Restrict Role To CREATE TABLE On An Assigned SCHEMA
May 9, 2008
Can anyone help me with this? The objective is to allow an application user (with db_datareader & db_datawriter database roles assigned) to be able to create tables in the assigned schema (dbo) via a new role.
-- Create User
use master
go
create login DBA with password='xx', CHECK_EXPIRATION=ON, CHECK_POLICY=ON
use AdventureWorks
go
create user dba from login DBA
alter user dba with DEFAULT_SCHEMA=dbo
go
-- Create Role
use AdventureWorks
go
create role sp_ddl_role AUTHORIZATION dbo
grant CREATE TABLE to sp_ddl_role
-- assign user to Role
use AdventureWorks
go
exec sp_addrolemember sp_ddl_role, dba
go
-- Create Table statement then run with following error
Error:
Msg 2760, Level 16, State 1, Line 1
The specified schema name "dbo" either does not exist or you do not have permission to use it.
Remedy: Grant ALTER on schema::dbo to sp_ddl_role
My problem is that I want to restrict user permissions via this role to just the CREATE TABLE and granting ALTER on a SCHEMA will open up a whole lot more permissions from a security standpoint.
Question: How do I restirct this role to just the CREATE TABLE within a SCHEMA?
View 1 Replies
ADVERTISEMENT
Mar 1, 2007
Hello (help),
In SQL2000, when the Guest account was assigned into a role, such as db_datareader, then querying across databases worked just fine.
Specifically:
I have a Report Writer application that connects to the SQL Server with a login (ReportRunner) that actually has very limited permissions on a database.
The connection is then set (sp_setapprole) to use an Application role (App_RR) that has the necessary permissions.
The report-writer app calls a Stored Procedure that gathers data from several other databases (on the same SQL instance).
In SQL 2000, accessing these other databases was done through Guest - we assigned Guest to the db_datareader role. All worked fine.
We've just upgraded to SQL2005: reports started failing. It seems that although guest is assigned to the db_datareader role, the permissions for Guest don't allow selecting from tables via the db_datareader role: we've had to GRANT SELECT TO Guest specifically on the tables necessary for the report.
Is anyone aware of a design change withing SQL Server such that the Guest principal's roles are disregarded when assessing permission? Is there a new and better way to structure the permissions?
Thanks in advance for your help.
Mark Starr
View 9 Replies
View Related
Oct 10, 2007
Hi:
When I restore DB from testing to production, we want to remove extra access rights granted to public group. Is there a simple way to query to find out for which objects (table, view, sp, fn) that public group were granted select, delete, update insert, or execute rights?
My objective is to write a sp to remove all user assigned rights to public group (role), but not to deny any rights. How to do it?
Any suggestion will be appreciated.
View 1 Replies
View Related
Mar 3, 2006
Is
there a way to find a list of Windows User accounts that are directly
or indirectly (through Windows Group membership) assigned to a database
role?
I could put work in to CLR programming or using a Linked Server to
Active Directory, but if there is a sys.* view available that can
provide me this
information directly it would be much easier.
I'll be looking into this further myself anyway and posting an answer
if I can find one, but if anyone has suggestions... well, thanks!
View 1 Replies
View Related
Sep 23, 2015
I have created a user Finance and I want to grant him access only to see views which are created under Schema called "FinanceQuery".
Note: View may use tables from multiple schemas example: dbo. Staging. ectÂ
By doing this, I want to achieve that this user Finance can see only Views created under Schema FinanceQuery and should not see any other objects (tables, Stored Procedures, Functions etc.)
View 3 Replies
View Related
Sep 13, 2005
I’ve got a situation where the columns in a table we’re grabbing from a source database keep changing as we need more information from that database. As new columns are added to the source table, I would like to dynamically look for those new columns and add them to our local database’s schema if new ones exist. We’re dropping and creating our target db table each time right now based on a pre-defined known schema, but what we really want is to drop and recreate it based on a dynamic schema, and then import all of the records from the source table to ours.It looks like a starting point might be EXEC sp_columns_rowset 'tablename' and then creating some kind of dynamic SQL statement based on that. However, I'm hoping someone might have a resource that already handles this that they might be able to steer me towards.Sincerely,
Bryan Ax
View 9 Replies
View Related
Jul 28, 2006
Hello,
I'd like to create a temporary table with the same schema as an exiting table. How can I do this without hard coding the column definitions into the temporary table definition?
