I'm trying to write a database table that is ONLY accessiable to ONE login / DB user and restrict access to what that user can do with the table.
At the moment I have granted SELECT & INSERT permissions but some of the fields in the table should also be restricted, but for some reason SQL doesn't allow a deny on INSERT for columns.
It seems strange that you can deny an UPDATE permission on a column but not INSERT, so users can create new lines of junk into fields you dont want them to, but cant change that junk afterward??
Anyone have any ideas how I can prevent this user from altering these fields at all?
I am currently using openquery to insert data into a SQL 2000 database from a Lotus Notes database. The Lotus database is a linked server with a datasource named CLE_CARS_SF. My SQL table is called Webcases.
The query below works well because the table's columns are even in both databases:
Insert into Webcases select * from openquery(CLE_CARS_SF, 'Select * from Web_Cases')
I am moving this over to SQL 2005. The query works well, but I want to add a column to the Webcases SQL database and manually insert a value along with the openquery values.
My insert statement above no longer works because the column numbers don't match.
In a nutshell I would like a way to combine the following queries:
Insert into Webcases select * from openquery(CLE_CARS_SF, 'Select * from Web_Cases')
Insert into Webcases (insurancetype) Values ('SF')
I have a customers table and a stored procedure for deleting records from this table. I connect to sql using a connection string with sql server authentication using a user I've set up in sql server. This user has roles public, db_datareader and db_datawriter and has permissions to execute all my custom stored procedures. Up to this point everything is fine and I can insert, update and delete. Happy days.
If I then select the permissions for the user and deny delete permission on the customers table I thought that because deny overrides everything else I could not delete a customer from my application. Much to my surprise, I can. Why is this?
Hello, I Have created a folder in the IIS called Webreporting. I used sql server to generate HTML into that folder. I make NT security to that folder so certain people can view the report. Unfortunatelly my code to generate the scheduled HTML report failed and gave this error message:
Server: Msg 16821, Level 11, State 1, Procedure sp_makewebtask, Line 125 SQL Web Assistant: Could not open the output file.
Is there a way to deny a specific application from connecting to SQL Server? There is an application some of my developers use that connects with Windows Authentication that I would like to block from my production server. I can't deny the user's logins because they need to be able to connect to the server from other applications.
I am unable to deny DMV rights to public. I have already ran the SQL query successfully: "DENY VIEW SERVER STATE TO public" and "DENY VIEW DATABASE STATE TO public"
However when I check my master DB, the public still have rights to all the dm_***** objects. Am I doing it wrong or is there any steps I missed out? Can anyone help please? Thanks a million.
I have two rows of data: Customer as string, Date as int These values are predefined so I cannot use autoindex. I have to make sure that when I insert a row of data that it does not exist already int the database. there can be duplicate customers and duplicate dates but not duplicate customer/date combinations. What would the sql query be? if (select count(1) from customers where customer = @customer and date = @date) =< 0 insert into table1(customer, date) values (@customer, @date) end if
I have to insert data from about 30 tables into a single table (Users),to do so i used a cursor and a bit of dynamic sql, this should workfine if the tables have to do the select from had the same number ofcolumns, how ever they don't.I only need the first 5 columns from each the table, in the case wherethey have more than the 5 i need for my 'Users' table i get this error:'An explicit value for the identity column in table 'Users' can only bespecified when a column list is used and IDENTITY_INSERT is ON.'.Is there a way to select only the first five columns from a table, ifnot is there another solution for my problem?My Sql query is the following:DROP TABLE UsersCreate Table Users(ID INT identity PRIMARY KEY,TIPO VARCHAR(255),NOME VARCHAR(255),USERNAME VARCHAR(255),EMAIL VARCHAR(255),GROUPID VARCHAR(255))DECLARE @Table VARCHAR(255)DECLARE @Sql VARCHAR(8000)DECLARE sysCursor CURSORFORSELECT name FROM sysobjects where xtype='U'OPEN sysCursorFETCH NEXT FROM SysCursor into @Tablewhile @@FETCH_STATUS<>-1BEGIN/** INSERE VALORES NA TABELA DE TESTE*/SET @SQL = 'INSERT INTO UsersSELECT * FROM ['+ @Table +']'EXECUTE (@SQL)SET @SQL = 'UPDATE Users SET GROUPID=' + @Table +'WHERE GROUPID IS NULL'EXECUTE (@SQL)print @tableFETCH NEXT FROM SysCursor INTO @TableENDCLOSE sysCursor/** APAGA VALORES INVÁLIDOS DA TABELA DE TESTE*/DELETE FROM Users WHERE TIPO IS NULLDELETE FROM Users WHERE NOME='Nome'DEALLOCATE sysCursorI hope you can give me hand, thank you in advance.
