How To Use CLR Security ..Impersonation To Access External Resources?
Jul 28, 2006
I want to Access External resources inside the CLR Code... But I am getting Security Exception
I have marked Assembly with External Access... here is the way I am doing..
I read articles and MSDN .. everywhere is written to use impersonation like
using (WindowsIdentity id = SqlContext.WindowsIdentity)
{
WindowsImpersonationContext c = id.Impersonate();
//perform operations with external resources and then undo
c.Undo();
}
In above case .. I tried both Windows Authentications and SQL Authentications ...
In case of Windows.. I am have a domain login to logon to my pc, while sql server is at another machine and Active directory is at different machine .. when connect to Database .. it says cannot find user Domainnameuser
and the SqlContext.WindowsIdentity is always null or it has exception User.Toked thew Security exception.
After that .. I tried to user custome Identity .. using IIdentity =GenericIdentity("UserName","Windows");
But there is now difference .. still same exception .. as given below..
[Microsoft.SqlServer.Server.SqlProcedure]
public static void MyProcedure()
{
Process[] p = Process.GetProcessesByName("YPager"); //Yahoo messanger exe .. a process
p[0].kill();
}
A .NET Framework error occurred during execution of user defined routine or aggregate 'MyProcedure': System.Security.SecurityException: Request failed.
System.Security.SecurityException:
at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
at System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Object assemblyOrString, SecurityAction action, Boolean throwException)
at System.Security.CodeAccessSecurityEngine.CheckSetHelper(CompressedStack cs, PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandle rmh, Assembly asm, SecurityAction action)
at DatFileGenerator.StoredProcedures.'MyProcedure'()
.
No rows affected.
(0 row(s) returned)
@RETURN_VALUE =
Finished running [dbo].['MyProcedure'].
How could I go ahead... what I should do to accompilsh the task...
Kindlly .. suggestions and ideas..
Thanks,
Muna
View 14 Replies
ADVERTISEMENT
Nov 15, 2006
Hello--
We have a current situation where analysts will be modeling a variety of problems, all stemming from the same source data (stored in a SQL-Server 2005 relational database).
Analysts that work on the same problem will only have access to:
- A sandbox relational database (which contains views into the same source database). The analyst is db_owner of the sandbox database, so she/he can create data transformations required, etc. The sandbox database contains views to the source database, but the analyst only has read-access to the specific data elements needed from the source DB. So, they are very restricted w.r.t. the source database, but are db_owners of their sandbox relational databases. Note that the analyst will connect to the database via Windows Authentication.
- An Analysis Services sandbox database to use for their modeling, etc. In this AS sandbox db, we've created a role called "Administrator" and checked the permissions: Full control (Administrator), Process database, and Read definition. The analyst's windows account is the "user" associated with this role.
Also, in this situation, the SQL Server 2005 Relational Engine and Analysis Services are running on a single machine. The goal of this security model is to provide analysts with the ability to work in their "workspaces" (both SQL and AS), but not to see other analysts work, etc.
I'm running into a problem when trying to build models using this security model by doing the following:
- Running Visual Studio
- Selecting File -> Open -> Analysis Services Database and choosing the AS DB that I have access to (this is the only one that appears in the drop-down, after specifying the AS server).
- I've created a data source pointing to the relational sandbox DB.
- I've created a data source view choosing the table/view needed for the case table.
- I created a mining structure with a decision tree model
When I process the mining structure, I'm getting the following errors:
- If the data source Impersonation is "Default" -- the error is "The datasource, '<DS name>', contains an ImpersonationMode that is not supported for processing operations."
- If the data source Impersonation is "Use the credentials of the current user" -- the error is the same as "Default" above -- "The datasource, '<DS name>', contains an ImpersonationMode that is not supported for processing operations."
- If I change the data source Impersonation to "Use the service account" and select "OK" in the "Data Source Designer" window, and error comes up with message: "The ImpersonationInfo for '<DS name>' contains an ImpersonationMode that can only be used by a server administrator.
Any suggestions or pointers to help implement this security model to provide analysts with AS and SQL Relational resources for their modeling?
Thanks,
- Paul
View 1 Replies
View Related
Jun 9, 2000
Hi,
a) Thanks for all contributions on this site, they have been very useful but,
i am trying to implement a security procedure including auditing on sql server 6.5,7, sybase and oracle can anyone help?
b) does any one know any site like this that covers issues on oracle ( besides Oracle Technet)?
View 2 Replies
View Related
Oct 14, 2005
Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.
