My application is currently integration with reporting services using custom security extension. I have my own USER and ROLE database to determine who/which role can access certain reports.
My question is how to give access a report to be viewable by everyone? I dont want to assign all users or all roles to achieve this.
The other thing that I found out is, let say I change the name one of the user/role. Because of this, the authorization will fail because the old name/role is not in the DB anymore. Is this expected? or is there a workaround it?
I tried using my administrator account to add SQLServer as an ODBC Connection, but for some reason when it tries authenticating it fails and the reason is that the user is not trusted to use that connection. Yet on my account i've created on my domain works perfectly.
I've added a new user in SQL Enterprise manager, but i still get that error.
How do I set the user to be trusted to use the connection?
i have an asp.net web application that uses SQL2000 backend. any users login to the application using a proper SQL login. so each user has unique logins
One of the roles within the application is to allow the user to create new logins for the application which inturn creates a SQL login. for this i have been using the following special sp's within an application specific sp:-
the only way ican get this to run is if the user executing the sp is a member of sys admin, ideally i dont want to be giving anyone access to sys admin. i thought security admin would allow me to do the above but it doesnt. Is there any other ways or ideas to get around this problem
I am designing an application where multiple users can be assign to a product for review. If a user doesn't have access to the product, they are not allowed to see it. I have attached my table design. All users are assign to a role. See attached screen
what is MS's strategy for having two off the shelf ways of getting at reports? In a typical company, is the average non administrator type user getting at his reports via one, the other, both?
I am using VB.NET 2005 and set up an ODBC connection via ODBC.ODBCConnection to a MDB database. Therefor, I use the "Microsoft Access ODBC Driver (*.mdb)".
When I set up a ODBCCommand like "ALTER DATABASE..." or "CREATE TABLE..." and issue it with the com.ExecuteNonQuery() command, I get an error from ODBC driver, that a SQL statement has to begin with SELECT, INSERT, UPDATE or DELETE.
How can I use DDL statements via ODBC?
I would appreciate if you could help me to use ODBC for that - no OLE, no ADO.
In SQL Server 2005 SP2 I want to grant the ability to create views to a user but in order to do this it requires that the users has the ability to grant alter on a schema.
Is there any way to grant this privilage without granting alter on schema also?
Hey guys,I'm pretty new to SQL configuration, and I need to give EXECUTEpersmissions for one of the SQL user roles. I am running SQL 2005Management Studio Express - free version. I found the list of mystored procedures, but I can not locate any permissions screen. Cansomeone help point me in the right direction? Thanks!
I want to set up a database role so that users can use sp_readerrorlog through SSMS. It does a check on membership in the securityadmin role.
I have tested it and can see you can grant execute on xp_readerrorlog but the SSMS GUI uses sp_readerrorlog.
I thought I could create a user/certificate and add the signature to sp_readerrorlog but it's not permitted (likely because it's not a normal database object).
So the other solution is to add the users to the securityadmin role but then explicitly deny alter any login (best done with a custom server role in 2012+ but otherwise just manually in 2008). I tested this out and it works, I'm not able to alter any logins or increase my own permissions, I also did a check of what's reported from fn_my_permissions(null, null) and it shows minimal permissions like I'd expect.
Is there a way to give someone the right to create only views and no other objects in a database? Currently I have given the individual ddladmin database rose, but would rather be more restrictive?
We have recently migrated quite a databases around 20 from SQL 2000 and 2005 to SQL server 2008R2.
I am using Ola's script for index maintenance for those with compatibility level above 80 as i heard it supports that way.
Hence separated in 2 way job where for those with compatibility level 80, we are running job with below query on each database with 80 as compared
USE ABC GO EXEC sp_MSforeachtable @command1="print '?' DBCC DBREINDEX ('?', ' ', 80)" GO EXEC sp_updatestats GO
I am not sure if this is the only way in for those databases, because we are seeing the database getting because of that somewhere using above query.( seems log file filling very rapidly).
But above is not the case with those databases , with compatibility 90 and above.
