If I want to easily and quickly grant all permissions to a group of objects
for one user (or group), how can I do this with the tools provided?
In 6.5, I could right-click the user or group and click the "Grant All" button.
In 7.0 this is either missing or has been moved.
Thanks!
Jim
Hi,
SQL Server Security is not my strong point so forgive me for asking stupid questions.
I have a bunch of tables and sprocs within a schema 'MySchema'. I have a user 'MyUser' defined in the database.
I would like to give MyUser permission to SELECT from tables and EXECUTE all sprocs in MySchema. What is the simplest way of doing that? Will the following:
GRANT EXECUTE ON SCHEMA::[MySchema] TO [MyUser] WITH GRANT OPTION AS [db_owner]
GRANT SELECT ON SCHEMA::[MySchema] TO [MyUser] WITH GRANT OPTION
accomplish that? (I can't test it out at the moment because our DBA isn't around and I don't have permission)
With best practices in mind - is what I am doing here considered "ok". Any suggestions/comments are welcome.
-Jamie
P.S. Can anyone recommend any documentation that talks about what best practices should be in the use of schemas. BOL is a bit sparse. Thanks.
How would I, using a sql script, copy permissions assigned to a useror a role in one or more databases to another user or a role in theirrespective databases?Help appreciated
View 2 Replies View RelatedI'm making a copy of some tanles between 2 servers.
Server 1 requires a sql login
Server 2 is using Windows Auth.
I have a user on server 1 named "odbc" able to log in.
however my copy task fails, when I drill the error, it's lists the first user in server 1 alphabetically as the failed login???? but in my dts I am specifying the "odbc" user and password.
I think I have a permissions problem on server 1. So my Question, what minimum permissions does user "odbc" need to copy a table?
On server 1 I can copy from northwind to server 2 just fine..but any other db on server 1 causes the weird failure with the wrong username.
Any Ideas? I am not a DBA obviously :)
Thanks,
Carl
How would Set permissions Sql Server 2005 so that I can access a asp page created in VWD and Sql Express.
On the production server i have just the one instance of Sql
I have the following connection string in the web config file:
<connectionStrings>
<add name="ConnectionString" connectionString="server=serversNameXPRESS;uid=aspuser;pwd=aspuserPassworkd;database=DATABName" />
</connectionStrings>
The account i setup to access the db in Sql 2005 Proper on the Production serve is Represented by the name in the above example as “aspuser�. I created this user in security, logins. And I gave permissions to this on the Db level “create procedure delete, select, update insert.�
I get a error when i run the page in the browser that says “login failed for aspuser.�
I know virtual directory is configured properly. I can run aspx page in the directory with out a db connection, without and error.
Any help would be greatly appreciated.
Hello, I cannot find out to create enum data type in SQL Server 2005 Express. Can I easily create the enum type just like the MySQL does.(please the MySQL example below)
CREATE TABLE myTable
(
myid INT UNSIGNED NOT NULL,
myclass ENUM('FIRST','SECOND','THIRD') DEFAULT 'FIRST'
PRIMARY KEY(myid)
);
I would like to compare two databases objects permission setting in SQL6.5. One is in production box and another one is in backup server. What is better and quick way to do this? Any system table is available for this information?
Thanks in advance.
Stella
I need to understand the permissions that a CLR stored procedure needs when it accesses tables. In a dbo TSQL stored procedure it has owner permissions on all dbo tables, so there is no need to grant permissions on tables to the database user.
Some developers recently implemented a CLR stored procedure that returned an error with update permission denied on table name. Once I granted the user account update permission on that table, it was able to execute OK.
I have been looking for a good explanation for the way the permissions to database objects need to be setup for CLR stored procedures. For example, could I have said to modify the procedure to use the EXECUTE AS clause, instead of granting the user account direct permission on the table? Does anyone have any links to good articles on this subject?
Edit:
I have a feeling I'm on my own trying to figure out how this works. I've been searching the web for hours, and I haven't found anything that directly addresses this.
