I Need To Give DBA Full Admin Rights To SQL 2005 Without OS Windows Rights, Can Anyone Help Please!!
Jul 12, 2007
The DBA at our location is demanding local admin (windows) right's to the box so he can function. Right now when he logs in i have given him right's to the inetpub directory, sql directory, i have set him as a sysadmin on sql2005 and gone into the http:\localhost
eports and set him up as a system manager and under site priveledges set him as a sys admin. When he tries to login and configure the report server he gets the following error:
Title-Reporting services configuration manager
Error-There was an error refreshing the UI. bla bla bla
A WMI error has occurred and no additional error information is availiable
Title-Reporting services configuration manager
Error-There was an error while switching panels. The most likely cause is an error retrieving WMI properties. bla bla bla
A WMI error has occurred and no additional error information is availiable
then when he's in sql server 2005 surface area configuation
Title-Surface Area Configuration
Error-Access denied (system.management)
Is there any documentation or anythign anyone can tell me that i can do to give this DBA full access to configure and admin the SQL portion of his system without giving him admin rights to the OS???
Please help!!
Thanks for any time anyone has taken to review this thread!!
We have a SQL server with many legacy DTS packages. sa and Admins can open them and change them then save them but we need to allow the DTS people (Developers) the rights to save the package after they have opened it and modified it.
I have DBA that is convinced that they need domain admin rights to install SQL 2005 into an existing cluster. The domain groups and service accounts for SQL have been created already. Is having domain admin rights required during the install of SQL 2005 in a cluster?
I'm a newbie to Reporting Services so please forgive my ignorance...
I've recently installed SQL Server Express 2005 with Reporting Services on my Vista Business Notebook (with no network connections) and have installed VS C# Express as well as the Business Intelligence Studio to create reports.
My C# application can connect to SQL Server fine, however, the reports I created with Business Studio refuses to deploy to the server due to the following reason:
"The permissions granted to user 'localhostJenny' are insufficient for performing this operation".
I find this odd as I've been able to deploy reports on my other Windows XP machine (with SQL Server Express) no probs at all. Additionally, I cannot see the 'Site settings' link within Report Manager (Web) that I'd normally get with an admin account (i.e. on my Win. XP machine). Various sources indicate that my account has insufficient access rights to view this.
Having browsed through seemingly endless blogs and forums, I suspect that my local account has not been configured to access the Report Manager web client to publish, manage and administer the site.
I have tried the surface area tool for SQL Server, but I suspect that this is relevant only to SQL Server DB access and management. Adding an administrator here does nothing.
The question is, how can I grant access to myself (local account) to allow me to publish reports via business studio, and at the same time - administer Report Manager Site Settings - on my vista notebook??
I would be extremely grateful for any help on this matter - I've tried ceaseless reinstallations, but to no avail!
Could someone please help me for SWL backup restoration and db by user
I restored SQL 7.0 database to SQL 2000. ( by creating empty db on SQL 2000 and restored from SQL 7 backup) -- restore ok.. I need to use same SQL user which is admin for DB on SQL 7, for SQL 2000 also. ( DB user is sql user not domain user) I put mixed authentication mode ( windows and SQL) in SQL 2000 enterprises manager security tab setting. I can see DB user is available in DB user list on restored DB but can not access DB when I try to access from query analyser I tried to create new login with same name as it was in SQL 7 and tried to give full admin access on SQL 2000 enterprise manager but I get error 21002:[ SQL DMO] User 'user' already exists.
The company I work for outsources all its non-development IT. So all windows servers are administered by an outside company. Lately we have purchased SQL Server 2005, along with a dedicated Windows Server 2003 server. I am the sole administrator of this SQL Server, and so have sysadmin rights. However because the outside company is responsible for all windows servers, they are very reluctant to grant me local administrator rights on the server. This has been causing problems, partly because I have to go through them for many simple requests (such as moving database files, or changing SQL Server configuration files), and partly because certain functionality doesn't seem to work for non-administrators (such as the use of Database Mail and full access to Reporting Services).
I want to challenge the decision and gain local admin rights to the server. Would anyone have further reasons why a sysadmin should also have local admin rights? Is this common practice, or are sysadmins often denied admin access to the server?
