I created a new login and then created a new user [COM] in DB with default schema pointing to [COM]
I created then schema [COM] WITH AUTHORIZATION [COM]
I want this [COM] user to have all permissions it needs on [COM] schema only. How do I do that? When I try to create table [Com].Table it gives me permission denied.
What am I missing?
After SQL Server 2005 Database Engine is installed by domain administrator, how to give permissions to a regular domain user so that user can control SQL Server Database service?
View 3 Replies View RelatedI need to do some operations on a table when any user dont work with it.How do i do it?
Do i lock the table? and is it possible?(I dont want to deny permission from a user because cause error)
Can i do it with a open transaction ?
I need to do some operations on a table when any user dont work with it.How do i do it?Do i lock the table? and is it possible?
View 8 Replies View RelatedI have a user who needs access to views like(dbo.viewnameabc1,dbo.viewnameabc2 and so on...) dbo.viewnameabc* and anytime the user creates the view he already have the permission to view those views....
View 3 Replies View RelatedIs it possible to set up the permissions to not allow a specific user to create schemas, but to allow that user to create tables and procedures and functions in one schema, and to create procedures and functions but not tables, in a different schema within the same database?
I need to provide a User with below permissions:
1. Ability to read and write records in tables in both the X schema and Y schema
2. Ability to read metadata about objects in the X and Y schema
3. Ability to execute stored procedures in the X and Y schema
4. Ability to create and update the necessary schema objects used by X, including but not limited to tables, views, and indexes
5. CREATE FUNCTION permission
6. ALTER and EXECUTE permissions on the X schema
7. VIEW DEFINITION permission on the X and Y schemas to enable view export.Â
For the point 1, I will assign db_datareader,db_datawriter database roles to the user
For the point 2, when I have searched web, I found out ReadDefinition permission should be granted. I could find only viewDefinition but not ReadDefinition.
For the point 3, 'USE DataBaseName GRANT EXECUTE TO User; Go' - does this sql suffice?
For the point 4, I am not sure what should be done.
For the point 5, 'USE DataBaseName GRANT CREATE FUNCTION TO User; Go' - I guess this will work
For the point 6, Can I use same SQL as point 3 including ALTER ?
For the point 7, 'USE DataBaseName GRANT VIEW DEFINITION TO User; Go'
Hi all,
I am trying to establish a "sandbox" database for a group of users/developers whereby each user has their own schema and complete control over their schema and only their schema.
I began by creating user logins (Windows Authentication), created schemas for each user where the corresponding login is the owner, and set the schema as default for the user.
At this point, the logins only had "public" and could not create tables. I then granted the Create Table privilege which allowed them to create a table in their schema. However, they could also create tables anywhere else in the database including another user's schema.
How can I set up an enironment where each user has control over just their schema? What permissions would I need to grant and at what level (database,schema, etc.). I also need them to be able to grant privileges on their own schema and/or schema objects.
Any help would be greatly appreciated.
I'm trying to get specific permissions per user on each SQL database, would you let me know if it could be achieved e.g on an object level?
View 5 Replies View RelatedHi,
SQL Server Security is not my strong point so forgive me for asking stupid questions.
I have a bunch of tables and sprocs within a schema 'MySchema'. I have a user 'MyUser' defined in the database.
I would like to give MyUser permission to SELECT from tables and EXECUTE all sprocs in MySchema. What is the simplest way of doing that? Will the following:
GRANT EXECUTE ON SCHEMA::[MySchema] TO [MyUser] WITH GRANT OPTION AS [db_owner]
GRANT SELECT ON SCHEMA::[MySchema] TO [MyUser] WITH GRANT OPTION
accomplish that? (I can't test it out at the moment because our DBA isn't around and I don't have permission)
With best practices in mind - is what I am doing here considered "ok". Any suggestions/comments are welcome.
-Jamie
P.S. Can anyone recommend any documentation that talks about what best practices should be in the use of schemas. BOL is a bit sparse. Thanks.
Hi,
I created a database,login,user and schema like belows.
