SQL Security :: How To Copy Permission Of A User To Newly Created User
Oct 24, 2015How can i assign permissions to a newly created users as of an existing user?
View 3 RepliesHow can i assign permissions to a newly created users as of an existing user?
View 3 RepliesWe have a production server "prod" which has a user say 'test' that lets the users connect to the application and a logon trigger which stops them from connecting to the server through SSMS. I log ship 'prod' to the 'rep' database and the user 'test' is obviously created in the logshipped database 'rep' during the logshipping.
Now the login 'test' does not have any login from server 'rep', But people can still login to the 'rep' server and query the 'rep' db . I checked with SUSER_SNAME and found the SID of the user in rep server which I never created and which is not even present in the login names, Even If I create a new username in the 'prod' db, after logshipping the new user is replicated in the 'rep' server.
best possible way to provide truncate table permission to a SQL Server Database user (ddl_admin role cannot be granted to the user in my case)
View 3 Replies View RelatedI want to grant CREATE, ALTER, VIEW permission to user but not DML permission?
So user can create Object but can't drop and delete it or user cant insert , update,delete from table.
I have Given db_datareader,db_denydatawriter, and granted create, select, alter permission.
But user is able to drop.
I am setting up SQL audit on sql servers in my environment based on requirement. I want to create database specifications ASAP database created. I tried DDL trigger but Audit doesn't support triggers. So I created audit specifications on model database. the only problem with this is every specification created on new database with same name.database specification name includes newly created database name or other methods to create database specifications on newly created databases.
View 6 Replies View RelatedHi guys,
I've been assigned the task of setting up access to our SQL Server 2005 box. A consultant developing for us has accessing to 2 databases and I've set this up fine. It appears however that one of these databases is re-copied over to the server every night to keep data reasonably current.
I'm not interesting in changing this method as I'm not the maintainer (as yet).
Basically I would like to know if I've setup access to this database (it works fine), when the database is updated (with an SSIS package) the account seems to get deleted. Do the original permissions from the source database overwrite those of its destination?
Cheers
How do you handle user level security with SQL Server 2005?
Say I have an HR database.
In Active Directory I have two groups: Managers, Employees.
Now in this HR Database I want to setup permissions in such a way that Managers can see all employees under them (but not other managers) and the employees can only see themselves.
(I'd have various levels of management defined in a table somewhere, so that each employee has a manager ID that links to another employee so that the CEO would be manager of everyone by working down the chain).
What I'm trying to understand is the best way to handle the permissions.
I'm not entirely clear on how to deal with that.
Would I use user chaining to do that, I wouldn't need impersonation (that's just for instances where you want dynamic SQL and it won't execute with user chaining, correct?)
Anyway, just looking for some general direction on this (obviously I need to get a good book it would seem).
Would I create a stored procedure that runs with EXECUTE AS permissions so that I'd have a non-interactive login it uses that has table access then all the other users have permission to execute the sproc?
So that sproc runs, pulls back a SELECT * FROM tbl_HRINFO and using a WHERE constraint limits who is returned WHERE SupervisorID = CurrentLoggedInEmployeeID ?
Also: How can I determine who is logged in and running the procedure, would the sproc use the SELECT USER_NAME command to see who was running it?
As you can see, I'm working from square one on all of this.
Not sure if my posting entirely made sense, but hopefully someone can get me pointed in the right direction, thanks!
This is my first time to deploy an asp.net2 web site. Everything is working fine on my local computer but when i published the web site on a remote computer i get the error "Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. Please make sure the user has a local user profile on the computer. The connection will be closed" (only in pages that try to access the database)
Help pleaseee
Hi,
How can i get the names of user created databases?
select Distinct (name) from sysobjects where xtype = 'U', i know this statement for tables but is there a statement for Databases?
thanks
Hi Folks,
I am trying to make it that a user can just click on my form and generate a custom sql query.
for example:
If I had three list boxes,I would like my user to be able to click on any of the items in the three boxes and come up with a datagrid displaying the query results.(in effect creating an individual query
i.e
ListBox1
robert redford
dustin hoffman
steve mc queen
ListBox2
butch Cassidy and the Sundance Kid
the Sting
straw dogs
pappilon
List 3
1965
1966(through to)
2008)
So then I want my user to come along click on Dustin Hoffman then click on a film(the sting perhaps) then the year,to find out if Dustin was actually in that film in that particular year...and if he was produce the details.
