Granting Privileges With A Script
Sep 14, 2005
Hi,
I'm trying to write a script to grant privileges to a user (we are trying to allow Windows Authentication in our application).
Previously, we used the following syntax:
grant select, insert, delete, update on area to mattuser
Where mattuser is a valid sql server user.
However, we want to do something like the following:
grant select, insert, delete, update on area to MATT2000IUSR_MATT2000
Where IUSR_MATT2000 is a valid user on computer MATT2000.
We get an error when we try to run this script as follows:
Incorrect syntax near ''
How do we grant permissions for this user, other than doing it manually?
Regards.
Matt.
View 3 Replies
ADVERTISEMENT
Dec 6, 2001
I am trying to grant permission to one table for one individual and one group. I tried to accomplish this by simply going in and editing the permissions on the table through Enterprise Manager. It keeps getting stuck. I then ran the Grant select on (table name) to the group and it has been running for over 15 minutes. This should be something that is done relatively quickly.
Any advice would be great.
Thanks
View 1 Replies
View Related
Mar 29, 1999
i was asked by a user this morning to create an ID for him and give the ID SELECT permissions to all tables in a database. This database has over 300 tables. The only way that I could see to do this is to use the Object Permissions dialog box and manually grant the SELECT permission to each table for this users. Is there a TSQL statement that will grant the Select permission to each table in a database? The only thing I found was to use the GRANT statement, but I would have to run it on each table. I would like to be able to run 1 statement that will assign SELECT permissions to each table in the database.
Thanks,
Philip Talavera
System Administrator
SVG Distribution
View 4 Replies
View Related
Jan 18, 2005
Hi all,
I've got a MS SQL database and I created a user using this code:
EXEC sp_addlogin 'USERNAME','PASSWORD'
GO
USE DATABASE
GO
EXEC sp_revokedbaccess 'USERNAME'
EXEC sp_grantdbaccess 'USERNAME'
GO
But when I log into the database using the created user and try create a table, I get an permissions denied message.
Thanks in advance
View 1 Replies
View Related
Oct 8, 2006
Hi
I need to grant SELECT permission for ALL TABLES for tables which are tag to role (eg. ABC).
How do i grant them "permanently"? as the tables o/p by role (ABC) will be dropped and recreated when another users rerun the tables?
Appreciate any help.
Thanks very much!!
View 4 Replies
View Related
May 30, 2008
Our databases are hosted on a shared server managed by our IT department. We do not have SA access to them. If we want to create or drop a database, we ask, they approve it and then give us permissions on it. It's a bit tedious, but we live with it. However, there are other features that we want.
Is it possible in SQL Server 2005 to gain certain priveleges that a SA has without being SA? Mainly, can we:
1. Be given priveleges to run the Tuning Advisor? We would love to be able to index our tables, but we are not sure what would be the most efficient approach, and the tuning advisor could help us with this.
2. Run the SQL Server Profiler. I see when I try to access it that you need SA or ALTER TRACE permissions - since you can see all the transactions going on in the database at a time. Can we limit it to only our transactions? Is this possible?
Or is it best to request our own instance? Is that a tedious request for an IT department? Thank you.
View 3 Replies
View Related
Nov 15, 2006
Hi
I am using SQL Express2005 on my local machine. How do I grant access permissions to ASPNET in order to log onto a database? I have the SQL management studio installed to do this but I can't seem to find the option to grant permissions.
At the moment the access is granted to MYMACHINE_NAMEMY_USER_NAME.
I am using VS2003
Thanks
View 2 Replies
View Related
Jul 20, 2004
I have 500 tables in my Db.In those some tables name starts with abc (abc_emp,abc_dept) and rest of the tables name start with xyz(xyz_emp,xyz_transactions).I wanted to give select,insert,update and delete permissions for an user on the tables which starts with abc.
How can i do that in a much easier and sophisticated way.
Thanks.
View 1 Replies
View Related
Mar 8, 2012
I have an application, the front end is Access and the back end is sql server 2008 express.
The application does not display the view on a user's machine. Do I have to grant permission for the user, in order for the VIEW to display?
I have tried granting permission, but I am doing something wrong.
View 3 Replies
View Related
Dec 4, 2007
Hello,
How do , I grant select privileges on all the Views of the database to a user in SQl 2005. All the tables and views in the database are under the dbo schema.
Thanks.
View 1 Replies
View Related
Jun 18, 2007
Hi Everyone,
Were looking from some feedback, thoughts, comments, suggestions on a permissions issue in our SQL Server 2005 environment. We have a Development (stand-alone server) and Production (activepassive cluster). Both running SP2. We're looking for the best way to manage permissions for the developers without giving them dbo privileges.
