How To Create A User With Minimum Privileges
Jul 19, 2015
I have a database for which I need the permissions to execute stored procedures, perform CRUD operations on tables, execute functions and SQL jobs. What should be the SQL command if I am to create a user for this database who will have the most minimum privileges to carry out these activities?
View 4 Replies
ADVERTISEMENT
Jul 12, 2010
My goal is to write a DR plan where i am restoring all user databases onto a diffrent server in a event of hardware failure. I was trying to figure out a way to extract DDL of user accounts and their permissions on all user databases so i can simplify my DR documentation.
This is the plan I came up with...to restore all system and user dbs on a different Physical SQLServer.
1. build named instance $PROD
2. restore master database
- startup sqlserver in single user mode -m or DAC sqlcmd -S ServerName -U sa -P<xxx> –A
net stop MSSQLSERVER$PROD
net start MSSQLSERVER$PROD -m
- restore database master from disk e:master.bak with replace;
3. start sqlserver normally
4. stop SQLServer agent
5. restore msdb
-restore database msdb disk e:msdb.bak with replace;
6. restart SQLServer
7. Restore User Databases.
8. Run Sp_change_users_login for all users
-Sp_Change_users_logins 'auto_fix','username'
View 7 Replies
View Related
Feb 21, 2008
Basically to defend against SQL injection I want to be able to stop basic users or admins from being able to drop tables or doing other damaging activities. I'm using ms sql express, how can I do this? A friend mentioned that he uses MySql and user privileges can be set up in this way.
View 2 Replies
View Related
Aug 24, 2006
Is it possible to grant all privilege for all tables of a specified database through script? Because i have to send the script to user side and i can't do it manually in Enterprise Manager.regards,
View 1 Replies
View Related
May 22, 2008
hi,
I created a View,like the following:
Create View viewSecure
as select * from sales.customer
go
Grant select on viewSecure to Andrew
go
Exec as login='Andrew'
Select * from viewSecure
go
Revert
go
Alter Authorization On viewSecure to Jerry
go
Exec as login='Jerry'
Select * from viewSecure
go
but, I received the error 'SELECT permission denied on object 'Customer', database 'AdventureWorks', schema 'Sales'.
Meanwhile, I re-granted Select Privilege to Andrew, I got the same error.
I know Alter Authorization command means to change the owner of an object. I got 3 questions need your help.
1. An user owned an object, if he may have no any privileges to this object?
2.Why I got the same error after re-granted Select privilege to Andrew?
3.How to pass privileges from one user to another?
Thanks a lot.
View 15 Replies
View Related
Jul 7, 2004
Hi,
I need to read and subsequently modify the privileges (rights) of a certain SQL Server user / role from within a Visual Basic Program.
Modifying seems to be easy using standard statements like GRANT/REVOKE. But what about reading all the rights a user has ?
I have researched SQL-DMO, but didn't find what I'm looking for.
Any idea ?
Mike
View 1 Replies
View Related
Jul 20, 2004
Hi,
Can any of you tell me how to create a login in SQL Server 6.5 with System Administrator privileges, like we can do with SQL 7 or SQL 2000 ? I don't want to use the sa login.
Thanks
View 1 Replies
View Related
Apr 26, 2004
Can a user be granted the ability to create stored procedures with read only capabilities? I wouldn't mind be able to UPDATE but simply need to read only.
ddave
View 13 Replies
View Related
Jan 28, 2008
To use Reporting Services as a rendering engine I want to configure a local user on the server that has only the minimum set of permissions and user rights. The server is W2K3 SP2 and SQL 9.0.3200.
In particular, this local user has been removed from the local "Users" group and so is the "Authenticated Users" built-in group. In Reporting Services, it is mapped to a role that only has the "Execute Report Definitions" task permission.
Then, following the details in http://support.microsoft.com/kb/812614/ (Default permissions and user rights for IIS 6.0) I added all file security and local user rights required for "Users" and also granted and propagated "Read&Execute" on the "Reporting Services" folder and verified this using "Effective Permissions" on the ReportService2005.asmx file.
However, I still get 401 Unauthorized, also after a complete restart of all related machines and services.
Once I add the user or "Authenticated Users" back to "Users" everything works fine.
What permissions might I be missing? Where could I find those permission requirements documented?
I tried analyzing the 401 using auditing file and object access security but to no avail. There are no Failure audit entries in the Security log.
How can I investigate the minimum permission set?
What is the risk of leaving the user in the "Users" local group?
Any help appreciated.
View 1 Replies
View Related
Dec 18, 2007
I am trying to create a program that user inputs the sa password and it creates a user in SQL Express 2005 installation. Is this possible? If so can someone point me in the right direction?
View 5 Replies
View Related
Apr 28, 2000
Hello,
I would like to create a new database user using T-Sql command. Somebody Knows?
