Restrict Role To CREATE TABLE On An Assigned SCHEMA

May 9, 2008

Can anyone help me with this? The objective is to allow an application user (with db_datareader & db_datawriter database roles assigned) to be able to create tables in the assigned schema (dbo) via a new role.


-- Create User

use master

go

create login DBA with password='xx', CHECK_EXPIRATION=ON, CHECK_POLICY=ON

use AdventureWorks

go

create user dba from login DBA
alter user dba with DEFAULT_SCHEMA=dbo

go

-- Create Role

use AdventureWorks

go

create role sp_ddl_role AUTHORIZATION dbo

grant CREATE TABLE to sp_ddl_role



-- assign user to Role

use AdventureWorks

go

exec sp_addrolemember sp_ddl_role, dba

go

-- Create Table statement then run with following error
Error:

Msg 2760, Level 16, State 1, Line 1

The specified schema name "dbo" either does not exist or you do not have permission to use it.

Remedy: Grant ALTER on schema::dbo to sp_ddl_role

My problem is that I want to restrict user permissions via this role to just the CREATE TABLE and granting ALTER on a SCHEMA will open up a whole lot more permissions from a security standpoint.

Question: How do I restirct this role to just the CREATE TABLE within a SCHEMA?

View 1 Replies


ADVERTISEMENT

Guest Principal Assigned To Datareader Role Does Have Access

Mar 1, 2007

Hello (help),

In SQL2000, when the Guest account was assigned into a role, such as db_datareader, then querying across databases worked just fine.

Specifically:
I have a Report Writer application that connects to the SQL Server with a login (ReportRunner) that actually has very limited permissions on a database.
The connection is then set (sp_setapprole) to use an Application role (App_RR) that has the necessary permissions.
The report-writer app calls a Stored Procedure that gathers data from several other databases (on the same SQL instance).
In SQL 2000, accessing these other databases was done through Guest - we assigned Guest to the db_datareader role. All worked fine.

We've just upgraded to SQL2005: reports started failing. It seems that although guest is assigned to the db_datareader role, the permissions for Guest don't allow selecting from tables via the db_datareader role: we've had to GRANT SELECT TO Guest specifically on the tables necessary for the report.

Is anyone aware of a design change withing SQL Server such that the Guest principal's roles are disregarded when assessing permission? Is there a new and better way to structure the permissions?

Thanks in advance for your help.
Mark Starr

View 9 Replies View Related

Determine User Assigned Rights To Public Role

Oct 10, 2007

Hi:

When I restore DB from testing to production, we want to remove extra access rights granted to public group. Is there a simple way to query to find out for which objects (table, view, sp, fn) that public group were granted select, delete, update insert, or execute rights?

My objective is to write a sp to remove all user assigned rights to public group (role), but not to deny any rights. How to do it?


Any suggestion will be appreciated.

View 1 Replies View Related

Accessing Windows Users Assigned To A Database Role

Mar 3, 2006

Is
there a way to find a list of Windows User accounts that are directly
or indirectly (through Windows Group membership) assigned to a database
role?


I could put work in to CLR programming or using a Linked Server to
Active Directory, but if there is a sys.* view available that can
provide me this
information directly it would be much easier.



I'll be looking into this further myself anyway and posting an answer
if I can find one, but if anyone has suggestions... well, thanks!

View 1 Replies View Related

SQL Security :: Restrict A User Only To Particular Schema

Sep 23, 2015

I have created a user Finance and I want to grant him access only to see views which are created under Schema called "FinanceQuery".

Note: View may use tables from multiple schemas example: dbo. Staging. ect 

By doing this, I want to achieve that this user Finance can see only Views created under Schema FinanceQuery and should not see any other objects (tables, Stored Procedures, Functions etc.)

View 3 Replies View Related

Create Target Table Dynamically Based On Source Table Schema?

Sep 13, 2005

I’ve got a situation where the columns in a table we’re grabbing from a source database keep changing as we need more information from that database. As new columns are added to the source table, I would like to dynamically look for those new columns and add them to our local database’s schema if new ones exist. We’re dropping and creating our target db table each time right now based on a pre-defined known schema, but what we really want is to drop and recreate it based on a dynamic schema, and then import all of the records from the source table to ours.It looks like a starting point might be EXEC sp_columns_rowset 'tablename' and then creating some kind of dynamic SQL statement based on that. However, I'm hoping someone might have a resource that already handles this that they might be able to steer me towards.Sincerely, 
Bryan Ax

View 9 Replies View Related

Tempoary Table Question - How To Create One With The Same Schema As An Existing Table?