I was trying to grant access for an application user for executing xp_cmdshell, but I got some error message saying that either doesn't the user exist, or I don't have the permissions to grant this. Does the user need to be a user in Master ? Or, don't I when logged in as "sa" have the sufficient permissions to grant execute on a SP in master?
I solved it by checking "Control server" under "Properties" > "Securables" for the login, but I don't actually want this login to have full control.
(And yes, I've read that allowing xp_cmdshell usage isn't recommended at all.)
Is there a way to grant rights to a user to be able to restore a specific database on a server, without being able to muck around with other databases on the server?
I am trying to install VS2005 Standard Edition on W2k Sp4. This install fails on the first part when MDAC 2.8 Sp1 tries to install. I am logged on as ADMINISTRATOR with admin rights. I tried to install MDAC 2.8 sp1 alone with the same result. Can you help?
Hello, I need to create a sp that allows a user(not sa) to reset passwords using sp_password. The part that I'm stuck on is how to login within the proc so that the user(not sa) can exec the sp_password as sa without having to give the user sa rights. I don't mind hard coding the sa password with the proc but I can not give sa password to the users. Do I need to somehow alter sp_password for this to work?
Need to give a user permission to add logins and users to a database. Have tries to alias the user to DBO but it doesnt work. Is there a way to do it other than reassigning DBO permissions to the user.
Is there a way in SQL server to grant "SA" rights to non-SA users for certain commands.
I know there's a way to do this in Sybase by creating a password protected role and then activating it within a stored procedure.
Thus, the specific right is only active for the brief duration of the stored procedure - which runs the particular command to be granted. The role is de-activated at the end of the stored procedure.
I have a basic question regarding rights. What level of rights do Ihave to have to grant another user update rights? I don't want togive everyone owner rights. Can a person with update rights grantanother person update rights?Thanks.
Hi everybody, The below I posted on SQL 2000 Forum about a week ago. Any new thoughts................ I would like to get an input from as many people as possible on the following: In our organization DBA is responsible for 5 servers ( currently NT 4/SQL 7)and is a part of group of a 5 people including manager and 3 developers. DBA currently has a FULL access to every server. In a few months we will be replacing the existing system with Windows 2000/SQL 2000. LAN group will give to DBA only a read rights for the Windows 2000 environment, saying that the AUDITORS, both internal and external, require that. In other words, if DBA needs to run a command prompt, move files from one directory to another in Production environment, he has to fill the request to LAN, so LAN group would do that. So I guess the main question(s) is: What is the degree of involmment of DBA with Operating system? Is DBA suppose to be an NT administrator ( I dont think so, since DBA has a lot of other thing to do? If DBA accidently makes an unwanted changes to the Operating System, who should be blamed for ( not personally, but in more general terms) and would it be an extra argument to take write rights away from a DBA? What auditors saying about that? Thanks a lot in advance, Andrei
I have a user that is requesting sa rights on a test server. I prefer to give him aliased dbo rights. What is the difference between the two?? What can he not do with dbo that he could with sa??
hi, I am having a database in sql server 7.0. it has a web front end database. how can I grant access to the tables. do I create a guest logins in the security folder, then in the database user tab, I give access as read,write. Or there is another way to do it.
Hi, I have public and dbo rights on a sp. I am trying to call this sp thru a EntityBean(Java). But I am getting an error. Can anyone tell me what all rights do I need to execute this stored proc.? TIA. Jay
I have a user that should only have the rights to view the jobs and database properties within Enterprise Manager. I am not sure how to do that. Can you please help? Thanks.
I've restored the dev db from the prod backup which overwrote the users and their rights in dev db. Is there any way that I can find out what those rights were? I have the list of users in dev db but not their rights . Thanks.
They are not responsible for the server, user accounts, software updates of any kind or odbc configurations. This is controlled by the LANWAN server support group.
With the assigned SYSADMIN role, service account as local administrator, they have NTFS permissions the the DATAApplication partition and rights to stop and start all related services to SQL.
They can also access event viewer, performance monitor and other MMC snap-ins as read only.
I remember seeing a document on this site a couple of years ago that explained reasons why a DBA needs sa access rights. I can go into BOL and generate a list of things you can only do with sa rights. However the article I am looking for was well written, much better than I could do.
