Giving Users Specific DDL Permissions
Jul 20, 2005
I have an archival process on a large database that runs once a month.
At the beginning of the process the triggers and indexes on the
tables whose data is moved are dropped, the data is moved and then the
triggers and indexes are recreated at the end. This produces a
massive improvement in performance.
The problem is the process is supposed to run on users accounts (thats
the way the front-end is set up) and they don't have the neccessary
permissions to drop & create triggers & indexes. I can't see any way
to give them permissions only on specific tables or triggers/indexes.
Nor does giving them permissions to the stored procedures that do the
dropping & re-creating work, DDL permissions don't seem to be
inherited the way they are with tables.
Is blanket rights to drop & create objects through the db_ddladmin
role the only way users can get rights?
Thanks,
K Finegan
View 2 Replies
ADVERTISEMENT
Jan 21, 2008
I am in a project where we are using a vanillla Reporting Services 2005 with the builtin report portal. No sharepoint integration yet.
We have successful deployments where we limit access to different folders based on AD-accounts and groups. In this particular case I have a folder for which I would like to allow access to all AD-users within the entire company.
So basically I know how to limit access but I don't know how to enable access for everyone. Is there a simple way to do it? I have googled and search mshelp but I couldn't find anything. I will admit to the search being quite quick but as usual time is short.
View 1 Replies
View Related
May 10, 1999
Hi friends,
How can I give permission to a new user to all the tables in the Database.
I usually create New User and then give permission to each table One By One which takes lot of time.
regards,
zak.
View 2 Replies
View Related
Apr 30, 2008
hi alli've got two tables called "webusers" (id, name, fk_country) and "countries" (id, name)
at the meantime, i've a search-page where i can fill a form to search users. in the dropdown to select the country i included an option which is called "all countries".
now the problem is: how can i make a stored procedure that makes a restriction to the fk_country depending on the submitted fk_country parameter?it should be something like
SELECT * FROM webusers(if @fk_country > 0, which is the value for "all countries"){ WHERE fk_country = @fk_country}
who has an idea how to solve this problem?
View 9 Replies
View Related
Mar 21, 2008
I am very early on in developing a website to track issues with projects which is tied to a SQL database. I have my Projects Table, my Users Table, and am creating a third table to track issues. I'm wondering what is the best way to assign specific users to specific data/projects. The user should only be able to view & update the projects assigned to him. He should not be able to see other projects. What is the best way to assign projects/data to the users to make sure they are only viewing their data?
View 1 Replies
View Related
Oct 24, 2006
Hi
I have created a user and given select permissions on a table, I want to go deeper and just give select on a few columns within the table but unable to do so. Can someone tell me how I can do this.
Thanks
View 4 Replies
View Related
Nov 22, 2006
Hi,
SQL Server Security is not my strong point so forgive me for asking stupid questions.
I have a bunch of tables and sprocs within a schema 'MySchema'. I have a user 'MyUser' defined in the database.
I would like to give MyUser permission to SELECT from tables and EXECUTE all sprocs in MySchema. What is the simplest way of doing that? Will the following:
GRANT EXECUTE ON SCHEMA::[MySchema] TO [MyUser] WITH GRANT OPTION AS [db_owner]
GRANT SELECT ON SCHEMA::[MySchema] TO [MyUser] WITH GRANT OPTION
accomplish that? (I can't test it out at the moment because our DBA isn't around and I don't have permission)
With best practices in mind - is what I am doing here considered "ok". Any suggestions/comments are welcome.
-Jamie
P.S. Can anyone recommend any documentation that talks about what best practices should be in the use of schemas. BOL is a bit sparse. Thanks.
View 5 Replies
View Related
Apr 30, 2008
In SQL 2005, is this an acceptable (prefered) way to give an application account EXEC permissions for sprocs and funcs in a specific database?
CREATE ROLE db_executor
GRANT EXECUTE TO db_executor
And then of course assign my user to this role on the database level.
I am trying to get away from adding exec to every sproc "manually" and then of course also having to add exec for any new sprocs that get added into the database.