View 9 Replies
View Related
Jul 23, 2005
Hello,I want to access my database server from the internet. I've created a ruleon my router to redirect port 1433 to the desired machine, but still get aServer does not exist, or access denied message. When I change the(external) ip to the local IP address, connection succeeds. Is thereanything i need to change within SQL Server to allow external (internet)access?
View 2 Replies
View Related
Jul 3, 2006
Hello,
I'm not sure whether this is right section to post this. It seems the most relevant one to me. (Please point me in the right direction if it is not).
I am a programmer/web developer for a medium sized organisation in the financial industry (in Australia). Obviously being in the finance industry, we have very strict guidelines and access when it comes to security. We are currently in the process of converting our website to use a SQL Server database (instead of MS Access which we have been using for years). In the past, we have accessed our web database via SFTP as it was only an Access file. Now that we are converting to SQL Server, we will still need access to our database (which is on a server hosted externally). It seems a bit silly (and even bizarre) to me to consider trying to access a SQL Server database via SFTP (as that, to me, defeats the purpose of some of its security features), but is it even possible?
My security guys here will only allow me to access the external server that hosts our website/database via SFTP (on a machine that is outside our network, so any files that I wish to update on our website I need to copy over via USB or whatever). If I am not able to get into the SQL Server administrator program to change our database via SFTP, is there someway that I can "drop" a changed copy of our database into a directory somewhere that SQL Server can "pick up"?
Am I making sense?
Many thanks,
Bronwyn
View 5 Replies
View Related
Oct 12, 2005
I've done a lot of digging, and I can't find the solution to this one. I followed Vineet's instructions to get an assembly registered that can call out to Web services; however, when I try to register, I get the following error:
View 5 Replies
View Related
Nov 22, 2007
Hello
Normally we installs our SQLServers for internal use, but now we've a data supplier which we're going to expose a SQLServer at.
The datasupplier should be able to log on the SQLServer, so I've done the following.
Created an IP-adress from the outside to point at our server
Opened port 1438 in the firewall
Installed SQLServer 2000 Developer Edition as an instance (ie. ServerAINST001)
Opened SQL Server Network utility, selected the correct instance and TCP/IP and altered the default port to 1438
And tried to connect, but with no luck. Can anybody guide me in the right direction?
Kind regards
Janus
View 9 Replies
View Related
Mar 6, 2005
Hi
I have created a .net application using visual studio .net and sql server destop edition on my pc. I have exported the database tables and stored procedures and imported them into a Sql Server database on a web hosting service. The web host does not allow me to access this database directly through visual studio .net.
My connection string to the external database works ok and I can access my stored procedures through my web pages. I know they accept parameters and that I can receive Return Values from them. However, whenever I try to access any of the tables on the external database through a stored procedure, I get a sqlException saying that the table cannot be found (Invalid object name 'UserList').
I have created a text type command which selects data from one of the tables and this runs through without any errors. I have also managed to Insert a row onto one of the external tables also by using a text type command. My only problem seems to be with commands using stored procedures.
Just in case this is the problem - the owner of the table/procedures on my desktop is shown as dbo but on the external database the owner of the tables is shown as [domainname].co.uk_dbuser while the stored procedures owner is still dbo.
Example of stored procedure on external database:
/****** Object: Stored Procedure dbo.AddUser Script Date: 01/03/2005 21:10:06 ******/
CREATE PROCEDURE dbo.AddUser
(
@Username Varchar(20),
@Password Varchar(20)
)
AS
(
Select User_ID From UserList
Where User_Username = @Username
)
GO
Have tried changing dbo.AddUser to [domain].co.uk_dbuser.Adduser but this would not save because there were too many full-stops!
Any help would be greatly appreciated as I am completely stuck.
John
View 2 Replies
View Related
Jul 20, 2007
Hi
I've loaded a C# assembly into my database with External Access (the dll contains a routine
that accesses Environment.MachineName).
I am now unable to invoke any of the entry points in this assembly. I get the error message
'An error occured trying to load assembly Id XYZ. System.IO.FileLoadException.....'
I have set the database Trustworthy flag to ON and the assembly does not have a strong name.
Can anyone tell me what I've done wrong?
Thanks
Steve
P.S. I am calling the assembly from SQL code residing in a different database than the one
the assembly has been loaded into.