-- 2. create database
CREATE DATABASE MyTempDatabase;
-- 3. create login
CREATE LOGIN MyTempLogin WITH PASSWORD = '#mytemplogin$',
DEFAULT_DATABASE = MyTempDatabase,
CHECK_EXPIRATION = OFF,
CHECK_POLICY = OFF;
--
USE MyTempDatabase;
-- 4. create user
CREATE USER MyTempLogin FROM LOGIN MyTempLogin WITH DEFAULT_SCHEMA = MyTempSchema;
-- 5. create schema
CREATE SCHEMA MyTempSchema AUTHORIZATION MyTempLogin;
The created user,MyTempLogin, must have permissions that can create tables,drop tables,select,insert,delete,update and bulk insert.
How can I grant permissions to the user?(or schema?)
I failed to grant by T-SQL query.
Additionally, what is purppose of the ROLE? Should I create or use it?
I'm confusing in security concept(login,user,schema,role).
Thanks.
Hi all
I tried using my administrator account to add SQLServer as an ODBC Connection, but for some reason when it tries authenticating it fails and the reason is that the user is not trusted to use that connection. Yet on my account i've created on my domain works perfectly.
I've added a new user in SQL Enterprise manager, but i still get that error.
How do I set the user to be trusted to use the connection?
Any and as many assists on this would be great.
Kr33
Hey guys. I'll have an active/active cluster and seperate accounts for SQL Services and Cluster service. The question is what rights should the cluster account have in SQL if I've removed the 'builtin admins' from SQL? Thank you
I have huge export files in a DB and i need to check if there are any datasets that have the same value in the first column, but a different in another one, via a query of course.
Like this:
ID IS NULL
1 1
2 1
3 0
1 0
The expected ID i get as a result of my query should be 1 in this case.
Hey guys,I'm pretty new to SQL configuration, and I need to give EXECUTEpersmissions for one of the SQL user roles. I am running SQL 2005Management Studio Express - free version. I found the list of mystored procedures, but I can not locate any permissions screen. Cansomeone help point me in the right direction? Thanks!
View 7 Replies View RelatedHow do I grant a specific access to a schema. I have a request to grant a ddl access to a schema called Business_Banking.
View 1 Replies View RelatedI am trying to copy the table data from db to another db, because some tables has XML column with a schema collection, I would like to get difinition of the XML schema collection and create it on the target db, otherwise I will get below error:
Xml columns cannot refer to schemata across databases.
My plan is for those tables with xml column with schema collection, I will:
1. Get all tables/columns that requires xml schema
SELECT t.name AS table_name,
SCHEMA_NAME(t.schema_id) AS schema_name,
c.name AS column_nam,
c2.name
FROM sys.tables AS t
INNER JOIN sys.columns c ON t.OBJECT_ID = c.OBJECT_ID
inner join sys.xml_schema_collections c2 on c.xml_collection_id = C2.xml_collection_id
2. Get table definition
DECLARE
@object_name SYSNAME
, @object_id INT
, @SQL NVARCHAR(MAX)
SELECT
@object_name = '[' + OBJECT_SCHEMA_NAME(o.[object_id]) + '].[' + OBJECT_NAME([object_id]) + ']'
, @object_id = [object_id]
FROM (SELECT [object_id] = OBJECT_ID('TableName', 'U')) o
[code].....
3. Get XML Schema definition
4. Combine 2 and 3.
5 insert into newtable select .... cast(xmlColumnas xml) from OldDB.dbo.oldtable
I am stuck at step 3 now....
--===== If the test table already exists, drop it
IF OBJECT_ID('TempDB..#mytable','U') IS NOT NULL
DROP TABLE #mytable
--===== Create the test table with
CREATE TABLE #mytable
(
EMP_ID INT,
Title varchar(50),
DateValue DATETIME,
TITLE_YEAR INT,
[code]....
I am new to this level of coding in SQL SERVER 2012, but I am looking to update the TITLE_YEAR field in the temp table with the Year the employee is in that title. For example for employee 11127 the data should look like this:
EMP_IDTitle DateValue TITLE_YEAR
3 Senior Consultant 2009-01-01 00:00:00.0001
3 Director 2010-01-01 00:00:00.0001
3 Director 2011-01-01 00:00:00.0002
3 Director 2012-01-01 00:00:00.0003
3 Director 2013-01-01 00:00:00.0004
3 Senior Director 2014-01-01 00:00:00.0001
I have a table :
id + A + B
1 |0,11| 0
2 |0,45| 0,5
3 |0,85| 0,75
I need to calculate the following :
F = 0,85 * ( 1 - 0,75 * ( 1 - 0,45 * ( 1 - 0,5 * ( 1 - 0,11 * ( 1 - 0 )))))
In which F = A3 * ( 1 - B3 * ( 1 - A2 * ( 1 - B2 * ( 1 - A1 * ( 1 - B1 )))))
It seemed quite easy at first glance. I Built it up via string concatenation and thought to execute the dynamic sql with sp_exec and get the result. As I don't like dynamic sql I was wondering If there is any other way..
