Granting SA-like Access Without SA
May 30, 2008
Our databases are hosted on a shared server managed by our IT department. We do not have SA access to them. If we want to create or drop a database, we ask, they approve it and then give us permissions on it. It's a bit tedious, but we live with it. However, there are other features that we want.
Is it possible in SQL Server 2005 to gain certain priveleges that a SA has without being SA? Mainly, can we:
1. Be given priveleges to run the Tuning Advisor? We would love to be able to index our tables, but we are not sure what would be the most efficient approach, and the tuning advisor could help us with this.
2. Run the SQL Server Profiler. I see when I try to access it that you need SA or ALTER TRACE permissions - since you can see all the transactions going on in the database at a time. Can we limit it to only our transactions? Is this possible?
Or is it best to request our own instance? Is that a tedious request for an IT department? Thank you.
View 3 Replies
ADVERTISEMENT
Nov 15, 2006
Hi
I am using SQL Express2005 on my local machine. How do I grant access permissions to ASPNET in order to log onto a database? I have the SQL management studio installed to do this but I can't seem to find the option to grant permissions.
At the moment the access is granted to MYMACHINE_NAMEMY_USER_NAME.
I am using VS2003
Thanks
View 2 Replies
View Related
Nov 19, 2007
Hi,
I am using windows authentication to access SQL Server 2005 objects. I have created a database role which grants select permission to only 2 tables in the database. I have added the domain user to this role. So the user should be able to select data from only those tables but when i try to select data from other tables also it displays the data which shouldnt happen. Could you please let me know whether there is any specific setting that needs to be done? Also is there anything to do with the schema level permission setting?
View 8 Replies
View Related
Mar 3, 2008
I have now succefully setup SQL Server Express on an Admin PC in my office and can see it and connect to it easily from my PC using my NT logon.
My application is complete and runs a treat for me connecting to the server from my PC.
I have now deployed the application using ClickOnce and it has all gone smoothly, except for other NT users gaining access to the database?
Within MSMSE I have clicked on Security-Logins and can see my NT login details are present and as me I can administrate the server/db.
I have added a few new logins and even tried to match them to my settings but from their computers the application fails to logon to the server/database.
Within the ODBC setup the server is visible for them but they cannot connect?
If I logon to their computer it works for me?
This section is new to me so I am struggling to get it to work, can anyone throw me a bone please?
Thanks
View 1 Replies
View Related
Apr 13, 2007
I have followed the instructions in this topic: http://msdn2.microsoft.com/en-us/library/aa337083.aspx and I have read Kirk Haselden's blog post on the subject (which contains the same info) and I still CANNOT manage to grant non-administrators the ability to access an IS server. They constantly get the Access is Denied error. Has ANYONE actually gotten this to work? If so, could you please share what you did?
View 5 Replies
View Related
Apr 21, 2008
Dear all,
I want to grant a user permissions to run Jobs in SQL Server 2000. I can' seem to find any appropriate roles for that. Do I need to assign him a server role? In that case, which? Many thanks.
Pedro Martins
View 1 Replies
View Related
Dec 6, 2001
I am trying to grant permission to one table for one individual and one group. I tried to accomplish this by simply going in and editing the permissions on the table through Enterprise Manager. It keeps getting stuck. I then ran the Grant select on (table name) to the group and it has been running for over 15 minutes. This should be something that is done relatively quickly.
Any advice would be great.
Thanks
View 1 Replies
View Related
Mar 29, 1999
i was asked by a user this morning to create an ID for him and give the ID SELECT permissions to all tables in a database. This database has over 300 tables. The only way that I could see to do this is to use the Object Permissions dialog box and manually grant the SELECT permission to each table for this users. Is there a TSQL statement that will grant the Select permission to each table in a database? The only thing I found was to use the GRANT statement, but I would have to run it on each table. I would like to be able to run 1 statement that will assign SELECT permissions to each table in the database.
Thanks,
Philip Talavera
System Administrator
SVG Distribution
View 4 Replies
View Related
Jan 18, 2005
Hi all,
I've got a MS SQL database and I created a user using this code:
EXEC sp_addlogin 'USERNAME','PASSWORD'
GO
USE DATABASE
GO
EXEC sp_revokedbaccess 'USERNAME'
EXEC sp_grantdbaccess 'USERNAME'
GO
But when I log into the database using the created user and try create a table, I get an permissions denied message.