So I want to insert 40 values into a table, starting at a particular column. Like this:
INSERT INTO MyTable (1) VALUES (...my forty values...)
Pretending that 0 (zero) indexes the first column, and 1 indexes the second column, the purpose is to skip the (first) column that contained an identity value (since normally you can't insert into an identity column anyway).
The only way I currently know how to solve this problem, is to use highly verbose syntax, like this:
But yuck, who wants to explicitly mention all forty column names, ONLY BECAUSE I'm trying to avoid inserting a value into the first column which contains the identity?
Any one can help me, below error messages for reference, thanks! Exception Details: System.Data.SqlClient.SqlException: EXECUTE permission denied on object 'sp_insertspend', database 'master', owner 'dbo'.Source Error:
Line 96: cmdMid.Connection = conMid; Line 97: cmdMid.CommandText = "exec sp_insertspend '" + uid + "','" + Mid + "','" + status + "','" + spend + "'"; Line 98: cmdMid.ExecuteNonQuery(); Line 99: conMid.Close(); Line 100:Source File: f:Microsoft Visual Studio 8WebSoccermain.aspx.cs Line: 98 Stack Trace:
I was wondering if there is anyway to deny remote logins on SQL Server 7 (other then pulling the network cable out of the back :) ) so that nothing can login during a service pack upgrade?
I know this seems like a strange ask, but we have a common user and pass in most of our web applications and this user requires DBO access to the database, no problem is occasioannly we need to let a developer look at an issue on a production server, so we port them through to sql through the firewall so they can see it it, and they normally login wih there domain/username and this way they are restricted to what they can see and do. However all developers know the SQL user and pass used in the web app, they also know its a DBO, so this means they can login with these user details and have access to everything.
My question is how can i lock this down so i can deny access from the SQL management console for this particular user, but still allow the user to act as a DBO for the web applications.
I have a login associated with a single user on a database (not master). I want that user to be able to only see what I've specified in the securables.
Now I've created a ODBC connection using that login. The problem is that the user can also see the master db info. I was expecting to see just the one view I created and granted the user to view. How do I get rid of all the master db stuff?
I'm having trouble creating a read-only view. I've got 1 or more tables that I wish to remain updatable but I want to create a view that covers the table and/or spans all the tables. However, I want the view to be select only. I can't seem to get it to work.
DENY UPDATE ON [dbo].[MyView] TO [dbo] CASCADE
All that seems to execute my dbo user can still use...
Update MyView set SomeID = SomeID + 10
Plus, ideally I just want to say, DENY UPDATE ON VIEW TO ALL
I€™m trying to lock down PCI sensitive data columns in some product databases from our developers. We need developers to have data reader rights to the production database to perform general maintenance and troubleshooting of the application BUT minus the specific secured columns like credit card number, etc.
I have a user role setup called RWE created by: CREATE ROLE RWE GRANT SELECT TO RWE GRANT INSERT TO RWE GRANT UPDATE TO RWE GRANT DELETE TO RWE GRANT EXECUTE TO RWE
A standard SQL user is placed inside this role allowing them full read, write, and execute rights on everything in the DB which is fine. BUT, now we want those same rights except for the sensitive data files so I updated the rule with the following script:
DENY SELECT ON [dbo].[TableNameHere] ([strCC]) TO [RWE]
Logging in a developer and doing a SELECT * FROM TableNameHere throws a permission error on the strCC column as expected, so far so good.