Jul 28, 2006

Hello,

I'd like to create a temporary table with the same schema as an exiting table. How can I do this without hard coding the column definitions into the temporary table definition?

I'd like to do something like:

CREATE TABLE #tempTable LIKE anotherTable

..instead of...

CREATE TABLE #tempTable (id INT PRIMARY KEY, created DATETIME NULL etc...

I'm sure there must be a simple way to do this!

Many thanks,

Ben S

View 3 Replies View Related

How To Create A CLR Integrated Trigger On Table In Schema?

Oct 6, 2006

In CLR integrated trigger:

If I want to make a trigger:
- For Insert
- With name: NewEmployeeInserted
- On table dbo.Employees

I add the following attribute above the desired .net method logic:
[SqlTrigger(Event = "For Insert", Name = "NewEmployeeInserted", Target = "Employees")]

How to make a trigger on for example: Production.Employees table?
where Production is the schema where this table resides.

Thank you.

View 1 Replies View Related

Is It Possible To Create A Schema Or Table From A Dbf File Instead Of Manully Creating It

Oct 26, 2007

Is it possible to create a schema or table in sql server from a dbf file instead of manully creating it
 
Regards
Karen

View 1 Replies View Related

Scripting Role/schema

Mar 7, 2006

I'm trying to give permissions to a particular user to execute a collection of stored procedures. From what I read, it seems the best way is to define a role and schema - I've called it db_executeusersp, and use it to grant Execute permission to a set of stored procedures. I can then create the user and simply add that role to the user and all is wonderful.

But, I'm trying to figure out how to script this thing. In SQL Server Management studio, I can script the objects, but cannot figure out how to script the connection between the schema / role and stored procedure. All I get is a script of the object definition.

Any ideas??

View 1 Replies View Related

Help Needed: Granting Create Table Permisions On Specific Schema Options

Sep 6, 2007

Having some trouble getting my head around setting access to specificschemas- here's my problem:I've created a specific schema that I only want certain users tocontrolProblem: Even though I give them full access....the cannot createtables under that schema...my code is below (flyer is the schema,eflyerAdmin is the role, and eflyer is the user):GRANTALTER,CONTROL,DELETE,EXECUTE,INSERT,REFERENCES,SELECT,TAKE OWNERSHIP,UPDATE,VIEW DEFINITIONON SCHEMA::flyerTO eflyerAdminGO-- Add an existing user to the roleEXEC sp_addrolemember N'eflyerAdmin', N'eflyer'

View 1 Replies View Related

How To Restrict Evil Create Scripts?

Aug 8, 2006

Hi,For a service I'm working on I need to ask the user for their databasecreate script. It's used to re-create the users database schema in atemporary database on a in-house server in an automated fashion.For security reasons, I need to be sure that the create script can onlycreate tables, columns etc and not things like snooping in otherdatabases and/or formatting the server.Can you give me pointers about what the minimum grants are to let goodscript execute successfully and evil scripts fail?Regards,Ward

View 4 Replies View Related

Create Database Role Via T-SQL

Feb 23, 2008

I have created the functionality to dynamically create databases and am now trying to figure out how to create database roles using T-SQL.

I keep finding information about the sp_addrole stored procedure which is the first step, but how do you go about defining what permissions this role has via T-SQL?

Thanks

View 3 Replies View Related

Create DB Role Owned By Public

Jul 20, 2007

I use the following script in order to create db role:

USE [MyDB]GOCREATE ROLE [myRole] AUTHORIZATION [public]GO

It doesn't work:
Msg 15405, Level 16, State 1, Line 1
Cannot use the special principal 'public'.

However this code works fine:

USE [MyDB]GOCREATE ROLE [myRole] AUTHORIZATION [dbo]GOALTER AUTHORIZATION ON ROLE::[myRole] TO [public]GO

So the question is why?

View 6 Replies View Related

Create Database With Application Role...

Mar 22, 2007

Hi,

I want my application to create database and I do the following things:

1)Create application role
2)Grant create database to application role
3)Activate application role
4)Create database

and I get the answer:

CREATE DATABASE permission denied in database 'master'.

View 1 Replies View Related

Restrict Delete From A Table

Jan 21, 2005

Hi

I need to restrict delete from one table by any user of SQL. How can we do this? This is our master table and we dont want any one to delete data from this table.

Thanks
Bala

View 1 Replies View Related

Create User - Permit In Database Role

Jan 7, 2004

Hi,
I hv an application which is using ASP.net. The connectionstring in web.config is
<appSettings>
<add key = "constring" value = "Initial Catalog=mydatabase;Data Source=mypc-pc;User ID=User1; Password=password1"/>
</appSettings>"

Then, i hv created a user in SQL Server 2000 which is User1. What should i put for the database role? db_owner or just db_datareader and db_datawriter?

pls help.

