How To: Determine If Current Windows User Has Login Access, Database Access And If They Are A Member Of A Specific DB Role.
Mar 25, 2008
I need to determine the following about the current authenticated Windows domain user who is trying to access a SQL Server via a trusted connection.
1 Has the current user been granted login access to the trusted SQL Server?
2 Has the current user been granted access to a specific database?
3 Is the current user a member of a specific database role such as (DB_ROLE_ADMINISTRATORS)?
Thanks,
Sean
View 6 Replies
ADVERTISEMENT
Aug 5, 2004
I need a stored procedure to find out if the current user is a member of a certain role. I want to pass the role name and return a bit to tell whether he is a member or not. I have this code to list the groups the current user is a member of but I don't know how to search or do a "SELECT FROM" on the results.DECLARE @usr varchar(32) SET @usr = USER EXEC sp_helpuser @usr But if the current user is a member of more than one role it returns multiple rows. So if I could do something like: DECLARE @grpName varchar(32) SELECT * FROM (EXEC sp_helpuser @usr) WHERE GroupName=@grpNameIF rowcount > 0 THENRETURN 1ELSERETURN 0END IF I know that doesn't work so how can I do this?
View 6 Replies
View Related
Oct 24, 2015
Deleting a Login from a server instance and adding it back did not show that the login was still mapped to databases. In SQL Server 2008, adding a Windows Login did not permit access to end user databases until the Windows Login was mapped to various databases. In SQL Server 2012, once a Windows Login is added to SQL Server Security, it may access ANY end user databaseWe use the following to circumvent this problem, Windows Login by Windows Login: DENY VIEW ANY DATABASE TO [TESTTest1]
View 6 Replies
View Related
Oct 19, 2007
Hey there.
I must write a stored procedure to update a table and want to make sure the ID used in both Acceptance and Production will have the necessary access. The ID will inherit it's access to the resource though a ROLE.
Wondering if there are queries out there that can traverse for example, the roles/id's that have access to it... Thx!
View 2 Replies
View Related
May 1, 2007
Hi guys. I created a database "MyDatabase" using an AD Account "user01" which is a member of a domain group "GroupA". I have created a login in my SQL Server 2005 for this AD group. I have also added the said login as a user of my database. I created other AD users and put them in the same group. When I try to access the database using the other users, I get this message
The server principal "MyDomainuser02" is not able to access the database "MyDatabase" under the current security context.
This KB tells me that my situation is triggered by the first case in which the owner of the database is windows authenticated. I have already set the database to be TRUSTWORTHY. I haven't tried CERTIFICATES though. I believe I haven't done anything complex to warrant this solution.
I'm really lost with the myriads of principals and securables that SQL2005 has. All I want is just to execute a certain set of stored procedures. I can't do this because I can't even execute "USE MyDatabase". What are the permissions I need to give to "GroupA" ?
View 5 Replies
View Related
Sep 10, 2015
Is there any way to get more information for when IAuthorizationExtension::CheckAccess fails to grant access to a report item for the current user? Specifically, it would be useful to know:
1. URL of attempted report
2. IP address of user agent
3. Identity of current user
4. Date/Time of the failed attempt
ssrs2014
View 7 Replies
View Related
Feb 7, 2008
I have a restriced user on SQL Server that is only permitted to creat a new database and manage it only. All other database are hidden to that user.
when that user login to SQL Server and create a database and try to change the default folder path for data and log files, gets an error,
The Server principal "User" is not able to access the database "model" under the current security context. (MSSQL Server, Error: 916)
Any idea???
Thanks,
View 7 Replies
View Related
Jul 13, 2015
I'm using a legacy application built using VB5 and SQL Server 7. After recompiling it, and putting the database in SQL Server 2012. I want to access the current login user using the SQL function SUSER_SNAME().
This is the code.
Set rdoRes = goDatabase.Connection.OpenResultset("select suser_sname()")
But I'm unable to get the current user login in the application. If I write any other SQL statement instead of this, then it runs. But only this statement is not running. Is there any security reasons for this?
View 8 Replies
View Related
Oct 9, 2000
Hi!