I'm creating one of my first asp.net pages, and it accesses an MS SQL database.It runs fine locally, but if you go to it remotely through a web browser, you get an exception saying that the database login failed for user ASPNET.My brother told me to do the following in SQL Server Managment studio. It seems I don't have that program installed, so I did it from the SQL command prompt.CREATE LOGIN [bigblueASPNET] FROM WINDOWSuse AdventureWorkscreate user [bigblueASPNET](Where "bigblue" is the computer name and "AdventureWorks" is the database my asp.net web page reads from).This only partially fixed the problem - now when you open the page remotely and try to access the DB I get an error message saying that permission to use the SELECT command is denied.I searched on these forums, and found this:http://forums.asp.net/69166/ShowPost.aspxFor future reference, let's call what my brother told me "Method 1" and what the previous poster did as "Method 2."I haven't tried method 2 because I don't know exactly what I am giving ASPNET permission to do. Does method 2 enable ASPNET to do anything to any database? It seems method 1 is more secure, as from the commands I could already tell it only has permission to access AdventureWorks.So, I'd prefer to use method 1. Can anyone tell me what further commands I can use to give ASPNET permission to do specific actions?If I can't figure out method 1 and have to do method 2, how can I undo what I did in method 1?Thanks!
I've created a local server from Sql Express, and report server from Reporting service configuration manager, and than publish a report on the local report server. I want to give access to the other computer user to the sql reports, database and report server.
I have a table with plant types and plant names. Certain plants are grouped on a custom field, currently called Field. I am trying to create a query that will give me a result set containing the primary order on Type, but need items with the same 'Field' value grouped by each other.For example, the following shows a standard query result with "order by Type", ie select * from plants order by Type
Code: ID Type Name Field 1 Type1Name1(group1) 2 Type2Name2(group2) -group2 3 Type3Name3(group3) 4 Type4Name4(group4) 5 Type5Name5(group2) -group2 6 Type6Name6(group6)
But I want it to look like this, with fields of the same value located next to each other in the result set (but still initially ordered by Type)
I'm trying to create a report which would give the latest transaction on a database, which all sit on different servers. I wanted to know if there is an a simple way tracking the latest transactions instead of getting the information from the database tables.
I have some data which is vertical...I want to create a pivot query in SQL that will give me a result that is horizontal like this. I cannot find a way of doing it without lots of IF or CASE statements?
In the process of reviewing all Security access into our production servers, I found a user login name of 'BUILTIN/Administrators' with the type 'NT Group' in our production DB. I am not sure whether this Login was setup automatically when SQLServer was installed or it was setup by the administrator, who is no longer with the company? I was able to find out all the users in the Administrators NT group, but what threw me was the word 'BUILTIN' . Are there other Logins besides 'sa' that get setup during the install?
I have a user who has created several SQL7 databases and uses a VB app which schedules jobs (under the sa account) on the SQL server. How can I allow this user to view scheduled jobs on the server ? I don't want to give him too many priviledges.
We are having trouble figuring out how to create a view for this scenario:
We have a status log table that holds an order number, statusdatetime, and statuscode. This table will have multiple status' for the same order number. I want to create a view that will give me the most current status (by statusdatetime) of each order number. This view would show: order number, statusdatetime, and statuscode.
I am having trouble getting a job step to execute an executable file. One of the options for a job step is to enter an operating system command. I have tried entering the following operating system command to execute a file:
'start c:myfile.exe'
For some reason this doesn't work. How can I get SQL Server to execute an executable file?
Does anyone know of a component or other mini application that can be run on the IIS server and allow IIS to access SQL Server 7 databases using Trusted Security.
Our security unit has required us to run SQL Server with Trusted Security so changing to Mixed mode is not an option. We are also not allowed to use Basic Authentication for Active Server Pages with IIS. IIS and SQL server are also on different machines.
We are looking into the possibility of trying to create a component that would run on the IIS machine to allow us to use Trusted Security to the SQL Server (in effect try to make it work the same way that the Cold Fusion product does).
Is there a way to implement Access-like password protection on a SQL Server Express dataset?
The database will be deployed on individual's PCs with no centralization of control. I want to restrict users from being able to see table definitions, stored procedures, etc. Access-like password protection is what I want, but I don't see any similar feature within SQL Server Express. Am I missing something?
