SQL 2012 :: Grant Access To Sensitive Data To Users
May 12, 2015
I have a large table with email column. I need to grant select access to this email column to many users but the actual email should not be visible to those users. I thought of following options:
1.Create an indexed view with that column encrypted and then grant access to users.While searching by email, their search text will also be encrypted and then matched with view column.Problem with this is that I have to create indexed view because most searches will be on Email column and table size is pretty big,20 m records. I don't prefer indexed view in general.
2. Add another column to table with encrypted email and grant access to that column to users. Problem with this is that it will increase table size and i'll need one more index.
We log ship our production database tansaction logs to a secondary database on a separate remote domain.
Incidentally, this was not set up via the "Ship Transaction Logs" wizard, but instead we had to use the various system stored procedures after restoring a copy of the database on the remote domain in standby mode.
We now have an issue where users are unable to access the remote secondary database without having sysadmin privileges. Clearly we want to avoid this!
We want to be able to use Windows Authentication mode on the server of the secondary database. But since the two domains differ, is it possible to even achieve this?
How can we set up read-only access for users on the secondary database without giving them sysadmin privileges?
In SQL Server 2005 SP2 I want to grant the ability to create views to a user but in order to do this it requires that the users has the ability to grant alter on a schema.
Is there any way to grant this privilage without granting alter on schema also?
I'm developing custom SSIS task (control flow component) which offers usert to choose ADO.NET connection.
I want to use this connection in my code and access SQL server.
There is no any problem unless connection is with IntegratedSecurity = true.
But, when user chooses to set username and password, I can not access password because it is not present in the connection string as sensitive information.
Package.DTSProtectionLevel is set to EncryptAllWithUserKey
I need to programmaticaly access to password, but I don't know which class to use from DTS (SSIS) object model.
How do I grant a user permissions to only one table in a database. How would it affect him using our Main App which is NAV with regards to his user's permission in NAV
I have been using the software, and it has been working fine (on windows user A). Now, I have created another windows user (User B), and would like to use the same software/database. The software launches fine (User B), but cannot access the created SQL database (created with user A)
How do I setup the database to allow access from all users on the same PC?
I am trying to come up with a stored procedure to grant all usersdb_owner role (rather than have to manually check the users eachtime)Thanks in advance for your helpTY
There's something I can't quite figure out about user creating
The application that I'm currently working on is interacting with DB, therefore every time you use application you need to login as user which is fine. The problem is that certain users should be able to create new users and the new user may even have the same level of permissions as the one that's creating it ( like admin creating another admin acount or some like that).
Question is how can I allow users to create these user with giving them as few permissions as possible.
If there's is somewhere a code sample on the net I would appreciate the link.
A question on the permissions hierarchy: Since logins, database users, and database roles are both principals and securables - what does it mean to GRANT permission on a login/user/role to another principal? Does it mean that for a login - you can GRANT permission to EXECUTE AS that login or modify it, for example?
I have an MVC asp.net application that stores many records in a table on sql server, in its own system. used the system for 2 months, worked fine accessing, changing data.
Now that other users are logging in? there is cross coupling going on. one user gets the data from another users sql search.
In the mvc app it had used the get async method to read the ID record from the db, i set that to synchronous. no effect; the user makes their own login id but that does nt matter either.
Is there any way to get more information for when IAuthorizationExtension::CheckAccess fails to grant access to a report item for the current user? Specifically, it would be useful to know:
1. URL of attempted report 2. IP address of user agent 3. Identity of current user 4. Date/Time of the failed attempt
We have purchased an ERP system from a vendor which uses system DSN for all the reports. The system automatically creates DSN with Sa with SQL Server. The problem is the DSN is not working with AD users.
Active Directory server: Windows Server 2008 32 Bit.
SQL Server: Windows Server 2012 64 Bit. This server is already member of my Domain. e.g. CompDomain.com
What should I need to do in client PCs or Server to avail ODBC to AD users.
