Issues Setting Up Users To Authenticate Via NT Group Into MSSQL
Feb 26, 2004
I have a NT Group of users that need to connect to MSSQL db using integrated auth and run a stored proc. I have got this concept to work for individual windows users but not a group.
Does anyone have any ideas?
(Win XP, MSSQL 2000 SP3, Windows Group = "SQLUsers", member is "User2")
--- TSQL ---
USE master
GO
sp_grantlogin 'pcSQLUsers'
GO
sp_defaultdb 'pcSQLUsers', 'theDB'
GO
USE theDB
GO
sp_grantdbaccess 'pcSQLUsers', 'SQLUsers'
GO
GRANT EXECUTE ON [dbo].[uspThing] TO SQLUsers
GO
-- Trying to connect with OSQL.EXE:
> osql -d theDB -E
Login failed for user 'pcUser2'.
BUT.....
runing it for the individual user:
---TSQL
USE master
GO
sp_grantlogin 'pcUser2'
GO
sp_defaultdb 'pcUser2', 'theDB'
GO
USE theDB
GO
sp_grantdbaccess 'pcUser2', 'SQLUsers'
GO
GRANT EXECUTE ON [dbo].[uspThing] TO SQLUsers
GO
---- now trying to connect with OSQL.EXE as User2:
Hi. I have a DetailsView with Bound Fields "Login" and "Password". This informations are stored in SQL database. How to solve such authorization? How to compare password stored in database against passowrd typed by user? Is this a good idea to use CustomValidator control to write some checking procedure?. Regards. Pawel.
i need to have a user account with the following requirements:
a. can create/alter/drop tables/views that is created by this user; b. can read/update/delete records from tables created by this user c. can read/add records to tables created by other user d. can create/edit/execute stored procedures
is this possible? how can i do this? how can i allow a user to create new objects or alter objects owned by him at the same time prevent him from dropping objects created by other user? how can i give a user full access to objects that he created and limit his access rights like dropping objects, deleting records or updating records from tables that is not created by him?
can i do these thru enterprise manager or do i have to run some scripts in order for these to happen? if so, can somebody help me with the scripts or links that i can use for references?
thanks a lot! hope you can help me with these... thanks a lot...
Hello, I think now MS SQL 2005 support packaging database object into schemas which may be granted access by any of the db users, while SQL 2000 only we could use the database creator user instead of schema. my case is i am working in a system with more than one module, e.g. HR + TaskManagemt. Both HR and TaskManagement objects are in the same database, and there are some common objects. I want to isolate the HR objects from the TaskManagemt objects, so i can package any module separated from the other, suppose i want to buy only the HR module, so that i want only to exctract the HR Object + the common objects but not the TaskManagement objects. So how can i accomplish such operations using SQL 2005 schemas AND using SQL 2000 users. P.S. i have two servers one with 2000 and the other with 2005, so i want to find solutions for both 2000 and 2005 Thanks in advance
Does anyone know how to reserve a number of concurrent user licenses /per server logins in MSSQL 2000? I have a situation where I have more users than I have licenses for an enterprise SQL application and would like to make sure that a certain group of users always has access to the system. Individuals who only need inquiry access should only be allowed to login if there are licences available beyond the core group of users. Any Ideas? Thanks.
I need to set up 1 new user in SQL Server 2005 to be able to read specific tables in a db (db1).
The user will connect from MS access using odbc links (SQL Native client ot SQL Server driver)
I've tried to set up one and once logged on from the user workstation, I can only see sys. tables and INFORMATION_SCHEMA tables. None of the required db1 tables appear.
under Security/Logins I've created User1: SQL Server auth. with password default db = db1 server_roles = none user mapping = map, db1, user1,dbo securables = none status = grant, enabled
on the access db, the odbc link was set up with default db = db1
I need some assistance creating a query. I have users table, groups table, and UsersGroups table. Basically a single user could belong to one or more groups. I need to be able to return the users that are not in a specified groups. Table def are below.