This will create a "custom" sql statement like
select * from lst 1 ...ect.
What I would like to know is can this actually be done.
This is only a small example of the datbase.I have thousands of films and name ect so it can get quite big.
any help fully appreciated
Gracie
User groups not created by SQL Server 2005 in Logins
SQLServer2005MSFTEUser$ComputerName$MSSQLSERVER
SQLServer2005MSSQLUser$ComputerName$MSSQLSERVER
SQLServer2005SQLAgentUser$ComputerName$MSSQLSERVER
Can these be created. If yes, How?
Hi,
I grant read/update/insert permission on the speicific columns of the table on the users. I want to write the T-SQL to retrieve what permission/column permission does the user have.
Hi,
I am new to reporting service. I set up a couple reports and deployed them to Report Manager. I then add my colleague's Windows user account to the report folder so she can view the reports. When she tried she got Login failed error. I have to go into the SQL database and manually add her account into the Login and assign permission to her for each database or stored procedure involved. Then she can view the reports. We do want to control who can view what reports and later hopefully who can view which part of a report. But do I have to manually give permission to each user account/or group in the SQL server? There got to be a better way to do this I feel. Can we use just one account to talk to the database and let what we set in report manager control who can view what? Thank you very much for your help in advance.
Hi,
Please give the T-SQL script for this ? Thanks
Shanth
Hi all,
I need to run a query that would return all users with sa privileges at a server level. Sysusers has the db users for each individual databaase. But I need to list all sa users and the databases they have rights to. Looks like I may need a cursor...not sure. If any of you can help me build this query, I would really appreciate it. Thanks.
I have a nightly job that restores a production database to a reporting server. I have some report- related stored procedures
that need to run on the reporting server once the database is restored. However, during the restore, the permissions for the
reporting stored procs get deleted and replaced with the production permissions, which are useless in this case.
Is there a script or system stored procedure I can schedule to run after the nightly restore that will also restore user
permissions? Thanks, Frank.
Hi, Does anyone has a script to get user permissions on all tables?
Thanks
Hi,
I newly created one database (using creat database testdb ). After that i created login name and password for that database ( using create login login1 with password = 'pass1'; use testdb; command) and i created user for that login name ( using create user user1 for login login1 command).
Then i connected testdb database using login1. But when i trying to create table in that database, it thrown error. Anyone please tell me that how to assign all privileges to the user user1?
Sathish kumar D
hello, i have a problem in my sql. im using a stored procedure and i want to get the newly created id number to be used to insert in the other table.it works like:insert into table() values()select @id = (newly created id number) from tableinsert into table1() values(@id) something like that.
View 2 Replies View RelatedI am trying to execute three dts packages from a Job that I created. When creating the steps I am setting the Type To: Operating System Command(CmdExec).
The Command I am using is: dtsrun /S servername /E /dtsPackageName
For some reason whenever I try to run thes jobs it fails. Within this Job I have three steps. For each step I am using the same job but with a different package name. I have a trusted connection so my command should work just fine. What am I doing wrong. Can some please explain this process.
Thanks
I am trying to create a simple query like this -
SELECT
Column_1,
Column_2,
Column_3,
10*Column_1 AS Column_4,
10*Column_2 AS Column_5,
-- I am not being able to understand how to do this particular step Column_1*Column_5 As Column_6
FROM Table_1
First 3 Columns are available within the Original Table_1
The Column_4 and Column_5 have been created by me, by doing some Calculations related to the original columns.
Now, when I try to do FURTHER CALCULATION on these newly created columns, then SQL Server does not allows that.