Thanks in advance
View 1 Replies
View Related
Oct 8, 2006
Hi
I need to grant SELECT permission for ALL TABLES for tables which are tag to role (eg. ABC).
How do i grant them "permanently"? as the tables o/p by role (ABC) will be dropped and recreated when another users rerun the tables?
Appreciate any help.
Thanks very much!!
View 4 Replies
View Related
Jul 20, 2004
I have 500 tables in my Db.In those some tables name starts with abc (abc_emp,abc_dept) and rest of the tables name start with xyz(xyz_emp,xyz_transactions).I wanted to give select,insert,update and delete permissions for an user on the tables which starts with abc.
How can i do that in a much easier and sophisticated way.
Thanks.
View 1 Replies
View Related
Mar 8, 2012
I have an application, the front end is Access and the back end is sql server 2008 express.
The application does not display the view on a user's machine. Do I have to grant permission for the user, in order for the VIEW to display?
I have tried granting permission, but I am doing something wrong.
View 3 Replies
View Related
Sep 14, 2005
Hi,
I'm trying to write a script to grant privileges to a user (we are trying to allow Windows Authentication in our application).
Previously, we used the following syntax:
grant select, insert, delete, update on area to mattuser
Where mattuser is a valid sql server user.
However, we want to do something like the following:
grant select, insert, delete, update on area to MATT2000IUSR_MATT2000
Where IUSR_MATT2000 is a valid user on computer MATT2000.
We get an error when we try to run this script as follows:
Incorrect syntax near ''
How do we grant permissions for this user, other than doing it manually?
Regards.
Matt.
View 3 Replies
View Related
Dec 4, 2007
Hello,
How do , I grant select privileges on all the Views of the database to a user in SQl 2005. All the tables and views in the database are under the dbo schema.
Thanks.
View 1 Replies
View Related
Jun 18, 2007
Hi Everyone,
Were looking from some feedback, thoughts, comments, suggestions on a permissions issue in our SQL Server 2005 environment. We have a Development (stand-alone server) and Production (activepassive cluster). Both running SP2. We're looking for the best way to manage permissions for the developers without giving them dbo privileges.
As background information, here's a note / response from a developer outlining the permission they need.
-----------------------------------------
"Our team needs enough permissions on DB database to:
Create and modify DB object such as tables, stored procedures, keys, triggers, views, ...
Be able to execute stored procedures and other basic DB objects
One of the issue I had when working on DatabaseA which was never resolved was that I could create tables, but had no rights to modify them once created.
I could modify them via scripts, but not via graphical interface which is a pain.
I think we should have full permissions to dev DB other than to drop DB, and modify system DB settings.
So that we can work within the created DB shell completely."
-----------------------------------------
Previous to supporting the current SQL Server 2005 environment, the developersapp owners had db_owner for their databases. Definitely not a best practice as with 2005 db_owner is ablke to delete databases. Moving away from this, we thought we would scale them back and only grant them the following database roles:
db_datareader
db_datawriter
db_ddladmin
With these roles, they were able to create the tables, views, stored procedures, etc...... but problems arose when they tried to modify the objects they created as well as execute stored procedures. It's going to be a pain to grant permissions on each stored procedure. More of a mystery is allowing them to make design changes within Studio Manager. Given they can already do this using scripts but not the GUI.
So there is an issue with using GUI tools to design the tables.
Here's a thread we found that tries to explain the reason why they can't use the GUI to make design changes.
Even if you have CREATE TABLE permission, there are limitations to the modifications you can make. Remember, as you modify an existing table or design a new one, your work can induce attendant modifications in other tables. For example, if you change the data type of a foreign-key column, the corresponding column in the primary-key table will be automatically modified by the Visual Database Tools. If you do not own the primary-key table, and you are not logged in as the system administrator, database owner, or a user that is a member of the db_owner role, your modification will fail.
When we created the accounts, we assigned the default schema to be 'dbo'. This was thought to simplify administration of the objects. In SQL Server 2000, this was a best practice. Now, in SQL Server 2005, they changed everything with the user schema separation.
So we have a developer (devuser) - created with default schema (dbo). Any object that are being created are owned by dbo. (ie... dbo.table1, dbo.storedproc1, etc..) So dbo owns the objects, not the user.