View 3 Replies
View Related
May 30, 2008
ere is the make-up of the tables:
[dbo].[PortalUser](
[PortalUserID] [bigint] IDENTITY(1,1) NOT NULL,
...
[dbo].[Role](
[RoleID] [bigint] IDENTITY(1,1) NOT NULL,
[Name] [nvarchar](250) NOT NULL,
[IsActive] [bit] NOT NULL CONSTRAINT [DF_Roles_IsActive] DEFAULT ((1))
...
[dbo].[PortalUserRole](
[PortalUserRoleID] [bigint] IDENTITY(1,1) NOT NULL,
[PortalUserID] [bigint] NOT NULL,
[RoleID] [bigint] NOT NULL,
[IsActive] [bit] NOT NULL CONSTRAINT [DF_PortalUserRole_IsActive] DEFAULT ((1))
I'm asking to get a list of portalUsers that do not have a PortalUserRole records for the rolename I'm checking against. And don't ask me why the person who coded this is searching on rolename not ID. But this is how we're doing it for now.
View 6 Replies
View Related
May 9, 2002
Hi there!
I'm developing an application and i need to do the next thing:
I need to make a process, but this process just need to be done, when nobody else is modyfing datas in the database.
Is there anyway i could check this? I have read about the sp_who stored procedure but this one return all the activity in all the databases, and i just need to check in one specifically. And there's another issue, we all access with the user dbo to the database...
Any help will be appreciated..
View 2 Replies
View Related
Jan 19, 2000
I restored a copy of a database onto a new server. I created the proper logins on the new server prior to the restore. The users and permissions should all be identical. They appear to be in the system tables, but none of the users or permissions appear in the appropriate screens on Enterprise Manager.
Also, even though the permissions appear to be intact in the syspermissions table, when I connect as a certain user and try to query a table the user should have permissions on, I'm denied access.
Does anyone have any suggestions?
Thanks in advance!
Lisa Rae
View 4 Replies
View Related
Sep 7, 2007
Is there an SP that can tell the database, the users with access to the database, and their permissions? Meaning the result would be something like...
<database> <username> db_datawriter
<database> <username> db_datareader
<database> <usernameII> db_owner
Thanks in advance
-Kyle
View 3 Replies
View Related
Oct 31, 2006
Hello, I was wondering if someone could point me in the right direction on how to do this....I have a table that is a many to many relationship between userID's and courseID's. for instance (example data for each row - dont let the spaces between rows throw you off I am just adding them to seperate the different users)userID = 1, courseID = 1userID = 1, courseID = 2userID = 1, courseID = 3userID = 2, courseID = 1userID = 2, courseID = 3userID = 3, courseID = 1userID = 3, courseID = 2userID = 3, courseID = 3I want to be able to check for a number so in this case "2" which I would like to return all users who do not have a courseID = 2. In the example above the query would return the user with the userID of 2.Any help in how I should go about doing this would be greatly appreciated. Is there a function I can use? I apologize I am extremely new to SQL
View 2 Replies
View Related
Nov 24, 2015
I'm trying to get specific permissions per user on each SQL database, would you let me know if it could be achieved e.g on an object level?
View 5 Replies
View Related
Nov 26, 2006
Hi,
I want to create a new user for my database and allow them to only select data from the tables...
CREATE LOGIN NEHardcoreWITH PASSWORD = 'abc'USE aiaccontentdb;CREATE USER NEHardcore FOR LOGIN NEHardcore
What permissions will this give to the new user? Do I need to grant any permissions and/or revoke any?
Thanks!
View 1 Replies
View Related
Aug 17, 2004
I am trying to create a new user for a SQL Server database and use the credentials in an
ASP.NET app.
Problem is dbo permissions are not being applied to the database objects when I set up a
new user (Logins -> New Logins) with SQL Server Authentication, set the default database to
the database I want.
I then get an error message saying that the user has not been granted access to their default
database : DBNAME and therefore will not be able to gain access to their default database.
I'm not sure why this is as I am logged in as sa.
Anyway, when I ignore the error and set-up this new user through the Users section of the
database none of the dbo permissions carry over.
