Hello,
Our application works this way: attaches database, modifies data and dettaches database. This works fine when user has administrative permissions, but does not work for users with standard permissions. The reason is that SSE ovewrites MDF file permissions (after MDF is attached) and then it is accessible only for Administrators, Network Service and SQLServer2005MSSQLUserxxxxx. How to avoid this behaviour? We want to keep permissions of MDF file as they are, i.e. inherited from parent folder. This becomes serious problem because some users are migrating to Vista where standard permissions are default (but the problem exists also on XP). Has SSE been designed to work in such environment?
Thank you in advance
Roman
P.S. We work with SSE SP2, BUILTIN/Users have sysadmin priviliges, problem is with file permissions of MDF. This behaviour can be easily reproduced with Management Studio - just attach MDF file and look how permissions were changed.
I'm trying to deploy a project that I deployed yesterday just fine, but today I get the following error:
------ Deploy started: Project: Point Reports, Configuration: Debug ------
Deploying to http://reporting.companyname.com/reportserver
Deploying data source '/Data Sources/Srv24.FieldResponse2_1'.
The permissions granted to user 'DOMAINharley.p.bartman' are insufficient for performing this operation.
Deploy complete -- 1 errors, 0 warnings
This seems like a basic permission issue, except I'm not logged in as the user listed! I've never logged into my computer as the user. I did log in to the reporting services website yesterday as that user, but since have rebooted my machine and logged into bothe my computer and the reporting services website as me. Yesterday this report deployed fine. Today, this error message. I've even tried creating a new project and just creating a simple datasource and deploying just that, but still this message! Where is Visual Studio storing and reusing this user name during my deploy process???
Can someone tell me where user permissions for a table are stored within the database? One of my programmers would like to access this table for the security portion of a program he is writing.
Just trying to figure out how to set a users permission in SQL 2005. Ive got one user but I only want them to be able to view data from one or two tables or and views, but can I do this without having to deny access to every other table?
I am having difficulty connecting to a SQL database from C#. There are no user signons set up on my PC and I am using windows authentication with C#. Whenever I try to connect to the data base I get a message "You do not have permission to open this database.........".
I have created a vb app that connects with an sql database on server express 2005.
When i install the app on my machine, i can connect and edit records no problem, but when the app is installed on other machines on the network (using windows authentication) i get this error: SELECT permission denied on object 'tbltest', database 'test', schema 'dbo'
************** Exception Text ************** System.Data.SqlClient.SqlException: SELECT permission denied on object 'tblTest', database 'Test', schema 'dbo'. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlDataReader.ConsumeMetaData() at System.Data.SqlClient.SqlDataReader.get_MetaData() at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) at System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataTable[] dataTables, Int32 startRecord, Int32 maxRecords, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataTable dataTable) at Test.TestDataSetTableAdapters.tblTestTableAdapter.Fill(tblTestDataTable dataTable) at Test.Form1.Form1_Load(Object sender, EventArgs e) at System.EventHandler.Invoke(Object sender, EventArgs e) at System.Windows.Forms.Form.OnLoad(EventArgs e) at System.Windows.Forms.Form.OnCreateControl() at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible) at System.Windows.Forms.Control.CreateControl() at System.Windows.Forms.Control.WmShowWindow(Message& m) at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.ScrollableControl.WndProc(Message& m) at System.Windows.Forms.ContainerControl.WndProc(Message& m) at System.Windows.Forms.Form.WmShowWindow(Message& m) at System.Windows.Forms.Form.WndProc(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
I think it may have something to do with user permissions for the database on sql server, but no amount of editing permissions will allow access. Help !!!!!!
I've seriously looked, but this simple concept eludes me. How do I go about viewing all the permissions granted to a database user? Like whether or not they can execute a stored procedure.
I have a user account that needs CREATE TABLE permission in tempdb. I know how to do this using the GUI (Enterprise Manager).
The problem is that this reverts whenever the DB server is restarted. I need to figure out how to keep it from reverting, or it needs to be set in some sort of startup script.
Can someone tell me where the information about the permissions granted to a user are stored? For eg, user xyz in db1 has SELECT permissions on Col1, Col2, Col3 of Tab1 and UPDATE permissions on COL2 of the same table. Which system table(s) will hold this data?
In SQL/2000 EM I can go to a user Database, expand the Users, double click a user and click Permissions to see everything a user has permisson to in the database. How can I get the same information in Management Studio in SQL/2005? Is there an overview of this process in BOL 2005?
Hi guys,I have been told that only users with SA priviledges could check thestatus of a job. For this reason, I had to give SA priviledges to thisuser so he could check the results of a job (succesful or not) and dohis work. Now, he makes changes on the database without telling me andlast time we nearly lost one day of work as he changed the db optionto truncate on checkpoint. I don't want to be the one to log on andverify the results of the job everyday so is there any way that I cangive him limited permissions so he could only check the job and leavethe database alone ? I am pregnant so I am afraid that next time hedoes something like that I may hit him on the head with the keyboard(hormones... :-)Any suggestions would help,Thanks !!!