As background information, here's a note / response from a developer outlining the permission they need.
-----------------------------------------
"Our team needs enough permissions on DB database to:
Create and modify DB object such as tables, stored procedures, keys, triggers, views, ...
Be able to execute stored procedures and other basic DB objects
One of the issue I had when working on DatabaseA which was never resolved was that I could create tables, but had no rights to modify them once created.
I could modify them via scripts, but not via graphical interface which is a pain.
I think we should have full permissions to dev DB other than to drop DB, and modify system DB settings.
So that we can work within the created DB shell completely."
-----------------------------------------
Previous to supporting the current SQL Server 2005 environment, the developersapp owners had db_owner for their databases. Definitely not a best practice as with 2005 db_owner is ablke to delete databases. Moving away from this, we thought we would scale them back and only grant them the following database roles:
db_datareader
db_datawriter
db_ddladmin
With these roles, they were able to create the tables, views, stored procedures, etc...... but problems arose when they tried to modify the objects they created as well as execute stored procedures. It's going to be a pain to grant permissions on each stored procedure. More of a mystery is allowing them to make design changes within Studio Manager. Given they can already do this using scripts but not the GUI.
So there is an issue with using GUI tools to design the tables.
Here's a thread we found that tries to explain the reason why they can't use the GUI to make design changes.
Even if you have CREATE TABLE permission, there are limitations to the modifications you can make. Remember, as you modify an existing table or design a new one, your work can induce attendant modifications in other tables. For example, if you change the data type of a foreign-key column, the corresponding column in the primary-key table will be automatically modified by the Visual Database Tools. If you do not own the primary-key table, and you are not logged in as the system administrator, database owner, or a user that is a member of the db_owner role, your modification will fail.
When we created the accounts, we assigned the default schema to be 'dbo'. This was thought to simplify administration of the objects. In SQL Server 2000, this was a best practice. Now, in SQL Server 2005, they changed everything with the user schema separation.
So we have a developer (devuser) - created with default schema (dbo). Any object that are being created are owned by dbo. (ie... dbo.table1, dbo.storedproc1, etc..) So dbo owns the objects, not the user.
Does anyone have any ideas? Do we create a new schema and assign permissions? Do we create a new fixed database role for the developers? I'm curious as to how others are assigning permissions to developers on development and production servers.
Thanks,
Rob
View 4 Replies
View Related
Feb 12, 2008
Within my Report Manager, I have several folders, and I would like these folders to be only visible to certain users and groups. In the Active Directory I have DOMAINGroupName1. If I add this group to the folder I want them to have access to with a Browser role, when they open Report Manager they do not see the folder at all. Then I added the same group to the HOME folder also, but again they could not see their folder when they opened the Report Manager. If I add the Users of this group individually (DOMAINUser1, DOMAINUser2 etc) then they can see the folder and run reports just fine. This is not an ideal solution as groups will change over time and I don't want to have to keep adding and deleting members. Anyone got any ideas why they can't see their folder?
Thanks!
View 4 Replies
View Related
Nov 28, 2004
Hi,
in mixed mode,
is there a way to prevent access from user SA to a specific database?
thanks
View 1 Replies
View Related
May 29, 2004
I have just noticed something very discomforting.
I was told that a user with DBO privileges is able to alter their own database. A conversation of course began to where I was in disagreement with him. The ultimate test of course would be setup the scenario. To my surpise he was right!
I checked the BOL documentation and my concerns were verified.
I have checked permissions on the user I created as well as on a user that previously exists on the MSSQL Server. Only DBO permissions were given to the tested users.
I thought maybe this had something to do with the autogrow setting which is a setting we would enable on a dedicated MSSQL Server but not on a shared MSSQL Server. I toggled this option and the DBO was still able to make size changes to their database.
This is very upsetting as we charge for additional reserved database space. Aside from that, we wouldn't want to have a user with unlimited resources to the server. I could easily fill up a hard drive if I were to update the autogrow setting of the database as DBO and run an infinite loop that would insert data into tables.
I then tested the ability for a user to restore a backup and to my surprise it worked without error for the DBO only privileged user. The DBO user was also able to restore previously dated databases assuming that they knew the file name which would not be hard to guess since it is appended with a date stamp (My_Database_20042905.BAK).
Why is this? Is there a way to correct this and prevent the DBO user to only have access to their database but not the above mentioned type privileges?
View 2 Replies
View Related
Sep 15, 2000
When granting INSERT, DELETE permissions, is this done for
the logon-id OR for the user associated with the logon-id?
I know you can do this for roles.