I'd like to do something like:
CREATE TABLE #tempTable LIKE anotherTable
..instead of...
CREATE TABLE #tempTable (id INT PRIMARY KEY, created DATETIME NULL etc...
I'm sure there must be a simple way to do this!
Many thanks,
Ben S
View 3 Replies
View Related
Oct 6, 2006
In CLR integrated trigger:
If I want to make a trigger:
- For Insert
- With name: NewEmployeeInserted
- On table dbo.Employees
I add the following attribute above the desired .net method logic:
[SqlTrigger(Event = "For Insert", Name = "NewEmployeeInserted", Target = "Employees")]
How to make a trigger on for example: Production.Employees table?
where Production is the schema where this table resides.
Thank you.
View 1 Replies
View Related
Oct 26, 2007
Is it possible to create a schema or table in sql server from a dbf file instead of manully creating it
Regards
Karen
View 1 Replies
View Related
Mar 7, 2006
I'm trying to give permissions to a particular user to execute a collection of stored procedures. From what I read, it seems the best way is to define a role and schema - I've called it db_executeusersp, and use it to grant Execute permission to a set of stored procedures. I can then create the user and simply add that role to the user and all is wonderful.
But, I'm trying to figure out how to script this thing. In SQL Server Management studio, I can script the objects, but cannot figure out how to script the connection between the schema / role and stored procedure. All I get is a script of the object definition.
Any ideas??
View 1 Replies
View Related
Sep 6, 2007
Having some trouble getting my head around setting access to specificschemas- here's my problem:I've created a specific schema that I only want certain users tocontrolProblem: Even though I give them full access....the cannot createtables under that schema...my code is below (flyer is the schema,eflyerAdmin is the role, and eflyer is the user):GRANTALTER,CONTROL,DELETE,EXECUTE,INSERT,REFERENCES,SELECT,TAKE OWNERSHIP,UPDATE,VIEW DEFINITIONON SCHEMA::flyerTO eflyerAdminGO-- Add an existing user to the roleEXEC sp_addrolemember N'eflyerAdmin', N'eflyer'
View 1 Replies
View Related
Aug 8, 2006
Hi,For a service I'm working on I need to ask the user for their databasecreate script. It's used to re-create the users database schema in atemporary database on a in-house server in an automated fashion.For security reasons, I need to be sure that the create script can onlycreate tables, columns etc and not things like snooping in otherdatabases and/or formatting the server.Can you give me pointers about what the minimum grants are to let goodscript execute successfully and evil scripts fail?Regards,Ward
View 4 Replies
View Related
Feb 23, 2008
I have created the functionality to dynamically create databases and am now trying to figure out how to create database roles using T-SQL.
I keep finding information about the sp_addrole stored procedure which is the first step, but how do you go about defining what permissions this role has via T-SQL?
Thanks
View 3 Replies
View Related
Jul 20, 2007
I use the following script in order to create db role:
USE [MyDB]GOCREATE ROLE [myRole] AUTHORIZATION [public]GO
It doesn't work:
Msg 15405, Level 16, State 1, Line 1
Cannot use the special principal 'public'.
However this code works fine:
USE [MyDB]GOCREATE ROLE [myRole] AUTHORIZATION [dbo]GOALTER AUTHORIZATION ON ROLE::[myRole] TO [public]GO
So the question is why?
View 6 Replies
View Related
Mar 22, 2007
Hi,
I want my application to create database and I do the following things:
1)Create application role
2)Grant create database to application role
3)Activate application role
4)Create database
and I get the answer:
CREATE DATABASE permission denied in database 'master'.
View 1 Replies
View Related
Jan 21, 2005
Hi
I need to restrict delete from one table by any user of SQL. How can we do this? This is our master table and we dont want any one to delete data from this table.
Thanks
Bala
View 1 Replies
View Related
Jan 7, 2004
Hi,
I hv an application which is using ASP.net. The connectionstring in web.config is
<appSettings>
<add key = "constring" value = "Initial Catalog=mydatabase;Data Source=mypc-pc;User ID=User1; Password=password1"/>
</appSettings>"
Then, i hv created a user in SQL Server 2000 which is User1. What should i put for the database role? db_owner or just db_datareader and db_datawriter?
pls help.