I'm very new new at this. I'm try to deploy a report model and got this message. I have no idea what its going on about.
Can anyone help me?
Aku
------------------------------
System.Web.Services.Protocols.SoapException: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> Microsoft.ReportingServices.Diagnostics.Utilities.RPCException: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: The report server cannot decrypt the symmetric key used to access sensitive or encrypted data in a report server database. You must either restore a backup key or delete all encrypted content. Check the documentation for more information. (rsReportServerDisabled) ---> System.Exception: Bad Data. (Exception from HRESULT: 0x80090005) --- End of inner exception stack trace --- --- End of inner exception stack trace --- --- End of inner exception stack trace --- --- End of inner exception stack trace --- --- End of inner exception stack trace --- at Microsoft.ReportingServices.Diagnostics.DataProtection.ProtectData(Byte[] unprotectedData, String tag) at Microsoft.ReportingServices.Library.ConnectionManager.ConnectStorage() at Microsoft.ReportingServices.Library.Storage.NewStandardSqlCommand(String storedProcedureName) at Microsoft.ReportingServices.Library.DBInterface.GetAllConfigurationInfo() at Microsoft.ReportingServices.Library.RSService.GetSystemProperties(Property[] requestedProperties) at Microsoft.ReportingServices.WebServer.ReportingService.GetSystemProperties(Property[] Properties, Property[]& Values) --- End of inner exception stack trace --- at Microsoft.ReportingServices.WebServer.ReportingService.GetSystemProperties(Property[] Properties, Property[]& Values) (System.Web.Services)
I have created a table with .. username, password, grant username and password are nvarchar grant is a bit I want to check the availability of the username and password and then check if it is granted to access or not .. so I made a selection query for getting the grant when username ==x and password = y x=data come from another page y=data come from another page then put the selected grant or deny ( true or false) in a data set .. and then check if it is grant ( true) to complete what I want >>> else ( deny ....( false )) to return a reponse of deny username or password... but everytime the dataset is empty .. this is my code ... sqlConnection1.Open(); SqlDataAdapter da=new SqlDataAdapter("select grant_deny from users where username='"+Request.QueryString["username"]+"' and password='"+Request.QueryString["password"]+"'",sqlConnection1); da.Fill(ds,"users"); sqlConnection1.Close() if (ds.Tables[0].Rows[0]["grant_deny"].ToString()=="true") { . . . . } else { Response.write("error"); } what is wrong ..?? and if there is anyone has another solution for what I want .. I appriciate any sample code,... thanks in advance..
I would like to grant the MACHINENAMEASPNET user all acccess to my MSSQL database (i.e tables and stored procedures. I can do this through enterprise manager but id rather do it programatically so i can add it to my database creation script. What is the syntax for this?
Can anyone help me on users Access rights. The problem is I have created users called finance and sales. Sales have default database called Salesdb. Similarly finance have default database called Financedb.
The user sales created a table called 'daily_report' in salesdb and he is also belongs to the database role of db_ddladmin. The user finance doesn't have any access rights to this salesdb database and he didnot belong to any database roles in financedb itself. But I don't know, this finance user he is able access all the rights of 'daily_rep' table of salesdb database. Even the user sales has revoked all the access rights from the finance user, he still ables to modify/insert/select/delete the records of 'daily_rep' table of Salesdb database.
i am working on a project using asp.net and microsoft sql server, i am now working on my home pc. so now the problem is whenever i try to access the database through asp a error message such as :
[OleDbException (0x80040e4d): Login failed for user 'JYHENGASPNET'.] System.Data.OleDb.OleDbConnection.ProcessResults(I nt32 hr) +20 System.Data.OleDb.OleDbConnection.InitializeProvid er() +57 System.Data.OleDb.OleDbConnection.Open() +203 JYHeng.USRRegistration.Page_Load(Object sender, EventArgs e) in C:Documents and SettingsHeng Jang Yang.JYHENGFYPFYPCacheJYHENGJYHengUSRRegistra tion.aspx.vb:63 System.Web.UI.Control.OnLoad(EventArgs e) +67 System.Web.UI.Control.LoadRecursive() +35 System.Web.UI.Page.ProcessRequestMain() +731 will appear. my connectionstring used is : objCn.ConnectionString = "Provider=SQLOLEDB; Data Source=(local);Initial Catalog=fyp;Integrated Security=SSPI;"
i am told that i must check if my aspnet user have been granted access to the database. however i am not sure on how to check the access, not to mention granting accsss. How am i supposed to grant my aspnet user access to my sql database?
