Login's Permissions For Non-sa RESTORE?
May 17, 2004
I hope this is a nice fat ball that someone can knock out of the park...
We've recently started to upgrade our development servers from Win2k to Windows Server 2003. Naturally, the SQL Server boxes receive MS SQL Server 2000 SP3a. Our database users now cannot restore to their own databases.
We usually grant each login the 'dbcreator' server role (and hope the developers are too busy to realize everything else it allows). Each user's login is dbo in his/her database. Typically one developer will produce a reference dump file, and all the other developers load it as they need it.
If a user executes a restore, it trundles along happily until almost the end, spitting out an error. Here's a sample:
100 percent restored.
Processed 376 pages for database 'bobdb', file 'Data' on file 1.
Server: Msg 916, Level 14, State 1, Line 68
Server user 'bob' is not a valid user in database 'bobdb'.
Server: Msg 3013, Level 16, State 1, Line 68
RESTORE DATABASE is terminating abnormally.
Oh, and this worked with SQL Server 2000 (any patch) on Windows 2000 Server.
Developers reload their databases so often (and DBA resources are so spare) that routing all restores through a DBA will bring development to its knees. So, each developer must be able to restore dumps to their own database.
Help? Which server roles/permissions/GRANTs do we need to provide our developers with the power they need? (and not the powers they don't need!)
View 11 Replies
ADVERTISEMENT
May 12, 2008
I am getting the error:
Cannot open database "aspnetdb" requested by the login. The login failed.
When I browse to my ASP.NET 3.5 LINQ web application on the IIS 6.0 server on Server 2003.
I imagine this is because while I granted SQL Server 2005 login and permissions to my database that the application stores its data in, I did NOT grant any rights to the service account the IIS Application Pool uses for its identity to the aspnetdb database on SQL Server which is where all my roles information is stored at.
My question is what are the MINIMUM permissions needed for this database so it can perform its roles related functions?
I'm using Windows Authentications with the SQL Role provider for authorization.
Thank you.
EDIT: I think I only need to open the aspnetdb database and add my login to the aspnet_Roles_FullAccess role. Is that correct?
View 2 Replies
View Related
Apr 10, 2000
On a member server, Server1, (not part of any domain) I've backed up my SQL 7 db to a local disk using a temporary device.
I go to a second member server on the same network, Server2, and try to do a restore from that file.
Fom ISQL, I get the error message that the device is offline.
The SQL server error log on Server 2 states that the file failed to open
with operating system error 1326 (logon failure: unknown user or bad password.)
I've tried taking ownership from server 2 but that does nothing. I'd like to copy the entire file to server 2 except that server 2 does not have enough disk
space for both it and the database it would recreate simultaneously.
I am signed on as administrator on both boxes.
Any thoughts?
View 2 Replies
View Related
Jun 5, 1999
Question for you. Due to some testing within our environment, I've restored a database a few times
today. Now, when I look at the databases that logins have access to, some have the correct
access to databases and others have no access anymore. This all has happened since I've
restored the database. What happened? It isn't even with the 1 database that I restored that
this is happening. When I look, most users don't have access to any database anymore... All the groups I have
set up and the permissions assigned within the database themselves are fine, just the
login doesn't have access to a database. Did I do something wrong? If so, please let me know
so I can correct it before another restore is necessary.
Thanks so much!
Toni Eibner
View 2 Replies
View Related
May 14, 2008
I had created three users for my centeralized database server.
usernames are
1.sa
2.production
3.praveen
I had given the permissions as follows
for production i given the permissions for each database
dddatawriter,datareader, db_executor,public
for praveen i had given full permissions
for sa I want full permissions so i had given each and every thing
my aim is as follows. i want permissions according to this one.
for production he is not able to change the coloumn name,he is not able to backup database or restore database, and also he is not able to change password of any logins
For this one i got it correctly . but while coming to praveen login
He is able to do anything regarding database . but i don't want to give permissions to chnage passwords of his login and at the same time any login . can you give any idea regarding this permissions.
For sa i want to full permssions he is able to change passwords of any login .
please kindly help me in this
View 7 Replies
View Related
Oct 3, 2005
I am trying to set up a secure system and would like some advice on how to do it as it is a bit tricky.
View 14 Replies
View Related
Sep 26, 2007
Hi,
I created a new sql server login, but didn't assign it any permissions in any databases.
When I login with this new login, it logs into the master database, and is able to select tables from the system databases, such as master, msdb.
This seems very wrong to me. How can I turn these default permissions off for new logins? I thought it might have something to do with the guest account, but not sure how to best handle this.