CODO ERGO SUM
Hello,I am trying to write a script using SQL Server 2000 to list all of theroles that have any permissions on a specified object (view, table,sp, etc.). Essentially I am trying to script what is displayed whenone selects the 'list only users/user-defined database roles/publicwith permissions to this object' option under 'manage permissions' inEM but without showing individual users, only roles. I've looked atthe system sp's and the information_schema views but none of thoseseem to give this information. Am I going to have to look directly atthe system tables? If anyone has a script that does this for aspecified object or can point me to more specific information on howto do this I'd appreciate it. Thanks!Bruce
View 2 Replies View RelatedI'm trying to identify the objects in master that the role public has select permissions on, but when I run this query, I get 4 results where the default schema is null and the major_id column does not correspond to any records in the sys.all_objects table. Where else can I look to find what objects these are. DBO is listed as the grantor.
I appreciate your help.
SELECT *
FROM SYS.DATABASE_PERMISSIONS P,
SYS.DATABASE_PRINCIPALS R
WHERE P.GRANTEE_PRINCIPAL_ID=R.PRINCIPAL_ID and
permission_name='SELECT' and class_desc='OBJECT_OR_COLUMN' and
r.name='public'
order by r.name desc
While trying to execute a stored procedure I am getting error that 'SELECT permission denied on table .......' The DBA has given execute permission for the sp and still the same error. What needs to be done. When permissions are given through the SP it implies that the objects are given permissions ?
Putting in db_datareader group will give permission to read from all tables across all the databases in the server. We want that the user should be able to read data from only those tables called in the sp. Normally in SQL 2000 we used to give EXECUTE permissions to the sp only. This in turn would be enough for that user to get data while executing the sp.
Using Management Studio how do you script only user and object permissions? I don't want to script the corresponding "Create" statements for each object, only their permissions. This was possible in 2000.
Thanks, Dave
We are having problems with the response times from UPS WorldShip after switching from SQL Server 2000 to 2005.
I think that the problem can be fixed from the database end by setting the permissions correctly for the user/role/schema that is being used by WorldShip to connect to the server but, I'm not sure how to do it.
The Setup
Client
UPS WorldShip 8.0 running on XP Pro SP2
Connecting via Sql Native Client via SQL Server Login
Connection is over a T1 via VPN
Server -
SQL Server Standard Edition on Windows Server 2003
2x3ghz Xeon processors w/ 4gb ram
The user that is being used to connect runs under it's own schema and role and only needs access to two tables in a specific database on the server.
What UPS WorldShip seems to be doing is on a continual basis retrieving information about the layout of the database via calls such as the following
exec [sys].sp_tables NULL,NULL,NULL,N'''VIEW''',@fUsePattern=1
exec [webservices].[sys].sp_columns_90 N'CHECK_CONSTRAINTS',N'INFORMATION_SCHEMA',N'webservices',NULL,@fUsePattern=1
exec [webservices].[sys].sp_columns_90 N'COLUMN_DOMAIN_USAGE',N'INFORMATION_SCHEMA',N'webservices',NULL,@fUsePattern=1
This seems to happen whenever WorldShip contacts the database to find out information in order to be able to create a mapping to the database as well as exporting information to it. Because of the VPN connection these calls take anywhere from 20 seconds to 3 minutes.
I am fairly confident that the problem lies with these calls to the database which I was able to capture using the SQL Server Profiler. We have experimented with the following setups.
1. Connecting to SQL 2000 over VPN with SQL Native Client - No noticeable lag
2. Connecting to SQL 2000 over VPN with SQL Server 2000 driver - No Noticable lag
3. Connecting to SQL 2005 locally with SQL Native Client - No Noticable lag
4. Connectiong to SQL 2005 over VPN with SQL Native Client - Lots of lag
Our network admin has been testing the network connections over the VPN and it is very responsive with none of the long wait times found when using UPS WorldShip.
Now for a possible solution other than getting UPS to fix their software. I think that by limiting the tables and views that the login is able to see will cut down significantly on the lag times that are being experienced. The problem is that there were 264 items that were being returned by sp_tables. I was able to cut that down to 154. I am unable to disable access to any of the rest of the items because they are server scoped.