Thnx
View 4 Replies
View Related
Aug 23, 2002
I get the following errors associated with trying to create an SP.
Server: Msg 170, Level 15, State 1, Procedure AddFortuneUser, Line 8
Line 8: Incorrect syntax near '@newuser'.
Server: Msg 137, Level 15, State 2, Line 1
Must declare the variable '@newuser'.
Can anyone explain why I have to do a declare.
I suspect I have to issue "declare @newuser sysname" somewhere but I'm not sure why.
The following is the code I'm trying to run.
My intent would be to create a form for the Admin Clerk that would call this SP. That way they can create a generic login. They have an application that allows them to change the password after the fact.
/*
Created for Admin person to allow them to add a basic SQL Login Account
forcing the user to be a member of a specific role 'helmsman'
in a specific database 'Fortune'
*/
CREATE PROCEDURE AddFortuneUser
@newuser char(128)
AS
EXEC master..sp_addlogin @loginame=@newuser, @passwd =substring(@newuser,1,8), @defdb =Fortune
GO
if not exists (select * from dbo.sysusers where name = @newuser and uid < 16382)
EXEC sp_grantdbaccess @loginame=@newuser, @name_in_db=@newuser
GO
exec master..sp_addrolemember @rolename ='helmsman', @membername =@newuser
GO
View 1 Replies
View Related
Jul 10, 2007
Hi, dear friends,
Just found that I am not able to ignore the name column property for role-palying dimension even though I only select one of the key columns for this dimension in the mining structure where the role-playing dimension is used? E.g I have a fact table (which is the case table for the mining structure) which is related to the role-playing date dimension. The schema is as following:
Dim_event_day_time_key
Dim_carrier_day_time_key
Dim_domain_day_time_key
.....................................
and other attibutes in the fact table.
When I dragged the 'hours' attribute from the dim_day_time table to the mining structure, if I left the key columns of 'Hours' as the above 3 columns, then I have to select a name column, by then I dont have a name column in the dimension table yet. Therefore I want to jsut select one key column as the key of that role-playing dimension in the mining structure, but then I am not able to ignore the 'name column' property as it still always asks me to select the 'name column' for that.
Therefore my question is: we are not allowed to select only one key columns in the mining structure for the role-playing dimension? And we will have to always go to the data source view to create a named calculation as the new column for the role-playing dimension?
Hope my question is clear for your advices and I am looking forward to hearing from you shortly.
Thanks a lot in advance.
With best regards,
Yours sincerely,
View 1 Replies
View Related
May 16, 2008
The question is pretty simple so I don't see why it is so difficult to understand. I do hope somebody answers with something useful.
The problem is that SQL Server 2005 defines several default ROLES such as db_accessadmin, db_backupoperator, db_datareader, etc. and at the same time it also defines SCHEMAS with the same name (db_accessadmin, db_backupoperator, db_datareader).
I have no idea what MS developers where thinking but that is utterly confusing. When creating a role using Management studio one should be able to "grant" these default ROLES to the role one is creating (or the user), instead one is presented with schemas.
For example, when creating a new database role if you select the db_datareader SCHEMA (because ROLES are not presented...) then you can select the various permissions (CONTROL, SELECT, ALTER, etc.). That is ok if the object is a user defined schema but totally confusing for default db_ schemas. Why would one grant other than SELECT to db_datareader schema?
I am still confused about this and is hindering the implementation of a proper database role structure.
View 5 Replies
View Related
May 11, 2015
Need to create a user defined role with grant permissions for below .
View Definition
Execute all Function
Grant View
Grant Synonym
dbo
View Definition
Not getting grant statements for above permissions.
I mean like below.
-----------------------------------------------------------------
CREATE ROLE [Role1]
GRANT EXECUTE ON SCHEMA ::dbo TO [Role1]
-----------------------------------------------------------------
View 1 Replies
View Related
Feb 1, 2006
how to restrict data insertion upto 50 MB in a table?
View 1 Replies
View Related
Mar 28, 2007
Hi,
I have found that in the autogenerated model attributes are missing for those fields that have relations to other tables. At first, it may look reasonable since a user can still get down to the field's value through the relation/related table. However, if the relation's key fields is the only thing the user wants to display, then going down to the related table is an overkill.