View 3 Replies
View Related
Feb 6, 2006
Hello,
I'm having an issue with a CLR Stored procedure. Everything works great in a 32 bit environment, I have a CLR SP that updates an xml file stored on a local drive. When I execute the Stored proc it does go and update what I want it to in a 32 bit system. When I run the CLR SP on a 64 bit cluster, I seem to have give the "everyone" group write permissions to my G: drive (which is where the file is located that I'm updating). What security context is this SP running under? I thought it would be either under the SQL Service account (which is a domain user in the local administrators group) or what I'm logged in as when I run it from Management Studio (which is a domain admin, also in the local administrators group). If I have given the local administrators group "Full Control" access to the G: drive, why isn't this enough? Why do I have to give the Everyone group write access?
The security context seems odd to me, it seems like it's not running as either one of those 2 users I mentioned, because if it was, then it should be able to update the xml file.
Any help appreciated. Here's the error I'm getting:
Msg 6522, Level 16, State 1, Procedure usp_XMLWriter, Line 0
A .NET Framework error occurred during execution of user defined routine or aggregate 'usp_XMLWriter':
System.UnauthorizedAccessException: Access to the path 'g:ssisPackagesBuildCalendarandy.dtsConfig' is denied.
System.UnauthorizedAccessException:
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
at System.Xml.XmlTextWriter..ctor(String filename, Encoding encoding)
at System.Xml.XmlDocument.Save(String filename)
at XMLWriter.StoredProcedures.usp_XMLWriter(String xmlDocPath, String xmlNodePath, String xmlInnerText)
.
View 3 Replies
View Related
Jun 9, 2014
I have developed on winodws based application using C# in .NET. I am connecting from my database using internet, means my database kept on remote location. I have to save images in DB because I can't save and access images in external folder from remote location. In this situation my DB is growing very fast. Is there any other alternative to work on this requirement or compress image in any format so that I can reduce DB size.
View 1 Replies
View Related
Apr 9, 2007
I need to create a SQL server database and add some tables to it. Then access it with a C# application. The problem is that the new SQL server database and it's tables must reside on an external hard drive. How do I point SQL server to this external drive, so that I can create a database on this drive and then create tables and access data on it?
View 7 Replies
View Related
Oct 19, 2006
OS: Windows XP (SP2)
App: MS Access 2003 (SP2)
DB: MS SQL 2000 (SP4, 2040)
User is using MS Access linked table to query database (using ODBC). User can open the query in MS Access. However when the user goes to export the data to MS Excel format, the user receives the error message:
"Unexpected Error from External Database Driver (22)."
A trace on the db, reveals that the user process is attempting to log in to the server as 'Admin'. However, when the query with the linked table is first opened, the user is prompted for username/password (non Windows authentication).
Any ideas? I googled and found some stuff, but nothing directly related and most of what I found was supposedly fixed with SP1.
Any help appreciated. I am not an Access guru.
Regards,
hmscott
View 1 Replies
View Related
Jul 11, 2006
I had created a CLR function in my db and was able to execute it successfully a couple of months ago. But when I tried to execute it today it was throwing errors saying there was something wrong with the permissions on the assembly. So I decided to drop everything and recreate it except I can not longer create the assembly with EXTERNAL ACCESS permissions. Whenever I try to create the assembly I get the followng error:
Msg 0, Level 11, State 0, Line 0
A severe error occurred on the current command. The results, if any, should be discarded.
Msg 0, Level 20, State 0, Line 0
A severe error occurred on the current command. The results, if any, should be discarded.
I also tried to create the assembly with Unsafe permissions and got the same error. Does anyone know why this error would be occurring now? I tried creating the same assembly on a different SQL 2005 server and it creates successfully and can be executed successfully. Any help would be greatly appreciated!!
Thanks!
GN
View 3 Replies
View Related
Apr 23, 2015
I'm currently working on a BI architecture for a customer, and consider to propose the Power BI data catalog as a data distribution layer. The customer will use Power BI, but also has other BI tools.
Are data sets in the data catalog available to other clients than Power Query alone? E.g. are there OData feed endpoints available? If not, what would be the best way to give other tools access to the data?