View 2 Replies
View Related
Jul 20, 2005
What is the best way to grant a user permission to create a view?I first created a role using enterprise manager but for the role Icreated it doesn't seem to offer that permission. It offers the basicstuff such as insert, select, and update.I could go in and use a grant create view sql statement I suppose butI'd rather do it through enterprise manager where it would be visibleif I need to change it in the future.-David
View 3 Replies
View Related
Aug 15, 2007
All,
I have been asked to grant a Windows group Full access to all tables under our Sandbox Schema. This will allow these users to do anything to the tables under this Schema.
I created the Windows Group (Sandbox Users), created the login in SQL, created the user in the database that is tied to the Windows group, then ran GRANT CONTROL ON SCHEMA::[Sandbox] TO [Sandbox Users].
I have verified that the users are in the Windows group, but they state that they still can not delete tables under the Sandbox Schema.
Anyone have any ideas?
Thanks,
Justin
View 5 Replies
View Related
Nov 19, 2007
Hi,
I am using windows authentication to access SQL Server 2005 objects. I have created a database role which grants select permission to only 2 tables in the database. I have added the domain user to this role. So the user should be able to select data from only those tables but when i try to select data from other tables also it displays the data which shouldnt happen. Could you please let me know whether there is any specific setting that needs to be done? Also is there anything to do with the schema level permission setting?
View 8 Replies
View Related
Feb 21, 2008
Basically to defend against SQL injection I want to be able to stop basic users or admins from being able to drop tables or doing other damaging activities. I'm using ms sql express, how can I do this? A friend mentioned that he uses MySql and user privileges can be set up in this way.
View 2 Replies
View Related
Jun 26, 2001
Is there a way to alias a table such that a particular user with privileges on that table (created by another user - not 'dbo') does not have to qualify it with the owner name? I am seeking a database level solution. Thanks.
View 1 Replies
View Related
Sep 3, 1998
I`m having a privileges problem when I go into enterprise manager.
I am unable to do things like create an index. I believe every time I open enterprise manager it is logging
me in as a user other than sa. How can I change this setting so that when I open enterprise manager I`m loggged
in as sa?
View 2 Replies
View Related
Jan 12, 2006
Hi. I'm trying to test something on a test db I have installed on my pc, but I am unable to process as I'm doing it. So, basically what I want is to give execute privilege on a procedure to a user, so the user can execute this procedure without having the privileges explicity granted on it (what this procedure do is to truncate a table on which the user has no access). As I've read, SQL Server stored procedures privileges runs with the definers permissions, not the one that is actually executing the procedure. So, what I'm doing is this: in query analyzer, logged in as sa, I did
use test
create table t ( a integer )
create procedure can_truncate as
truncate table t
sp_addlogin 'jmartinez',''
sp_grantdbaccess 'jmartinez','jmartinez'
grant execute on can_truncate to jmartinez
Then I went to connect again, as jmartinez and did:
exec can_truncate
and I get
Server: Msg 3704, Level 16, State 1, Procedure can_truncate, Line 2
User does not have permission to perform this operation on table 't'.
So, I wonder what more permissions would user jmartinez need in order to execute this procedure successfully. I hope you all understand what I am trying to achieve.
Thanks!
View 8 Replies
View Related
Feb 5, 2007
I am very new to the SQL database. I have the following query. I would appreciate if someone could clarify this for me:
I have created two users (user1 & user2) under the same login name test1 in SQL Server 2005 Database. Further I used the login name (test1) & password (******) of SQL Server in connection string to connect to database.
Now I want to know that how & where can I refer the user name (user1 or user2) to use its previliges.
How will I know that which user's privileges level is used in the connection.?
View 1 Replies
View Related
Oct 1, 2007
Is there any way I can give a user read only access to the database, yet have privilges to run a trace.
