Controlling SQL Access In .net - Revised
Apr 14, 2007
I have windows application (Basically a accounting system). I want to use either SQL authenticaion, or Windows authentication for my users of the application (Basically each db user will have their own account in Users for that db, so I can have sql control the access).
All access to the db is via stored procedures, but I want to have a set schema for each user type:
Supervisor
Manager
Data Entry
etc.
All with a predefined access to the proper stored procedures(So far fairly simple).
In addition to this I want to be able to set the specifics of that user in my .net application via a interface (so a user by default will have the pre-defined schema, when a supervisor opens this interface, they can add/remove access to other stored procedures)
Here's the issue. Is this the proper methodology to achieve this, because it's quite of bit of programming work. I don't want to do it then need to re-due everything.
Also should I use Windows Authentication, or SQL, or have a completly seperate table in the DB where I do manual authentication then have the .net application restrict the access?
Any help or comments on this approach will be helpful. Also ifanyone has found any articles or information similiar to what I am trying to accomplish, please point me in the correct direction.
Thanks.
View 8 Replies
ADVERTISEMENT
Nov 12, 2007
I have a problem at the company I work for. For historic reasons many developers and users know the sa passwords for SQL. Obviously this is not a good situtation to be in. Now the obvious answer it to just change this but for reasons unknown to sanity half of our applications are hardcoded to use sa passwords.
Now as a DBA coming into this this puts me in a tricky position as its impossible for me to control who is doing what etc. Is it possible to put triggers or something to monitor logins which will deny access to anyone accessing via the sa password not through an application. Ie if an application calls then the sa will have to be allowed but if a user using Query Analyser for example tries to use sa then they are denied access ?
Long term all these passwords are going to change but it the short term I still need to create some control on the system. Anyone have any thoughts ?
Si
View 3 Replies
View Related
May 16, 2008
I need to compare our late sales orders to our late purchase orders. The query for the sales orders would be this:
SELECT S1.*,
S2.*,
S3.*
FROM somast S1
INNER JOIN soitem S2
ON S1.fsono = S2.fsono
INNER JOIN sorels S3
ON S2.fsono + S2.finumber = S3.fsono + S3.finumber
The PO table query is like this:
SELECT P1.*,
P2.*
FROM pomast P1
INNER JOIN poitem P2
ON P1.fpono = P2.fpono
WHERE NOT(P2.fmultirls = 'Y')
AND P2.frelsno = 0
somast is the sales order master table, soitem is the items table, and sorels is the release. pomast is the Purchase Order Master and poitem is the purchase order items table. I don't intend to leave the *'s and will clean up the query afterwards with the specific fields I need.
The poitem table as a field called fsokey which contains the sales order number if the PO and the SO are related.
So, here is my question. I want all the sales orders and only the purchase order information pulled for which the fsokey corresponds. Would I do this with a subquery or is there some very complex (for me) inner and outer join query that I would use.
I greatly appreciate some help with this.
View 3 Replies
View Related
Feb 11, 2004
Ok here's a big one.
First I'm a big NEWBIE, so it'd be great if you can provide a little explanation as to how this should be done...
Here's what I want to do, but have no idea how to approach it.
I have a table with Quotes (table Quote) in them (for a Sale's Team). Each has a quote number (qtQN) and this number is sequencial but sometimes revised where a letter is added at the end. Like so:
qtQN__________Date
---------------------------
111q0001--------02/01/04
111q0002--------02/02/04
111q0002A------02/03/04
111q0002B -----02/04/04
222q0005--------01/15/04
etc... ------------- etc...
The first 3 digit are company codes and pretty unimportant to this problem. As you can see, 111q0002 has three versions. A, B, and no letter. The most up to date is B. So in this list I want to list only the most up to date quotes. So the resulting list would be:
111q0001
111q0002B
222q0005
Get it? Good, cuz I have no idea how to query that... any help at all is appreciated!