I was hoping that I will be able to use the Newly Created Columns 4 and 5 within this same query to do further more calculations, but that does not seems to be the case, or am I doing something wrong here ?
If I have to create a new column by the name of Column_6, which is actually a multiplication of Original Column_1 and Newly Created Column_5 "I tried this - Column_1*Column_5 As Column_6", then what is the possible solution for me ?
I have tried to present my problem in the simplest possible manner. The actual query has many original columns from Table_1 and many Calculated columns that are created by me.And now I have to do various calculations that involve making use of both these type of columns.
Hi
I had DTS the Northwind sample database from SqlServer 2000 to 2005. It's went ok and no errors. Then, I created a SP named upGetCustomer, bascially it queries the Customers table and list some of it's fields and order by CustomerId,CustomerName, Country decrementally. SP is so simple and has no errors.
Then, I created a SqlServer project in VS2005 using C#. Add store procedure class as below,
using System;
using System.Data;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using Microsoft.SqlServer.Server;
public partial class StoredProcedures
{
[Microsoft.SqlServer.Server.SqlProcedure]
public static void Customers(string customerid)
{
using (SqlConnection sqlConn =
new SqlConnection("context connection=true"))
{
sqlConn.Open();
SqlPipe sqlPipe = SqlContext.Pipe;
SqlParameter param = new SqlParameter("@custId", SqlDbType.VarChar, 5);
param.Value = customerid;
SqlCommand sqlCmd = new SqlCommand();
sqlCmd.CommandType = CommandType.StoredProcedure;
sqlCmd.CommandText = "upGetCustomer";
sqlCmd.Parameters.Add(param);
SqlDataReader rdr = sqlCmd.ExecuteReader();
SqlContext.Pipe.Send(rdr);
}
}
I had taken method of created SQLCLR from source in Microsoft website, but coding is mine, and hopes it is correct. I used SqlConnection string as 'context connection=true' which I still not quite sure what does it means, hopes it mean current connection I am using on my Windows authentication.
The project did compiled & deployed OK on the VS2005 side.
The problem is that when I tried to locate the assembly on the Sql Server 2005, but can't find it anywhere on Sql Server.
I did try complied and deloyed again, it keeps saying there is an error in deployment as customers assembly is already exist on the database. I then, tried to remove this assembly on the database using SQL script, drop assembly customers in the Northwind database but got error saying it does not exist. So where is it???
Please help...
Thank you
Hi,
I have created a bunch of tables in the Master db by mistake.I want to drop those tables.Please tell me away to drop those.
Thanks!!
I'm trying to list everything (tables, view, procedures, functions, etc.) that was created by users in a database.
The query which seems to eliminate the most SQL system type objects is shown below.
SELECT *
FROM sys.all_objects SAO
WHERE SAO.is_ms_shipped = 0
order by SAO.type, SAO.name
This still includes some non-user created objects, like the below. See the attachment for details.
fn_diagramobjects
sp_alterdiagram
sp_creatediagram
How can I get rid of these type of objects without filtering on SAO.name LIKE...
Hi,I have installed sql server 2005 express on a Windows xp system with windows authentification. I did this with my administrator account (dan). When i start sql server management studio, i see: user name: myserverdan .Now i want to create a new login, so i rightclick on 'logins' in 'Security' of 'Database'. I take an existing windows-account, but when i click on OK, i get the error: user does not have permission to perform this action (error 15247).I also tried to delete a login, but same error.Any help would be appreciatedT.
View 2 Replies View RelatedI am trying to use a query analyzer to perform a task and I keep getting this message....how do I get around this?
View 1 Replies View RelatedHello Everyone,
I need your input. When, if ever, should programmers be given the 'sa' login. The reason that I ask is because a group of three developers have approached me asking for the 'sa' login so they could write stored procedures and do some database level tasks. I am relatively new to data admin and I am under the opinion that I should probably just alias their login to 'dbo' on the one database that they are developing their app for.
What do you guys think about this.
