Problem In SQL Developing As Restricted User (member Of User Group)
Nov 19, 2005
Greetings,VWD EE and other Tools do not have problems working O.K. on my machine, when I am logged-on as restricted(limited) user, both environment and local web server are functioning, and it was MS effort to do it right.BUT the Problem is, when I try to connect to database->new DB connection(either through vwd or management studio etc). I get an Error - which should be written to event log (according to msg) but it isn't - that I can't connect. I am sure that it is because NO SQL SERVER2005EXPRESS instance is running, which I think is the only prerequisite to have it work (I do not need sqlbrowser service I am doint local development).SQL2005express service is configured on MANUAL start. I can start it as administrator through SQL config manager, but it is not convienient and what I want. I need to start it ONLY as a developer user, I do not want it to be running all-the-time for everyuser using computer. It was congigured as Network Service logon, I tried Local Service logon, and I even tried configuring it to logon as -my developer user- account, e.g. with limited user name and his password.In every case I can't start the service as member of users group and this developer. Then I added limited user to SQL2005EXPRESS group. Still NO help, won't start either.My question is, If I want to start developing ADO2.NET application and I need to have running SQL2005Express instance as a develper, how can I start it? I think I do not have some rights to masterDB or something. Do it allways need to be running when computer starts? Isn't there any other way, to start it JUST when I think I start developing?I know of user-mode of accessing SQL2005express DBs, but it also assumes that SQL2005Express service is already running, what I am trying to prevent. I do not want to have it running for everyone who uses computer, just for someone who neeeds it.Any help explaining me the right way HOW TO SETUP WORKING ENVIRONMENT when developing as limited user welcome, I read the the documentations and haven't found the answers.THANK YOU !
We are using Windows authenication within our system, and I was wondering how it would be possible to determine if the user conected to the SQL SERVER instance was a member of a particular active directory security group?
I am download backup of SQL database from server and I am restore database successful into my SQL Server Management Studio Express, but near name of database stay: (Restricted User) note!When I try use database offline for login into my control panel created by me it not work. After I create small new database with same tables login work! I am admin on my local PC. Any ideas why my restored database has note: "Restricted User"? This is bigger database and looks complicate transfer data from old to new database, but if someone have these examples it can help too
How would I hide the sa account to be accessible under Logins for a restricted User in sql server 2005 and also other folders like Replication, Managment, etc need to be hidden too.
I restored a sql server database today. There is a problem though. In SQL server, right next to the name of the database are the words "Restricted User". Their seem to be some limitations on my access to this database now as I am not able to run some of my C# code against the database. How can I fix this in SQL server so that I am not a Restriced user.
Example of what I am talking about. In SQL server my database is named Gorlaz. Just to the left of this is a yellow Icon that represents the database "Gorlaz". For illustration purposes I will use the character "$" to substitute for the yellow database icon. So this is how it reads in SQL server management studio. $Gorlaz(Restricted User)
This is my first time to deploy an asp.net2 web site. Everything is working fine on my local computer but when i published the web site on a remote computer i get the error "Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. Please make sure the user has a local user profile on the computer. The connection will be closed" (only in pages that try to access the database) Help pleaseee
I need a stored procedure to find out if the current user is a member of a certain role. I want to pass the role name and return a bit to tell whether he is a member or not. I have this code to list the groups the current user is a member of but I don't know how to search or do a "SELECT FROM" on the results.DECLARE @usr varchar(32) SET @usr = USER EXEC sp_helpuser @usr But if the current user is a member of more than one role it returns multiple rows. So if I could do something like: DECLARE @grpName varchar(32) SELECT * FROM (EXEC sp_helpuser @usr) WHERE GroupName=@grpNameIF rowcount > 0 THENRETURN 1ELSERETURN 0END IF I know that doesn't work so how can I do this?
What I'm looking for is a list of roles a particular user is a memberof.the closest I've found so far is sp_helprolemember without anyarguements. but this gives me all the roles and all the users. I wantthis same list filtered on a specific user.something like sp_??? 'user'
I want an MDX calculated dimension member, (with no measure specified in expression, so that any related measure can be used in a query/browse), and that accomplishes either one of the following:
Ideal: To calculate Median values on every level of a user hierarchy
If "Ideal" is not possible, then "Acceptable" is: To calculates Median values on one or more levels OTHER than the highest level.
I installed SQL 2005 SP2 + ReportServices Add-in for Sharepoint (WSS 3.0). All it's OK until I try to grant database access in the Sharepoint Central Admin site.
I setup the Reporting Services Integration (Manage integration settings). I use the default SQL instance, I put the USERNAME and the PASSWORD of my ADMIN account in the ENTER CREDENTIALS windows.. When I click the "OK" button, I receive always the error ...