I'm using MS SQL Server 2k and scripting with ASP 3.0
View 6 Replies
View Related
Jul 20, 2005
Hi All,There is some additional info I forget on this same topic I just posted.I have a database design question, pls give me some help..I want to define tables for salesman's sales target commission . Thecommission could be given per EITHER sales amount of : Group of Products ORGroup of Brand. e.g : the data example :For one salesman_A :product_1, product_2, product_3 etc.. => sales = $100 - $200 =>commission = 5%product_1, product_2, product_3 etc.. => sales = $201 - $400 =>commission = 10%Brand_A, Brand_B, Brand_C .. etc => sales = $100 - $200 =>commission = 2.5%Brand_A, Brand_B, Brand_C .. etc => sales = $201 - $400 =>commission = 5%Below is my table design, is this a good design or something is wrong here ?Thank you for your help.CREATE TABLE Sales_Commission_Header (Sales_ID Char(4) ,Sales_Commission_Group Char(4),Note Varchar(30),Constraint Sales_Commission_Header_PK Primary Key(Sales_ID,Sales_Commission_Group))Alter Table Sales_Commission_Header Add ConstraintFK_Sales_Commission_Header Foreign Key (Sales_Commission_Group)References Commission_Group_Header(Sales_Commission_Group)CREATE TABLE Sales_Commission_Detail (Sales_ID Char(4) ,Sales_Commission_Group Char(4),Sales_From Decimal(12,2) ,Sales_To Decimal(12,2) ,Commission Decimal(5,2),Constraint Sales_Commission_Detail_PK Primary Key(Sales_ID,Sales_Commission_Group, Sales_From, Sales_To))Alter Table Sales_Commission_Detail Add Constraint FK_Sales_CommissionForeign Key (Sales_ID, Sales_Commission_Group) ReferencesSales_Commission_Header(Sales_ID, Sales_Commission_Group)--------------------------------------------** ALTERNATIVE _1 :CREATE TABLE Commission_Group_Header (Sales_Commission_Group Char(4) Primary Key,Note Varchar(30))CREATE TABLE Commission_Group_Detail_Product (Sales_Commission_Group Char(4),Product_ID VarChar(10), -- This product_ID will be FKreference to master productConstraint Commission_Group_Detail_Product_PK PrimaryKey(Sales_Commission_Group, Product_ID))Alter Table Commission_Group_Detail_Product Add ConstraintFK_Commission_Group_Detail_Product Foreign Key (Sales_Commission_Group)References Commission_Group_Header(Sales_Commission_Group)CREATE TABLE Commission_Group_Detail_Brand (Sales_Commission_Group Char(4),Brand_ID VarChar(10), -- This brand_ID will be FKreference to master brandConstraint Commission_Group_Detail_Brand_PK PrimaryKey(Sales_Commission_Group, Brand_ID))Alter Table Commission_Group_Detail_Brand Add ConstraintFK_Commission_Group_Detail_Brans Foreign Key (Sales_Commission_Group)References Commission_Group_Header(Sales_Commission_Group)** ALTERNATIVE _2 :CREATE TABLE Commission_Group_Header (Sales_Commission_Group Char(4),Group_Type Char(1), -- 'B': Brand Group 'P': Product GroupNote Varchar(30),Constraint Commission_Group_Header_PK Primary Key(Sales_Commission_Group,Group_Type))CREATE TABLE Commission_Group_Detail (Sales_Commission_Group Char(4),Group_Type Char(1), -- 'B': Brand Group 'P': Product GroupProduct_Brand_ID VarChar(10),Constraint Commission_Group_Detail_PK Primary Key(Sales_Commission_Group,Group_Type, Product_Brand_ID))Alter Table Commission_Group_Detail Add ConstraintFK_Commission_Group_Detail Foreign Key (Sales_Commission_Group)References Commission_Group_Header(Sales_Commission_Group, Group_Type)The PROBLEM here is : with Product_Brand_ID , I CAN NOT make foreign keyinto both Master Product and Master Brand.So which one is better design ?split the Commission_Group_Detail into Two tables, product and brand , andmake the FOREIGN KEYto master product and master brand (previous mail)ORcombile Commission_Group_Detail for Product and Brand into one table likeaboveand NOT make any FK to master Product or Brand ?Thank you for your help,Tristant
View 1 Replies
View Related
Oct 26, 2007
Hello,
I have a sequence problem in a package and I'm unable to figure it out: I have a control flow with some elements in this specified order: a script task -> Execute SQL task -> Data Flow. The script task is responsible for setting a value on a package variable; this same variable will then be used to decide if the Data Flow is disabled or not (there's an expression on the DataFlow). However, it looks like the variable is being tested before the script actually writes it, how can I guarantee that the DataFlow's expression is evaluated only after the script task has ended? Also, I have tried putting each component inside their own sequence container and I get the same result
Thanks in advance
View 7 Replies
View Related
Jan 18, 2006
Folks,
Our client has requested that we change the export file name (PDF and others) to match the report name. Currently, the name is based on the report's filename (eg, foo.rdl exports as foo.pdf) -- this causes problems because the same RDL is being used for a few fairly different reports. Is this controllable at all?