Any suggestions and inputs would help
Thanks
View 1 Replies
View Related
May 4, 2006
I am trying to get a DTS package to be run from the command line withthe dtsrun utility. The DTS package is stored in the database. The userI supply is a user in the database. I get an error stating "SQL Serverdoes not exist or access denied." It looks to me like the SQL Serverinstance does exist because it tries to start the package. I get"DTSRun: Executing". If I put in a server that is non-existent, I do notget that message. I also know that my username and password are correct.Here is output from my attempt to run dtsrun for my DTS pkg (server,user, password change to protect my db security):C:>dtsrun /Sserver_name /Uuser /Ppass /Npkg_nameDTSRun: Loading...DTSRun: Executing...DTSRun OnStart: DTSStep_DTSExecuteSQLTask_1DTSRun OnError: DTSStep_DTSExecuteSQLTask_1, Error = -2147467259 (80004005)Error string: [DBNETLIB][ConnectionOpen (Connect()).]SQL Serverdoes not exist or access denied.Error source: Microsoft OLE DB Provider for SQL ServerHelp file:Help context: 0Error Detail Records:Error: -2147467259 (80004005); Provider Error: 17 (11)Error string: [DBNETLIB][ConnectionOpen (Connect()).]SQL Serverdoes not exist or access denied.Error source: Microsoft OLE DB Provider for SQL ServerHelp file:Help context: 0DTSRun OnFinish: DTSStep_DTSExecuteSQLTask_1DTSRun: Package execution complete.I suspect that my user I am connecting to the database with does nothave privileges to execute the DTS package. I cannot determine, fromBOL, what privs I need to grant to this user to let them execute thispackage. Any ideas?TIA,Brian--================================================== =================Brian PeaslandJoin Bytes!http://www.peasland.netRemove the "nospam." from the email address to email me."I can give it to you cheap, quick, and good.Now pick two out of the three" - Unknown
View 5 Replies
View Related
Aug 11, 2006
I am having trouble with providing the minimum security to a user. After issuing the following:
GRANT EXECUTE ON SCHEMA :: DBO TO skillsnetuser;
I test the permissions with
exec as login = 'skillsnetuser'
exec prcElmtList 1, 1, 102268
revert;
and receive this message
Msg 229, Level 14, State 5, Line 2
SELECT permission denied on object 'Org', database 'SNAccess_Dev', schema 'dbo'.
The principal that owns the dbo schema is dbo and is the principle for all procedures and tables in that schema.
What can I do to shed some light on what is causing this access problem?
View 10 Replies
View Related
May 25, 2008
After installing Express, I tried running the QuickStart utility and received an error that I have insufficient privileges to create. I am the administrative user on my laptop and don't understand why I am unable to run the utility.
I did have an instance previously and had no problems with it until it was corrupted somehow.
I am running on Vista.
Any help will be greatly appreciated.
View 12 Replies
View Related
Nov 21, 2005
Bit of an emergency!
I do not have direct access to our SQL Server but I have full FTP access to the web server and have the db Username/passwords.
I need to grant execute permissions on a stored procedure, can I do this from an asp/ASP.NET page?
The DB guys take 24 hours to run a script against the database!
Any help would be greatfully recieved.
Rich
View 1 Replies
View Related
Jan 21, 2005
I have a user on my database that has the following base permissions :
public
db_datareader
I need to give this user permission to edit a single stored procedure. I have tried using the following command :
GRANT ALL ON stored_procedure_name TO username
Which executes successfully, but the user still cannot edit the stored procedure.
If I give the user db_ddladmin permission they can edit all the user stored procedures, but for security reasons I would prefer to be able to this this at procedure level rather than a global permission on all user procs.
Does anybody know how I can do this?
EDIT : This is on SQL 2000
View 1 Replies
View Related
May 25, 2007
Is there a better way of granting permission to a stored proc for a selected user other than (enterprise manager) select sp then accessing propertys then permissions, then user?
View 4 Replies
View Related
Feb 12, 2008
When granting db_owner to the SINGLE user, it's automatically set the DEFAULT_SCHEMA to dbo so when the user created the table, the table will be owned by "dbo"
When granting db_owner to the Window group, DEFAULT SCHEMA WILL NOT be "dbo", for this reason when the user A(belonging to this Windows Group) created a table, that's table will be owned by user A instead of dbo.
1. is it normal behavior for the Windows group?
2. Is there any way you can grant to the group so the objects will be owned by dbo instead of the user who created the objects? or this is a behavior when MS introduce SCHEMA in 2005.
Thanks,
View 1 Replies
View Related
Mar 3, 2008
I have now succefully setup SQL Server Express on an Admin PC in my office and can see it and connect to it easily from my PC using my NT logon.
My application is complete and runs a treat for me connecting to the server from my PC.
I have now deployed the application using ClickOnce and it has all gone smoothly, except for other NT users gaining access to the database?
Within MSMSE I have clicked on Security-Logins and can see my NT login details are present and as me I can administrate the server/db.
I have added a few new logins and even tried to match them to my settings but from their computers the application fails to logon to the server/database.
Within the ODBC setup the server is visible for them but they cannot connect?
If I logon to their computer it works for me?
This section is new to me so I am struggling to get it to work, can anyone throw me a bone please?
Thanks
View 1 Replies
View Related
Apr 13, 2007
I have followed the instructions in this topic: http://msdn2.microsoft.com/en-us/library/aa337083.aspx and I have read Kirk Haselden's blog post on the subject (which contains the same info) and I still CANNOT manage to grant non-administrators the ability to access an IS server. They constantly get the Access is Denied error. Has ANYONE actually gotten this to work? If so, could you please share what you did?
View 5 Replies
View Related