Thanks
View 3 Replies
View Related
Mar 28, 2005
I use 1&1 to host my site, with SQL Server.
I've used their db management tool to create stored procs and tables.
I backed up the db stored at 1&1 and restored it on my home machine.
On my home machine, I can't access most of the db objects in the restored db via ASP.net, even if I login as sa. I get messages such as "Could not find stored procedure 'proc_name'".
1&1 provided me with a username and password to login into their SQL Server database, and all my objects now have that username as the owner.
The only way I can get the stored procs or tables to work is to prefix them all with the username from 1&1, e.g.:
exec <1&1username>.<proc_name>
Any advice would be most welcome.
Thanks,
B
View 2 Replies
View Related
Feb 18, 2002
Hi,
I have created a Windows user login and have granted it the appropriate roles (including a revoke).
As a test I also created a standard user and gave it the same roles as above.
When I run a query against the revoked table, the results are unexpected.
The Windows user can run the query, and the standard user gets a permissions error (which is what i expect).
Does anyone have any ideas as to what is happening here? I am still confused.... Does it have anything to do with the public permission that much be granted?
Thanks
View 1 Replies
View Related
Mar 15, 2006
What are the minimum permissions necessary to use CREATE LOGIN?
I'm using db_accessAdmin and db_securityAdmin and db_owner. The user as access to the database.
It still says I can't create the login. What am I missing?
View 1 Replies
View Related
Jul 7, 2007
Hello All,
I'm hoping someone can help me with this puzzle.
Most logins I've created have been SQL Server authenticated. I assign the login newEmployee to a role existingRole, and ensure the role has the required permissions. This didn't seem to be rocket science....
My company has been provided with an application with a SQL Server back-end. My instructions were to create a Windows authenticated login and give it full access to the database. I followed the above principles, but running the application, the user got the error -
SELECT permission denied on object 'sysobjects', database 'databasename', owner 'dbo'.
So I decided to try the simplest possible scenario to make it work:
I've created a login DOMAINewEmployee with Windows authentication.
DOMAINewEmployee has been granted access to databasename.
By default, DOMAINewEmployee is a member of Public.
Public has been granted all available permissions on all objects.
ie... grant all on userTables to public
........grant all on sysobjects to public
........grant all on otherSystemTables to public
etc.
Running the application, the user still gets the above error. I'd send the problem back to the vendor, except if I've logged onto the PC as DOMAINewEmployee, querying -
select * from dbo.sysobjects
via Query Analyser produces the same error message. (An equivalent error message is produced when querying a user-created table).
To compare, I then created a login newEmployee2 with SQL Server authentication.
newEmployee2 has been granted access to databasename.
select * from dbo.sysobjects
runs successfully from Query Analyser (as to any queries on user-created tables).
What else is required to grant access to tables from a Windows authenticated login?
( What really scares me, is that the application will run if I make the Windows authenticated login a member of server roles System Administrator and Database Creators, then the application will run - but I don't want this to be the permanent solution. Even after doing this, the above query still fails in Query Analyser for that login, suggesting that there is something wrong with how I configured the permissions. )
Any help would be appreciated.
Thanks.
Kim.
View 4 Replies
View Related
Jul 17, 2007
Good day
I have a problem with our Reporting Services. The error says:
Login failed for user 'user'. [CLIENT: <local machine> ]
Error: 18456, Severity: 14, Stage: 16.
I read here http://blogs.msdn.com/sql_protocols/archive/2006/02/21/536201.aspx that State 16 means the user has no permission to log into the target database.
So I went and tried it the hardcore way, giving this user all roles under "Server Roles" and all Database roles for the two ReportServer and the two CRM databases, hoping it would work and I could strip it down again.
No luck, no login and still the same error.
At http://host/Reports I have set the connection string to:
Data Source=host;Initial Catalog=Company AG_MSCRM
I found that in a KB article, so I assume the Initial Catalog should be this database.
Anyway, is there an option I'm missing where I have to give the user additional permissions to successfully login? What irritates me is that I can login with this user using SQL Server Management Studio and browse the tables of the DBs I mentioned above.
The server authentication is currently set to Windows authentication mode.
Kind regards
André
View 6 Replies
View Related
Jul 2, 2007
After installing SQL Server Express I can now connect using my Windows authentication but am unable to create a database because all BUILTINUsers only have public permissions. I don't have the sa password and there are no other users or user groups set up which I could use to upgrade my permissions. So I can't do much of anything with SQL Server.
For background, I'm setting this up on a personal laptop running Windows Vista. I'm one of only two users on the machine and I have an Administrator user account.
Any help is appreciated.