thanks,
--randy
View 11 Replies
View Related
Nov 29, 2007
Hi
I have a main report and wanted to embed a sub report in the main table. This is pretty easy enough.
The main report lists the suppliers we have. And the sub report lists any sub suppliers affialiated to those suppliers.
I have set the sub report visibility settings to hidden and is toggled by the suppliers ID.
The problem is that NOT ALL suppliers will have sub-suppliers, yet when you run the report the user gets presented with the option to toggle all suppliers' ID.
Is there any way to have a main report that only allows the user to click on a suppliers ID when that particular supplier has a sub supplier?
View 1 Replies
View Related
Jul 14, 2006
Hi everyone:
I need to use the "SET ROWCOUNT" statement to limit the amount of data returned to the application in a query, I know that if "SET ROWCOUNT = 0" is not specified at the end of this stored proc all the next queries will return only the amount of records specified in the initial "SET ROWCOUNT" call, so I would like to know if a I can have something like the TRY-CATCH-FINALLY statement (in SQL-92 for SQL Server 2000, not in SQL 2005) to make sure the "SET ROWCOUNT = 0" is sent at the end even if an error is raised.
Can it be done?
Thanks for any help.
View 2 Replies
View Related
Oct 20, 2006
Hi,
Can someone tell me how I can manage different versions of my OLAP Database, in Analysis Services 2000 without having to use Archive database ?
I want only the design of my cubes and my dimensions. Is there any way to get the script of a cube?
Is there any tool available to do this kind of actions ?
Thanks in advance.
Ashish
View 1 Replies
View Related
Jul 23, 2005
Hi,I'm writing an application that involves data that has a set of usersthat are allowed to perform certain operations on it.i.e. Only the row owner can modify a row, but there is a set of userswho can view it.At the moment, I've started to implement this by calling a UDF at thebeginning of each stored procedure that validates that the user isallowed to call the procedure on that particular row (trusting a higherteir to verify the user), and throws an error if they are not.I don't particularly like this solution, as I need a UDF for eachprocedure, and will have to re-write the udf's if the access ruleschange (which they might).Can anyone suggest a method of implementing a more generic rowpermissions system?Cheers,Ben
View 5 Replies
View Related
Nov 8, 2007
Hi All,
We have an odd OLE DB error here. We can create the connection but only lookup a handfull of tables that are in the database. (Maybe only 10 of 50 - of which I need the ones not being displayed) Even if I choose a table from the incomplete list and try and close the dialog I get the following error. We are trying to pull data from an IBM AS400 if that makes any difference. It did work in SQL2000 - Hope you can help us!!!
---
ERROR at HTEIMPORT(table) [connection manager "IPaddress.user.database"]; SSIS Eroor Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code: 0x80040E33. An OLE DB record is available. Source: "Microsfot OLE DB Service Components" Hresult: 0x80040E22 Description: "Non-NULL controlling IUnknown was specified, and either the requested interface was not IUnknown, or the provider does not support COM aggregation.".