My infrastructure team has decided that the DBA's and Sr. Developers will not have sa access rights. All schema changes, stored proc creation, view creation, database backups, maintenance plans, etc will go through their server engineers. They do not understand what they are getting into.
Does anyone have a nice document that would aid me in my efforts to convince the Infrastructure group to change their "new" policy?
Hi everybody, I would like to get an input from as many people as possible on the following: In our organization DBA is responsible for 5 servers ( currently NT 4/SQL 7)and is a part of group of a 5 people including manager and 3 developers. DBA currently has a FULL access to every server. In a few months we will be replacing the existing system with Windows 2000/SQL 2000. LAN group will give to DBA only a read rights for the Windows 2000 environment, saying that the AUDITORS, both internal and external, require that. In other words, if DBA needs to run a command prompt, move files from one directory to another in Production environment, he has to fill the request to LAN, so LAN group would do that. So I guess the main question(s) is: What is the degree of involmment of DBA with Operating system? Is DBA suppose to be an NT administrator ( I dont think so, since DBA has a lot of other thing to do? If DBA accidently makes an unwanted changes to the Operating System, who should be blamed for ( not personally, but in more general terms) and would it be an extra argument to take write rights away from a DBA? What auditors saying about that? Thanks a lot in advance, Andrei
How do I text base add my domain users group with full rights to my database. I am using teratrax to manage my database. This is what comes up when I click on new database user
-- Replace all lower case words with your own code.
If I connect with SQL Management Studio to a server I cannot open or change SQL Agent jobs. (I can see them, but if I ask properties it opens a new job window).
At home I have no problem managing jobs.
I also cannot stop or start the SQL Agent.
What rights do I need? I am not in a domain, but with using the same username and password on my laptop as on the server and I have no problem connecting, add/changes databases and such.
I'm just a hobby programmer that writes programs for my personal use and maybe for friends.
I'm planning on using VB.Net 2008 Express edition for my development. I was using SQLite before with VB.Net 2005, but it seems the ADO.NET provider will not work with the VB.Net 2008 Express edition, so I'm thinking of moving to SSCE.
Do I still have to sign up for redistribution rights? I looked at the choices (What Best Describes You) when you start to sign up for those rights and I don't think I fall under any.
I was hoping to either just copy the 7 DLLs to the client computer or use the redistributable MSI installer to install SSCE.
Hi, I am using SSRS 2005. Created several reports on the server where SSRS is installed. In addition I managed to develop a few more reports on my work station and then deployed the reports to the server. From my local machine I can brose to http://servername/reports and view/run the reports. Now I would like to find out if/how others can view some of the reports. How/where do I set rights...? Thanks
I have recently published a report to SRS. I created a new service account and assigned that account the "Browser" role for the report that I wanted the service account to access. However, upon connecting to the SRS URL with the new service account, I am unable to view any reports. I then added the "view" and even the "Content Manager" role, and I still could not see the reports. I made the service account an admin on the box and I could see the necessary reports. Is there a local group that I need to place user accounts that I want to be able to access the reports I publish to the srs url?
I'm running into an issue with a user with restricted rights being able to access a local SDF file. The user has Modify right to the folder (and the file), but cannot access the SDF if it was created by someone else.
The only two workarounds I've found are: 1) If the I delete the SDF and then the restricted user creates the SDF they can then access it. 2) If I grant Full Control to the folder then the restricted user can access the database.
Is this by design? Are there programatic changes that can be made to enable access?
All users who login to the box (Windows XP) need to be able to access the same SDF. The SDF is stored on the local machine.
Hi All, I've got an SQL 2005 server setup with some databases. I'm trying to set it up so that a user can upload his database backup and then restore the DB using Studio Express but am having some issues with it. The user can upload his database fine, but when we try and go in to restore it, he can't view the directory or file of the backup. I've added the service account that SQL runs as, as well as the SQL2005%Machine%etc... user without much luck. The only thing I can think of from here is SQL permissions and I'm a little vague on how to accomplish what I want. One other thing is that if I add sysadmin rights to the user, they can see the directories fine. I tried adding dbcreator as recommended by other posts and that didn't work either. Any help would be greatly appreciated. Thanks!