Thnx

View 4 Replies View Related

SP Error When Trying To Create User And Assign A Role

Aug 23, 2002

I get the following errors associated with trying to create an SP.

Server: Msg 170, Level 15, State 1, Procedure AddFortuneUser, Line 8
Line 8: Incorrect syntax near '@newuser'.
Server: Msg 137, Level 15, State 2, Line 1
Must declare the variable '@newuser'.

Can anyone explain why I have to do a declare.
I suspect I have to issue "declare @newuser sysname" somewhere but I'm not sure why.

The following is the code I'm trying to run.
My intent would be to create a form for the Admin Clerk that would call this SP. That way they can create a generic login. They have an application that allows them to change the password after the fact.
/*
Created for Admin person to allow them to add a basic SQL Login Account
forcing the user to be a member of a specific role 'helmsman'
in a specific database 'Fortune'
*/
CREATE PROCEDURE AddFortuneUser
@newuser char(128)
AS
EXEC master..sp_addlogin @loginame=@newuser, @passwd =substring(@newuser,1,8), @defdb =Fortune
GO
if not exists (select * from dbo.sysusers where name = @newuser and uid < 16382)
EXEC sp_grantdbaccess @loginame=@newuser, @name_in_db=@newuser
GO
exec master..sp_addrolemember @rolename ='helmsman', @membername =@newuser
GO

View 1 Replies View Related

Do We Always Have To Create Name Calculation For Role-playing Dimension?

Jul 10, 2007

Hi, dear friends,

Just found that I am not able to ignore the name column property for role-palying dimension even though I only select one of the key columns for this dimension in the mining structure where the role-playing dimension is used? E.g I have a fact table (which is the case table for the mining structure) which is related to the role-playing date dimension. The schema is as following:

Dim_event_day_time_key

Dim_carrier_day_time_key

Dim_domain_day_time_key

.....................................

and other attibutes in the fact table.

When I dragged the 'hours' attribute from the dim_day_time table to the mining structure, if I left the key columns of 'Hours' as the above 3 columns, then I have to select a name column, by then I dont have a name column in the dimension table yet. Therefore I want to jsut select one key column as the key of that role-playing dimension in the mining structure, but then I am not able to ignore the 'name column' property as it still always asks me to select the 'name column' for that.



Therefore my question is: we are not allowed to select only one key columns in the mining structure for the role-playing dimension? And we will have to always go to the data source view to create a named calculation as the new column for the role-playing dimension?



Hope my question is clear for your advices and I am looking forward to hearing from you shortly.



Thanks a lot in advance.



With best regards,



Yours sincerely,

View 1 Replies View Related

What Is The Difference Between Db_accessadmin ROLE And Db_accessadmin SCHEMA

May 16, 2008

The question is pretty simple so I don't see why it is so difficult to understand. I do hope somebody answers with something useful.

The problem is that SQL Server 2005 defines several default ROLES such as db_accessadmin, db_backupoperator, db_datareader, etc. and at the same time it also defines SCHEMAS with the same name (db_accessadmin, db_backupoperator, db_datareader).

I have no idea what MS developers where thinking but that is utterly confusing. When creating a role using Management studio one should be able to "grant" these default ROLES to the role one is creating (or the user), instead one is presented with schemas.

For example, when creating a new database role if you select the db_datareader SCHEMA (because ROLES are not presented...) then you can select the various permissions (CONTROL, SELECT, ALTER, etc.). That is ok if the object is a user defined schema but totally confusing for default db_ schemas. Why would one grant other than SELECT to db_datareader schema?

I am still confused about this and is hindering the implementation of a proper database role structure.

View 5 Replies View Related

SQL 2012 :: Grant Statements To Create Userdefined Role

May 11, 2015

Need to create a user defined role with grant permissions for below .

View Definition
Execute all Function
Grant View
Grant Synonym
dbo
View Definition
Not getting grant statements for above permissions.

I mean like below.

-----------------------------------------------------------------
CREATE ROLE [Role1]
GRANT EXECUTE ON SCHEMA ::dbo TO [Role1]
-----------------------------------------------------------------

View 1 Replies View Related

How To Restrict Data Insertion Upto 50 MB In A Table

Feb 1, 2006

how to restrict data insertion upto 50 MB in a table?

View 1 Replies View Related

Report Builder Model Generation - How To Create A Key Attribute Along With The Role?