Error at SQLTaskName [OLE DB Source [423]]: SSIS Error Code DTS_E_CANNOTACQUIRECONNECTIONFROMCONNECTIONMANAGER. The AquireConnection method call to the connection manage "IPAddress.useratabase" failed with error code 0xC0202009. There may be error messages posted before this with more information on why the AquaireConnection method call failed.
Additional information:
Exception from HRESULT: 0xC020801C (Microsoft.SqlServer.DTSPipelineWrap)
View 4 Replies
View Related
Feb 13, 2007
I have a few hundred data files that I need to process in groups from oldest to most recent. To that end, I have created staging folders for each date that appears in the file names (example: 20060213) and moved all of the data files to the appropriate folders.
I also have these folder names in a recordset that has been sorted in ascending order, so the oldest date should be the first record, the second-oldest date should be second and so on. My thinking is to use this recordset with a ForEach Loop Container to loop through each folder, but I am not sure if Integration Services will necessarily loop through the records in order.
Can someone tell me whether the records will be processed in order or suggest a better alternative to make sure the directories are processed in the correct order?
View 2 Replies
View Related
Oct 5, 2007
I have a one table with 30-second updates for many day's worth of data. What I'd like to do is only select out the datetime between, say 07:00:00.000 and 11:00:00.000 for each day.
select * from TableName where "timestamp"
between '2007-06-04 07:00:00.000' and '2007-06-04 11:00:00.000'
This works for one specific day. But I'd like a return of values for all possible days in the table (as opposed to just 2007-06-04).
View 7 Replies
View Related
Jun 14, 2007
Hey Folks!
I have a typical requirement by my client. On submitting a Update (Bulk) button a huge database operation starts. A huge bulk update operation need to be performed. This would take 2-3 minutes some times. Client wants a cancel button in this case where he can be given a way to cancel the database Transaction.
Please let me know in case if there is a way out.
Thanks, in advance.
Regards,
Uday.D
View 2 Replies
View Related
Sep 29, 2005
Hi to allI wish to be able to have a standard select statement which hasadditional fields added to it at run-time based on suppliedparameter(s).iedeclare @theTest1 nvarchar(10)set @theTest1='TRUE'declare @theTest2 nvarchar(10)set @theTest2='TRUE'selectp_full_nameif @theTest1='TRUE'BEGINother field1,ENDif @theTest2='TRUE'BEGINother field2ENDfrom dbo.tbl_GIS_personwhere record_id < 20I do not wish to use an IF statement to test the parameter for acondition and then repeat the entire select statement particularly asit is a UNIONed query for three different statementiedeclare @theTest1 nvarchar(10)set @theTest1='TRUE'declare @theTest2 nvarchar(10)set @theTest2='TRUE'if @theTest1='TRUE' AND @theTest2='TRUE'BEGINselectp_full_name,other field1,other field2from dbo.tbl_GIS_personwhere record_id < 20ENDif @theTest1='TRUE' AND @theTest2='FALSE'BEGINselectp_full_name,other field1from dbo.tbl_GIS_personwhere record_id < 20END......if @theTest<>'TRUE'BEGINselectp_full_namefrom dbo.tbl_GIS_personwhere record_id < 20ENDMake sense? So the select is standard in the most part but with smallvariations depending on the user's choice. I want to avoid risk ofbreakage by having only one spot that the FROM, JOIN and WHEREstatements need to be defined.The query will end up being used in an XML template query.Any help would be much appreciatedRegardsGIS Analyst
View 2 Replies
View Related
Jun 25, 2007
A similar question has been asked in a different thread, but didn't get a conclusive answer. Is there a way to set process priority on a specific process (alternatively - processes started by a specific user), similar to what the Task Manager allows in Windows?