USERS: -------- ID (Primary Key) Username Password
GROUPS: ------------ ID (Primary Key) GroupName
USERSGROUPS: ----------------- ID (Primary Key) GroupID UserID
select Max(EntryID),MemberID from Blogs where RoleID = 2
with FilteredLastPost ( MemberID,EntryID,PublishedDate)
as
(
select MemberID,EntryID,PublishedDate from Blogs where IsPublished = 1 and MemberID in( (select MemberID from Members where RoleID = 2)) order by EntryID desc, MemberID asc
)
select MemberID from FilteredLastPost
select distinct Blogs.MemberID,EntryID,PublishedDate from Blogs
right join Members on Members.MemberID = Blogs.MemberID
where not PublishedDate ='' and IsPublished = 1 and Members.RoleID = 2
order by EntryID desc, PublishedDate desc
select DISTINCT MemberID, EntryID, PublishedDate DISTINCT IsPulished from Blogs where IsPublished = 1 and not PublishedDate ='' and MemberID in ( select MemberID from Members where RoleID = 2 )
I have a linked server set up and working correctly. I can create a query to get all the users from active directory with something like this:
SELECT [name], [samaccountname] from OpenQuery( ADSI, 'SELECT name, samaccountname FROM ''LDAP://DC=domain,DC=com'' WHERE objectClass = ''user'' and objectCategory=''Person''')
Now I am trying to select all the users in a specifed security group, but I am not having much luck. What is the best way to get this?
I am in the process of rolling out a pair of SQL 2014 servers. I have setup an Availability Group, Listener and databases. It's my understanding that I will be giving the listener name to our developers so that they can do their work. In testing, I noticed that If I am using Studio Manager and connected to the the AG using the listener name, when I setup a user in security the user is only added to the active primary node. Is there a way to add a user to both servers in one shot instead of having to install on both servers?Â
I try to activate the map document control on my report. My Report is composed of a table in which I group by 2 criterias. When I set the document map label of the first entry of the group list then I get an error on the preview :
"An internal error occurred on the report server. See the error log for more details. "
Can someone tell where can I find the error log file ?
We are running SQL Server 2005 in a Windows 2003 domain and I have a situation where some of my users are unable to connect to the SQL Server unless they are a member of the sysadmin group. Any attempts by these users to login result in a login failed,
Error: 18456, Severity: 14, State: 11
Which indicates that it is a valid user who does not have access to this SQL Server.
I have been able to narrow the failures down to the following situation:
Create a user, TestUser1, as a member of 1 domain local group TestGroup1
Give TestGroup1 access to SQL (standard public access to master)
All good. Login succeeds.
Add TestUser1 to another domain local group TestGroup2
Attempt to login to SQL Server -> login failed.
Add the user explicitly -> login failed
Add one of the groups to sysadmin -> login succeeds
It seems that as long as the user is a member of more than one AD group, and none of those groups is a member of the sysadmin server role then the user is unable to login. Obviously having all of the users as sysadmin isn't a workable solution, has anyone seen this issue before?
I have been able to replicate a similar situation in our test domain, but in that case the issue is resolved by adding the users explicitly to SQL Server (still not an ideal solution).
Interestingly, if I run the same test in our test domain but use global groups, it works. But unfortunately the network admin tells me the groups must stay as local.
Trying to track the users who are logged in and making changes to my database. I have granted permission through the Windows Groups and the log displays the group names and not the user names. Is there something to set to display the user and the group?
Writing to tables created by regular users on MSSQL2005
I have users creating tables through an application, I gave them ddl_admin, datareader, datawriter. They can create tables but cannot insert/update data (to their own tables), I cannot insert data either using Access or any other application to those tables created by them (under dbo schema) Is there something I am missing with permissions? Thank you very much
Here's my situation and I've spent enough time to troubleshoot. Any help would be appreciated.