View 11 Replies
View Related
Nov 3, 2010
We use Netbackup for our SQL servers to backup and restore databases. I would like the service account used by Netbackup to have as limited permissions as possible. The account should be able to backup and restore a db without being able to read any of the content. Right now the account jobs fail if the service account is not in the sysadmin role.
I removed the account from sysadmin and limited it to dbcreator and public but the job fail.
How to setup an account so that people who know the service account password can't log in with that account and read db information?
View 9 Replies
View Related
May 17, 2006
We are having problems with the response times from UPS WorldShip after switching from SQL Server 2000 to 2005.
I think that the problem can be fixed from the database end by setting the permissions correctly for the user/role/schema that is being used by WorldShip to connect to the server but, I'm not sure how to do it.
The Setup
Client
UPS WorldShip 8.0 running on XP Pro SP2
Connecting via Sql Native Client via SQL Server Login
Connection is over a T1 via VPN
Server -
SQL Server Standard Edition on Windows Server 2003
2x3ghz Xeon processors w/ 4gb ram
The user that is being used to connect runs under it's own schema and role and only needs access to two tables in a specific database on the server.
What UPS WorldShip seems to be doing is on a continual basis retrieving information about the layout of the database via calls such as the following
exec [sys].sp_tables NULL,NULL,NULL,N'''VIEW''',@fUsePattern=1
exec [webservices].[sys].sp_columns_90 N'CHECK_CONSTRAINTS',N'INFORMATION_SCHEMA',N'webservices',NULL,@fUsePattern=1
exec [webservices].[sys].sp_columns_90 N'COLUMN_DOMAIN_USAGE',N'INFORMATION_SCHEMA',N'webservices',NULL,@fUsePattern=1
This seems to happen whenever WorldShip contacts the database to find out information in order to be able to create a mapping to the database as well as exporting information to it. Because of the VPN connection these calls take anywhere from 20 seconds to 3 minutes.
I am fairly confident that the problem lies with these calls to the database which I was able to capture using the SQL Server Profiler. We have experimented with the following setups.
1. Connecting to SQL 2000 over VPN with SQL Native Client - No noticeable lag
2. Connecting to SQL 2000 over VPN with SQL Server 2000 driver - No Noticable lag
3. Connecting to SQL 2005 locally with SQL Native Client - No Noticable lag
4. Connectiong to SQL 2005 over VPN with SQL Native Client - Lots of lag
Our network admin has been testing the network connections over the VPN and it is very responsive with none of the long wait times found when using UPS WorldShip.
Now for a possible solution other than getting UPS to fix their software. I think that by limiting the tables and views that the login is able to see will cut down significantly on the lag times that are being experienced. The problem is that there were 264 items that were being returned by sp_tables. I was able to cut that down to 154. I am unable to disable access to any of the rest of the items because they are server scoped.
Take for example the INFORMATION_SCHEMA.CHECK_CONSTRAINTS view. When I try to deny access to it in any way I get the following error:
Permissions on server scoped catalog views or system stored procedures or extended stored procedures can be granted only when the current database is master (Microsoft SQL Server, Error: 4629)
Am I able to deny access to these types of object and if so how? Also, what objects should be accessable such as sys.database_mirroring, sys.database_recovery_status, etc?
View 18 Replies
View Related
Dec 20, 2000
I have jsut started using SQL server 7 and am having problems with accounts permissions, users,roles, groups, owners etc what are the differences?
View 1 Replies
View Related
Apr 25, 2007
Hi,
I created a database,login,user and schema like belows.
-- 2. create database
CREATE DATABASE MyTempDatabase;
-- 3. create login
CREATE LOGIN MyTempLogin WITH PASSWORD = '#mytemplogin$',
DEFAULT_DATABASE = MyTempDatabase,
CHECK_EXPIRATION = OFF,
CHECK_POLICY = OFF;
--
USE MyTempDatabase;
-- 4. create user
CREATE USER MyTempLogin FROM LOGIN MyTempLogin WITH DEFAULT_SCHEMA = MyTempSchema;
-- 5. create schema
CREATE SCHEMA MyTempSchema AUTHORIZATION MyTempLogin;
The created user,MyTempLogin, must have permissions that can create tables,drop tables,select,insert,delete,update and bulk insert.
How can I grant permissions to the user?(or schema?)
I failed to grant by T-SQL query.
Additionally, what is purppose of the ROLE? Should I create or use it?
I'm confusing in security concept(login,user,schema,role).
Thanks.
View 3 Replies
View Related
Jun 22, 2007
Hi,
I recently installed an evaluation copy of SQL Server 2005 Enterprise Edition on my local machine and during the installation I used Local System system account for the SQL Server service and set the server to use Mixed Mode authentication.
