List Of Users + Roles + Rights
Feb 27, 2004How can I generate a list/view of all users/groups with appropriate roles and rigths?
View 3 RepliesHow can I generate a list/view of all users/groups with appropriate roles and rigths?
View 3 RepliesHello,
I am new user of SQL Server. I have some problems with these words. I want to make my database works in my specified permissions. I will specify permissions with schemas and these schema wants an owner. I want this owner should be my user. When creating a user it needs a valid login. I am selecting my login and it occurs and error says this login has an different user. I am specifying permissions with roles. But i can't make association all of them. I hope i told my problem to you as well. If you explain these words to me and tell me how can i do my database's works with my own schemas, users and roles i'll be grateful. Thanks for advices.
Happy coding...
New to SQL so please be patient. I'd like to give my developers "See All/Do Nothing" rights to my production server. I want them be able to see everyting that I do, as SA, but not be able to change anything. Is this possible?
Thanks for the help...Art
Hi, SQL experts.
I'm
new in the SQL Server Express Configuring Stuff and I've a problem or
more exactly I don't have any idea about configuring an secure and
hacking save user for a SQL Express DB.
What server roles/server
permissions/endpoint permissions/database permissions are neccessary to
have an rw access SQLE user? Any articles available? Any suggestions?
Scenario is a Personal Webpage for my Family & Friends located in my house
- ASP.Net Starter Website: Personal Website
- 2 MDF DB's: ASPNETDB.MDF & PERSONAL.MDF (included with the Starter Website)
- Development on DEV PC; Deploy on SERVER PC
HW:
- SERVER PC with Win2k (fully patched)
- DEV PC with Win XP Sp2 (fully patched)
- LAN 100Mbit w NAT FW
- WAN Cable Modem 128/1500
SW:
- APACHE 2.0.55 with latest aspnet_mod
- ASP.NET 2.0
- SQL Server Express
- SQL Manager 2005 Lite
- MS Web Developer Express
What I've done so far:
- APACHE: configured & working
- aspnet_mode: configured & working
- SQLExpress: configured & working
- SQLBrowser: configured & working
- TCP/IP Protocol for SQLE: configured & working
- Mixed authentication for SQLE: configured & working
- ASPNETDB.MDF: attached, configured & working
- PERSONAL.MDF: attached, configured & working
- SQL Manager 2005 Lite: configured & working
- SQLE users: created one for ASPNETDB and one for PERSONAL
(with SQL Manager Lite; Sorry MS!!! your SQL Server Mgmt Studio Express sucks!)
- WEBSITE: changed connection string from local to remote
(local doesn't work, because the LocalSystem User on Win2K, which is
used by the SQLServer, has no User Profile. Also you cannot change the
Service User, so it won't work with the local connection string, but
with an attached and remote accessible DB it works just fine)
- WEBSITE: runs locally and remotely on DEV PC with remote DB's and custom users.
But
I'm concern about the two users I've created, to access the two DB's.
I've no idea, what rights/roles aso they need to use the DB for remote
(for development) and local (for production) access and to be secure?
Thanks for any help, ideas and suggestions.
Alex
Hello everybody,
I have a database, where all tables and stored procedures look like this:
dbo.table
dbo.sp
Is this naming because of the db owner creating the tables and stored procedures?
The db runs correctly in my asp.net aplication when i use a user that is db owner, but i want it to run with a 'normal' user that is in public role and has all rights except db_owner...
How can i solve my problem!
Using the user without db_owner rights brings in my application the error:
The EXECUTE permission was denied on the object 'myStoredProcedure', database 'myDatabase', schema 'dbo'.
Thanks for help!!!!
Steven****
--------------------------------------
Solution:
I have to give the User without DB_Owner Rights the schema permissions for dbo objects! This only works in sql server 2005!
Hi All,
I've restored the dev db from the prod backup which overwrote the users and their rights in dev db. Is there any way that I can find out what those rights were? I have the list of users in dev db but not their rights . Thanks.
I have a problem that im using Active Directory in Win2k Server, when domain users logon to workstations they can't open sql server databases, SQL server is local installed on Workstation and operating system is XP.