1) I have a VB.NET Windows Form Application that uses SQL Server Express 2005 database. 2) The "mdf" file is a part of the application itself. 3) When the application distributed to my clients using Windows XP SP2, the "Click Once" installer automatically installs SQL Server 2005 Express [which is a pre-requisite] and copies this mdf file into the application folder. 4) The authentication mode is "Windows Integrated"
The problem is, when the application is launched [while logged in as the local system administrator in a given computer], it is unable to connect to the SQL Server. I get the following error,
Failed to generate a user instance of SQL Server due to a failure in starting the process for the user instance
Here's my connection string
Data Source=.SQLEXPRESS;AttachDbFilename=|DataDirectory|Ragas.mdf;Integrated Security=True;User Instance=True
I have this website which has sql2000 database. this website is using the membership class of asp.net 2. when you run it on the localhost, no problem. after I upload it to my webhost, the usernames that I created with the membership class wont work anymore. membership class raises error "invalid username or password". i checked the database and the username are still there. that left me no option but to create another username. why is this happening? is there something wrong with the way I uploaded the mdf database file?
I have this website which has sql2000 database. this website is using the membership class of asp.net 2. when you run it on the localhost, no problem. after I upload it to my webhost, the usernames that I created with the membership class wont work anymore. membership class raises error "invalid username or password". i checked the database and the username are still there. that left me no option but to create another username. why is this happening? is there something wrong with the way I uploaded the mdf database file?
I just installed SQL reporting Services 2005 on my XP Pro SP1 machine. The problem is when I try to login to http://localhost/Reports or http://localhost/reportserver using "Administrator" account it keeps prompting me the same windows login dialogbox it does not authenticate. I have tried to log in as other user too but same problem.
Can someone please guide me what could be wrong with my setup.
Tried SA.. Tried AD Admin, tried local administrator. Set up in mixed mode so i tried windows and sql authen... I can log in normally with SA and the password and the windows admin account.
Nothing works, tried services off and on. Tried clearing everything
Reinstalled completely...
Only the SQL Server part fails because it requires authentication. All the other parts succeed.
I don't get a log since it just thinks im typing things wrong. Just this
06/06/2006 21:24:59.641 Authenticating user using Windows Authentication 06/06/2006 21:24:59.641 SQL Service MSSQLServer was previously running, ready for authentication 06/06/2006 21:24:59.641 SQL Agent Service SQLSERVERAGENT was not previously running 06/06/2006 21:24:59.782 User authentication failed. Please check to see if the password provided is correct or check to see if the SQL Server Instance is set to Mixed Authentication 06/06/2006 21:25:07.860 Hotfix package closed
basically this is what I get and i am forced to cancel...
Microsoft SQL Server Management Studio 9.00.2047.00 Microsoft Analysis Services Client Tools 2005.090.2047.00 Microsoft Data Access Components (MDAC) 2000.086.1830.00 (srv03_sp1_rtm.050324-1447) Microsoft MSXML 2.6 3.0 4.0 6.0 Microsoft Internet Explorer 6.0.3790.1830 Microsoft .NET Framework 2.0.50727.42 Operating System 5.2.3790
We are writing an enterprise application in which the user logs in by entering their username and password in a form. The user will enter their actual Active Directory credentials. I want to pass the username and password to a stored procedure that will check for a valid user account in an Active Directory. In Sql Server 2005 I know I could write a small .NET library that uses System.DirectoryServices , register it in SQL and access it from an stored procedure.
Can it be done in Sql server 2000?
The reason we are not just autheticating in the .NET code of the application is that we found that it does not work on Windows 98 cleints, hence the need to go through sql server.
I've got a windows application that needs to authenticate to the active directory. But the only members of certain group can start the application. for example only the administrators of the active directory can start the application.
M trying to create a logon form I had something in mind but i can work it out yet
When the user wants to login into the application the value of textbox must be compared with the datafield in the sql server. And then i want a messagebox to show up.
I created a table in sql server with 2 fields in it , User and Password.
