance.
user have db_datareader role in in a database.But user is not able to see the stored procedures.
View 5 Replies View RelatedI'm new to 2005 (new to sql server in general). Up until now it's only been writing easy stored procedures. Read that it's a good idea to have a user who can only run stroed procedures (so aren't connceting with 'sa' privileges and such). How would I go about doing this?
The server I am working on has about 15 different databases on it. My database (named "myDBForTest") is the only one I want my end user to be able to connect on. I'm writing a .NET application that will have several users using it at same time. They will all be connecting with same information (limited to only running stored procedures and connecting/disconnecting). I basically want them to be able to run any stroed procedures that are part of my database. If I go back in 4 months and add 100 stored procedures, the next time the log on they should be able to use those new ones also.
Is there some kind of command I run to add a user (maybe with username of sprocUser?) who can do this? I'm interfacing with database using SQL Server Management Studio Express (from MS).
Thanks for any help you can give.
Hi,
I presume the two problems I have are actually one. (hopefully)
I copied my database from my client machine, to a small business server when I deployed the application.
When I ran the program, where it called up a stored procedure, I got an error message
The EXECUTE permission was denied on the object 'Empty Temp Tables' database datbasename, schema 'dbo'
The procedures are there and visible in the Visual Studio IDE and they were there in the Sql Data directory, from where I copied the database files. I checked this from Management Studio on the client machine.
I decided to check my stored procedures in Management Studio on the server, and it seems the whole folder is missing.
Help would be appreciated
Hi,
I need to read and subsequently modify the privileges (rights) of a certain SQL Server user / role from within a Visual Basic Program.
Modifying seems to be easy using standard statements like GRANT/REVOKE. But what about reading all the rights a user has ?
I have researched SQL-DMO, but didn't find what I'm looking for.
Any idea ?
Mike
I have a database for which I need the permissions to execute stored procedures, perform CRUD operations on tables, execute functions and SQL jobs. What should be the SQL command if I am to create a user for this database who will have the most minimum privileges to carry out these activities?
View 4 Replies View RelatedHello all:
Running into a brain problem here. I remeber reading an article a while back (2002?) on either Visual Studio Magazine or MSDN Magazine where there was a way to generate Stored Procedures from User Defined Functions. I need this information in order to do my job as it is also a way to cut down on time for this project I am trying to finish. Does anyone have the code or remeber what I am talking about. I just finished Kathleen Dollards article again on using XSLT to generate code but would really like to use the User Defined Functions.
I searched for the article on line but came up dry. Searched through all my magazines but could not find the article. Any help would be greatly appreciated. Bit of topic I guess but still relevant to the board.
Thanks
How can I allow a user to run a stored procedure but deny them the ability to see it in SSMS?
I don't mean 'view def' permissions, I mean the actual proc.
I read about encryption which mask the contents but they can still see the proc, any other ways I can accomplish this?
Hi!
In my database I have all business logic in stored procedures. For example there are procedures: ReadBike and UpdateBike. Bike is business object stored in 4 tables.
On my system work 100 employees and we have one problem with this. The stroy is;
1. User A reads data about Bike1
2. User B reads data about Bike1
3. User A updates data about Bike1 (user B have old data)
4. User B updates data about Bike1
So user B don't know about chnages made by user A. How to solve that ptroblem?
It's probably solved in ADO, but I want use business login in procedures.
Regards,
Walter
What are the pros and cons of each?
One advantage that I can see withh UDFs is that they are a bit a Views with parameters. You can perform joins on UDF columns (which you cannot do with a Stored Proc). You can do the same with Views but UDFs have the advantage that you restrict the number of rows with a parameterised WHERE (or HAVING) clause.
Hi to all, Can any body tell me what is the difference between Stored procedures and User Defined Functions ? In my assumption Function return a value or table, but SP doesn't return value instead of that SP use select statement or assign value to output statement. This is right?
View 3 Replies View RelatedI have defined a user defined data type. When I try to create a stored procedure specifying the column and user define data tpye I receive message
Server: Msg 2715, Level 16, State 3, Procedure spStoredproc, Line 0
Column or parameter #1: Cannot find data type udtcol1.
Server: Msg 2715, Level 16, State 1, Procedure spStoredproc, Line 0
Column or parameter #2: Cannot find data type udtcol2.
Server: Msg 2715, Level 16, State 1, Procedure spStoredproc, Line 0
Column or parameter #3: Cannot find data type udtcol3
Can you have user defined data types in stored procedures.
Store Procedure creation text
CREATE PROCEDURE spStoredproc
@col1 udtcol1,
@col2 udtcol2,
@col3 udtcol3
AS
INSERT INTO tblTempEmployee
(col1 , col2 , Col3)
VALUES (@col1 , @col2, @col3)
GO
SET QUOTED_IDENTIFIER OFF SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER OFF SET ANSI_NULLS OFF
GO
Dave
We are using a third party tool that does not store passwords in an encrypted format therefore we created a user with minimal rights. Isn't there a way to grant "execute any stored procedure" to a user/Login? Do we really have to grant execute on each procedure to the user? And then do the same for each new store procedure? The only other option we have found to be able to "see" and execute the stored procedures is by granting "db_owner". I would think that would negate the user being minimal rights.
View 5 Replies View RelatedHi,
I have a problem with sp execution.:
objects of [dbo]
Tables of [nuran]
Grants of [nuran]
[dbo].tabloA
[nuran].tmptabloA
Select,insert, update on [dbo].tabloA
[dbo].tmptabloA
Deny for [dbo].tmptabloA
[dbo].sp_yordam
Grant for executing [dbo].sp_yordam
(1)
create PROCEDURE [dbo].[SP_yordam]
AS
BEGIN
BEGIN TRANSACTION @Tran1
€¦€¦€¦€¦€¦. €¦€¦€¦€¦€¦€¦ €¦€¦€¦€¦.
INSERT INTO [tabloA]
(, ,)
SELECT ,,
FROM [tmptabloA] WHERE ......
€¦€¦€¦ €¦€¦€¦ €¦€¦€¦.
DELETE FROM [tmptabloA]
COMMIT TRANSACTION @Tran1
When user [nuran] execute the procedure sp_yordam by a VB program, the procedure use [dbo].tmptabloA not [nuran].[tmptaboA]. If there are data in the [dbo].tmptabloA, the procedure insert data to [dbo].tabloA from [dbo].tmptabloA. But when I checked user name in the procedure during execution, the user was [nuran].
If I write the procedure like that:
(2)
create PROCEDURE [dbo].[SP_tmpSil]
AS
declare @tablo1 as varchar(50),
DECLARE @sil as nvarchar(max)
select @tablo1='[tmptabloA]'
SELECT @sil = ' DELETE FROM ' + @tablo1 + ';'
EXEC (@sil)
END
And it executed by user [nuran],then it used the correct table [nuran].tmptabloA
Is there any way to use user€™s table in an stored procedure without using the user name :
(3)
create PROCEDURE [dbo].[SP_yordam]
AS
BEGIN
BEGIN TRANSACTION @Tran1
€¦€¦€¦€¦€¦. €¦€¦€¦€¦€¦€¦ €¦€¦€¦€¦.
INSERT INTO [tabloA]
(, ,)
SELECT ,,
FROM [nuran].[tmptabloA] WHERE ......
€¦€¦€¦ €¦€¦€¦ €¦€¦€¦.
DELETE FROM [nuran].[tmptabloA]
COMMIT TRANSACTION @Tran1
I don't want to use (2) and (3) code methods, I prefer to use (1) script. Is there any compilation method, or any aditional way for using script (1) with correct user rights?
Thanks a lot
Nuran