I've restored a backup from server A in server B. In server A I used to have a db_owner, called sitebase. After restoring the backup in server B, I created the user sitebase again and tried to grant him db_owner through Server Manager but I got the error: user or role already exists in the current database.
How can I avoid this situation and grant db_owner to him?
Thanks,
Fábio
View 1 Replies
View Related
Sep 20, 2001
I used a backup copy of our production DB (residing in our prod machine) to do a database RESTORE to our test DB (residing in our test machine). This step was successful.
However when I tried to access the test DB via Peoplesoft application, I am unable to logon. Only then did I notice that all the users, with the exception of "sa", were gone.
When I attempted to add a user via Enterprise Manager's Action - Add Database User, I get the message, "Error 15023: User or role '%' already exists in the current database.
What's the best way to fix this without resorting to copying the source server's master database (If i do this, I risk clobbering some other DB's that are present in the target server but not in source server)?
Any help you can provide will be greatly appreciated!!!
View 2 Replies
View Related
Apr 29, 2008
In my application (infopath browser forms), First I get current user name thru System.Environment.UserName, after that, i want to check whether this user has access (read & write) permission to certain database, How do I do that?
One way I tried before is to get all the users and stored the names in an array for comparing in my program, but can not figure out the SQL command (to get the database users), if there it is, please kindly tell me.
Or if I can just pass the current user to check?
Thanks in advance.
View 5 Replies
View Related
Jan 9, 2006
In sql server 2000, I created some custom database roles called ProjectLeader and Developer. I would make these roles a member in the fixed database roles so that I would only have to add the user to the ProjectLeader or Developer role once and they would presto-magico have the security I wanted them to have with no unecessary mouse clicking. I'm not sure how to repeat this process in 2005? Management Studio doesn't seem to allow you to add a role as a member in another role. Is there a work around or solution for this?
View 1 Replies
View Related
May 20, 2014
I have been struggling with this one for awhile now.I have a domain group which only must view the steps and history of all agent jobs.I have added the group to the sqlagentreadergroup.I have created a new role and denied this role,add job,update job,delete job etc execute permissions.But the user still can change ,delete or create a new job.
All the groups and users in th new role,does not have sysadmin rights.
we have sql 2012 enterprise version
What else can i try.I need this for audit purposes.
View 7 Replies
View Related
Dec 18, 2007
Does anybody know of a way to determine the last date/time a table has been accessed (query/update)? I've done enough research to know that this isn't easy. However, perhaps somebody has figured out a way through some of the stats that SQL Server keeps to determine the last access of a table. I have recently been put on a team that had no DBA and has a number of databases out there. They would like to determine which databases are inactive and get rid of them. I am a developer and haven't had much SQL Server Administration experience. Any info will help greatly! Thanks!
View 2 Replies
View Related
Aug 7, 2007
We are using Windows authenication within our system, and I was wondering how it would be possible to determine if the user conected to the SQL SERVER instance was a member of a particular active directory security group?
Thanks.
View 3 Replies
View Related
Jul 6, 2007
I am using an unattended install script to install the database on the client machine. All the settings look correct. But my application cannot access the db -
Error: Cannot open database requested by the login.
Now when I install SQL Server Express manually, it works fine. I have the service running under local system and enabled user instances is true. I cannot figure out the problem(been working on it for 2 days).
Any ideas?
View 1 Replies
View Related
Jul 31, 2015
I was asked to determine the last time 2 databases were accessed.
Are the .trc files an accurate way to determine the database access history?
View 5 Replies
View Related
Oct 10, 2007
Hi:
When I restore DB from testing to production, we want to remove extra access rights granted to public group. Is there a simple way to query to find out for which objects (table, view, sp, fn) that public group were granted select, delete, update insert, or execute rights?
My objective is to write a sp to remove all user assigned rights to public group (role), but not to deny any rights. How to do it?
Any suggestion will be appreciated.
View 1 Replies
View Related
Jun 23, 2014
i am currently working on designing a database for a bank as a school project for my database class. We have to draw up an entity relationship diagram, Sql tables, database size estimate etc. I am currently working on the security portion of the project. I need to list the groups that have access to my application and use a grid format to show access to specific tables.