But, I did a SELECT * FROM ViewThatContainsField_strCC and shows them the denied field. Oh, oh! I also did EXEC spStoredProcThatShows_strCC and again it shows the denied credit card field. Again, oh, oh!
So, long story short, I€™m stuck. My understanding of SQL permissions, I was under the understanding that placing a deny at the lowest level (column) should throw errors in all methods of access that column (either by direct select, or select through views, procs, etc).
Any suggestions or any hints on what I€™m missing here?
Quote: Msg 295, Level 16, State 3, Line 1 Conversion failed when converting character string to smalldatetime data type.
I am not sure why it is trying to insert into the Last_Update Column, which is the only smalldatetime field in the table. but in the format file, i do not have any data going into that column.
it looks like everything is set correctly in the format file
in the SQL Server Library Link, section "Using an XML Format File" 2nd example, it looks to be the same thing as I am?
I'm trying to create an Insert query and I'm having difficulty in 2 areas:
First, I would like to CAST/CONVERT a single column of the several columns in the tables below. Is it possible to retain the asterisk identifying all columns and single out a particular column to be converted as opposed to writing out each individual column in both the INSERT and SELECT statements? I would like to CONVERT the column "MILL_COST" from VARCHAR(50) to Money.
INSERT INTO ITEM_MASTER SELECT * FROM ITEM_MASTER_TEMP
Second, I've tried the following"conversions" in the SELECT statement, to no avail:
CONVERT(Money, MILL_COST) As MILL_COST CONVERT(Money, CONVERT(Varchar(50), MILL_COST) CAST(MILL_COST AS Money)
I am having a users table which contains "Mobile" column as well. I want a query to set the country code value by default into the column name so that the column should be updated with the mobile number along with the default country code.
I am looping through all the databases for a table and trying to insert data into two columns in that table. So evrything seems right. but when i run the program it says
Msg 515, Level 16, State 2, Line 4
Cannot insert the value NULL into column 'OrganizationID', table 'DesMoines_DEV.dbo.Organization'; column does not allow nulls. INSERT fails.
I think writing a dynamic query that produces a series of insert statements is wrong... Instead a dynamic query that execute insert statements one by one may work... But I couldn't figure how to approach..
Below is the code
SET @dbLoop = CURSOR FOR SELECT name FROM sys.Databases WHERE name NOT IN ('master','model','msdb','tempdb') AND State_desc = 'ONLINE'
When I call this in Java program, it asks me to check the syntax of the statement as follows :
com.mysql.jdbc.exceptions.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'check) VALUES ('ICICI 06-12-2004 reshma', 'RELIND', 10, 541.7375183271872, 5417.' at line 1
Please make notice that all the data types of the table columns and the values passed in the statement match.
Now the problem is that, when from the above INSERT statement, i remove the last column (i.e. the "check" column and its corresponding value passed i.e. 'check'), the code works fine. I observe here that now there are 14 columns in the statement.
So i need the solutions for this. I cannot move further in the program......
Please help.
Trust in Technology mate .....'Not in Human Beings'
I'm looking for an efficient way to populate derived columns when Iinsert data into a table in SQL Server. In Informix and PostgreSQLthis is easily done using the "for each row..." syntax, but all I'vebeen able to come up with for SQL Server is the following:create table testtrigger(id integer unique, b integer, c integer)gocreate trigger testtrigger_ins on testtriggerfor insert asupdate testtrigger set c = (select ...some_function_of_b... fromtesttrigger t1,inserted t2where t1.id = t2.id)where id in (select id from inserted);gowhere id is testrigger's unique id field, and c is a field derived fromb.This seems terribly inefficient since each insert results in an extraselect and update. And if the table is large and unindexed (which itcould be if we are bulk loading) then I would imagine this would bevery slow.Are there any better ways of doing this?Many thanks,...Mike Dunham-Wilkie
Can any body tell me how can I restrict a user who has Sa previlages, from droping a table. He should be able to do everything except droping the table.