Does anyone have any ideas? Do we create a new schema and assign permissions? Do we create a new fixed database role for the developers? I'm curious as to how others are assigning permissions to developers on development and production servers.
Thanks,
Rob
View 4 Replies
View Related
Feb 12, 2008
Within my Report Manager, I have several folders, and I would like these folders to be only visible to certain users and groups. In the Active Directory I have DOMAINGroupName1. If I add this group to the folder I want them to have access to with a Browser role, when they open Report Manager they do not see the folder at all. Then I added the same group to the HOME folder also, but again they could not see their folder when they opened the Report Manager. If I add the Users of this group individually (DOMAINUser1, DOMAINUser2 etc) then they can see the folder and run reports just fine. This is not an ideal solution as groups will change over time and I don't want to have to keep adding and deleting members. Anyone got any ideas why they can't see their folder?
Thanks!
View 4 Replies
View Related
Sep 15, 2000
When granting INSERT, DELETE permissions, is this done for
the logon-id OR for the user associated with the logon-id?
I know you can do this for roles.
View 2 Replies
View Related
Jul 20, 2005
What is the best way to grant a user permission to create a view?I first created a role using enterprise manager but for the role Icreated it doesn't seem to offer that permission. It offers the basicstuff such as insert, select, and update.I could go in and use a grant create view sql statement I suppose butI'd rather do it through enterprise manager where it would be visibleif I need to change it in the future.-David
View 3 Replies
View Related
Aug 15, 2007
All,
I have been asked to grant a Windows group Full access to all tables under our Sandbox Schema. This will allow these users to do anything to the tables under this Schema.
I created the Windows Group (Sandbox Users), created the login in SQL, created the user in the database that is tied to the Windows group, then ran GRANT CONTROL ON SCHEMA::[Sandbox] TO [Sandbox Users].
I have verified that the users are in the Windows group, but they state that they still can not delete tables under the Sandbox Schema.
Anyone have any ideas?
Thanks,
Justin
View 5 Replies
View Related
Nov 21, 2005
Bit of an emergency!
I do not have direct access to our SQL Server but I have full FTP access to the web server and have the db Username/passwords.
I need to grant execute permissions on a stored procedure, can I do this from an asp/ASP.NET page?
The DB guys take 24 hours to run a script against the database!
Any help would be greatfully recieved.
Rich
View 1 Replies
View Related
Jan 21, 2005
I have a user on my database that has the following base permissions :
public
db_datareader
I need to give this user permission to edit a single stored procedure. I have tried using the following command :
GRANT ALL ON stored_procedure_name TO username
Which executes successfully, but the user still cannot edit the stored procedure.
If I give the user db_ddladmin permission they can edit all the user stored procedures, but for security reasons I would prefer to be able to this this at procedure level rather than a global permission on all user procs.
Does anybody know how I can do this?
EDIT : This is on SQL 2000
View 1 Replies
View Related
May 25, 2007
Is there a better way of granting permission to a stored proc for a selected user other than (enterprise manager) select sp then accessing propertys then permissions, then user?
View 4 Replies
View Related
Feb 12, 2008
When granting db_owner to the SINGLE user, it's automatically set the DEFAULT_SCHEMA to dbo so when the user created the table, the table will be owned by "dbo"
When granting db_owner to the Window group, DEFAULT SCHEMA WILL NOT be "dbo", for this reason when the user A(belonging to this Windows Group) created a table, that's table will be owned by user A instead of dbo.
1. is it normal behavior for the Windows group?
2. Is there any way you can grant to the group so the objects will be owned by dbo instead of the user who created the objects? or this is a behavior when MS introduce SCHEMA in 2005.
Thanks,
View 1 Replies
View Related
Feb 12, 2002
We're moving several Version 7 databases to a SQL Server
2000 box.
How can I grant SQL Server 2000 security for three
"Named Instances"?
Thanks
Benny
View 1 Replies
View Related
Apr 28, 2015
I have stored procedures. I have heard that it is a best practice to use stored procedures to encapsulate some SQL statements and then grant permissions to execute the stored procedure. But when I try this and use EXECUTE AS to test it out, the user in question gets errors about not having access to some of the underlying objects.
How does this best practice work? If I need to grant the user permissions to the underlying objects anyway, I am not sure why a stored procedure is considered best practice in this regard.
View 8 Replies
View Related
Nov 16, 2006
How do I allow a user (or group of users) permission to create/drop a table?
