Is there a kind of log to trace the change on DB user, such as when the password/permission is changed, etc. If yes, how can i get this log; If no, is there a way to achieve this thing?
Is there anyway I could run an Audit trace on SQl Server which records SQL Server System Admin Login/Logout , failed login and machine names I don't want the trace window to show on screen however would like a file generated for later viewing. Also due to Firewall issues we have, We don't have SQL tools enabled to connect to that server.
With SQL Server 2005 there is an option to grant a person access to Profiler for tracing SQL. This is done with the "GRANT ALTER TRACE" statement. The statement has to be executed at server level i.e. the master database.
The user in question only has access to certain databases on that server. The security problem that arises is that with the Profiler rights active, he can see the sql commands that are executed on the databases he has no rights for. Those SQL commands are executed by others users.
How do I configure security rules so that the person in question can use Profiler, but can only see the SQL statements that are executed on the databases he has the rights for? TIA!
SUPPOSE A THIRD PERSON WHO (MODIFIES THE STRUCTURE OF A TABLE) OR (DOING SOME MODIFICATIONS ON A CERTAIN COLUMN), HOW THE SQL SERVER DBA WILL FIND WHO HAS DONE THIS. WHETHER THESE MODIFICATIONS WILL BE STORED IN SYSTEMS TABLE?. THIS IS MY QUESTION. CAN ANYBODY GIVE SOLUTION TO THIS PLEASE?. THANKS ---- Srinivasan.
Does anybody know how to trace user activity after they log off from the SQL Server 6.5? I know SQL Trace is able to trace the user activity in real time.
I need to change my security settings from "Windows NT Only" to "SQL Server and Windows NT". Does anyone know of any issues with doing this? Does this subtract anything or does it only add access??
How do you handle user level security with SQL Server 2005?
Say I have an HR database.
In Active Directory I have two groups: Managers, Employees.
Now in this HR Database I want to setup permissions in such a way that Managers can see all employees under them (but not other managers) and the employees can only see themselves.
(I'd have various levels of management defined in a table somewhere, so that each employee has a manager ID that links to another employee so that the CEO would be manager of everyone by working down the chain).
What I'm trying to understand is the best way to handle the permissions.
I'm not entirely clear on how to deal with that.
Would I use user chaining to do that, I wouldn't need impersonation (that's just for instances where you want dynamic SQL and it won't execute with user chaining, correct?)
Anyway, just looking for some general direction on this (obviously I need to get a good book it would seem).
Would I create a stored procedure that runs with EXECUTE AS permissions so that I'd have a non-interactive login it uses that has table access then all the other users have permission to execute the sproc?
So that sproc runs, pulls back a SELECT * FROM tbl_HRINFO and using a WHERE constraint limits who is returned WHERE SupervisorID = CurrentLoggedInEmployeeID ?
Also: How can I determine who is logged in and running the procedure, would the sproc use the SELECT USER_NAME command to see who was running it?
As you can see, I'm working from square one on all of this. Not sure if my posting entirely made sense, but hopefully someone can get me pointed in the right direction, thanks!
I am just getting ready to move a system to production using SQL 2005 and SQL Mirroring. The problem that i have is when the databases fails over my connection string user account losses its rights on the DB untill i run the SP_CHANGE_USERS_LOGIN script. I have been trying to come up with a method of getting around this so far the only fix that i have is to make my user account sysadmin but this is far from ideal for production, does anyone have any ideas i was thinking that changing the SID of the User so that they match might get over the problem.
Can the user change their password in Enterprise Manager? When they follow the documentation, this does not seem to work unless they are sa: (I know about sp_password....we are trying to find a GUI method for typical user.)
Expand a server group; then expand a server. Expand Security; then click Logins. In the details pane, right-click the login to modify, and then click Properties. In Password, on the General tab, enter a new password. Confirm the password.
My SQL servers are using integrated windows nt security. Our user account is changing to a new domain. Is there an easy way to change the server logins to point to the new domain instead of removing the user and adding a new login from the new domain.
I'm trying to automate the creation of a databse and a User/Login but i'm running into problem with a conflict between a new user to which i'm trying to assign a WindowsLogin which is already linked to the dbo. (SQL Server 2005)
Is there a way to reassign the dbo's LoginName to some othe user
Here the code
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'ABC') BEGIN declare @cmd nvarchar(max) set @cmd = 'CREATE USER [ABC] FOR LOGIN ' + @WindowsLogin + ' WITH DEFAULT_SCHEMA=[Shared]' exec(@cmd) END
Which give me the error
Msg 15063, Level 16, State 1, Server SR-DEV-GOI1, Line 1 The login already has an account under a different user name.
The script is running under the @WindowsLogin in question !
Is there an automatic way of changing the Domain user password getting used for running the SQL Server as a Domain user account? I'm taking about EM---Security----Domain User name and the password getting used for running the SQL Server?
I tried to cahnge this account option to built in account option in SQL ( MSSQLSERVER) properties box. Then SQL Server was log on as Local system. But then I can not view my reports which i created. Now I changed it again to this account option. but I dont exaclty remember the password. Is there anyway I can get to know the password I created.
Right now the default folder is Home, what if I have two users User1 and User2, my folder structure is the following - Home/User1 Home/User2
I want each user to only have access to their folder. That is easy to do.
Once both users have proper access to their folders they still don't have access to Home folder. In Report Builder when I do 'open file' it defaults to Home folder so I get an error. How can I specify the home folder to be User1 for that user and User2 for the second user? I know I can give them both browsing permissions to Home but it's not very elegant.