Take for example the INFORMATION_SCHEMA.CHECK_CONSTRAINTS view. When I try to deny access to it in any way I get the following error:
Permissions on server scoped catalog views or system stored procedures or extended stored procedures can be granted only when the current database is master (Microsoft SQL Server, Error: 4629)
Am I able to deny access to these types of object and if so how? Also, what objects should be accessable such as sys.database_mirroring, sys.database_recovery_status, etc?
we are using windows authentication. Is there a faster way to set permissions for each database than to go through each table and set them? Currently, to set the permissions from SQL Server Enterprise Manager, I click on Security > logins > select the properties for the IUSR account > Database Access > then check off each database that we allow access to. Next I go through each tables properties and set the permissions. Is there an easier, faster way to do this?
Miranda
Howdy
I know you can set permissions on a column via T-SQL, can it be done via Enterprise Manager? If so, how do you do it?
I've looked everywhere but dont seem to be able to find how to do in EM.
Thanks
W.
hi, please anybody help me with this....
i need to have a user account with the following requirements:
a. can create/alter/drop tables/views that is created by this user;
b. can read/update/delete records from tables created by this user
c. can read/add records to tables created by other user
d. can create/edit/execute stored procedures
is this possible? how can i do this? how can i allow a user to create new objects or alter objects owned by him at the same time prevent him from dropping objects created by other user?
how can i give a user full access to objects that he created and limit his access rights like dropping objects, deleting records or updating records from tables that is not created by him?
can i do these thru enterprise manager or do i have to run some scripts in order for these to happen? if so, can somebody help me with the scripts or links that i can use for references?
thanks a lot! hope you can help me with these...
thanks a lot...
All,
I'm wondering if there are any methods to set the permissions for a specific user on a specific report within SQL Server Reporting Services.
I got how to get permission from them programmatically, but not how to set them but the user interface..
Please apologize me if there was a similar thread in the recent past; I tried to find it out, I didn't succeed.
Thanks a lot in advance for your timely response (as usual deadlines are by "yesterday").
-G
Hello,
I hope this is the right forum to post this question. I am working on creating a CLR stored procedure, the first one I have ever done, and I am using Visual Studio 2005 (VB) to try to debug it. I keep getting this error.
User 'dbo' could not execute stored procedure 'master.dbo.sp_enable_debug' on SQL Server psalm1sqlexpress
I found this link which helped a little. http://msdn2.microsoft.com/en-us/library/ms241735(vs.80).aspx. The problem is that dbo is the user that is shows that is throwing the error. However, I am logging in as sa, which is the sysadmin.
I tried adjusting the permissions for dbo, and I changed the owner of the db to a sysadmin, but I still get that error.
I would be very grateful if someone could point me in the right direction to get this working. By the way, it does install the clr stored procedure, it just won't debug it.
Thank you for your help.
I am using SQL 2000 with the Server Enterprise and the Query Analyzer programs. Almost everytime I create a new Stored Procedure, I forget to go into Server Enterprise and grant Execute permissions to my users.
Is there any way in a Stored Procedure to set the permissions when the Procedure is created?
Hi,
is there a way to set permissions on a database so that a certain user can view the design of all the tables, sps and triggers etc but not be able to view the data. If so, how do you do that?
thanks
Zoey
I've got a tool that accesses syslogins to pick up some information.When I run the tool, I get the error message that sasys that my logindoes not have sufficient permissions to read syslogins. If I run undermy admin ID, everything is fine. HOWEVER, the intention is that thistool will be used by non-DBA staff members so we have a generic idcreated to run this tool specifically (non-DBA account).OK, so I go to Enterprise Manager and open up the master database, goto syslogins and add my non-DBA id to the permissions list as havingSELECT access, and click on EXECUTE.BOOM! No sign of my permissions being set.Am I missing something? If so, what do I need to do to set permissionsagainst this view?
View 1 Replies View RelatedI'm trying to deploy a project that I deployed yesterday just fine, but today I get the following error:
------ Deploy started: Project: Point Reports, Configuration: Debug ------
Deploying to http://reporting.companyname.com/reportserver
Deploying data source '/Data Sources/Srv24.FieldResponse2_1'.
The permissions granted to user 'DOMAINharley.p.bartman' are insufficient for performing this operation.