"A new member could not be added to a local group because the member has the wrong account type"
I installed SQL 2005 SP2 + ReportServices Add-in for Sharepoint (WSS 3.0). All it's OK until I try to grant database access in the Sharepoint Central Admin site.
I setup the Reporting Services Integration (Manage integration settings). I use the default SQL instance, I put the USERNAME and the PASSWORD of my ADMIN account in the ENTER CREDENTIALS windows.. When I click the "OK" button, I receive always the error ...
"A new member could not be added to a local group because the member has the wrong account type"
If I have an NT User created as a SQL login - and an NT Group as a SQL login, and then I revoke access to the Group - can the user still get in...? Should they be able to - since their specific user account is not locked, but the group is....?
I guess the real question is - when using NT Authentication, does security behave like NT - if you are denied one place - you are denied all places...?
I've got a SPROC that generates a recordset of user vote tallies (they're calculated in a separated SPROC). The user submissions are grouped by a GUID value so as to remain unique for a user's submission (each user can have multiple submissions.
The problem is that the recordset returned displays ALL the users, and I'd like to only select the highest score for each user. So, if I have 500 submissions from 3 users (User1 and User2 submit once each and User3 submits 497 times), the total recordset will have 3 rows - being the highest score per user, discounting the others.
Here's my base query:
SELECT a.UserID,a.Name AS [Name],SUM(b.TotalTally) AS [TotalPoints] FROM Users a INNER JOIN Ballots b ON a.UserID = b.UserID GROUP BY a.UserID, a.Name,b.SubmissionGUID ORDER BY [TotalPoints] DESC,[Name] ASC
...and I've been able to get the highest vote per user, discounting duplicate entries, by using this:
SELECT a.UserID,MAX(b.TotalTally) AS [TotalPoints] FROM Users a INNER JOIN Ballots b ON a.UserID = b.UserID GROUP BY a.UserID
How can I write combine the two in a nested subquery to display only the top score per user?
I am trying to create a TSQL statement or stored procedure that cantell me what users belong to what group and what groups have access towhat files. Can anyone help? Can I pull out a list of names fromActive Directory to use as my user list?
Our system administrator set up an NT server group in order to allowour users to login to our application via https to our sql server.The group appears as a User in SQL Server when you look at it inEnterprise Manager. That said, I can not see the users associatedwith the group from Enterprise Manager, but know they can login to thedatabase.The problem is this. When we login via the web we get access to thedatabase without problem, but when you look at the current_user whatyou see is the login Name the user entered and NOT the name of thegroup/User. That is to say, I can see a UserID which is not listed asa User in SQL Server and can't see the name of the group, which islisted as a user in SQL Server.I need to know who's logging in order to direct them to theappropriate web page via their role. Before the admin set up thegroup, I was using sp_helpuser to get the role, but then again I hadthe userID to do this.The question I have now, is there any way to see what thegroup/user is who logged in i.e. the goup listed as the User inEnterprise Manager? Otherwise I have to build a table of userIDs andtheir group/User name, which seems to defeat the purpose of having heserver authenticate users.Thanks,Tom
I have a problem that many reports and folders were created with my administrative account. Due to some problems with AD my account was renamed MYDOMAINmyuser1. Everything has seemed to work fine for several months. Today I started getting an errors in the logs and subscriptions won't work.
w3wp!ui!1!3/25/2008-06:03:14:: e ERROR: System.Web.Services.Protocols.SoapException: The user or group name 'MYDOMAINmyuser' is not recognized. ---> Microsoft.ReportingServices.Diagnostics.Utilities.UnknownUserNameException: The user or group name 'MYDOMAINmyuser' is not recognized. --- End of inner exception stack trace --- at Microsoft.ReportingServices.WebServer.ReportingService2005.SetSubscriptionProperties(String SubscriptionID, ExtensionSettings ExtensionSettings, String Description, String EventType, String MatchData, ParameterValue[] Parameters) w3wp!ui!1!3/25/2008-06:03:14:: e ERROR: HTTP status code --> 200 -------Details-------- System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: The user or group name 'MYDOMAINmyuser' is not recognized. ---> Microsoft.ReportingServices.Diagnostics.Utilities.UnknownUserNameException: The user or group name 'MYDOMAINmyuser' is not recognized. --- End of inner exception stack trace --- at Microsoft.ReportingServices.WebServer.ReportingService2005.SetSubscriptionProperties(String SubscriptionID, ExtensionSettings ExtensionSettings, String Description, String EventType, String MatchData, ParameterValue[] Parameters)
at Microsoft.ReportingServices.UI.ReportingWebControl.ShowErrorMessage(Exception e)
at Microsoft.ReportingServices.UI.SubscriptionPropertiesPage.SaveButton_Click(Object sender, EventArgs args)
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) w3wp!ui!1!3/25/2008-06:03:14:: e ERROR: Exception in ShowErrorPage: System.Threading.ThreadAbortException: Thread was being aborted. at System.Threading.Thread.AbortInternal() at System.Threading.Thread.Abort(Object stateInfo) at System.Web.HttpResponse.End() at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm) at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg) at at System.Threading.Thread.AbortInternal() at System.Threading.Thread.Abort(Object stateInfo) at System.Web.HttpResponse.End() at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm) at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg) w3wp!extensionfactory!1!3/25/2008-06:03:41:: w WARN: The extension Report Server Email does not have a LocalizedNameAttribute. w3wp!extensionfactory!1!3/25/2008-06:03:41:: w WARN: The extension Report Server FileShare does not have a LocalizedNameAttribute.