There must be a way to programmatically change the folder as soon as proper user logs in. Anyone knows how to do that?
Usually all the user datatypes in our databases have the owner dbo. One has a few that are owned by a user with dbo rights. I am trying to change them to dbo owner. Sp_changeobjectowner gives 'object does not exist'
Is there a way to change the physical mapping of a user defined data type to the physical SQL Server datatype. It seems that once you create them, it is just about impossible to change it.
I saved a simple export/import package from the import/export wizard to a .dtsx file/package. Now I want to change the package to delete/truncate all of the tables before adding data. (since this has 80 tables it would have been a pain to edit each of them individually)
How can I easily go about doing this with the SSIS package. I can't find out where this would actually be executed.
Also, how can I actually view the code behind the SSIS package.
I wrote a simple SSIS package that runs a batch and a stored proc. They both run fine. I can see the stored procedure run and in process under task manager I see the batch run. However I don't want the batch to run under the System account, how can I change to another user. Thank you.
Hello. I am using SQL Server Management Studio (SQL 2005) and created a daily backup job. Inside the job, i have an "Operating system" step to copy backuped up files onto another directory. However, the job kept on failing with an error "Executed as user ... Access is denied." With this error, how can i change the user used to execute the job? Thanks.
Hello, I am working on a project that involves one part where a field's value needs to be changed when the user updates the record. Here is the situation in detail: There is an InputData table where the user enters new records or changes existing records. There is a field called "calculated" in this table which has a default value of 'no'. A stored procedure runs math calculations on all the InputData records where the calculated field = 'no'. At the end of this stored procedure, it sets the calculated field = 'yes'. When new records are added by the user their "calculated" field value is 'no' by default so that the next time the stored procedure is executed, it only runs the math calculations on the new records. The problem is, if a user changes an existing record, the "calculated" field needs to be changed from 'yes' to 'no' so that the stored procedure recalculates the math for the modified record. How do I change the value from 'yes' to 'no' on records that the user modifies? Thanks.
I’m working with a team of programmers who are in the process of upgrading an older ASP application to ASP.NET 2.0 (VB). The existing application connects to the SQL Server Database using different Logins, depending on the User logged into the ASP Application.
We are hoping to do the same using ASP.NET 2.0, although we haven’t been able to find a simple solution. The most feasible solution we have found includes programmatically trapping all the Selecting etc events and changing the SqlConnection at run time. This allow for ease during Designing of the Web Pages, but implementation requires adding code to each web page (>100 pages).
We are hoping there may be a simple solution which can be implemented once for the application where the event can be trapped at the application level, and the SqlConnection set at this point. Or possibly another type of solution such as creating a new class etc that can be used?
Does anyone have a simple solution where the username / password for the Database Connection can be set at run time?
We have a database that originally had all objects owned by a vendor id. We are in the process of changing the ownership to 'dbo' and wish to remove the vendor id but have found there are a few user defined datatypes that are also owned by this vendor id. How can I change the ownership of them to 'dbo'? They are currently being used in some of the tables. I tried the sp_changeobjectowner but that doesn't work for these.
Hi GuysWonder if you could help me.Basically I produce an accounts package that uses a SQL 2000 DB as theRDBMS. I always instruct users to login as 'sa' and the relevantpassword when doing an update to my program, as sometimes I need to dodatabase changes for new stuff.Found that one of my users has not only logged in with their loginname (in this case Edward), but have also made this login a 'db owner'so that when I created 2 new user-defined data types they belong toEdward rather than dbo.This must have happened a long time ago, but now that they want tomove Edward round the roles and/or delete him from a copy of thedatabase that they have, they can't because he's the owner of theseuser-defined types.This brings me to the reason for my post, how can I change the ownerfrom Edward to dbo for these data types? I found an article ontechnet of how to do this, but when it suggests changing myuser-defined type to standard format it doesn't seem to work.Any ideas?RgdsRobbie
We have a a DTS package set up to run against another SQL Server. Using an integrated login is there a way to map an NT Authenticated users is the sql server login id mapping to this attached server. The DB we are going against only uses NT authentication to attach to.
I have an asp page that currently is creating a database and a userlogin for that database. After everything successfully (I thought)executed, I tried to change my connection properties for the serverand then login as this new user. It wouldn't allow me to, so I loggedback in as the administrator and looked at the properties for the newlogin. On the general tab, it had the user's default databasespecified as the new database that I had created in the asp page, butwhen I went to the database access tab, the database was not selected.So, I'm not sure how to set that in my script. I've done somesearching in BOL, but I can't figure it out. Also, if there's a wayto do this in a query, or stored procedure, will it also specify whattype of role the user has (public, db_owner, etc.)? Thanks.
I was just analysing the security which can be given to different users to access respective databases. So i tried, on my local server, to deny permission to myself to access Model database. After this i am not able to connect to my local server at all. Error: Permission denied. I am using windows authentication mode.
I have also deleted the local server registration, and re-registered it, but still the condition is same. Do i need to uninstall SQL Server completly to get rid of this prob.? I also registered a new data server, and there every thing is going fine. So now what do i do to get connected to my local server.
In some our dotabases I can see Schemas created with the same name as Domain User name (domainusername). Schema owner for those schemas is not dbo but the same user as in schema name. How this happens? Is any way to prevent or prohibit this?
What is the easiest way to find out what objects a security login has mapped to it? Something that would show all the explicit grants a specific user has.