View 3 Replies
View Related
Nov 7, 2007
I want a user to be able to call a stored procedure, that will call an assembly, that will logon on to another SQL Server, perform some functions (calculations), and return the results. I want the user's credantals passed, NOT the SQL Server Account. So in some research, I created this:
Imports System.Data
Imports System.Data.SqlClient
Imports Microsoft.SqlServer.Server
Imports System.Security.Principal
Public Class SomeName
<Microsoft.SqlServer.Server.SqlProcedure()> _
Public Shared Sub LinkedServer()
Dim cmd As SqlCommand
Dim dr As SqlDataReader
Dim clientId As WindowsIdentity
Dim impersonatedUser As WindowsImpersonationContext
clientId = SqlContext.WindowsIdentity
impersonatedUser = clientId.Impersonate()
Try
Try
impersonatedUser = clientId.Impersonate()
If impersonatedUser IsNot Nothing Then
' as usual, connection strings shouldn't be hardcoded for production code
Using conn As New SqlConnection( _
"Data Source=SERVER1; Initial Catalog=master; Integrated Security=SSPI")
conn.Open()
cmd = New SqlCommand( _
"SOME QUERY", conn)
dr = cmd.ExecuteReader()
SqlContext.Pipe.Send(dr)
End Using
End If
Finally
If impersonatedUser IsNot Nothing Then
impersonatedUser.Undo()
End If
End Try
Catch ex As Exception
SqlContext.Pipe.Send("Error: " & ex.Message)
End Try
End Sub
End Class
Now the issue is that I get this message when I execute this code with the Impersonation code.
Msg 10312, Level 16, State 49, Procedure spr_SQLServerAccess, Line 0
.NET Framework execution was aborted. The UDP/UDF/UDT did not revert thread token.
When I exclude the impersonation code, everything works, BUT executes under the SQL Server Account.
I have used this code to create the Assembly and Stored Procedure:
-- Register the assembly
CREATE ASSEMBLY SQLServerAccess
FROM 'c:linkedserver.dll'
WITH PERMISSION_SET=EXTERNAL_ACCESS
GO
-- Register the stored-procedure
CREATE PROCEDURE spr_SQLServerAccess
AS
EXTERNAL NAME SQLServerAccess.SomeName.LinkedServer
Any idea's on the error message that is being thrown by SQL WITH the Impersonation code?
View 3 Replies
View Related
May 2, 2007
Hi,
I like to use impersonation using multiple databases and a user with no login.
I'm working with Powerbuilder 10. I can change users using the command Execute Immediate "EXECUTE AS USER = 'username'". Unfortunately, I can't execute the command 'REVERT' from Powerbuilders Execute Immediate command. The Execute Immediate command prefixes the 'REVERT' command with a exec. ie. exec REVERT.
I thought I could encapsulate the REVERT command in a procedure and run the procedure using Execute Immediate. But, I'm new to SQL Server and I'm not sure if I can.
Does anyone know how to solve this problem? Thanks.
TF
View 3 Replies
View Related
Jan 3, 2006
Applied Access security feature to a database using its Security Wizard. Procedure went smoothly.
Been developing a software using VB 6.0 using an Access database as the main data source. Haven't had any problem manipulating the database via VB, but recently attempted to modify the database structure via Access, but was unable to do so, because either my username or password is allegedly invalid. Tried all passwords I can recall, but unable to get through. Haven't been able to create a new database, either.
Development of the software and creation of the Access database is being done on a stand alone laptop, that may or may not have been a workstation in a network.
Any help to resolve this issue would be appreciated.
Napatan
View 2 Replies
View Related
Aug 24, 2006
I would like some clarification please...
I have setup Windows Authentication to SQL2005 using a group with a default database. The group has access to the default database.
Now it's my understanding, if I have a user that's a member of the group, idividual access does not need to be setup to connect to SQL Server. Users connect on the credentials of the group... Is this a correct interpretation??
Ex: Windows groupname = SQLConnect Default db = Anydb
Anydb has groupname SQLConnect connect permissions
Windows username = test1 (is member of SQLConnect group)
Problem: test1 trys to login but gets an error that they can't connect to default db...
View 1 Replies
View Related
Mar 3, 2008
What's the correct way to set up impersonation & SQLExpress
Here's the error I'm getting:Cannot open database "aspnetdb" requested by the login. The login failed. Login failed for user '***ASPDATA'.
SQL Express in installed on C: aspnetdb was set up from aspnet_regsql.exe, on IIS manager - asp.net tab - edit configuration this string is there: data source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true The aspnetdb is located in C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLDataThe ASP.Net web is on D: webconfig file has: <add name="LocalSQLServer" connectionString="Server=.SQLEXPRESS;Database=aspnetdb;Trusted_Connection=Yes;" /> <authentication mode="Windows" /> <identity impersonate="true" userName=aspdata@xxx.org password="xxx" />
Should I take a copy of aspnetdb and put it in the web app_data folder?Jess
View 1 Replies
View Related
Sep 29, 2007
I am having a Linked server from SQL 2005 to SQL 2000. Linked server is configured with Local account and remote account "remote_user".