I need to archive some data from an OLTP database. Unfortunately, some of the tables are growing rather large, and copying the data, and especially removing it based on record age, is a resource-intensive operation. My database must be available 24/7, and I can't have queries timing out, or I start losing business real fast. I was thinking of firing off the archive script and setting the process priority on it to something lower than normal, so it won't interfere with my OLTP processes.
Maybe someone can suggest a better solution?
View 2 Replies
View Related
Oct 16, 2015
I have a report I'm trying to modify for a client that has two auto-grow tablix. We want the second tablix to start after the first one completes, however the first tablix will overwrite the second one if it contains multiple rows, rather than pushing it down. How can I control this?
View 2 Replies
View Related
Apr 26, 2007
I'm using Reporting Services 2000 and I have a situation where I need to specify the file formats available to export. I know I can change the RSReportServer.config file to change these at a global level, but what I really need is to be able to configure these differently for different user groups. For example:
group 1 - has all available export formats available
group 2 - only has the ability to export to excel
group 3 - has no option to export to any format.
Is there a way for this to be done? If so, can anybody give me any pointers on how it can be done?
Any help given will be most appreciated!!
View 3 Replies
View Related
May 22, 2008
Hello everyone,
This is a new level of complexity for me..
The Boss wants..
1. To control an SSIS package , start, check status, and emergency stop + rollback a package from a web page. Does anyone know of an example or good articles to start with.
2. I have one of the iterations of the data invoke and use a COM object (third party) It will value the items and change a field.
I can always do #2 as a second step but I need all the help I can get on #1.
Thank you,
View 1 Replies
View Related
Jan 23, 2007
VS2005/SSR2005 Reporting: How can one control an individual report fields visibility (toggle on/off) at run time, based on data values (of the same field or another field) in the report. Without user having to sit there and "Click".
Thanks
Zulu5255
View 6 Replies
View Related
Jul 19, 2007
Is there a way to control how many Detail Rows are displayed on one page in Table and Matrix controls?
View 1 Replies
View Related
Jun 18, 2015
Is there a way to control SSIS 2014 package execution schedule. I have 8 different packages that I have to schedule for this project and these packages need to be executed only when the data is available on the source for the package to grab. So the idea we are banking on is to create a Control table with package execution flag and when the flag is set to yes for a package that will be executed via SQL Server agent. How would I accomplish this?
View 2 Replies
View Related
Sep 28, 2006
Hi,
Using RAISERROR from within a stored prcedure will result in a SQLException being thrown at the client side of a JDBC connection.
I am trying to provide a meaningfull error message to be shown to the end user. However, all exceptions thrown will inevitably start with : "[Microsoft][SQLServer 2000 Driver for JDBC][SQLServer]". The following questions then arise :
- Is there a way of configuring SQL Server not to display this header ?
alternatively,
- Is there another way of conveying error messages to the client through JDBC ?
Thank you for your answers,
Ben
View 1 Replies
View Related
Mar 17, 2008
Access Connection
create a new Connection Manager by right-clicking in the Connection Managers section of the design area of the screen. Select New OLE DB Connection to bring up the Configure OLE DB Connection Manager dialog box. Click New to open the Connection Manager. In the Provider drop-down list, choose the Microsoft Jet 4.0 OLE DB Provider and click OK.
Browse to the Access database file and connection set up---all good!!!
Dataflow task
Add an OLE DB Source component
Double-click the icon to open the OLE DB Source Editor. Set the OLE DB Connection Manager property to the Connection Manager that I created . Select Table from the Data Access Mode drop-down list.
I cannot see the tables set up as set up as pass-through table types to a Oracle 9i db
Any ideas please help
thanks in advance
Dave
View 2 Replies
View Related
Jun 10, 2015
I have recently upgraded to SQL2014 on Win2012. The Access front end program works fine.
But, previously created Excel reports with built in MS Queries now fail with the above error for users with MS 2013. The queries still work for users still using MS 2007.
I also cannot create any new queries and get the same error message. If I log on as myself on the domain to another PC with 2007 installed it works fine, so I don't think it is anything to do with AD groups or permissions.
View 6 Replies
View Related
Nov 12, 2015
We need to insert data/rows from a SQL Server 2014 database into MS Access database. The problem is, there are so many columns (100+) in the table and there are so many insert transactions of this kind (from different tables) that it is not very easy to write the code in VB.NET that lists all column names.
Both the Access and SQL Server tables have the same number of columns and the equivalent data types, so inserting is not really the problem. It's just that is there a way to do an insert statement in T-SQL that does not name all the columns?
View 3 Replies
View Related
Oct 30, 2007
Hi guys,
I've been developing desktop client-server and web apps and have used Access and SQL Server Standard most of the time.
I'm looking into using SQL CE, and had a few questions that I can't seem to get a clear picture on:
- The documentation for CE says that it supports 256 simultaneous connections and offers the Isolation levels, Transactions, Locking, etc with a 4GB DB. But most people say that CE is strictly a single-user DB and should not be used as a DB Server.
Could CE be extended for use as a multi-user DB Server by creating a custom server such as a .NET Remoting Server hosted through a Windows Service (or any other custom host) on a machine whereby the CE DB would run in-process with this server on the machine which would then be accessed by multiple users from multiple machines??
Clients PCs -> Server PC hosting Remoting Service -> ADO.NET -> SQL CE
- and further more can we use Enterprise Services (Serviced Components) to connect to SQL CE and further extend this model to offer a pure high-quality DB Server?
Clients PCs -> Server PC hosting Remoting Service -> Enterprise Services -> ADO.NET -> SQL CE
Seems quite doable to me, but I may be wrong..please let me know either ways
Thanks,
CP
View 3 Replies
View Related
Jan 14, 2007
When running the following statement in SQL 2005, I get the error message "Access is denied":
exec master.dbo.xp_cmdshell 'TYPE \SERVER-BSHAREFILE.TXT'
The following are true about the network:
The SQL Server is installed on SERVER-A.
SERVER-A and SERVER-B are Windows 2003 servers on the same Windows 2003 domain.
The SQL Server and SQL Server Agent services are running under the domain account SQLSERVICE.
SQLSERVICE is a member of the Domain Admins group.
The Domain Admins group is part of the local Administrators group on SERVER-B.
The SQLSERVICE account has also explicitly been given Full Control to the folder referenced by \SERVER-BSHARE
xp_cmdshell use has been enabled on the SQL Server.
If I run the following command in SQL:
exec master.dbo.xp_cmdshell 'whoami'the following is returned: DOMAINSQLSERVICE
If I change the command to access the c: drive instead of a network drive, it executes successfully.
Can anyone shed some light on why I still cannot access any of the files in this folder using xp_cmdshell?
Tim
View 5 Replies
View Related
Feb 22, 2008
We have an application that requires write settings to reportserver virtual directory for the IUSR account when anonymous is turned on during the install. Once the install is complete, we lock down the IUSR account so that it only has browse access to the virtual directory when enabling anonymous access.
We automate the uninstall and install of our daily builds and I'm trying to figure out if I can automated this process somehow either through command line utility or in vbs.
Your help is greatly appreciated...
Eric
View 1 Replies
View Related
Jun 23, 2014
i am currently working on designing a database for a bank as a school project for my database class. We have to draw up an entity relationship diagram, Sql tables, database size estimate etc. I am currently working on the security portion of the project. I need to list the groups that have access to my application and use a grid format to show access to specific tables.
I am currently working on designing a database for a bank as a school project for my database class. We have to draw up an entity relationship diagram, Sql tables, database size estimate etc. I am currently working on the security portion of the project. I need to list the groups that have access to my application and use a grid format to show access to specific tables.
Role Loans Payments Transactions Accounts Customer Emplo
Database Admin SUID SUID SUID SUID SUID SUID
Branch Manager SUI SUI SUI SUI SUI SUI
Internal Auditor S S S S S S
Loan Officer SUID SUI SUI S S
Tellers S S S S SU
Customers U
View 1 Replies
View Related