When i give administrator rights to users the sql server works fine.
Tell me is there is a way to use sql server without giving to the user administrative rights?
thanks
Is there a script or can I make a script to find out what roles and what users are assigned to the roles are?
View 4 Replies View RelatedHow to generate script which can move users with his roles from one DB to another (SQL 2005) ?
View 1 Replies View RelatedI gave to
View 1 Replies View RelatedI'm trying to find some documentation or procedures that will allow me to xfer existing users' roles, etc from sql2000 to sql2005.
When our sql 2005 database was restored on a new server (from sql2000), all of the database users were orphaned. I need to create identical server logins and then make the logins database users. It is also important to understand the significance of the new schema concept. The Microsoft SQL2005UpgradeTechRef.doc white paper does not explain any of this.
Ultimately, I would like to create a script for the above scenario once a sql2005 db is restored from a sql2000 db.
Could someone please help me out on this?
Guys,
I have 2 users emp_rw (read write) and emp_ro in the database through which application accesses the database.
Now I would like to replace this users with roles and assign emp_rw, emp_ro to roles. Which roles should be created -
database roles or application roles what is the difference between application and database roles.
currently I execute the below statement to grant rights on database objects to emp and emp_ro users, can this be changed
to grant rights to role instead of user.
grant execute on <function name, procedure name> to emp_ro
Any suggestions and inputs would help.
Thanks
Hi, all. I've got a question that's truly newbie. I've added logins to the "users" of a database, but I've never used the "roles" area. What's the difference? Is a role like a group account with some preset permissions?
View 3 Replies View RelatedI'm trying to find some documentation or procedures that will allow me to xfer existing users' roles, etc from sql2000 to sql2005.
When our sql 2005 database was restored on a new server (from sql2000), all of the database users were orphaned. I need to create identical server logins and then make the logins database users. It is also important to understand the significance of the new schema concept. The Microsoft SQL2005UpgradeTechRef.doc white paper does not explain any of this.
Ultimately, I would like to create a script for the above scenario once a sql2005 db is restored from a sql2000 db.
Could someone please help me out on this?
Hi,
In SQL Server Express Edition, what are the rights that are assigned to a Normal Windows User and PowerUser by default ?
When I install SQL Express on a clean machine and login as Power User I can add/edit/delete data but when I login as Normal Windows User I can see the data but not change it.
Please help me in this regard.
Hi everyone out there in ASP.NET land.
Have a quick question...
How do I add a role and/or a user through code (Specifically SQL Statements). If not through SQL, then maybe VB.NET?
Thanks ahead of time,
Denvas
Hi there NT Server,sqlserver 7.0, Integrated Security. I used "sp_attach_db" to attach a database to the sql server. The database has 3 standard roles with members in each of those roles. But i am not able to add a user to any of the roles through Enterprise Manager(No users are listed, except the other 2 roles). Also when i click "users" under the Database in EM, no users are listed except "dbo" with sa login. Luckily since some members are there in the roles, they are able to connect to the database. Also i am not able to add the user bcos the user exists in the public role and i get an error message "user already exists in DB". The user has logged into the NT and everything is fine. I copied the .mdf and .ldf files from a "Standard Security" Server.
View 1 Replies View RelatedSHORT VERSION
i am setting up roles, do i also have to set up role-people as users?
LONG VERSION
my db has two owners. both of us run the Access front end happily - everything works perfectly.
now i'm trying to add non-owner users.
i have set up ten people as datareader/datawriter (primitive, but will refine this later).
these people are not able to get into the db.
at the registering DSN stage they can't see the server in the list of servers and if they manually type \myserver they can't connect (doesn't exist or access denied).
in Enterprise Manager,
Users: shows only the two owners
Roles:datareader shows the ten non-owners (ditto datawriter)
am i supposed to setup my datareader/writers as users as well?
should i see them in the Users: list?
thanks for your time.
izy
I have developed a site on my local machine utilizing the built-in security/roles provides by ASP.NET 2.0. I am trying to publish the web application to a production server. It will publish correctly, however the ASPNETDB is not recognized. The folder app_data is created with the proper database files. My question is how do I set this up to use the data I have created in this database? I've searched on how to accomplish this but haven't found any definitive answers. I have found ScottGu's blog to be useful, but I was wondering if there is a different way.