I have two SQL Server machines - RPTPROD and DATAPROD.
I wanted to create a linked server from RPTPROD pointing to DATAPROD using Windows Authentication. When I tried to create this linked server, I keep getting this error
"Login failed for user 'NT AUTHORITYANNOYMOUS LOGON' (Microsoft SQL Server,Error: 18456)".
On the "Security" page, I chose "Be made using the login's current security context". I'm sysadmin on both SQL Server machines.
I have a strange error that occurs if I run ALTER QUEUE with status = OFF on my receiving queue...
Purpose of the test was to check that when the queue get disabled all my event notification set up works fine ..
I found out that the Event Notification will not be thrown if I call ALTER QUEUE with status = OFF on a queue that has not messages inside but If I run anyway ALTER QUEUE with status = OFF I found out that the receive activation Stored Procedure is called and because the code is wrapped around a
BEGIN TRY
...
END TRY
BEGIN CATCH
RAISEERROR (.........) WITH LOG
END CATCH
the SP goes in the catch block and actually I see my Application event log full of entries that contains:
The conversation handle is missing. Specify a conversation handle.'
First at all:
why the activated stored procedure is called if I execute:ALTER QUEUE with status = OFF ?
I'm using SQL Server Management Studio eExpress and I'm tryng to link to a database created in Visual Web Developer Express. My problem is that I can't see large parts of my file system when I try to attach a database in SQL Server Express. Web Developer Express likes to put its databases in C:Documents and Settings<User Name>My DocumentsVisual Studio 2005WebSites<Site Name>App_Data. However, when I try to attach a database in that location to SQL Server Express (Right Click Databases node, select Attach from the shortcut menu then Add from the Attach Databases dialog) I get a folder tree that won’t let me go any further than C:Documents and Settings<User Name>. There seem to be large parts of my folder structure that I cannot access with this dialog.
Just in case this is a permissions issue, I am using Windows XP Pro on a stand alone machine. I log on as Administrator, and the <User Name> in the above paths is Administrator. The Administrator is a member of the Administrators group. I have never logged on as anything else and never made any changes to the way permissions are set. When I start SQL Server express I select Windows Authentication.
I am trying a create views that would join 2 tables:
Table 1: Has all the columns need by a view ( Name: Product Structure: ID, Attribute 1, Attribute 2, Attribute 3, Attribute 4, Attribute 5 etc Table 2: Is a lookup table that provides the names of columns Name: lookupTable Structure: tableName, ColumnName, columnValue Values: Product, Attribute1, Color Product, Attribute2, Size Product, Attribute3, Flavor Product, Attribute4, Shape
We have a generic sql login "prduser". Applications use this login. We want the login NOT to have ALTER PROCEDURE and DROP PROCEDURE permissions only on the stored procedures(there are thousands of them).
Hi, this is my first post (hopefully of many) on this board. Just wanted to say a quick hello before I dive into my question. :)
As the title suggested, I have to develop a MS Access form app (yes, it has to be Access - I know it sucks) that will post and query data to and from a remote SQL Server db. While I have no problem linking the two through the default ODBC drivers, my question is security. Some (actually most all) of the data being passed back and forth is sensative information, and I would like to know the best way to keep it safe.
If anybody has any suggestions, instructions, or can redirect me to a good FAQ site on the subject, I would be most appreciative. I have already done a search on these forums for an answer, but have sadly come up short.
I am writing an Internet/Extranet based (ASP.Net 2.0) web application that uses SQL server 2005 as the database. I am using forms authentication on my web application. I am also storing the connection string to SQL server in my web config file. The conn string is encrypted using DPAPI with entropy. I currently have created a SQL login account on my SQL server for use by the web application. This is the user ID I am using in my conn string. The reason for this is because all persons using the application will NOT have a windows login.
Here is my question: The login I created currently has defaulted to the "dbo" role and therefore has "dbo" rights to the database. I want to setup up this login account so that all it can do is execute stored procedures. I dont want this SQL login to be able to do anything else. In my application I am using stored procedures for ALL data access functions, via a data access layer in my application. Can someone guide me step by step as to how to setup this type of access for this SQL login.