I am currently working on designing a database for a bank as a school project for my database class. We have to draw up an entity relationship diagram, Sql tables, database size estimate etc. I am currently working on the security portion of the project. I need to list the groups that have access to my application and use a grid format to show access to specific tables.
Role Loans Payments Transactions Accounts Customer Emplo
Database Admin SUID SUID SUID SUID SUID SUID
Branch Manager SUI SUI SUI SUI SUI SUI
Internal Auditor S S S S S S
Loan Officer SUID SUI SUI S S
Tellers S S S S SU
Customers U
View 1 Replies
View Related
Nov 8, 2000
Hi,
I have a login 'testuser' on test server.
This login was 'db_datareader' for database called 'invent_test' on test server.
I deleted the whole database and restored the production backup as 'invent_test' database.
Now I am trying to modify login 'testuser' by adding it as 'db_datareader' for 'invent_test' again but it gives me an error that 'this user or role already exists for current database'.
I can not see 'db_datareader' or even 'invent_test' options selected in login properties for 'testuser'. Also I can not find 'testuser' in database roles
-->db_datareader member list.
Is this a bug with sql server 7.0? Or how should I give this user priviledges to read?
I dropped the login and recreated it. Server is also rebooted meanwhile so there is no possibility for cashe problem. Still same error is there.
Is there any thing that I am missing here?
I really appreciate your help. I am very frustrated now.
View 2 Replies
View Related
Jun 9, 2015
When i wanna run Application in other computers in network. The following error occurs.
error : System.Data.SqlClient.SqlException: Login failed for user 'Suren-PCGuest'.ConnectionStr = "Data Source=SUREN-PCMSSQLSERVER,1433;Initial Catalog=WorkFlow;Integrated Security=True";
View 5 Replies
View Related
Mar 21, 2014
I have a windows 2008 with SQL Server 2008 R2 VM on Azure. I am trying to connect to the SQL server for the first time using SSMS, but have not been able it. I have a VPN tunnel, so I am connecting using Windows authentication. The error I get back from SSMS is:
Login failed for user 'domainusername'. (Microsoft SQL Server, Error: 18456).In the event viewer I see this error message: Login failed for user 'domainusername'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <local machine>]
I have done the following:
- created an endpoint for port 1433
- opened port 1433 in the firewall
- Ran the MSSQLSERVER service as the build-in users Network Services, Local System, and Local Service, and as a local and domain administrator, with the same exact result each time.
- I get the same result trying to connect locally or remotely.
- I get the same result trying to connect using sqlcmd.
View 4 Replies
View Related
Jun 16, 2007
I have a login that is mapped to a Windows sysadmin account. I used it to login to Sql Server 2005. I then created a database called Freedom. I then added a Windows login and user called FreedomAdmin, with Freedom set as the default database. When I login in to Windows using FreedomAdmin and then try to login in to Sql Server 2005, I get the following error:
The server principal "FREEDOM1FreedomAdmin" is unable to access the database "master" under the current security context.
If the default database for FreedomAdmin is Freedom (and it is - I checked from my sysadmin login account), why can't I login. Must I give FreedomAdmin permissions to master?
View 6 Replies
View Related
May 23, 2007
SQL2005 on winserver 2003. I have a view in Xdb that accesses tables in 2 different databases (Xdb and Ydb) on the same server. I have mixed mode security. I have a SQL user (XYuser) that has read access to all tables and views on both databases, yet when I try to access the view using a C# windows application I get the following error:
The server principal "XYuser" is not able to access the database "Ydb" under the current security context
This same scenario works under SQL 2000. I looked through the postings and tried to set TRUSTWORTHY ON on both databases but that didn't help. I can access any other views or tables on the SQL 2005 server, just not the one that joins the tables cross databases. Any help is much appreciated... john
View 17 Replies
View Related
Apr 13, 1999
How do I determine the Login name from the user name, in SQL?
For example, I have a Login called Accounting with users Bob and Sue. How do I know from Bob or Sue's user name that they are members of the Accounting Login?
I am using NT Authentication.
Thanks!