I have a database X where user A has db_datareader role. User A can select data but cannot update/insert/delete.
Recently user A connected to my database using Brio SQRW tool and could successfully run an update command in database X. As I researched I found out that SQRW uses RPC calls with extended procedures sp_prepare and sp_execute to run an update command.
User A does not have explicit permission to either of these stored procedures. Additionally User A does not have access to master database where there procedures reside.
I have a SQL server, as I use a domain account to log on to SQL server and Sql server agent, all maintanence plans work good, since I changed from a domain into Localsystem account to log on to SQL server, and Sql server agent, all maintanence plans didn't work any more, then I tried only keep Localsystem account at SQl server , using a domain log on to Sql server agent, but it's still failed to maintanence plans. The error in job history is"Executed as user: candyl. sqlmaint.exe failed. [SQLSTATE 42000] (Error 22029). The step failed.". And the message at Sql server log is :"BackupDiskFile::CreateMedia: Backup device 'D:Database BackupsNoon BackupESMDEV_db_200406141548.BAK' failed to create. Operating system error = 5(Access is denied.)". It looks like permission problem, but for Localsystem account which should has full permission, right? I tried may ways and searched from knowledge base , still couldn't find the related solution. Anyone can give me some advices?
Is there a way to deny Security Permissions to a login that has sysadmin? Unfortunately I have to leave the user as sysadmin. I trying denying alter any login and control server but that didn't work.
You can't assign a default schema for a user that maps to a Windows group. OK fine. But if you create a user for that group anyway with no default schema, any objects created by members of that group will automatically cause a schema to be created for them, EVEN WHEN THAT USER HAS BEEN EXPLICITLY DENIED THE CREATE SCHEMA PERMISSION IN THE DATABASE. This is the same as it was in 2K5, but has still not been fixed in 2k8.
To reproduce, do the following steps: Create a windows group, either in the doman or local to the box. Add at least one Windows user to that group. Create a SQL login for that Windows group. Map that login to a new user in some database. Explicitly 'deny create schema to ' that group/user. Grant 'create procedure' to that group/user. Log onto SQL with a Windows login that is a member of that Windows group Use the database that we set the permissions in above. Create a dummy stored procedure without qualifying the name with a schema ie: 'create prodedure test1 as select 'hello world'). Look to see what you ended up with. You will have a new schema named the same as the user who created the sproc. This will now be their default schema implicitly, and the test1 stored procedure will be in that schema, EVEN WHEN THAT USER WA EXPLICITLY DENIED THE CREATE SCHEMA PERMISSION IN THE DATABASE.
My requirement is below.enhancing the T- sql query as I was told not to use SSIS.
Insert data from Table A to Table B with conditions:
1. Truncate gender to one character if necessary.
2. Convert character fields to uppercase as necessary.
3. For systems that supply both residential and mailing addresses, use the residential address if available (both street_address and zip fields have value), mailing address otherwise.
In SSIS I took conditional split with 'ISNULL(res_street_address) == TRUE || ISNULL(res_zip) == TRUE '
default outputname :Consider Res Address; Outputname:Consider mail address.
and mapped as:
(Table A) mail_street_address---street address(Table B)
(Table A) mail_city----------------City(Table B)
(Table A) mail_Zip----------------Zip(Table B)
(Table A) mail_state-------------state(Table B)
(Table A) res_street_address--street address(Table B)
(Table A) res_city---------------City(Table B)
(Table A) res_Zip----------------Zip(Table B)
(Table A) res_state--------------state(Table B)
I want to do the same with T-sql code too:
I came up with below T-SQl but unable to pick(street,city,state,zip columns as I have take combination of street and zip from Table A not individual columns as I wrote in below query) based on above condition(3):
Insert into TABLE B SELECT Stats_ID ,UPPER(first_name) first_name ,UPPER(middle_name )middle_name ,UPPER(last_name) last_name ,UPPER(name_suffix) name_suffix