ALTER PROC [dbo].[Tools_Serial_FE]
AS
BEGIN
DECLARE @IP FLOAT,
@IF FLOAT,
@FE FLOAT,
[Code] ....
I have this query
SELECT top 100 Ltrim([text]),objectid,total_rows,total_logical_reads , execution_count
FROM sys.dm_exec_query_stats AS a
CROSS APPLY sys.dm_exec_sql_text(a.sql_handle) AS b
where last_execution_time >= '2015-04-07 10:01:01.01'
ORDER BY execution_count DESC
But the result of execution count is from the first. I want to know it only one day.
Whenever I am doing reinitialization, publisher table schema is applying at subscriber level
I don't want to apply all changes ...
How can I skip the schema changes for transaction replication ...
I'm looking for a quick script that someone has already written to update statistics (not to rebuild or re-organise) on specific indices in specific databases - I guess loop though a table comprising of a list of databases and the indices.
I know Ola has one but I'm not look for something that is that complicated. If I cannot find one I'm going to have to write one myself - I want to try and avoid re-inventing the wheel as tomorrow I have to do this work and it's about 7K plus indices in about 10+ databases.
This store procedure will get some executable queries from the select statement, the cursor will fetch each rows to execute the query and insert the queries into table_3 to mark as 'E'. Until 17:00, this store procedure will stop execute the queries and just get the queries from select statement insert into table_3 to mark as 'C'.
I don't know why the outputs in table_3 are quiet different than I think. This store procedure comes out with two exactly same queries and one marked as C and another marked as E.
CREATE PROCEDURE procedure1
AS
DECLARE cursor_1 CURSOR FOR
SELECT
'This is a executable query'
FROM table_1
DECLARE @table_2
DECLARE @stoptime DATETIME = NULL;
[Code] ....
Query to show logins that don't have any permissions within the SQL instance? I'm tasked with doing some cleanup and have found some cases where the database was deleted or moved to another server but the logins that used it were not deleted. I'd like to identify them to research.
For instance a query to show logins that have no permissions in any of the existing databases would be handy. I'm thinking it would be complicated by the need to loop through all of the existing databases and then outer join it to the list of instance level logins. Going to try to write something like that but was hoping that a script already exists.
How can I easily identify who dropped a table?
View 8 Replies View RelatedWhat permission is required to run debug feature in SSMS(debug Stored Procedures). This is a development machine and developer requested for this.
EXECUTE permission was denied on the object 'sp_enable_sql_debug', database 'mssqlsystemresource', schema 'sys'.
EXECUTE permission was denied on object 'sp_sql_debug', database 'master'.
Is there any option other than giving sysadmin privilege on SQL?
I have a Windows NT group that is used to delegate certain database responsibilities to other members of staff and I am trying to grant permissions for the members of the group to be be able to establish database mirroring sessions, as in run the following:
ALTER DATABASE <database>
SET PARTNER = 'tcp://principal_server.domain.com:port';
Although the group has db_owner role membership to the user database which grants the ALTER permission on the database, the following is being generated in the error log when they get to this step on the intended Mirror instance after restoring the database correctly in preperation:
SqlDumpExceptionHandler: Process 59 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is terminating this process.
* *******************************************************************************
*
* BEGIN STACK DUMP:
* 10/29/15 11:16:15 spid 59
*
*
* Exception Address = 00007FF9A6AF838C Module(sqlmin+000000000003838C)
* Exception Code = c0000005 EXCEPTION_ACCESS_VIOLATION
* Access Violation occurred reading address 00000000000000D8
* Input Buffer 210 bytes -
* alter database <redacted> set partner = '<redacted>';
As you can see, the statement is denied to the user. There are no issues with the database as I am able to run the same query successfully using my own sysadmin account after the failed attempt. What other minimum permissions the group might need to successfully enable them to setup a mirroring session?