Can anyone help?
Cheers.
View 1 Replies
View Related
Aug 14, 2001
Hi ,
I have a bunch of Users about 150 of them. I think they can't even run a SELECT .
When they try to run a select they get error messages :
"SELECT permission denied on object 'Object name', database 'Db_name', owner 'dbo'."
I have check out every thing !! All these Users are the members of public role on the database !!
They work fine on other Db's with the same settings !!
Not Sure what to do
PLEASE HELPP !!!
View 1 Replies
View Related
Jun 6, 2000
I have used DTS to imports users from one database(a) to another(b)
DTS run fine, but the original permissions don't were filled.
Can someone explain How I can do it?
Luiz Lucasi
Rio de Janeiro - RJ
View 1 Replies
View Related
Mar 10, 2000
Hi,
did anybody encounter or write a stored procedure or a tool that sets all permissions on all users on a given database?
It is a major headache to set all permissions again after some changes with a tool like ErWin and then adding some users.
Kind regards,
Andreas Erben
View 3 Replies
View Related
Feb 6, 2006
hi, please anybody help me with this....
i need to have a user account with the following requirements:
a. can create/alter/drop tables/views that is created by this user;
b. can read/update/delete records from tables created by this user
c. can read/add records to tables created by other user
d. can create/edit/execute stored procedures
is this possible? how can i do this? how can i allow a user to create new objects or alter objects owned by him at the same time prevent him from dropping objects created by other user?
how can i give a user full access to objects that he created and limit his access rights like dropping objects, deleting records or updating records from tables that is not created by him?
can i do these thru enterprise manager or do i have to run some scripts in order for these to happen? if so, can somebody help me with the scripts or links that i can use for references?
thanks a lot! hope you can help me with these...
thanks a lot...
View 1 Replies
View Related
May 23, 2006
I have a user that I have granted the server role "securityadministrator" and a database role "db_securityadmin". When logged inas this user I can create new logins but not run sp_adduser to add thenew login to as this says I don't have permission to do this. I canhowever run sp_revokedbaccess to get rid of a user from the database.
View 2 Replies
View Related
Mar 4, 2008
hi..i need help on how to create user logs with a specific transaction he made. for example, he added new item in the database, the grid wud contain user id, date, time and transaction. help po.. tnx!
View 6 Replies
View Related
Mar 30, 2015
Currently I am using SQL server 2012 and would like to implement database audit specification on specific users in my database. These are the users in my database name Payroll :-
PayrollAndy.Bred - db_owner
PayrollArpit.Shah - db_owner
Payrollwebapp - db_datareader, db_datawriter, EXECUTE
web_payroll - db_datareader, db_datawriter, EXECUTE
In my database audit specification settings, I would like to capture any SELECT,UPDATE,DELETE and EXECUTE command for users PayrollAndy.Bred & PayrollArpit.Shah only since they owned db_owner access. However, I am unable to capture any single command from both users. I do not want to put 'Principal' as public since I just want to capture both users activity.
Is it I miss out anything? Is it because of windows login account?
View 2 Replies
View Related
Apr 1, 2008
Hi there, I have the following setup in the report manager:
Root
|_ Sales
|_ Sales Export
|_ Marketing
|_ Production
|_ etc...
Now, I know that I can access each folder (f.e. Sales) by directly putting it into the URL. Is there a possibility to enable every user to the root folder and then denying access on specific folders? F.e.: Our Head of Sales should be able to navigate to the root folder and then dcecide whether he wants to enter the Sales or the Sales Export folder.
Is this possible? I tried a few things, but nothing works.
Thanks in advance!
View 5 Replies
View Related
Oct 10, 2001
Hi Everybody,
I am working on SQL 7.0/2000. I have given lot of permissions to the user 'duser1'. The permissions like select,etc..,create... Now I want to give the same permissions(what I have given to 'duser1') to the other user called 'duser2'. Right now I hvn't created any Database Roles or Server Roles.