Thanks,
Hugo Venturini
View 2 Replies
View Related
Jan 25, 2007
hi,
i am new to mssqlserver 2005, i installed it successfully in my localhost, problem is i cant create user it gives me:
'my_aro' is not a valid login or you do not have permission
how can i create a user?
View 2 Replies
View Related
Feb 2, 2007
In SQL 2005, I want to create a RO_user with read only access rights to some of my databases. I wrote the folloiwng code but get an error in USE @db_name.
Is there an easier way to create the user id and grant the RO access right to it? I have about 500 databases.
USE [Master]
GO
DECLARE @db_name nvarchar(50)
DECLARE db_cursor CURSOR FOR
SELECT master.dbo.[name]
FROM sysdatabases
WHERE Substring(name,1,4) in ('DB06', 'AC06', 'RE07')
OPEN db_cursor
FETCH NEXT FROM db_cursor INTO @db_name
WHILE @@FETCH_STATUS = 0
BEGIN
USE @db_name
CREATE USER [RO_user] FOR LOGIN [RO_user]
EXEC sp_addrolemember N'db_datareader', N'RO_user'
FETCH NEXT FROM db_cursor INTO @db_name
END
CLOSE db_cursor
DEALLOCATE db_cursor
Canada DBA
View 3 Replies
View Related
Jul 20, 2005
Hello,How can I create a new user with password for the MS SQL - Server 2000(and the MSDE) with a SQL - Statement? I use Borland Delphi 5 with theADO - Components!Thanks.best regards.Stephan Jahrling
View 1 Replies
View Related
Mar 15, 2007
hi
im unable to create a new sql server authentication login
It is appreciated if anyone helps me
thanks in advance
View 4 Replies
View Related
Jan 7, 2007
Hi,
i'm using SQL server 2005 and I need to create new login/user. Previously I used MySQL where user management is much simplier, so I need a help with SQL server. I run following script:
EXEC sp_addlogin 'uzivatele', @passwd = 'xyz', @defdb = 'master', @deflanguage = 'Czech'
GO
EXEC sp_addsrvrolemember 'uzivatele', 'sysadmin'
GO
GRANT CONNECT SQL TO [uzivatele]
GO
CREATE USER [jirka]
FOR LOGIN [uzivatele]
GO
But when I try to connect o database "master" as user "jirka" with password "xyz", it fails with message "Login failed for user 'jirka'". What do I wrong?
thanks
Jiri Matejka
View 1 Replies
View Related
Jun 10, 2007
Hi,
how can i create a user in a stored procedure. the user has to be able to connect to my database
thanks.
View 3 Replies
View Related
Feb 16, 1999
Using SQL 6.5 SP4.
TIA.
Zak
View 2 Replies
View Related
Aug 21, 2007
i need a scripts which should create a user with dbo privileges on the particular database please help
View 2 Replies
View Related
Oct 7, 2007
hello there,
Can i create user forms for user to select options and then present them with data based on their selection.i want to be able to use check boxs and combo box.thanks in advance
cheers
zolf
View 1 Replies
View Related
Jan 30, 2006
I have just managed to have JDBC working, but I am getting an error that the user does not exist. I have read in the MSDN help that I need to set the sqlExpress to accept SQL server authentication and not windows authentication. So when I am trying to create a new User using Microsoft SQL server management studio express I get the following error.
TITLE: Microsoft SQL Server Management Studio Express
------------------------------
Create failed for Login 'adam'. (Microsoft.SqlServer.Express.Smo)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.1399.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+Login&LinkId=20476
------------------------------
ADDITIONAL INFORMATION:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo)
------------------------------
The MUST_CHANGE option is not supported by this version of Microsoft Windows. (Microsoft SQL Server, Error: 15195)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.1399&EvtSrc=MSSQLServer&EvtID=15195&LinkId=20476
View 5 Replies
View Related
Oct 1, 2007
Hello !
I want to create DB users with an stored procedure, and pass the user name as a parameter.
I wrote this code :
CREATE PROCEDURE [dbo].[spTest]
(
@ComName varchar(20),
)
AS
BEGIN
SET NOCOUNT OFF;
CREATE USER [@ComName] WITHOUT LOGIN WITH DEFAULT_SCHEMA = dbo;
END
If I execute this stored procedure :
DECLARE @return_value int
EXEC @return_value = [dbo].[spTest]
@ComName = N'Test_User',
SELECT 'Return Value' = @return_value
I obtain in my DB an user called "@ComNane" instead of "Test_User" !
Where is my mystake ?
Many thanks for any help.
Luc
View 3 Replies
View Related
Oct 7, 2007
hello there,
Can i create user forms for user to select options and then present them with data based on their selection.i want to be able to use check boxs and combo box.thanks in advance
cheers
zolf
View 5 Replies
View Related
Jun 1, 2007
Hi there,
Can someone please help me how to generate the list of all "user" in a database and it's access role? really need it . .
Thanks
View 3 Replies
View Related
Mar 27, 2008
Hi.