Thanks in Advance,
Terry
I try to attach a database mdf file to Microsoft SQL server 2014 on Amazon Elastic Computing Cloud, EC2, but fail with the following message, "User 'guest' does not have permission to run DBCC checkprimaryfile. (Microsoft SQL Server, Error: 2571)" The ID I use to REMOTE login has administrator rights and I have chosen to "run as administrator"
View 1 Replies View RelatedHere is the simple script, which generated the user and user permission and can be transferred to another database. I think it may useful for new DBA. I just wrote it 2 days ago.
-----------------------------------------------------------------
declare @login varchar(20),
@db_user varchar(20),
@role varchar(30),
@role_mem varchar(30)
print 'USE '+ db_name()
print '-------------------------------------------------------------'
print '--Granting current DB access'
print '-------------------------------------------------------------'
declare add_user cursor for
select b.name as 'login', a.name as 'db_user' from sysusers as a inner join master..syslogins as b
on a.sid = b.sid and b.name <> 'sa' order by a.name,b.name
open add_user
fetch next from add_user
into @login, @db_user
while @@fetch_status = 0
begin
print 'exec sp_grantdbaccess '+''''+@login+''''+','+''''+@db_user+''''
fetch next from add_user
into @login, @db_user
end
close add_user
deallocate add_user
print '-------------------------------------------------------------'
print'--Adding role'
print '-------------------------------------------------------------'
---------add role
declare add_role cursor for
select name from sysusers where issqlrole =1 and gid <> 0
open add_role
fetch next from add_role
into @role
while @@fetch_status = 0
begin
print 'exec sp_addrole '+''''+@role+''''
fetch next from add_role into @role
end
close add_role
deallocate add_role
----------add role members
print '-------------------------------------------------------------'
print '--Adding role members'
print '-------------------------------------------------------------'
declare add_role_member cursor for
select g.name as 'role',u.name as 'name'from sysusers u, sysusers g, sysmembers m
where g.uid = m.groupuid and g.issqlrole = 1 and u.uid = m.memberuid and u.name <> 'dbo' order by g.name,u.name
open add_role_member
fetch next from add_role_member
into @role_mem,@db_user
while @@fetch_status = 0
begin
print 'exec sp_addrolemember '+''''+@role_mem+''''+','+''''+@db_user+''''
fetch next from add_role_member
into @role_mem, @db_user
end
close add_role_member
deallocate add_role_member
Sanjeev shrestha
hi,I am getting the following error while trying to add a remote server.The user does not have permission to perform this action.The command i used is:exec sp_addlinkedserver 'remote_server_name'What is the solution?Regards,Kalaivanan.
View 1 Replies View RelatedHi All
I kind of hit the wall with this message.
Here is what I do:
select * from sys.dm_db_index_physical_stats(24,null,null, null, null)
My server is 64 bit 2005, sp2.
That's the message I get.
I am loging int as Administrator.
Does anybody know what needs to be done?
Dear,
What minimum permission do i need to grant to a Remote Login to create a linked server.
Regards
Sufian
I am trying to create a simple query like this -
SELECT
Column_1,
Column_2,
Column_3,
10*Column_1 AS Column_4,
10*Column_2 AS Column_5,
-- I am not being able to understand how to do this particular step Column_1*Column_5 As Column_6
FROM Table_1
First 3 Columns are available within the Original Table_1
The Column_4 and Column_5 have been created by me, by doing some Calculations related to the original columns.
Now, when I try to do FURTHER CALCULATION on these newly created columns, then SQL Server does not allows that.
I was hoping that I will be able to use the Newly Created Columns 4 and 5 within this same query to do further more calculations, but that does not seems to be the case?
If I have to create a new column by the name of Column_6, which is actually a multiplication of Original Column_1 and Newly Created Column_5 "I tried this - Column_1*Column_5 As Column_6", then what is the possible solution?
I have tried to present my problem in the simplest possible manner. The actual query has many original columns from Table_1 and many Calculated columns that are created by me. And now I have to do various calculations that involve making use of both these type of columns.