Mar 28, 2007

Hi,



I have found that in the autogenerated model attributes are missing for those fields that have relations to other tables. At first, it may look reasonable since a user can still get down to the field's value through the relation/related table. However, if the relation's key fields is the only thing the user wants to display, then going down to the related table is an overkill.

I can add an attribute manually and bind it to the key field(s). Is there an option in the autogeneration process to do it automatically? The only post I've found so far suggests to do everything manually (http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1152575&SiteID=1). Is this the only way?



Thank you,

Leonid

View 3 Replies View Related

Create Schema

Feb 26, 2008

what wrong ?

IF NOT EXISTS ( SELECT * FROM sys.schemas WHERE [name] = 'ATypes' )
BEGIN
CREATE SCHEMA [ATypes] AUTHORIZATION Owner_SchATypes;
END
GO

why I get an error ?


Noam Graizer

View 3 Replies View Related

How To Create A New Schema

Apr 24, 2007



How can I create a new schema inside a database from Managment studio express.



Also can someone explain me the concept of schema clearly. If database is like a house, then is schema like a room in it ??

View 3 Replies View Related

SQL Help. CREATE SCHEMA

Nov 2, 2007

I€™m trying to create an index on a view. I get the error that €˜the view is not schema bound.€™

Soooo, I try to put it in a schema.

This is the syntax I am using -

CREATE SCHEMA AUTHORIZATION painter
CREATE VIEW large_paints AS
SELECT paint_id,color FROM paint WHERE paint_size=100
CREATE INDEX idx on large_paints (paint_id);

I get the error - Incorrect syntax near the keyword 'INDEX'.

Any ideas?

View 1 Replies View Related

SQL Security :: How To Create A Low Privilege User And Role For Server Session State

May 26, 2015

An old website I inherited uses sa to connect to SQL SessionState and had the details in the web.config. This is bad for security.The session state database is of -sstype "t" which is defined as:Temporary. Session state data is stored in the SQL Server tempdb database. Stored procedures for managing session state are installed in the SQL Server ASPState database. Data is not persisted if you restart SQL. This is the default.What kind of WIndows user, SQL Login, role and permissions do I need to create to make Session State secure? (Windows Server 2012 and SQL Server 2012 mixed mode authentication, Webfarm).

View 4 Replies View Related

Create Schema Error

Mar 25, 2008

IF NOT EXISTS (SELECT 1 FROM Sys.Schemas WHERE [Name] = N'HR4')
CREATE SCHEMA HR4 AUTHORIZATION [dbo]

The above statements gives me an error saying "Incorrect syntax near schema". But the following code works fine.


DECLARE @sql varchar(100)
set @sql='CREATE SCHEMA HR4 AUTHORIZATION [dbo]'
IF NOT EXISTS (SELECT 1 FROM Sys.Schemas WHERE [Name] = N'HR4')
exec(@sql)

Any ideas on what is causing this error?

Thanks!

View 1 Replies View Related

Create A Default Schema

May 22, 2008



I Would like to create a schema sample and make it as default schema instead of dbo.

If a user logs in and creates a table like create table t1 (no int ) .
it would be assigned to sample schema and displayed as sample.t1 not dbo.t1.


How to set the user created schema as primary schema.

View 9 Replies View Related

Create Database Models From XML Schema (.xsd)

Dec 19, 2006

Hi .Net Guru’s,I have an urgent requirement for my project; the issue is mentioned below;Using .Net(C#/VB.Net) I need to generate/created Database objects from XML schemas.I don't have any sample xml schema file to give you. You just imagine you have a sample .xsd file and this .xsd file will be used to create database tables.Please let me know if you have any queries. Thanks,nick

View 1 Replies View Related

Create An XML Schema For A SQL Database Structure

Nov 5, 2004

Hey,

I was wondering does anyone know a way to get the structure, with relationships, of a Sql Database and generate a XML Schema. I want to use the Schema to build a CrystalReport.

Thanks!
-Kevin

View 1 Replies View Related

Create New Schema Using Management Studio

Jul 30, 2007

instead of CREATE SCHEMA using T-SQL

View 1 Replies View Related

CREATE SCHEMA In Db A From A Stored Procedure In Db B

Apr 18, 2006

Hi All
I have a SP that i create tables and other objects on another database.

Creating table work well.

declare @s nvarchar(2000)
set @s = 'use db01'
set @s = @s + 'CREATE TABLE ABC (recid int)
exec (@s)
------------------------------------------------------------------------

But if i try to create a schema it gives error :
'CREATE SCHEMA' must be the first statement in a query batch.

declare @s nvarchar(2000)
set @s = 'use db01'
set @s = @s + 'CREATE SCHEMA AAA
exec (@s)
How can i solve it?

Thanks.

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved