Creating A User That Has Full Access To A Database
Mar 17, 2008
Hi,
How do I create a user that has full access to a database using only SQL statements?
I've create very basic database called "sampledb".
Then I've done:
CREATE LOGIN sampleuser WITH PASSWORD = '123sampleuser', DEFAULT_DATABASE = sampledb;
USE sampledb;
CREATE sampleuser FOR LOGIN sampleuser WITH DEFAULT_SCHEMA = 'db_owner';
Then I logon to SQL server express 2005 management studio using this user, first of all I do not see the sampledb database listed under "databases" even though it is selected in the "available databases" toolbar (how do I list it there? Because going through "attach..." tells me I do not have the privileges to browse for the database to attach).
I then open up a new query (sampledb is selected), and type (products is one of the table in sampledb):
select * from products;
And I get:
Msg 229, Level 14, State 5, Line 1
The SELECT permission was denied on the object 'Products', database 'sampledb', schema 'dbo'.
Shouldn't the chosen schema (db_owner) give me the right to do this? And how do I fix this from the query window (without going through the GUI, just using SQL statements)? And how do I list sampledb under the databases when I log in as this user?
Looks like Using Schema in SQL Server 2005 gives enough fucntionality to control persimission on pre-created objects and database. here is my scenario....
I want to have Users that can only create new databases and then have FULL control on that database that they create, like creating table, inserrting, deleting, updating, etc etc.
what will be best steps to have this scene.
(I have created a user and made it a memeber of DBCREATOR, but that user is unable to create any table inside database that is created by that user),
Any help is highly appreciated. I am using SQL 2005
I have a DB creation script which starts with the following lines
EXEC sp_addrole 'RAVENROLE' go IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'USER1') CREATE USER [USER1] FOR LOGIN [USER1] WITH DEFAULT_SCHEMA=[USER1] go IF NOT EXISTS (SELECT * FROM sys.schemas WHERE name = N'USER1') EXEC sys.sp_executesql N'CREATE SCHEMA [USER1] AUTHORIZATION [USER1]' GO EXEC sp_addrolemember 'RAVENROLE', 'WS-NOLANKTFSBUILD2'
Basically what I am doing is creating a role, then adding user USER1 to it. The problem is USER1 has full update, insert etc. permissions on all tables in the database by default. Even when I deny that user permissions they can still update, insert etc.
I am using Windows Authentication, User1 also exists as a windows user.
How do I ensure that User1 has no permissions by default? I want to be able to explicitly add them.
I want to allow a user to only select from certain tables in a SQL 2005 database. Without granting any permissions, the user can select from any table.
All tables are owned by dbo. I am using a Windows login and it is not a member of any groups other than one to allow Terminal Server logins.
SQL login properties: Only server role is Public Mapped to a user with the same name Default schema is dbo No securables listed
User properties: No owned schemas No role memberships No securables listed
Database permissions: Under explicit permissions, this user is only granted Connect Effective permissions lists everything!!!
Where are these effective permissions coming from? TIA
I am attempting to create a Test db from a full backup of the production db. With 2012, I cannot do it the the way i had done it in previous versions (and now i understand why because of Logical names).
The Test db runs in the same instance as Prod db.
I attempted to run this but come up with errors. This is what i executed:
RESTORE DATABASE TEST FROM DISK = 'E:<path>FULL.BAK' WITH REPLACE, RECOVERY, MOVE 'PROD' TO 'E:<path>TEST.MDF';
The errors are all cannot execute due to PROD is in use.
I am setting up a database for the first time using SQL Server Express.
I have managed to create a database and create a table with data etc, all straight forward.
The problem I am having is when I come to creating a user for the database. I have the following users in there already, which I am guessing are put in by default:
dbo
guest
INFORMATION_SCHEMA
sys
When I try creating a new user via this screen I get the following error:
TITLE: Microsoft SQL Server Management Studio Express ------------------------------
Create failed for User 'growstudiouser'. (Microsoft.SqlServer.Express.Smo)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.3042.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+User&LinkId=20476
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo)
------------------------------
'growstudio' is not a valid login or you do not have permission. (Microsoft SQL Server, Error: 15007)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.1399&EvtSrc=MSSQLServer&EvtID=15007&LinkId=20476
------------------------------
I was wondering if anybody could advise me as to what I'm doing wrong. I am typing in the name as "growstudiouser" and the login name as "growstudio".
Or am I just using the wrong section to do what I want. I'm trying to create a user so that when the database is built I can connect to it using a username and password that I have created. I'm not sure I'm taking to the correct route as there is no password option anywhere when creating a new user.
I am trying to create an access database (vb 2005). The code sample below works fine if I create the database without specifying a username and password (values left blank). However if these are specified an exception is thrown. Any help/suggestions would be appreciated.
I'm not a DBA, so I don't know where to look for information on this.
In SQL Server 2005, I can simply no longer create a user for the database I created. It asks that the user be associated with a login. That login is found in the Security folder of the database instance.
The question is: what is this instance security folder for? I don't recall having to do this in SQL Server 2000.
Any elaboration or links to such information would be appreciated.
I have been using the .NET Enterprise Library for DataAccess patterns for some time now. I'm going back to a bunch of old legacy ADO code written in VB6/VB5 and would like to try and create the same "centralized" class that all of my code can instantiate and call to open database objects, call stored procedures, etc.
Does anyone know of any samples of papers which might describe this?
The requirement is to customize database admin activities by creating new user group.
Need to create a group of user / dbauser1 which will have restriction in seeing the data but they should be able to alter database - add / remove the data file , increase or decrease the data file space when required.
This requirement came we wanted to create a new dba group they should not be able to any user data / any table but increase / decrease / add / modify space etc.
We are running SQL Server 2012 on Windows 2008 Server. In one database, we would like to create a view which access objects in another database without giving the user permissions to the underlying base tables in the other database. The ownership chain is broken in this case. Can this be accomplished (considering the ownership chain is broken)? If so, what is the easiest method to accomplish this task? Or
Example 1 (Works):
In DB1: --UserA selects from Schema1.View1 (which access tables in DB2).
In DB2: --UserA exists with select permissions on the base tables accessed by Schema1.View1 (in DB1).
Example 2 (trying to accomplish):
In DB1: --UserA selects from Schema1.View1 (which access tables in DB2).
In DB2: --UserA exists (or may not exists) with NO permissions on the base tables accessed by Schema1.View1 (in DB1).
When I try to give a login access to a database I get the message: Error 21002: [SQL-DMO] users already exist in the database. I checked sysusers for the database and the users name is in there, even if the user has no login. Is it okay to just delete the record that has the users name from sysusers? Thanks
Downloaded and install SQL 2005 on 2003 member server. Downloaded and ran SQLServerSamples.msi, AdventureWorksBI.msi, AdventureWorksDB.msi, and AdventureWorksLT.msi.
When I go into Sql Server Management Studio I cannot find the Adventure Works database under databases. How do I access it?
My question is regarding SQL Server database security. I want to create a login using SQL Server Authentication and assign it db_owner rights for my database. So far so good. But the critical part is that I want to give exclusive rights for my database to this user only i.e. no other users (dbo, guest etc) should be allowed to access my database.
It will be good to present here the scenario which I need to implement. I am running an ASP.NET application that uses SQL server 2005 db at back end. The database server might have other databases as well but I don't want the administrator (either SQL server admin or the server administrator) to be able to get access to my database or even view the schema. I don't want any other user except my own user to be able to detach the database or perform backup or restore operations.
Please help.... I have designed an application that uses sql server 2005 express database. This application was intended to be installed and used on a local desktop machine. However, now this application needs to be also installed on several computers and still needs to use only 1 database. Part of the database saves local user settings, so what I have done thus far is use two connection strings: one for local database (because the application may be used as origionally intended) and one for remote database that everyone should be able to connect to.
When I remotely connect to the database, it works fine. However, it seems to be locked so when I chose the same database for another user I get the error message "This File Is In Use." I need to know how to unlock it and make it usable for several users at the same time.
Thank you for your help! Please let me know if you need more information or if something is unclear in my description.
I am newbie to SQL.I need to create an application will run on server, and of course will be installed by using admin user. I can use the install user to access to database on that server?
Hi friends, I have created a database DB1 using CREATE DATABASE DB1 command. Then i created login name using CREATE LOGIN login1 WITH PASSWORD = 'password1' command and created user name using CREATE USER user1 FOR LOGIN login1 command. Now i have to assign the user1 to the database DB1. Any one please tell me how to assign DB1 access privilege to user1?
I am using SQL Server Express Edition 2005 as a backend database working with Visual Basic 2005.
I am using Vista and having two users to access to my computer. User-1 and User-2.
I created a database in User-1 and works fine Visual Basic 2005.
Now the problem is when i login to my computer system with User-2. I cannot able to access the database with encountering error like "User-1/SQLExpress". I know that i cannot able to access to database which was created in User-1.
Do you any solution to this problem. when i login with user-1 and user-2 it should able to access database.
if db_id(@DbName) = Null begin Print 'DataBase dose not Exist' end else
Begin Declare @spId Varchar(1000)
DECLARE TmpCursor CURSOR FOR Select 'master..xp_CmdShell ''Net Send ' + rtrim(convert(Varchar(50), HostName))+' "Dear ' + upper(max(rtrim(loginame)))+ space(1) + @Msg + '"''' as spId from master..SysProcesses where db_Name(dbID) = @DbName and spId <> @@SpId and rtrim(ltrim(HostName)) <> '' and HostName <> host_Name() and dbID <> 0 and spId > 50 group by HostName
Currently there are various teams accessing the database. For costing reasons, we need to track usage.Is there an efficient way to monitor User access to the database.Can we track which user has executed which query(SELECT,insert etc),the login time and such parammeters?
I have a SSIS package that copies data from one database, into another, makes a backup, and then FTP's up the backup to a web server. In Sql Server I've made a job to run the package and a Stored procedure to activate the job from an Access database front-end.
Can anyone tell me how I might return a success/failure message to my access user?
I'm trying to grant a user group select access to all the views in a database. I already made a query which creates a result set whit the SQL Syntax I (displayed below) need but it seems to be impossible to get this result set executed after creation.
use [AdventureWorksDW2008R2] SELECT 'GRANT SELECT ON [' + SCHEMA_NAME(Schema_id) + '].[' + name + '] TO [DOMAINGROUP]' FROM sys.views;
How do I grant a user permissions to only one table in a database. How would it affect him using our Main App which is NAV with regards to his user's permission in NAV
Hi, I hope you can help.I have configured a Windows 2003 web server and SQL 2005 Server (on same box) to successfully allow remote connections and to allow access via SQL Server Management Studio Express 2005.The problem I have is that I want to restrict access to the databases on the server via the Management Studio to specific databases e.g. 1 database user "sees" only 1 database.I can configure it so that the user's remote access permissions do not allow access to other databases but they can still "see" the database listed in the Management Studio explorer.I can also configure it so that the users cannot see all the databases (by disabling View All Databases on SQL Server), but this means that they cannot not see their own database which they have permissions for.Is it impossible to have the desired behaviour of only displaying the database which the remote user accessing has permissions for and hiding all other databases?I have MSN'd,Googled and Yahoo'd this one to no avail :(Many thanksFergus
How would I set permission for SQL Server 2005 "User A" to prevent access to System and other user databases, also How to hide the databases that "User A" has no rights to. I mean, when User A logs in, All other user databases are not visible to him/her.