Can someone please help me ? i am really lost. thank you
I am setting up report services after I installed the report server add-ins on sharepoint 2007.
at first step, Reporting services integration, I put report server web service URL -- http://ssrsdev1/reportserver authentication mode -- windows authentication it went OK.
at second step, Grant Database Access, I put ssrsdev1 for server name (default instance) and then click OK and then I put the user name (a member of local admin group on ssrsdev1) and password, but I always got errors says: Unable to log on with the given username and password. what wrong here? what should I check? I am sure the user and password is right and I can log on to ssrsdev1 physically with admin right without any problem. thanks for any thought on this. zwp
Writing to tables created by regular users on MSSQL2005
I have users creating tables through an application, I gave them ddl_admin, datareader, datawriter. They can create tables but cannot insert/update data (to their own tables), I cannot insert data either using Access or any other application to those tables created by them (under dbo schema) Is there something I am missing with permissions? Thank you very much
So here's the situation: I'm creating a front-end application to an SQL Server 2000 database and I need to create a new login to the database for the app.
Is it possible (or even; is it a good idea...) to create a logon that only has access to a single table?
Actually, I know it's possible - but I don't want to have to go through the hundreds of tables and deny access to them all! So I guess the question is;
Is there a quick and easy way of granting a login permissions to a single table only?
I need an example of how to grant access to a SQL user to a DB. For the life of me I can't seem to get my syntax correct. My database name is TEST and my username is LEMME_IN and I want to grant the user "Public" access to the db with db_datareader, db_datawriter database role membership.
Hi!I have a user on my database that has only "select" access(db_datareader).Problem is, I also want him to also be able to create/update extendedproperties on tables or views, but without modifying the tables'schema.I played around with GRANT but apparently, a member of "db_datareader"cannot create/modify extended properties on an object if he's not theowner of this object. I tried making this user a member of"db_datawriter", but it didn't work.Nothing short of making him member of "db_ddladmin" worked... but thenthis is too much, the user can now alter to delete tables: i DON'T wantthat!Any ideas anyone? Cheers!Ben
I am build an application that able to update insert delete an entries from my sql server, i create a new account in sql server management studio express so my app can connect to the database thru SQL Server Aurthentication. Delete & update method work well but my insert dont.
I change to the connection string to localhost ( WindowsAurthentication) and it works so i conclude that the problem lies on the sql user access. However I had already ticks everything on object explorer > security > logins > my user properties > Server Roles & User Mapping. What should i do inorder to grant insert/create database access to my sql user? Thanks.
How do I grant a user access to a particular project? I have set up some reports and want other users to look at them as a template to build their reports and keep getting projectname.rptproj.user is denied.
I'd like to find out whether or not people grant VIEW DEFINITION to their developers in UAT and PROD environments. My view is that a developer shouldn't be able to touch a PROD environment at all (we also include UAT as PROD), and any issue in a production environment should be investigated by a DBA and escalated to the dev if necessary.
I have a table called SrcReg which is having a column name called IsSortSeqNo smallint. I am mapping this column in SSIS and the problem comes when I try to execute against different database which has this table but the column name as ISSortSeqNo. I mean both databases having same name but one with upper case. So SSIS fails executing due to meta validation issue.Is there any way to check whether the column name is in small case or upper case through query?
I have around 600 databases in my server, a user need select access of all the databases. will i have to go one by one in all the dbs and create that user and give datareader role to him. or is thr any shorter way to do so????
