I have a database for which I need the permissions to execute stored procedures, perform CRUD operations on tables, execute functions and SQL jobs. What should be the SQL command if I am to create a user for this database who will have the most minimum privileges to carry out these activities?
My goal is to write a DR plan where i am restoring all user databases onto a diffrent server in a event of hardware failure. I was trying to figure out a way to extract DDL of user accounts and their permissions on all user databases so i can simplify my DR documentation.
This is the plan I came up with...to restore all system and user dbs on a different Physical SQLServer.
1. build named instance $PROD
2. restore master database
- startup sqlserver in single user mode -m or DAC sqlcmd -S ServerName -U sa -P<xxx> –A net stop MSSQLSERVER$PROD net start MSSQLSERVER$PROD -m - restore database master from disk e:master.bak with replace;
3. start sqlserver normally
4. stop SQLServer agent
5. restore msdb
-restore database msdb disk e:msdb.bak with replace;
Basically to defend against SQL injection I want to be able to stop basic users or admins from being able to drop tables or doing other damaging activities. I'm using ms sql express, how can I do this? A friend mentioned that he uses MySql and user privileges can be set up in this way.
Is it possible to grant all privilege for all tables of a specified database through script? Because i have to send the script to user side and i can't do it manually in Enterprise Manager.regards,
hi, I created a View,like the following: Create View viewSecure as select * from sales.customer go Grant select on viewSecure to Andrew go Exec as login='Andrew' Select * from viewSecure go Revert go Alter Authorization On viewSecure to Jerry go Exec as login='Jerry' Select * from viewSecure go but, I received the error 'SELECT permission denied on object 'Customer', database 'AdventureWorks', schema 'Sales'. Meanwhile, I re-granted Select Privilege to Andrew, I got the same error. I know Alter Authorization command means to change the owner of an object. I got 3 questions need your help. 1. An user owned an object, if he may have no any privileges to this object? 2.Why I got the same error after re-granted Select privilege to Andrew? 3.How to pass privileges from one user to another?
Can any of you tell me how to create a login in SQL Server 6.5 with System Administrator privileges, like we can do with SQL 7 or SQL 2000 ? I don't want to use the sa login.
Can a user be granted the ability to create stored procedures with read only capabilities? I wouldn't mind be able to UPDATE but simply need to read only.
To use Reporting Services as a rendering engine I want to configure a local user on the server that has only the minimum set of permissions and user rights. The server is W2K3 SP2 and SQL 9.0.3200.
In particular, this local user has been removed from the local "Users" group and so is the "Authenticated Users" built-in group. In Reporting Services, it is mapped to a role that only has the "Execute Report Definitions" task permission.
Then, following the details in http://support.microsoft.com/kb/812614/ (Default permissions and user rights for IIS 6.0) I added all file security and local user rights required for "Users" and also granted and propagated "Read&Execute" on the "Reporting Services" folder and verified this using "Effective Permissions" on the ReportService2005.asmx file.
However, I still get 401 Unauthorized, also after a complete restart of all related machines and services.
Once I add the user or "Authenticated Users" back to "Users" everything works fine.
What permissions might I be missing? Where could I find those permission requirements documented?
I tried analyzing the 401 using auditing file and object access security but to no avail. There are no Failure audit entries in the Security log.
How can I investigate the minimum permission set?
What is the risk of leaving the user in the "Users" local group?
I am trying to create a program that user inputs the sa password and it creates a user in SQL Express 2005 installation. Is this possible? If so can someone point me in the right direction?
In SQL 2005, I want to create a RO_user with read only access rights to some of my databases. I wrote the folloiwng code but get an error in USE @db_name.
Is there an easier way to create the user id and grant the RO access right to it? I have about 500 databases.