I have a server that has 20 databases . I have tested with few users with different level of access and all of them were able to connect to the server and also see, select, update , delete from a particular database which is kind of weird because they do not have a user login associated or mapped to that database. I checked and no user is part of any group in AD that would give them permission to connect . I need a query that would find the permission path of a user. I already queried with xp_logininfo but I am not getting any thing.
I€™m working on an application that needs to support multiple users without log in and out of Windows. I would like to use trusted/integrated security (domainusername) so I.T. does not have to manage two accounts per operator. Is it possible to use trusted accounts (domainusername) in the SQLClient.Connection object?
Hi, I wanted to see what are all the users in a windows nt group that has a group access to sql server 2000. I have a windows 2000 group access to sqlserver 2000 as "xxxsomegroup". How can I list all users that belongs to this windows 200 group? is there any stored procedure to find out this? any information could be greatly appreciated.
On a SQL 2005 Cluster, when you move the SQL resources you generally have to kind of "reauthenticate". For example, in SSMS and after you have moved the SQL cluster resources, you run a query in SSMS and you get a connection failure. Run it again and it works. Does anyone else notice this? I am assuming it is because the resources are now on a differen't server. But then what's the purpose of the SQL virtual server name and instance? I thought when you authenticate to SQL it's to the virtual SQL server like so... VirtualServerSQLInstance. Can someone straighten out my poor mangled mind? I'd like to avoid this reauthentication thing.
I tried using Query Notification on my computer at home: * Win XP Pro with all the SPs and hotfixes * SQL 2005 with SP1 qand hotfix
Query Notification worked fine.
Then I tried using it at work:
* Win XP Pro with all the SPs and hotfixes
* SQL 2005 with SP1 qand hotfix
and I see the following error in the SQL server log file and notification does not get to the client app:
---------------------------------------------------------- Date 9/1/2006 10:18:30 AM Log SQL Server (Current - 9/1/2006 10:18:00 AM)
Source spid17s
Message An exception occurred while enqueueing a message in the target queue. Error: 15404, State: 19. Could not obtain information about Windows NT group/user 'domainmyuser', error code 0x6e. ----------------------------------------------------------
A similar error shows up in the machine's Event Log.
I am sysadmin and full OS admin on both boxes. The difference is that the computer at home is standalone while the one at work is part of a domain.
I have an SSRS 2012 table report with groups; each group is broken ie. one group for one page, and there are multiple groups in multiple pages.
'GroupName' column has multiple values - X,Y,Z,......
I need to group 'GroupName' with X,Y,Z,..... ie value X in page 1,value Y in page 2, value Z in page 3...
Now, I need to display another column (ABC) in this table report (outside the group column 'GroupName'); this outside column itself is another column header (not a group header) in the table (report) and it derives its name partly from the 'GroupName' Â values:
Example:
Value X for GroupName in page 1 will mean, in page 1, column Name of ABC column must be ABC-X Value Y for GroupName in page 2 will mean, in page 2, column Name of ABC column must be ABC-Y Value Z for GroupName in page 3 will mean, in page 3, column Name of ABC column must be ABC-Z
ie the column name of ABC (Clm ABC) Â must be dynamic as per the GroupName values (X,Y,Z....)
Page1:
GroupName          Clm ABC-X
X
Page2:
GroupName          Clm ABC-Y
Y
Page3:
GroupName          Clm ABC-Z
Z
I have been able to use First(ReportItems!GroupName.Value) in the Page Header to get GroupNames displayed in each page; I get X in page 1, Y in page 2, Z in page 3.....
However, when I use ReportItems (that refers to a group name) in the Report Body outside the group,
I get the following error:
Report item expressions can only refer to other report items within the same grouping scope or a containing grouping scope
I need to get the X, Y, Z ... in each page for the column ABC.
I have been able to use this - First(Fields!GroupName.Value); however, I get ABC-X, ABC-X, ABC-X in each of the pages for the ABC column, instead of ABC-X in page 1, ABC-Y in page 2, ABC-Z in page 3, ...