Deploy complete -- 1 errors, 0 warnings
This seems like a basic permission issue, except I'm not logged in as the user listed! I've never logged into my computer as the user. I did log in to the reporting services website yesterday as that user, but since have rebooted my machine and logged into bothe my computer and the reporting services website as me. Yesterday this report deployed fine. Today, this error message. I've even tried creating a new project and just creating a simple datasource and deploying just that, but still this message! Where is Visual Studio storing and reusing this user name during my deploy process???
Hi
I have a vm machine running SQL Express. So as to centralise my data, on the host machine I have a folder with all my data. This folder is shared. In the vm machine I have set up mapped to this folder, so it is visible within in. I can add/remove from the folder in explorer so the permissions look okay up to there.
However, when I go into SQL Express and attempt to restore from a backup into a DB, I cannot see the folder in the folder list presented. When I try and force the connection through the mapped drive letter or unc name, the server fails with a you do not have permissions.
From my reading it looks like I have got a network service account set up but, when I look at the logins in SQL Express there doesn't appear to be such an account.
Could someone either
a) point me in the right direction if the netowrk service account is not the way to go
b) tell me how to set up a netowrk service account with the correct privileges to enable me to read /write this mapped folder.
Thanks
Simon
On MS-SQL 2k I have a created user. Security for the SQL instance isset to mixed.When I attempt to connect to SQL using Enterprise client on anothermachine on the local network using Windows Auth I get the error: DBName-Login Failed for user ('null')- Reason: Not associated with atrusted SQL Server Connection.What am I over looking?TIA
View 1 Replies View RelatedIs there anyway, that I can generate a list of all the objects that a given user has access to (including type of access whether select or update etc), by running a SQL command? One of our databases has nearly 40,000 tables (no kidding!) I can always find this out by manually looking into the roles etc on the enterprise manager, but I need a way to find out using a T-SQL query..Thanks for any help!
View 2 Replies View RelatedI remembered there is an option I can use to display just user definedobjects in SQL Server Enterprise Manager, but I can not find it anymore?Would you like to tell me? I really appreciate it.Laurence*** Sent via Developersdex http://www.developersdex.com ***
View 2 Replies View RelatedGood afternoon,
I have a little trouble with sql server 2005 express database:
customer need install new web application to hosting, but at hosting is currently exist other web application and it's using DB what I must use. DB contains a big number of tables, views, functions, etc.
I need delete all user objects from this DB, it must be as new created one.
Is any query whitch can do this?
PS: I know, best way for this is delete DB and create new one, but i haven't permissions for these.
Thank's for reply.
Usually all the user datatypes in our databases have the owner dbo.
One has a few that are owned by a user with dbo rights. I am trying to change them to dbo owner.
Sp_changeobjectowner gives 'object does not exist'
Any ideas
Jim
I'm trying to list everything (tables, view, procedures, functions, etc.) that was created by users in a database.
The query which seems to eliminate the most SQL system type objects is shown below.
SELECT *
FROM sys.all_objects SAO
WHERE SAO.is_ms_shipped = 0
order by SAO.type, SAO.name
This still includes some non-user created objects, like the below. See the attachment for details.
fn_diagramobjects
sp_alterdiagram
sp_creatediagram
How can I get rid of these type of objects without filtering on SAO.name LIKE...
I'm currently running SQL Server 2005, and have been exploring the feasibility of grouping users to use a default file group and data file. This would be to group a set of users to have their new tables reside in a specific data file. I only see mechanisms for moving an already existing objects into a file group or to set the entire databases default file group--not a user level association or dynamic assignment of the default for that user, script, etc.
It's not looking good.
I'm looking for confimration that it's not possible or leads on doing so.
Thanx in advance
hi all
i am using sysobjects for taking the list of user objects.
by using userid, status column combinations, able to take out the user tables/triggers/views
but for stored procedures, it doesn't work.
is there any better way to list the user objects.
thanks in advance.
sam alex
Does anyone know the logic that Enterprise Manager/SQL Server uses to distinguish system objects from user objects. I've looked through all the sysobjects in the database and there doesn't seem to be any unique logic for seperating all objects. User tables are easily distinguished from system tables (U/S) but thats not the case with stored procedures and views. I'm looking for suggestions...
Thanks,
Adam
I have 2 users in a database who is having dbo privilages.
I don't want them to modify data in 1 table.
How can I do that?( without removing them from dbo role)
Thanks in advance.
cheryl