USE [Master] GO
DECLARE @db_name nvarchar(50)
DECLARE db_cursor CURSOR FOR SELECT master.dbo.[name] FROM sysdatabases WHERE Substring(name,1,4) in ('DB06', 'AC06', 'RE07')
OPEN db_cursor
FETCH NEXT FROM db_cursor INTO @db_name
WHILE @@FETCH_STATUS = 0 BEGIN
USE @db_name CREATE USER [RO_user] FOR LOGIN [RO_user] EXEC sp_addrolemember N'db_datareader', N'RO_user'
FETCH NEXT FROM db_cursor INTO @db_name END CLOSE db_cursor DEALLOCATE db_cursor
Hello,How can I create a new user with password for the MS SQL - Server 2000(and the MSDE) with a SQL - Statement? I use Borland Delphi 5 with theADO - Components!Thanks.best regards.Stephan Jahrling
i'm using SQL server 2005 and I need to create new login/user. Previously I used MySQL where user management is much simplier, so I need a help with SQL server. I run following script:
EXEC sp_addsrvrolemember 'uzivatele', 'sysadmin' GO
GRANT CONNECT SQL TO [uzivatele] GO
CREATE USER [jirka] FOR LOGIN [uzivatele] GO
But when I try to connect o database "master" as user "jirka" with password "xyz", it fails with message "Login failed for user 'jirka'". What do I wrong?
Can i create user forms for user to select options and then present them with data based on their selection.i want to be able to use check boxs and combo box.thanks in advance
I have just managed to have JDBC working, but I am getting an error that the user does not exist. I have read in the MSDN help that I need to set the sqlExpress to accept SQL server authentication and not windows authentication. So when I am trying to create a new User using Microsoft SQL server management studio express I get the following error.
TITLE: Microsoft SQL Server Management Studio Express ------------------------------
Create failed for Login 'adam'. (Microsoft.SqlServer.Express.Smo)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.1399.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+Login&LinkId=20476
Can i create user forms for user to select options and then present them with data based on their selection.i want to be able to use check boxs and combo box.thanks in advance
I was wondering if I could have a query like this: CREATE USER 'Firstname Lastname' FOR LOGIN 'DOMAINuser' WITH DEFAULT_SCHEMA=[dbo] The combination of firstname and lastname does not seem to work.
I have been using: sp_grantdbaccess 'DOMAINuser', 'Firstname Lastname' but i cannot specify DEFAULT_SCHEMA with that sp.
I was told that a user with DBO privileges is able to alter their own database. A conversation of course began to where I was in disagreement with him. The ultimate test of course would be setup the scenario. To my surpise he was right!
I checked the BOL documentation and my concerns were verified.
I have checked permissions on the user I created as well as on a user that previously exists on the MSSQL Server. Only DBO permissions were given to the tested users.
I thought maybe this had something to do with the autogrow setting which is a setting we would enable on a dedicated MSSQL Server but not on a shared MSSQL Server. I toggled this option and the DBO was still able to make size changes to their database.
This is very upsetting as we charge for additional reserved database space. Aside from that, we wouldn't want to have a user with unlimited resources to the server. I could easily fill up a hard drive if I were to update the autogrow setting of the database as DBO and run an infinite loop that would insert data into tables.
I then tested the ability for a user to restore a backup and to my surprise it worked without error for the DBO only privileged user. The DBO user was also able to restore previously dated databases assuming that they knew the file name which would not be hard to guess since it is appended with a date stamp (My_Database_20042905.BAK).
Why is this? Is there a way to correct this and prevent the DBO user to only have access to their database but not the above mentioned type privileges?
Hello, After creating a new SSMSExpress Login username account, I use it as the Database User of the attached database (aspnetdb.mdf), but I receive this error.... Additional information: ->An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo) ->The login already has an account under a different user name. (Microsoft SQL Server,Error: 15063)...
I am sure such username account is not yet members of that database (aspnetdb.mdf) for this are the users present-dbo-guest-INFORMATION_SCHEMA-sys-COMPUTERNAMEASPNET-CONPUTERNAMEIUSR_COMPUTERNAME cheers,imperialx
I need to be able to have users run a query under the 'sa' account that will create another account that will just be used for reading and writing to a specific database. Is there a way to do this with just a sql script or can you only set up logins and accounts from the enterprise manager?
I wonder if anyone can help. I'm trying to create a new user/login to a sql server 2000 box which will automatically have access to all the user databases on the instance. The user can't be a SA or anything however. It seems this can be done as the application which uses all these database has created such a user, however I need another which I will then make read-only.
This is the error message i keep getting when following the SQL Server tutorial on how to make a new user;
TITLE: Microsoft SQL Server Management Studio Express ------------------------------
Create failed for Login 'employee'. (Microsoft.SqlServer.Express.Smo)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.2047.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+Login&LinkId=20476