I can add an attribute manually and bind it to the key field(s). Is there an option in the autogeneration process to do it automatically? The only post I've found so far suggests to do everything manually (http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1152575&SiteID=1). Is this the only way?
Thank you,
Leonid
View 3 Replies
View Related
Feb 26, 2008
what wrong ?
IF NOT EXISTS ( SELECT * FROM sys.schemas WHERE [name] = 'ATypes' )
BEGIN
CREATE SCHEMA [ATypes] AUTHORIZATION Owner_SchATypes;
END
GO
why I get an error ?
Noam Graizer
View 3 Replies
View Related
Apr 24, 2007
How can I create a new schema inside a database from Managment studio express.
Also can someone explain me the concept of schema clearly. If database is like a house, then is schema like a room in it ??
View 3 Replies
View Related
Nov 2, 2007
I€™m trying to create an index on a view. I get the error that €˜the view is not schema bound.€™
Soooo, I try to put it in a schema.
This is the syntax I am using -
CREATE SCHEMA AUTHORIZATION painter
CREATE VIEW large_paints AS
SELECT paint_id,color FROM paint WHERE paint_size=100
CREATE INDEX idx on large_paints (paint_id);
I get the error - Incorrect syntax near the keyword 'INDEX'.
Any ideas?
View 1 Replies
View Related
May 26, 2015
An old website I inherited uses sa to connect to SQL SessionState and had the details in the web.config. This is bad for security.The session state database is of -sstype "t" which is defined as:Temporary. Session state data is stored in the SQL Server tempdb database. Stored procedures for managing session state are installed in the SQL Server ASPState database. Data is not persisted if you restart SQL. This is the default.What kind of WIndows user, SQL Login, role and permissions do I need to create to make Session State secure? (Windows Server 2012 and SQL Server 2012 mixed mode authentication, Webfarm).
View 4 Replies
View Related
Mar 25, 2008
IF NOT EXISTS (SELECT 1 FROM Sys.Schemas WHERE [Name] = N'HR4')
CREATE SCHEMA HR4 AUTHORIZATION [dbo]
The above statements gives me an error saying "Incorrect syntax near schema". But the following code works fine.
DECLARE @sql varchar(100)
set @sql='CREATE SCHEMA HR4 AUTHORIZATION [dbo]'
IF NOT EXISTS (SELECT 1 FROM Sys.Schemas WHERE [Name] = N'HR4')
exec(@sql)
Any ideas on what is causing this error?
Thanks!
View 1 Replies
View Related
May 22, 2008
I Would like to create a schema sample and make it as default schema instead of dbo.
If a user logs in and creates a table like create table t1 (no int ) .
it would be assigned to sample schema and displayed as sample.t1 not dbo.t1.
How to set the user created schema as primary schema.
View 9 Replies
View Related
Dec 19, 2006
Hi .Net Guru’s,I have an urgent requirement for my project; the issue is mentioned below;Using .Net(C#/VB.Net) I need to generate/created Database objects from XML schemas.I don't have any sample xml schema file to give you. You just imagine you have a sample .xsd file and this .xsd file will be used to create database tables.Please let me know if you have any queries. Thanks,nick
View 1 Replies
View Related
Nov 5, 2004
Hey,
I was wondering does anyone know a way to get the structure, with relationships, of a Sql Database and generate a XML Schema. I want to use the Schema to build a CrystalReport.
Thanks!
-Kevin
View 1 Replies
View Related
Jul 30, 2007
instead of CREATE SCHEMA using T-SQL
View 1 Replies
View Related
Apr 18, 2006
Hi All
I have a SP that i create tables and other objects on another database.
Creating table work well.
declare @s nvarchar(2000)
set @s = 'use db01'
set @s = @s + 'CREATE TABLE ABC (recid int)
exec (@s)
------------------------------------------------------------------------
But if i try to create a schema it gives error :
'CREATE SCHEMA' must be the first statement in a query batch.
declare @s nvarchar(2000)
set @s = 'use db01'
set @s = @s + 'CREATE SCHEMA AAA
exec (@s)
How can i solve it?
Thanks.
View 5 Replies
View Related