I've deleted and recreated the subscriptions and I am still get these error messages. Any help resolving this is really appreciated.
we  do get incidents saying user can't login even adding to the group.So is there any script to check which group the user xxxxx belongs to from SSMS?
Hi... I have a requirement where I need to pass the Users Windows userID and the AD group through which he is associated to the database so that I can get appropiate data.
Is there a way I can pass the Windows user ID and the AD group(through which he is authenticated in Reporting Serivces) through the Reporting Serivces as a parameter so that it can be used in the Reporting Query.
When I am in Visual Studio 2005, and I try to add an SQL database, I get the following error "generating user instances in sql server is disabled. use sp_configure user instances enabled to generate user instances." I am currently using SQL server 2005 Express. What do I need to do, to create an SQL database? Thanks in advance.
In our sql server we have around 40 windows group. Say a Windows user = "X" This X user does not have a direct windows login, he is present in one or more windows groups registered in the sql server.
I need to know throught which group he is logging in.
If I know this , this will help in my auditing process.
I am setting up security for access of database tables for members in a specific Windows User Group.I want to check in a SQL script if this Windows User group is added and if so, add database users and grant SELECT on specific tables.
I have tried this:
SELECT * FROM master.sys.syslogins WHERE name like '%FoeUsers' AND isntgroup = '1'
but that selects a SQL user or group and not a Windows Group.Is there a way to check if a Windows NT (active Directory) user group exists?
I've created an rdl report in reporting services 2005. Report is working fine. I've deployed this report on SQL Server 2005. The problem is this that to access the reports from client, I need to add client's login ID in Administrator user's group os server. If I dont add them in that group, it shows following error:
"The permissions granted to user 'loginname' are insufficient for performing this operation. (rsAccessDenied)".
This solution works fine in development but in actual environment, I can't add users in that group. Can anyone tell me how to view reports without adding user in administrator group. Its urgent.
I'd appreciate your thoughts on this. Not done too much DB admin. Usually I do development work and the admins to the admin.
The database is behind an API of stored procedures to manipulate the data, and views to select the data.
The database needs to be accessed remotely by multiple clients.
How best to keep the database secure?
Create a new user and login on the database which is made known to all client applications. Then grant execute permission on the stored procs and grant select on the views?
There is probably a better way than one login for all? Should I be looking at roles and groups etc? If so, how best to set that up?
Is it possible to check for Active Directory group.. ie see if the user running the Stored Proc, is in a specific Active Directory Group? Or if I set up Login's using Active Directory, can I get the Login that way... or will it give me the user's account?
I've just written a query that successfully brings back the data from one table based on the information from another. Basically we have been given a table of information and need to update certain fields in our user_group table with the new info.
Here is the SELECT statement SELECT user_group.id, user_group.name, user_group.description, Consultants.description AS Expr10, user_group.btype, user_group.rootmenu, user_group.intra_user, user_group.primary_g_id, user_group.fname, user_group.lname, user_group.ntlogon, user_group.lang_id, user_group.[external], user_group.title, user_group.work_tel, user_group.work_fax, user_group.work_ext, user_group.mobile, user_group.sex, user_group.add2, user_group.add3, user_group.town, user_group.county, user_group.pcode, user_group.private_flag,
[code]....
We want to update the 'description' on the user_group table with the 'description' from the 'consultants' table. To test this, we only want to write the UPDATE so that it changes the description where the name is 'Adam Froth. The UPDATE statement that we've written is
UPDATE user_group SET user_group.description = Consultants.description FROM user_group INNER JOIN Consultants ON user_group.description = consultants.description WHERE name like 'Adam Froth%'
but it keeps erroring and saying that it could 'Not be bound'.
I am getting some problem in using group in sql server login.
i have two NT groups in windows.i) developer and tester
I added a user Lalit in both gruop. I want to give db_owner permission on a particular database(Employee) to developer group and data_denyreader and deny_writer on same database(Employee) to tester group.
Now when i logging in to sql server using Lalit(windows authentication) iam not able to access the database(Employee).
Now my concern is that Lalit should have full access to the employee database when entered as developer user and limited access to employee database when entered as tester user.