1 - Do I push the data to a SQL Server install via SQL scripts?
2 - Can I link to the ASPNETDB that is created locally on my machine?
3 - If I make changes to the application and re-publish, is there a way to keep from overwriting the ASPNETDB on the server?
I am a unsure of how the built-in roles/security works when you are ready to push something to production. If someone wouldn't mind pointing me in the right direction, it would greatly be appreciated. Any literature, advice, links, etc.. would be great.
- Thanks
Andrew
I am in need of a utility (stored procedure, third party app, etc)that will help streamline the process of managing and auditing objectpermissions, users and roles on multiple sql server 2000 instanceswith multiple databases on each instance. That's a quick overview ofwhat I need, do I need to be more specific?Thanks.
View 2 Replies View RelatedI am currently working on a SSIS configuration database. However, I am having trouble writing a script to get the the users that have each server role permissions. I'm pretty sure that I need to use sp_helpsrvrole, but am not sure where to go from here. If anybody has any ideas or has seen a script on the internet to get this then that would be a tremendous help.
Thanks in advance,
Kyle
Sql 2005
I want to grate execute permissions on my stored procedures to a role. While creating the role, it asks for "schemas owned by this role".
To me, the schema is merely a namespace that allows you to group objects, but arent schemas such as db_datawriter roles that are central to the db and only admin type users should have ownership of these, correct ?
In a nutshell, I want to:
create a new role and assign a user to that role
with a stored procedure, grant execute permissions to this role
I was confused by the sql 2005 dialog that asks me to take ownership of roles such as db_datawriter, db_datareader etc, wouldnt that mess up other things with the database ?
help ...
I think its time I review all of the above items
role
user
login
schema
A question on the permissions hierarchy:
Since logins, database users, and database roles are both principals and securables - what does it mean to GRANT permission on a login/user/role to another principal? Does it mean that for a login - you can GRANT permission to EXECUTE AS that login or modify it, for example?
I have jsut started using SQL server 7 and am having problems with accounts permissions, users,roles, groups, owners etc what are the differences?
View 1 Replies View RelatedI want to be able to list all users connected/logged in a specific database and disconnect them all or a certain user.
can this be done in SQL and if so how?
Developers need to view and modify jobs on some servers without being sysadmin. We've added the developers to the following MSDB roles:
SQLAgentOperatorRole
SQLAgentReaderRole
SQLAgentUserRole
Technically they should be able to view and modify jobs through Management Studio when being added only to SQLAgentOperatorRole. However they receive the following error when clicking on the Jobs folder regardless of the msdb role.
Execute Permission Denied on Object 'xp_sqlagent_enum_jobs', database 'mssqlsystemresource', schema 'sys'. (Microsoft SQL Server, Error: 229)
Our original two SQL 2005 servers do not produce this message, but all other instances do. All servers, but one, are SP2 so the service pack is not an issue. Any thoughts?
Thanks, Dave
What I'm looking for is a list of roles a particular user is a memberof.the closest I've found so far is sp_helprolemember without anyarguements. but this gives me all the roles and all the users. I wantthis same list filtered on a specific user.something like sp_??? 'user'
View 2 Replies View RelatedI have been struggling with this for a while and cannot get it right. I have read countless articles on the internet as well as MSDN documentation about SQL Server 2005 and no success so far.
What I want is a database with multiple SCHEMAS, DATABASE ROLES and USERS in order to have a finer grade of security to access the various objects.
My schemas are (in order to simplify the situation and provide an example of the setup):
- [dbo] the standard DBO schema which is always default. Contains public objects.
- [com] a special module integrated into the system
- [ofc] contains objects used by back-office only
- [aud] contains objects used for auditing, etc.
Each of these schemas has their fair share of tables, views, functions and stored procedures which have been created appropriately (i.e. CREATE TABLE [ofc].[Addresses]), in other words prefixed by the name of the schema to which they belong.