View 2 Replies
View Related
May 14, 2015
If we have a "pool" SQL login, a one that uses SQL Server authentication, and this login is used by different domain account to access SQL Server, is there a way to audit which domain account used that "pool" login to do something on a object in SQL Server? I have to keep this way of accessing SQL Server, so how to create a login for every domain account accesses SQL Server
View 7 Replies
View Related
Oct 30, 2007
Hi guys,
I've been developing desktop client-server and web apps and have used Access and SQL Server Standard most of the time.
I'm looking into using SQL CE, and had a few questions that I can't seem to get a clear picture on:
- The documentation for CE says that it supports 256 simultaneous connections and offers the Isolation levels, Transactions, Locking, etc with a 4GB DB. But most people say that CE is strictly a single-user DB and should not be used as a DB Server.
Could CE be extended for use as a multi-user DB Server by creating a custom server such as a .NET Remoting Server hosted through a Windows Service (or any other custom host) on a machine whereby the CE DB would run in-process with this server on the machine which would then be accessed by multiple users from multiple machines??
Clients PCs -> Server PC hosting Remoting Service -> ADO.NET -> SQL CE
- and further more can we use Enterprise Services (Serviced Components) to connect to SQL CE and further extend this model to offer a pure high-quality DB Server?
Clients PCs -> Server PC hosting Remoting Service -> Enterprise Services -> ADO.NET -> SQL CE
Seems quite doable to me, but I may be wrong..please let me know either ways
Thanks,
CP
View 3 Replies
View Related
Feb 25, 2006
In visual studio 2005 I created a web page which accessed some information from a database on an sql server.
Various pages highlighted that aspnet replaces the windows username with it's own variant which is likely to blocked when trying to access the server.
I adjusted the web.config to use a connection string with Trust_Connection=True.
This doesn't seem to have worked.
Any Suggestions as to why this would be?.
Server Error in '/ChartWebSite' Application.
Login failed for user 'A0034138ASPNET'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'A0034138ASPNET'.Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace:
[SqlException (0x80131904): Login failed for user 'A0034138ASPNET'.]
View 1 Replies
View Related
Jul 14, 2006
Okay I figured out how to determine if stored procs and funcs exist before dropping them.
How do I do the same for ROLE, LOGIN, USER?
I want get rid of annoying messages in my scripts when trying to drop something that doesn't exist.
Server 2005 and Server Express 2005
Thanks
View 3 Replies
View Related
Aug 23, 2007
When executing a stored procedure that is defined in another database, as:
USE db1;
EXEC db2.dbo.sproc;
Is there a way in the stored procedure "sproc" to determine that the caller made the call from db1?
View 1 Replies
View Related
Jun 3, 2014
I have been using the software, and it has been working fine (on windows user A). Now, I have created another windows user (User B), and would like to use the same software/database. The software launches fine (User B), but cannot access the created SQL database (created with user A)
How do I setup the database to allow access from all users on the same PC?
View 2 Replies
View Related
Oct 16, 2006
I've created a database in SQL Express and I have a Windows form attempting to connect to it through SQL Authentication. Connection string:
private string connString = @"Data Source=.sqlexpress;Initial Catalog=SQLTestDatabase;User ID=SearchAppRole; Password=password;";
The role I have added to the database is an Application Role. It has been added to the Database permissions with Grant checked for "Select" and "Authenticate".
If I test this with query analyzer, it returns expected results (if I remove Grant from 'Select', it fails)
sp_setapprole 'SearchAppRole', 'password'
select * from recipe
If I edit my connection string (for testing purposes) to use the sa account, the application can connect and run the Select statement:
private string connString = @"Data Source=.sqlexpress;Initial Catalog=SQLTestDatabase;User ID=sa; Password=sa_password;";
However, I cannot get the application to successfully logon and run the select statement when using the user id and password of the Application Role. I get error:
System.Data.SqlClient.SqlException: Login failed for user 'SearchAppRole'. at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj
I can't find much information on Application Role...I just want one basic permission for the application as a whole. Any help is appreciated. Thanks.
View 3 Replies
View Related
Apr 4, 2014
I have a small project for educational institutuin online examination. But 500 students has to login and save their answers.. Is it possible to have in sql server 2008 for 500 login can access a single database & can save?
View 4 Replies
View Related