I have found the 'GRANT CREATE TABLE TO username' command, which will (I assume) allow a user to create a table, but how to I allow a user to 'DROP' the created table as well?
'GRANT DROP TABLE TO username' doesn't work?
and I want the users to be able to DROP/DELETE this table (temporary table created just for printing purposes) as well.
thanks
View 3 Replies
View Related
Jul 13, 2007
I want to grant access on the below view for an end user so that he connect to our SQL server and retrieve data. The view looks like the below
CREATE VIEW DB1.[dbo].[View1]
AS
-- For brevity, I made it as simple statement.
SELECT *
From DB2.dbo.table2
GO
For the above view, it looks like I have to grant select and connect permission for the DB1. [dbo].[View1] as well as DB2.dbo.table2.
1. Is my understanding correct?
2. I want the user to access only DB1. [dbo].[View1] and not the underlying tables. Is there a way to grant access only on the view and execute the statement on a different security context so that the user can€™t access DB2.dbo.table2 directly?
3. When the user uses SQL Server Management Studio to connect to SQL server, he is able to connect and select DB2.dbo.table2 directly. Is there any way to restrict user from viewing and executing select statement on DB2 database from SQL Server Management Studio
Thanks in advance for your help
With regards
Ganesh
View 5 Replies
View Related
Sep 6, 2007
Having some trouble getting my head around setting access to specificschemas- here's my problem:I've created a specific schema that I only want certain users tocontrolProblem: Even though I give them full access....the cannot createtables under that schema...my code is below (flyer is the schema,eflyerAdmin is the role, and eflyer is the user):GRANTALTER,CONTROL,DELETE,EXECUTE,INSERT,REFERENCES,SELECT,TAKE OWNERSHIP,UPDATE,VIEW DEFINITIONON SCHEMA::flyerTO eflyerAdminGO-- Add an existing user to the roleEXEC sp_addrolemember N'eflyerAdmin', N'eflyer'
View 1 Replies
View Related
Mar 6, 2013
The developers in our shop have a need to explicitly grant view definition permissions to themselves on stored procedures they create in their development databases. They have dbo level permissions in these databases and although they can explicitly grant view definition permissions to other developers in the same database, they are unable to do so for themselves. When they attempt this, it appears that they are successful but when they check the stored procedure afterwards the permission is not there for themselves.
While this does not cause an issue in development, the intention is for these view definition permissions to be carried forward to the test and production databases where they only have datareader permissions.
When these stored procedures are scripted out by the dba to move to Test and Production the view definition permissions are not scripted out for the developer in question.
Is there a way that a developer with dbo rights in a database can explicitly grant themselves view definition permissions on a stored procedure they create as dbo?
View 9 Replies
View Related
Aug 4, 2004
Hi All,
I'm trying to create a proc for granting permission for developer, but I tried many times, still couldn't get successful, someone can help me? The original statement is:
Create PROC dbo.GrantPermission
@user1 varchar(50)
as
Grant create table to @user1
go
Grant create view to @user1
go
Grant create Procedure to @user1
Go
Thanks Guys.
View 14 Replies
View Related
Dec 4, 2006
I have been running a script in SQL Server 2000 as sa also as a Active Directory user who has administrator rights (I tested both approaches SQL Server then Windows Authentication) in Query Analyser which grants execute rights to the stored procedures within the database instance and Query Analyser does not give any errors when I run the script. I have made sure that each transaction has a go after it. I then return to Enterprise Manager, check the rights (I apply them to roles so that when we create another SQL Server user we just grant him/her rights to the role) and discover that the role has not been granted the rights. I seems to be occurring only with 2 of the procedures. Is there a known bug that might be causing this?
yours sincerely
Craig Hoy
View 9 Replies
View Related
May 16, 2000
I need to grant select, insert, update, and delete permission to an object residing in Database "X" from a store procedure in database "Y". I have already tried USE database statement. Any suggestion.
Thanks
Maroof Khan
View 1 Replies
View Related
Sep 5, 2006
I want a database user to be able to alter login, database user and database role from my application. so, i assigned that user to sccurityadmin server role, db_accessadmin and db_securityadmin database roles....By now, the user can add or remove login and database user. However, the user cannot add or remove any database role membership. What am I missing here?? What should I do so that the user can create, and alter database roles in the database??
View 1 Replies
View Related