Then I have created various database roles (don't confuse them with SQL2005 application roles) as follows:
- PublicRole mostly used for viewing, no data alterations
- WorkerRole used by front end processes that need write access to data in [dbo] and [aud]
- OfficeRole used by back-office for dealing with backoffice data (basically [ofc], [aud] stuff)
- AdminRole used by application administrator
Each of these database roles has been defined with owner 'dbo', none of them own any schemas. And last but not least to each of these roles I have selected the above named schemas (dbo, ofc, aud) as securables and for each of those securables schemas I have then given the correct set of GRANT/DENY on the Alter, Control, Delete, Execute, Insert, References, Select, Update, Take ownership and View definition.
As an example, the PublicRole role has been given the following permissions (Y=GRANT, N=DENY):
Table #1 of Application Permissions [dbo] [com] [ofc] [aud]Alter N N N N
Control N N N N Delete N N N N Execute Y Y N Y Insert N N N Y References Y Y N Y Select Y Y N Y Update N N N Y Take ownership N N N N View definition N N N N
And I have the following minimum set of database users defined (the server login has the same name):
- upublic, assigned to PublicRole
- uworker, assigned to WorkerRole
- uoffice, assigned to OfficeRole
- uadmin, assigned to AdminRole
As I understand when I assign these users to a particular custom Database Role, the users inherit the permissions granted to THAT role thus liberating me from having to assign the permissions to each and every user account on the same role.
What I expected was that when I logged in to the database with the upublic user account I would at least be able to view (SELECT at least) ALL the objects with the exception of those in th e[ofc] schema. Unfortunately the account is not able to access ANYTHING at all, I get an error like
"The SELECT permission has been denied on object XYZ, database DB, schema 'dbo'"
So, when I use Management Studio to look at the properties I selected the PublicRole and it showed the upublic user as a member of the role (Members of this role). So far so good.
Then when I switch to the Securables page for this role it shows all the schemas I defined and for each of them the same list shown in Table #1 except it has two lines for each permission, the first for Grantor dbo and the second for Grantor upublic. The first has the same permissions I assigned to the role (as shown on Table #1) but the 2nd does not show a checkmark on either GRANT or DENY!!! For example ([x] = checked, [ ] unchecked):
Table #2 Explicit permissions for Securable
Permission Grantor Grant Grant-with Deny
Select dbo [x] [ ] [ ] Select upublic [ ] [ ] [ ]
What am I doing wrong here? Apparently I then have to repeat the whole grant/deny for EACH and EVERY USER I define when the idea was that I would grant/deny on the database role and every member of that role would inherit those permissions automatically.
I am trying to get list of users on different dbs located on different servers.Currently i get them manualy by going on each db and copy the users to excel sheet.I tried to use sysusers, but i needed status of their account, created . Is there any easy way where i can pull list of users from all dbs from at once.I also need to exclude dbo accounts ans sa accounts if possible
View 1 Replies View RelatedHow can i get a list of user that have access to all my databases?
i know how to view them but i need to output them to a text file or excel.
Say I had a "typical" user table such as:
USerTable
---------
enduserid
user_name
password
firstname
lastname
...
Say this table grows very large, what would be a good way to fetch a list of users that was configurable to bring back all or some of the users ? How about a procedure that uses a range of user id's. So if you wanted ALL of you users, you just use a range of inputs that span the entire range.
comments ?
CREATE PROCEDURE EndUsers_Select
@lowuser int,
@highuser int
AS
SELECT
eu.FirstName
,eu.LastName
,ci.Email
FROM UserTable eu
JOIN ContactInformation ci ON eu.ContactInformationID = ci.ContactInformationID
WHERE EndUserID < @highuser AND EndUserID > @lowuser
Also , is it true that Grants to service accounts should go through roles as it is against audit & compliance standards? If yes, than how to find out the list of users who has direct grant to a service account ?
- Then how to revoke this grant from service account and than how to grant through the role ?
- Is there a script that i can run and find the list of users in each SQL server instance ?
Is there any method by which i can get the list of all sql server users?
View 1 Replies View Related