When application hits the linked server, it fails with message "login failed for remote_user".
Any idea how to solve this, i don't have access to remote server.
Regards
View 2 Replies
View Related
May 21, 2008
Hello all-
Before I go any further, I have followed http://msdn.microsoft.com/en-us/library/ms188304.aspx as best possible. I am attempting to send mail through a DML trigger. We'll call the database 'DB', and it is owned by a domain account named 'DOMAINAcct'. The trigger simply blocks any CUD operations on a table which we'll call 'Tbl', and sends an email. Hence, it looks something like...
CREATE TRIGGER [dbo].[TR_Tbl_BlockChanges]
ON [dbo].[Tbl]
WITH EXECUTE AS OWNER
INSTEAD OF INSERT,DELETE,UPDATE
AS
EXEC [msdb].[dbo].[sp_send_dbmail] @profile_name = 'AcctMail', @recipients = 'foo@bar.com', @subject = N'CUD operations not allowed on Tbl', @body = N'Blocked'
AcctMail is a valid profile and operates correctly. I have created the DOMAINAcct user in msdb, given it the AUTHENTICATE permission, and added it to the DatabaseMailUserRole. When the trigger fires, according to the article, the security context should switch to dbo (DOMAINAcct), then be successful when attempting to execute the msdb sproc. Instead I get the usual:
Msg 229, Level 14, State 5, Procedure sp_send_dbmail, Line 1
The EXECUTE permission was denied on the object 'sp_send_dbmail', database 'msdb', schema 'dbo'.
Thoughts?
View 4 Replies
View Related
Dec 12, 2007
I am installing an application that is a WCF service host running as a windows service under the Network Service account. As part of its configuration I am creating a connectionstring in a config file that will allow the WCF services to access SQL Server. I would like this access to be done using windows authentication not sql server authentication.
connectionString="Server=MYSQLServer;Initial Catalog=MyDatabase;Integrated Security=True;"
So since the windows service is running Logged in under the Network Service account using the above connection string would try to connect to sql server using Network service account. Instead I would like to impersonate another domain account which has has a sql server login and is a user in the database.
Is there a way to configure the connection string to use integrated security but to impersonate another domain user?
Thanks
-- Steven
View 1 Replies
View Related
Jul 8, 2006
In the following scenario, I am getting the message 'Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection'.
I am running a Windows Server 2003 with development environment and Sql Server Management Studio in a workgroup on a virtual PC.
My SQL Server 2000 is running on a domain server.
On the virtual Pc I have setup my user login and password to be the same as my domain login and password. Why is the Management Studio not using impersonation and allowing me to connect to the SQL server on the domain?
View 4 Replies
View Related
Jul 16, 2006
This is driving me nuts, below is the C# for the proc as well as the runtime error upon calling EXEC on it. Any help would be appreciated. Using UNSAFE Permission Set.
using System;
using System.Data;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using Microsoft.SqlServer.Server;
using System.Security;
using System.Security.Principal;
public partial class StoredProcedures
{
[Microsoft.SqlServer.Server.SqlProcedure()]
public static void uspExternalConnection()
{
WindowsIdentity newIdentity = null;
WindowsImpersonationContext newContext = null;
try
{
//impersonate the caller
newIdentity = SqlContext.WindowsIdentity;
newContext = newIdentity.Impersonate();
if(newContext != null)
{
using (SqlConnection oConn =
new SqlConnection("Server=.\sqlexpress;" +
"Integrated Security=true;"))
{
SqlCommand oCmd =
new SqlCommand("SELECT * FROM AdventureWorks.HumanResources.Employee", oConn);
oConn.Open();
SqlDataReader oRead =
oCmd.ExecuteReader(CommandBehavior.CloseConnection);
SqlContext.Pipe.Send(oRead);
}
}
else
{
throw new Exception("user impersonation has failed");
}
}
catch (Exception ex)
{
SqlContext.Pipe.Send(ex.Message.ToString());
}
finally
{
if (newContext != null)
{
newContext.Undo();
}
}
}
};
Msg 6522, Level 16, State 1, Procedure uspExternalConnection, Line 0
A .NET Framework error occurred during execution of user defined routine or aggregate 'uspExternalConnection':
System.InvalidOperationException: Data access is not allowed in this context. Either the context is a function or method not marked with DataAccessKind.Read or SystemDataAccessKind.Read, is a callback to obtain data from FillRow method of a Table Valued Function, or is a UDT validation method.