Do we have any easy method to copy the permissions of one user to the other user?, like script generation or any method. If anybody knows that please guide me.
tks in advance,
Sam
View 1 Replies
View Related
Jul 20, 2005
As our customers demand that we tighten our IT security in the company,I've been asked to prepare a report quarterly showing, for each user inActive directory, what his effective permissions are for every table inevery database that he has permission for on our SQL Server 2000 server. Isearched a bit for a tool to do this, but all I found was the PERMISSIONS()function for showing effective permissions of the current user. Is thereany way to do it for an arbitrary user, without logging in as them?
View 5 Replies
View Related
Dec 11, 2007
I have looked and looked and looked and can not find an answer to this simple question. I want a way to script out all the permissions for a given user.
I have a user (User1) and he has the following permissions lets say:
Server
- View Server Activity
Database1
- CREATE AGGREGATE
- CREATE DEFAULT
- CREATE FUNCTION
- CREATE PROCEDURE
- CREATE RULE
- CREATE SYNONYM
- CREATE TABLE
- CREATE TYPE
- CREATE VIEW
- SHOWPLAN
- VIEW DEFINITION
Schema1
- SELECT
- INSERT
- DELETE
Schema2
- SELECT
- EXECUTE
Objects
- SELECT ON schema3.table1
- EXECUTE on schema4.storedproc1
I need a something (script, report, voodoo magic spell) that will show me this. It is hard to believe that this is not a built in report with SQL2005. It was hard to do in 2000 but you could do it if you played around with the scripting options enough. I can not find a clear cut way of doing this in 2005 to save my life. Maybe I am just blind, but my fellow DBA's have the same problem.
How can I do this? Please???
Jim Youmans
St Louis
View 6 Replies
View Related
Jan 3, 2008
hi,
I am new to SSRS. I am doing some report models for Ad-hoc reports. Im my database i have some users and their roles according to my requirement. User should only see the particular reports if he have privilege. how to customize...
User will access Report Builder to do adhoc report.
For example
I have 5 report Models
rptModel1
rptModel2
rptModel3
rptModel4
rptModel5
In my data base there are 3 users.
user1 have privilege to view rptModel1, rptModel3
user2 have privilege to view rptModel4, rptModel5
user3 have privilege to view rptModel2, rptModel5
When Particular user access the report builder, There i want to show only that particular Report models...
is there any posibilities to do this please Help me.
Thanks in Advance...
-Kannan
kannan1017@gmail.com
View 5 Replies
View Related
May 20, 2015
I created a new login and then created a new user [COM] in DB with default schema pointing to [COM]
I created then schema [COM] WITH AUTHORIZATION [COM]
I want this [COM] user to have all permissions it needs on [COM] schema only. How do I do that? When I try to create table [Com].Table it gives me permission denied.
What am I missing?
View 9 Replies
View Related
Nov 15, 2000
Is there any easy way to move users between SQL Servers for a particular database?
We have tests and development servers I would like to make sure the user lists are in sync for that db.
Thanks
View 1 Replies
View Related
Aug 16, 2004
I need to be able to set up a table listing users permissions, this needs to be run daily and then notify me of any changes without using the auditing or profiler software.
Any ideas?? :eek: :eek: :confused:
View 3 Replies
View Related
Jan 26, 2007
Hello all,I am looking for the script, which I believe exists already.I need tobe able to populate the script for security of one database andapply it to another database, even if it is located on another server:1. All logins which not exist have to be created and which existsignored including the NT accounts2. Users same as the old database + the existing ones stay in database3. Passwords for the new logins.4. All permissions/grants on all objects for the users that exists(usually it's the case) and ignore those that don't.I have script which does some of it, but it's not perfect, so everytime there are some errors.Please let me know, if you need me to email script that I have. It'spretty long so I cannot just post it in here.Thank you in advance.
View 3 Replies
View Related
Jul 20, 2005
I am in need of a utility (stored procedure, third party app, etc)that will help streamline the process of managing and auditing objectpermissions, users and roles on multiple sql server 2000 instanceswith multiple databases on each instance. That's a quick overview ofwhat I need, do I need to be more specific?Thanks.
View 2 Replies
View Related