I have added a new user to a database without any explicit permissions, but when I view their effective permissions inside the Microsoft SQL Server Management Studio, they have a whole host of permissions. How can this be? Is it a bug in SQL Server? Or could it be that the public role has all these permissions?
If new users are inheriting these permissions from the public role, how do I view the public role permissions?
I created an application using VB.NET, which performs accessto SQL database. the server is MS SQL 2000.
I got a few questions:
a. The application performs access to tables, performs SELECT transactions, and calls stored procedures. I want to define a userlogin that is only permitted to commit UPDATE and INSERT only by the stored procedures, and not by direct commands. Is that possible ? Do I have to deny access to READWRITE in the tables? If I do deny - will the user be permitted to call stored procedures that performs the INSERTUPDATE those tables ?
b. Do I have to create a LOGIN or a USER for the specified requirements ?
c. Where can I find REALLY detailed information about what I need to create (login, user, role ect.) ? I find only general stuff...
d. The user-defined role I need to create - is it considered as an application role (because it grants an application access to the database) or is it called SERVER ROLE ?
I'm trying to build a web application using SQL2005 Express and Visual Studio Express. It all works OK on the local machine, but gives an error "Login failed for user xxxxASPNET" when used remotely. I can't find where I can set login permissions for SQLServer 2005 Expresss - can anyone help, please? Thanks John
I had found one or two other questions about this, but neither of them seemed to be the same as my instance, and there solutions were not valid for me.
I purchased the Build a Program Now MS Visual C# 2005 Express Edition book with CD.
This was installed by the auto installer on the disk. which included the SQL Express 2005 version.
I have used the Visual Express C# interface, build a small program, created the database, created tables. all went well. I can even add data, and so forth.
My problem came when I went to click on database Diagrams in the Database Explorer.
I get a Dialog box stating
" This Database does not have a valid dbo user or you do not have permissions to impersonate the dbo user, so database diagramming is not available. Do you want to make yourself the dbo of this database in order to use the database diagramming?"
two options are Yes and No.
If I choose yes, I get the following dialog box stating,
" This databse does not have a valid dbo user or you do not have permissions to impresonate the dbo user, so database diagramming is not available. Ensure the dbo account is valid and ensure you have imprersonate permission on the dbo account."
One button, OK.
I have searched every where I can think of to try to figure out how to set / alter the dbo user info / permissions.
Hi, I want to execute BCP in Query Analyser in SQL Server 2005 Express for that i surf on net and find that i should execute BCP under xp_cmdShell, That works good for addministritative account on SQL. But i want the working will be done by a non administrative account or non 'sa' user.How can i assign a non sa User permissions to execute xp_cmdShell? or just tell me any other alternative way to run BCP in Query Analyser or code behined. thanx
I use 1&1 to host my site, with SQL Server. I've used their db management tool to create stored procs and tables. I backed up the db stored at 1&1 and restored it on my home machine. On my home machine, I can't access most of the db objects in the restored db via ASP.net, even if I login as sa. I get messages such as "Could not find stored procedure 'proc_name'". 1&1 provided me with a username and password to login into their SQL Server database, and all my objects now have that username as the owner. The only way I can get the stored procs or tables to work is to prefix them all with the username from 1&1, e.g.:
exec <1&1username>.<proc_name> Any advice would be most welcome. Thanks, B
can anybody help me. I'm looking for an easy way to grant permissions to a user in all user databases. I already have a script which grants permission to all views and userdefined tables within one database, but since I have to run it in about 100 databases it's still quite timeconsuming. Is there a way to execute that script in all user databases at once ???
We are having problems finding out how to transfer user permissions and passwords to a new server when we copy a database. We have tried sp_helprotect and looked at system tables to try and retrieve the details to no avail. The reason for this is that we are trying to write an application to automate this as we have many databases to transfer.
I am working on SQL 7.0/2000. I have given lot of permissions to the user 'duser1'. The permissions like select,etc..,create... Now I want to give the same permissions(what I have given to 'duser1') to the other user called 'duser2'. Right now I hvn't created any Database Roles or Server Roles.
Do we have any easy method to copy the permissions of one user to the other user?, like script generation or any method. If anybody knows that please guide me.
I have created a user and given select permissions on a table, I want to go deeper and just give select on a few columns within the table but unable to do so. Can someone tell me how I can do this.
I know that there is Microsoft KB to migrate SQL Logins but it doesnt take care of Login Server level permissions or User level permissions.Idera used to have a Free tool SQLPermisions.exe but it works only on Windows XP/Vista not on Windows 7. Any third party tool (free or paid) which can migrate SQL Logins and User permissions ?
I have a server with a dozen or so databases created by a 3rd party for some software that we've purchased. Because of the mess involved I've created a separate database for reporting purposes contains a large number of objects that reference the other databases using 3-part naming.
Now I'm on to securing this stuff up.