System.InvalidOperationException:
at System.Data.SqlServer.Internal.ClrLevelContext.CheckSqlAccessReturnCode(SqlAccessApiReturnCode eRc)
at System.Data.SqlServer.Internal.ClrLevelContext.GetCurrentContext(SmiEventSink sink, Boolean throwIfNotASqlClrThread, Boolean fAllowImpersonation)
at Microsoft.SqlServer.Server.InProcLink.GetCurrentContext(SmiEventSink eventSink)
at Microsoft.SqlServer.Server.SmiContextFactory.GetCurrentContext()
at Microsoft.SqlServer.Server.SqlContext.get_CurrentContext()
at Microsoft.SqlServer.Server.SqlContext.get_Pipe()
at StoredProcedures.uspExternalConnection()
View 1 Replies
View Related
May 11, 2007
Hello,
I'm new to ASP, but developping in Sql for years.
What we would like to have is that the user is accessing the database over it's own Windows Logon. Our triggers log quite some changes and are using UserName() for this. I've treid to force the IIS to accept Windows Integration only, the SqlDataSource users a connection that has Integrated Security = True. But when connection to the site i'm gatting error that there is no trusted connection for the user . (dot) ...
I suppose i'm missing something but could you give me a hint where to start looking..... THX
View 3 Replies
View Related
Aug 22, 2001
In the process of reviewing all Security access into our production servers, I found a user login name of 'BUILTIN/Administrators' with the type 'NT Group' in our production DB. I am not sure whether this Login was setup automatically when SQLServer was installed or it was setup by the administrator, who is no longer with the company? I was able to find out all the users in the Administrators NT group, but what threw me was the word 'BUILTIN' . Are there other Logins besides 'sa' that get setup during the install?
Thanks.
Helen
View 1 Replies
View Related
Jan 26, 2001
I am using Access 97 as a front end to access SQL 7 server on NT 4.0 server.
I've set up security model based on NT authentication only. Users have login right to login to SQL and they have public & dataread & denydatawrite access. They also have SELECT permission on a table object and have no permission to INSERT, DELETE and UPDATE.
When I use Access 97 to access a database, users are still capable of inserting and deleteing records in tables.
Am I doing something wrong?
Thanks, Michael.
View 1 Replies
View Related
Jan 20, 2004
I HAVE CREATED A SECURITY DATABASE USING A NEW WORKGROUP FILE WITH A NEW MDW FILE NAME. THE DATABASE ITSELF CONTAINS SEVERAL GROUPS OF USERS AND SEVERAL USERS. THE DATABASE WORKS AS DESIGNED.
THE PROBLEMS IS IF I OPEN THIS DATABASE USING THE SYSTEM.MDW FILE, THE DATABASE OPENS AND GIVE ME COMPLETE ACCESS TO EVERYTHING.
CAN ANYONE EXPLAIN WHAT IS HAPPENING.
ANY HELP WILL BE APPRECIATED
THANKING YOU IN ADVANCE
JOSEPH FORD
View 14 Replies
View Related
Jul 20, 2005
First of all, I have never done any web-based stuff, so if thefollowing sounds ignorant, it's because I am!So far all our SQL Servers are accessed only over our network and weuse Windows authentication. Now the guy I'm working with on thedesign of our next stuff wants the two new databases (a transactionalone and my data warehouse) to be additionally accessed by web-basedapplications via our company intranet (NOT THE INTERNET). How do weauthenticate under these conditions? The webserver machine will betalking to the SQL Server ones, i.e. the databases will each be on thetheir own separate boxes. Can the webserver be a "user"? If so,and we want the actual users to have different privileges, then theweb-based apps have to manage that? Or is there a way for theweb-based apps to grab the Windows user and pass it to SQL Server?
View 7 Replies
View Related
Mar 22, 2007
How do I grant admin access to a windows account withou having them a part of the administrators group...
I need to give a user access to every report on the server and the ability to administrate the application side of the server but I cannot give them Administrative access to the machine as a whole. I added the user to the system administrators role in team services but this did not allow here to see all the reports. How does she get access to all the reports without being in the Windows local Administrators group?
Thanks
Chris
View 2 Replies
View Related
Mar 27, 2007
I need a simple way of capturing who updated what in an Access database.
User wants to know for each field in each table.
I think it's to much for Access to handle.
Any ideas?
A.
View 1 Replies
View Related