I am able to connect to this local server Database Engine with my Windows login through SQL Server Management Studio and am able to perform sysadmin tasks. My question is why?
My thinking was that even though my Windows login would provide me a connection to the server, I would still have to manually add this login to the sysadmin server roles but after checking the sysadmin role, my Windows login isn't in there. The Windows login is not found under Security - Logins in SSMS either.
Can someone tell me should details for the login be visible on the server and why it seems to have sysadmin permissions ?
Thanks
View 1 Replies
View Related
Mar 12, 2002
Hi all,
I have restored a database from one SQL server 2000 installation to the target (test) server of exactly the same type.
After the restore, I have found that the sa User in my database is missing. If I go to logins under 'Security' in Enterprise Manager, the sa login is there and after viewing properties for this Login, it is checked as having acces to my offending database under the Database Access Tab.
I try to uncheck it but it tells me that the name dbo was not found in the users collection. I go back to the database and try and add the user (login = sa, Name = dbo) and returns with the error
Error 15405: Cannot use the reserved user or role name 'sa'.
Can anyone explain this and how I can reinstate the sa id (The is did not have a password on either servers.
Thanks
David Ray
View 1 Replies
View Related
Jun 26, 2000
hi,
My requirement is as follows:
1. I Dump my Database into a dump device
2. I Rebuild my mater Database
3. I Restore my User Database.
4. At the end of the above exercise I find my relationship between sysusers (User Database) and syslogins (master) is totally screwed up. This has been causing logon problems to my User Database…
5. I tried using sp_change_users_login …but it does not seem to work.
Thanking you in advance for your help rendered
View 1 Replies
View Related
Sep 3, 2004
I restored a DB from one SQL server to the other. Before doing the Restore I created a blank DB on the destination server. The destination server already had all the logins that were present on the source server. I also created the same users in the destination DB as the source. Before doing the Restore if I look at the users in the Enterprise manager I can see all the users that I created. However after the Restore the only user I see in the Enterprise manager is 'dbo'! If I login using isql and go the newly restored DB and issue 'sp_helpuser', it shows me all the users that I created.
So why don't I see these users from Enterprise manager?? It looks like an ID mismatch problem between syslogins and sysusers.
Next I login using ISQL to the destination server using one of the corrupted? logins. I try to go to the restored DB and it complains that this is not a valid user. So I come out and login in again as SA and go the restored database and try to add the earlier user. It says user already exists. :mad: I'm not sure whats the right way out here. :confused: Any help appreciated.
Thanks
View 1 Replies
View Related
Apr 12, 2007
I just spent the better par of 3 days creating a prototype in ASP.Net 2.0 and SQL Server Express only to discover that nobody from outside can see it...
ERROR with impersonation=true
User does not have permission to perform this action.
ERROR with impersonation=false
Unable to open the physical file "c:inetpubwwwroot------.mdf". Operating system error 5: "5(Access is denied.)".An attempt to attach an auto-named database for file c:inetpubwwwroot-----.mdf failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.
What makes this so difficult?
What am I missing?
View 9 Replies
View Related
Jul 22, 2002
I made a backup of a production database and copied that backup over to a development server and restored the database. Now I have users saying that the application is failing on development. I have users that have NT authentication and some with SQL authentication.
What is the best way to get everything to sync up again?????
View 1 Replies
View Related
Jun 6, 2000
I have an sql server DB which I populate on a local machine, using enterprise manager I backup the DB and zip it up and upload it to my server where I restore it. Every time I restore it I have to add a new login, which is rather annoying, and it wont let me delete the old login - so I have a list of redundent logins.
View 1 Replies
View Related
Oct 25, 2007
Hey Everyone,
I am testing restoring databases on another SQL 2005 server in out environment using HP data protector 5.5 and its great. However, I notice that the security login accounts do not get restored. If this is the case how do I go about getting accounts restored? Also, are there any other options?
Cheers,
Mark
View 3 Replies
View Related
Oct 12, 2006
I restored a DB to another server and then i used the stored procedures
exec sp_addlogin on the master DB and the exec sp_change_users_login on the DB that I have restored. When i try to run a sproc I am getting
Login failed for user 'NT AUTHORITYANONYMOUS LOGON'.
I have used windows authentication to login to connect to the server using sql management studio
Am i missing something. Thankyou for the help
View 1 Replies
View Related
Apr 15, 2008
Hi guys! When it comes to writing sql statements, I do ok. But I just know the basics on sql server dba stuff.I need to create a sql server login account that has the ability to backup and restore databases, BUT NOTHING ELSE.No ability to change anything other than via the restore process. I figured out how to do the backup portion of my requirement, but not the restore part.Any ideas? Thanks in advance!