I am getting the error:
Cannot open database "aspnetdb" requested by the login. The login failed.
When I browse to my ASP.NET 3.5 LINQ web application on the IIS 6.0 server on Server 2003.
I imagine this is because while I granted SQL Server 2005 login and permissions to my database that the application stores its data in, I did NOT grant any rights to the service account the IIS Application Pool uses for its identity to the aspnetdb database on SQL Server which is where all my roles information is stored at.
My question is what are the MINIMUM permissions needed for this database so it can perform its roles related functions?
I'm using Windows Authentications with the SQL Role provider for authorization.
Thank you.
EDIT: I think I only need to open the aspnetdb database and add my login to the aspnet_Roles_FullAccess role. Is that correct?
If you were to do a fresh install it would set permissions on the disk so everything just works.
Now when changing the service account (e.g. to a domain user) use the configuration manager, does it do the same magic (possibly sans if the database data/log files are on another disk)? Or do you need to trawl through the dozens of folders and assign rights manually?
do the following steps:1:Use Manage Studio login the server with Integrated security.2:Create a dabase named testdb;3:Create a SQL Server login named amber ,and set it to be dbowner oftestdb;4:Create a SQL Server login named guxiaobo ,set it's default databse tobe testbd,and in the testdb databse map login guxiaobo to userguxiaobo;5:Close Manage Studio and reopen it ,this time use login amber log tothe server.6:In database testbd create a databse role role1 owned by dbo;7:In database testdb create a schema schema1 owned by dbo;8:Set user guxiaobo to be member of role1,and set guxiaobo's defaultschema to be schema1;9:In the schema properties-schema1 dialog choose permissions,in theusers or roles listview I add role1 to it.in the explicit permissionsfor role1 listbox,I choose select /update/insert/delete/view definitiongrant checkboxes.and apply the selects.10:In the schema1 schema I create a table:create table a(a int ,bvarchar(10));11:In the dabase role properties-role1 dialog choose securables panel,int securable listview I add the schema1.a table( choose all thecolumns of table a for all permissions),and in explicit permissions forschema1.a I choose all for grant ,then apply the selects.12:Now I use login guxiaobo to log into dabase and issue "select * froma",but got a error msg saying guxiaobo has not enough permission toselect form table a.Does anyone has found anything I missed?
View 6 Replies View RelatedI am having a problem restricting write access to tables in my database.In my database I have a table called, for the sake of argument, 'TableX'.In my SQL Server Logins, I have set up a login for 'Domain Users' using NTauthentication, and a login called 'FullTableX', using SQL Serverauthentication.I have added two users to my database relating to the above logins.I have added a role to my database called 'ReadTableX' with 'Domain Users'as a member of this role. 'ReadTableX' has SELECT permission only on arestricted set of tables.The only other role that 'Domain Users' is a member of is 'public', and'public' has no permissions on any of my tables.The user 'FullTableX' is a member of 'public', 'db_datareader' and'db_datawriter'With the above settings, I would expect user 'FullTableX' to have fullaccess (Select, Insert, Update and Delete) on all my database tables (so farso good), but any user connecting to the database with NT authentication(via ODBC System DSN) should only have read access to the limited set oftables. However, what is happening is that NT authenticated users also havefull access to all of the tables.What am I missing here??
View 3 Replies View RelatedI need to give to my user a very specific permission and I don't know how to do that. My user can only use some stored procedures and see some views. OK, no problem with that.
Than he must see only column names in some views that he doesn't have select rights . To be more exact I want that user to use C# GetSchema from ADO.NET 2.0. If it isn't possible I will create view which contains these names, but it would be really nice if it could be done on security level so I can program some schema discovery on application level.
I would be gratefull for any help - this application is part of my master degree work.
Hi all,
does anyone know of a way in which you can backup and restore objects that belong to a specific schema?
So in this example, I€™d want to only back up and be able to restore the tables that belong to schema 1, leaving Schema2 stuff alone.
--DB
----Schema1.Table1
----Schema1.Table2
----Schema2.Table1
----Schema2.Table2
Thanks in advance,
Andy.
EDIT: I forgot to add that I want to backup the tables and the data contained within.