- I don't want my users having any write permissions so have added them to the db_denydatawriter role.
- I don't want them having access to certain schemas within the reporting database so have granted select and execute permissions to the specific schemas.
I like simple.
Unfortunately because of the 3 part naming they require access to the other databases... but I would love to not have to do this as I want to force them in to using the objects I have created.
The permissions granted to user 'domainusername' are insufficient for performing this operation. (rsAccessDenied)
Hi,
I wonder if anyone can help me?
I have installed and configured sql server 2005 express edition with advanced services on an xp box, with the aim of using reporting services.
I have set up reporting services successfully using the report manager, with my web services id = netwrokservice.
I can access both the report manager and report url locally, i.e while using localhost anjd on the machine. The problem arises however when i try to access
the reports from another machine, as i get the message:
"The permissions granted to user 'domainusername' are insufficient for performing this operation. (rsAccessDenied)"
I have looked at various sites (including microsoft) in an attempt to find a solution to this and most sites give exmaples of how to configure the full
version of reporting services which i do not have. The things that I have managed to gleam and try are:
- open up security on dir: C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportServer to everyone and allow all access - added my own username as a new role assigment in the report manager page - added my own username to the reportserveruser and reportingserviceswebservicesuser roles, as indicated by microft:
http://msdn2.microsoft.com/en-us/library/ms365166.aspx, who state that "Custom authentication extensions and custom role assignments are not supported. You
must map existing Windows domain user and group accounts to predefined role definitions."
Can anyone suggest where to look next as I cannot believe that this should be this difficult?
I am having a problem restricting write access to tables in my database.In my database I have a table called, for the sake of argument, 'TableX'.In my SQL Server Logins, I have set up a login for 'Domain Users' using NTauthentication, and a login called 'FullTableX', using SQL Serverauthentication.I have added two users to my database relating to the above logins.I have added a role to my database called 'ReadTableX' with 'Domain Users'as a member of this role. 'ReadTableX' has SELECT permission only on arestricted set of tables.The only other role that 'Domain Users' is a member of is 'public', and'public' has no permissions on any of my tables.The user 'FullTableX' is a member of 'public', 'db_datareader' and'db_datawriter'With the above settings, I would expect user 'FullTableX' to have fullaccess (Select, Insert, Update and Delete) on all my database tables (so farso good), but any user connecting to the database with NT authentication(via ODBC System DSN) should only have read access to the limited set oftables. However, what is happening is that NT authenticated users also havefull access to all of the tables.What am I missing here??
Hi, I want to use a domain user account not belonging to local admin or domain admin groups in SQL 2000/2005 Enterprise edition. This is what I've done so far.. On the machine that is the Domain Controller: - installed SQL 2005 as a domain admin
- created a domain user account using Active Directory Users and Computers. This user is only
"Member of" domain users; not any Administrators group.
- added this user to SQL Server Management Studio->Logins and in Server Roles assigned
sysadmin role. Question 1: Do I need to give any additional permissions to this user to work with SQL? Question 2: How can I test this user for basic SQL operations like database creation? Can I use Osql? Question 3: Can I use this user account to login to my domain controller using remote desktop? I tried adding this user to remote users, but in vain.
Is it possible to set up the permissions to not allow a specific user to create schemas, but to allow that user to create tables and procedures and functions in one schema, and to create procedures and functions but not tables, in a different schema within the same database?
1. Ability to read and write records in tables in both the X schema and Y schema 2. Ability to read metadata about objects in the X and Y schema 3. Ability to execute stored procedures in the X and Y schema 4. Ability to create and update the necessary schema objects used by X, including but not limited to tables, views, and indexes 5. CREATE FUNCTION permission 6. ALTER and EXECUTE permissions on the X schema 7. VIEW DEFINITION permission on the X and Y schemas to enable view export.
For the point 1, I will assign db_datareader,db_datawriter database roles to the user
For the point 2, when I have searched web, I found out ReadDefinition permission should be granted. I could find only viewDefinition but not ReadDefinition.
For the point 3, 'USE DataBaseName GRANT EXECUTE TO User; Go' - does this sql suffice?
For the point 4, I am not sure what should be done.
For the point 5, 'USE DataBaseName GRANT CREATE FUNCTION TO User; Go' - I guess this will work
For the point 6, Can I use same SQL as point 3 including ALTER ?
For the point 7, 'USE DataBaseName GRANT VIEW DEFINITION TO User; Go'
I have a larger stored procedure that is running, but I am getting stuck on where I need to grant permissions to a user in a a different database on various functions and stored procedures. For example:
Code Snippet
use [Database1] grant exec on [Database2].[dbo].[MyFunction] to bob
returns this error: Cannot find the user 'bob' , because it does not exist or you do not have permission.
However, I know 'bob' exists, plus when I change the use statement to Database2, the line of SQL works correctly. Given the nature of the overall stored procedure this will be running in, I won't have the ability to just change the use statement. Is it possible to grant permissions to a user on a different database without explicity having the use statement set to a particular database?