I was wondering if I could have a query like this:
CREATE USER 'Firstname Lastname' FOR LOGIN 'DOMAINuser' WITH DEFAULT_SCHEMA=[dbo]
The combination of firstname and lastname does not seem to work.
I have been using:
sp_grantdbaccess 'DOMAINuser', 'Firstname Lastname'
but i cannot specify DEFAULT_SCHEMA with that sp.
Any suggestions?
View 1 Replies
View Related
Nov 28, 2004
Hi,
in mixed mode,
is there a way to prevent access from user SA to a specific database?
thanks
View 1 Replies
View Related
May 29, 2004
I have just noticed something very discomforting.
I was told that a user with DBO privileges is able to alter their own database. A conversation of course began to where I was in disagreement with him. The ultimate test of course would be setup the scenario. To my surpise he was right!
I checked the BOL documentation and my concerns were verified.
I have checked permissions on the user I created as well as on a user that previously exists on the MSSQL Server. Only DBO permissions were given to the tested users.
I thought maybe this had something to do with the autogrow setting which is a setting we would enable on a dedicated MSSQL Server but not on a shared MSSQL Server. I toggled this option and the DBO was still able to make size changes to their database.
This is very upsetting as we charge for additional reserved database space. Aside from that, we wouldn't want to have a user with unlimited resources to the server. I could easily fill up a hard drive if I were to update the autogrow setting of the database as DBO and run an infinite loop that would insert data into tables.
I then tested the ability for a user to restore a backup and to my surprise it worked without error for the DBO only privileged user. The DBO user was also able to restore previously dated databases assuming that they knew the file name which would not be hard to guess since it is appended with a date stamp (My_Database_20042905.BAK).
Why is this? Is there a way to correct this and prevent the DBO user to only have access to their database but not the above mentioned type privileges?
View 2 Replies
View Related
Nov 25, 2007
Hello, After creating a new SSMSExpress Login username account, I
use it as the Database User of the attached database (aspnetdb.mdf), but I
receive this error.... Additional information: ->An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo) ->The login already has an account under a different user name. (Microsoft SQL Server,Error: 15063)...
I am sure such username account is not yet members of that database
(aspnetdb.mdf) for this are the users present-dbo-guest-INFORMATION_SCHEMA-sys-COMPUTERNAMEASPNET-CONPUTERNAMEIUSR_COMPUTERNAME cheers,imperialx
View 1 Replies
View Related
Sep 17, 2005
I need to be able to have users run a query under the 'sa' account that will create another account that will just be used for reading and writing to a specific database. Is there a way to do this with just a sql script or can you only set up logins and accounts from the enterprise manager?
View 1 Replies
View Related
Jan 11, 2005
Hi,
I wonder if anyone can help. I'm trying to create a new user/login to a sql server 2000 box which will automatically have access to all the user databases on the instance. The user can't be a SA or anything however. It seems this can be done as the application which uses all these database has created such a user, however I need another which I will then make read-only.
Any ideas?
Thanks in advance
future2000!
View 1 Replies
View Related
Sep 10, 2004
How to create a user with name dbo and loginname KING.
So that When I open Users Tab in the database, it should read Name as dbo and lOGIN AS king
View 1 Replies
View Related
Jul 23, 2005
I keep getting an error message "incorrect syntax near keyword case"when trying to run this:USE DEDUPEGOCREATE FUNCTION fnCleanString(@mString varchar (255))RETURNS varchar(255)ASBEGINDECLARE@mChar char(1),@msTemp varchar(255),@miLen int,@i int,@iAsc intBEGINset @mChar = ''set @msTemp = ''set @miLen = Len(@mString)set @i = 1while @i <= @miLenbeginset @mChar = substring(@mString,@i,1)set @iAsc = Ascii(@mChar)casewhen @iAsc >= 87 And iAsc <= 122 Then set @mChar = @mCharwhen iAsc >= 65 And iAsc <= 90 Then set @mChar = @mCharwhen iAsc >= 49 And iAsc <= 57 Then set @mChar = @mCharelse @mChar = ""endset @msTemp = @msTemp & @mCharset @i = @i + 1endENDRETURN @msTempENDCan anybody point out what I'm doing wrong?Thanks.Randy
View 3 Replies
View Related
Jul 17, 2006
This is the error message i keep getting when following the SQL Server tutorial on how to make a new user;
TITLE: Microsoft SQL Server Management Studio Express
------------------------------
Create failed for Login 'employee'. (Microsoft.SqlServer.Express.Smo)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.2047.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+Login&LinkId=20476
------------------------------
ADDITIONAL INFORMATION:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo)
------------------------------
The MUST_CHANGE option is not supported by this version of Microsoft Windows. (Microsoft SQL Server, Error: 15195)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.2047&EvtSrc=MSSQLServer&EvtID=15195&LinkId=20476
------------------------------
BUTTONS:
OK
------------------------------
Why is that? Im running XP, do i need to be on 2000 Server or something?
View 7 Replies
View Related