View 3 Replies
View Related
Jan 28, 2007
Hallo
I have a bit of a problem I haven't come across before. I was testing some restore code using smo, when the restore process got corrupted. Now I cannot log into that database file. Whenever I try and connect to it, I get a login error. Connections to this database file previoulsy worked very well.
I do not get login errors for databases with different names, or when using the same database file on another computer. There must be some data stored somewhere that is causing this. I have removed the database file and reloaded it, but to no avail. Any insight into this would be appreciated
View 2 Replies
View Related
Jul 23, 2005
Dear group,I am a DB-Administrator for a Company that creates and maintains asoftware solution based on SQL-Server and Crystal-Reports.The Crystal-Reports part uses the following method to present data.First a specific user (database authentification) is created with afixed password. Then Crystal Reports uses thisuser/password-information to login to the database and present or printthe data.I recently received a database from a customer of ours and i restoredit on my machine. It worked perfectly except that the Crystal Reportspart did not function at all (showing only blank reports).After dropping the specific user and creating the fixed password thething worked.So my question: does restoring a SQL-Server database on a differentmachine alter or eliminate login and user information ?Any reply will be highly appreciated.Greetings from ViennaUli
View 2 Replies
View Related
Sep 16, 2007
Hi!
I have a SQL 2000 database that has several tables with the same name but with different users/logins.
Example:
Database "Customers"
Table Customer with user / login CompanyA
Table Customer with user / login CompanyB
Table Contact with user / login CompanyA
Table Contact with user / login CompanyB
I need to split these into two different database's
Database "CustomersA"
Table Customer with user / login CompanyA
Table Contact with user / login CompanyA
Database "CustomersB"
Table Customer with user / login CompanyB
Table Contact with user / login CompanyB
Any good idea how to do this?
Ingar
View 5 Replies
View Related
Jan 12, 2006
Hi,
I am trying to make an oracle publiching from sql server 2005 enterprise final release, i installed the oracle client 10.2 (10g) on the same server where sql server already installed, i made different connection to oracle database instance and it was ok.
from sql server : right click on publication -New oracle publication-Next-Add Oracle Publisher-Add button-Add Oracle Publisher-i entered server insttance test1 and their users and passwords--connect --->
the oracle publisher is displayed in the list of publisher but when press ok i got the following error :
TITLE: Distributor Properties
------------------------------
An error occurred applying the changes to the Distributor.
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.1399.06&EvtSrc=Microsoft.SqlServer.Management.UI.DistributorPropertiesErrorSR&EvtID=ErrorApplyingDistributor&LinkId=20476
------------------------------
ADDITIONAL INFORMATION:
SQL Server could not enable 'test1' as a Publisher. (Microsoft.SqlServer.ConnectionInfo)
------------------------------
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
------------------------------
The permissions associated with the administrator login for Oracle publisher 'test1' are not sufficient.
Changed database context to 'master'. (Microsoft SQL Server, Error: 21684)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.1399&EvtSrc=MSSQLServer&EvtID=21684&LinkId=20476
------------------------------
BUTTONS:
OK
------------------------------
Any idea about this error ?
Thanks
Tarek Ghazali
SQL Server MVP.
View 2 Replies
View Related
Oct 27, 2004
Hi,
Im getting this error when attempting to retrieve data from an sql database.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Cannot open database requested in login 'projectAllocations'. Login fails. Login failed for user 'sa'.
Source Error:
Line 13: objConn = New SqlConnection( "Server=LAB303-066NETSDK; Database=projectAllocations; User ID=sa;Password=mypassword")
Line 14: objCmd = New SqlCommand("SELECT * FROM project_descriptions", objConn)
Line 15: objConn.Open()
Line 16: objRdr = objCmd.ExecuteReader()
Line 17: While objRdr.Read()
Source File: C:finalyearproject2sample.aspx Line: 15
Please Help!! Im a beginner to this, so if anyone knows the answer, take baby steps when explaining. Thanks
View 3 Replies
View Related
Jul 27, 2005
Been looking through the forums for a solution to this problem.I already tried granting access through statements such as:exec sp_grantloginaccess N1'machineNameASPNET'But they don't seem to work.. i vaguely remember seeing somewhere a DOS command line statement that grants access to the ASPNET_WP and that fixed my problem before on another computer.. but this is a new computer and i forgot to write down the command.Can anyone help explain and propose a solution to my problem. Many thanxs.
View 9 Replies
View Related
