Hi,
I have an SQL Server 7.0 database running on a Windows NT server.I would like to know if there is any way to track the user(s) who are accessing the database.
i.e Is there any way to find out details of users who have accessed SQL Server through either the Query Analyser or through the Enterprise Manager(either by using the SQL Log or the Event Log of NT or any other method).
TIA
winash
Hi:
Can anybody tell me the advantage and disadvantage to use NT security for SQL Server 7.0? For a corporation with 400 users, what is your recommendation for the SQL Server security management. Thanks.
Joan
I use from sql server 2008. and c#
what is the best connectionstring?
I don't know if i use Persist Security Info and Integrated Security or not?
And if yes then their value must be true or false?
Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.
View 9 Replies View Related
Hi,
I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.
The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says:
Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.
For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;
in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.
My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?
The article also says:
"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."
So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.
I can only get one result at a time but not both:
either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.
Your help is highly appreciated!
Desperate developer
hi i want to know what is the differance between
Persist Security Info=False;Integrated Security=Yes;
Is there any possibility to schedule SQL job execution as Windows Security Group? I need to run powershell script through SQL job with one of this group member's permissions.
View 4 Replies View RelatedI have Sql Server Express installed on Vista (service pack 2)
I have Visual Studio 2005 with an application that I'm trying to access it with within a WCF service.
The login ID of the service is added to the database.
The database has remote access turned on.
The ID is granted access to all databases within the server.
The thread is being set with WindowsProvider and the services set their thread to WindowsProvider.
The dataserver is set with using Windows Authentication for security.
When I open my connection to the database, though, it reports the typically useless message that the connection is not allowed and that the server may not allow remote connections.
How to I get past this? I've done everything right.
I want to use an Active Directory security group that is a Distribution List for a new role assignment for an existing report. Can someone tell me if this is possible? I get an error each time I try:
The user or group name <DLName> is not recognized. (rsUnknownUserName)"
We have experienced an issue with back backup / restore of a database originating from SQL Server 2000 to SQL Server 2003.
We have the following setup:
SQL Server 2000
- DatabaseA
- asdfUser (SQL User)
- asdfUser is (dbowner) of DatabaseA
- DatabaseB
- asdfUser (SQL User)
- asdfUser is (dbowner) of DatabaseB
SQL Server 2005 Standard
-asdfUser is NOT Setup as a user yet.
-We restore DatabaseA and DatabaseB to the SQL Server 2005 Standard. The databases are restored with the security permissions of asdfUser being the DB Owner of DatabaseA and DatabaseB.
-We create a new SQL user named asdfUser on the SQL Server 2005 box. We then try to add the UserMapping of DBOWNER for the DatabaseA and DatabaseB. We receive an error message stating that the asdfUser already have permissions to the databases. We proceed with the user creation without those permissions.
-We proceed to the login properties of the asdfuser and view their UserMappings. The asdfUser does not have access to DatabaseA or DatabaseB. We then add the UserMapping of DBOWNER to both DatabaseA and DatabaseB. We Try to select OK and we receive an error message that states that the user already has those permissions.
-When we query the UserID's of the asdfUser that is in the database and the UserID of the asdfUser that is created, they are two different values.
I assume this is a bug... any word on a fix?
Hi folks,
I have created an EndPoint in SQL Server 2005 as per the code below.
CREATE ENDPOINT OSTC_LMS_Endpoint
AUTHORIZATION LMSEndPointUsers
STATE = STARTED
AS HTTP(
PATH = '/ostc_sql_endpoint',
AUTHENTICATION = (BASIC),
PORTS = (SSL),
SITE = 'OSTC-DEV-001'
)
FOR SOAP (
WEBMETHOD 'ostc_SQLSoapTester'
(name='OSTC_LMS_06.dbo.ostc_SQLSoapTester',
FORMAT = ROWSETS_ONLY,
SCHEMA=STANDARD),
WSDL = DEFAULT,
LOGIN_TYPE = MIXED,
SCHEMA = STANDARD,
DATABASE = 'OSTC_LMS_06',
NAMESPACE = 'http://tempUri.org/'
)
GO
USE master
GRANT CONNECT ON ENDPOINT::OSTC_LMS_Endpoint
TO [LMSEndPointUsers]
GO
USE master
GRANT CONNECT ON ENDPOINT::OSTC_LMS_Endpoint
TO [ostc-dev-001endPointUsers]
GO
-----------------------------------------------------------------------------------------------------------------
The SPROC being exposed as the webmethod: -
USE OSTC_LMS_06
IF EXISTS (SELECT name FROM sysobjects
WHERE name = 'ostc_SQLSoapTester' AND type = 'P')
DROP PROCEDURE ostc_SQLSoapTester
GO
CREATE PROCEDURE ostc_SQLSoapTester
@UsersId char(12)
AS
SET NOCOUNT ON
SELECT FIRST_NAME,FAMILY_NAME
FROM USERS
WHERE USERS_ID = @UsersId
GO
USE OSTC_LMS_06
GRANT EXECUTE ON ostc_SQLSoapTester
TO LMSEndPointUsers
GO
USE OSTC_LMS_06
GRANT EXECUTE ON ostc_SQLSoapTester
TO [ostc-dev-001endPointUsers]
GO
----------------------------------------------------------------------------------------------------------------
The computer in question is our dev server and is running as a workgroup machine with the following: -
Win Server 2003
SQL Server 2005
.net Framework 2.0
No firewalls or Proxies are in the way.
The computer has to be as a workgroup machine to reflect our live server.
The user LMSEndPointUsers is a SQL Server Login
The user ostc-dev-001endPointUsers is a machine login
We have employed the Security class as per the information given in the SQL Server documentation with the intention of using the WS-Security headers that apparently are to be used when trying to authenticate using a SQL Server login.
----------------------------------------------------------------------------------------------------------------
Code used to connect and try and reciev the dataset.
string sUserName = "userName";
string sPassword = "Password";
LMS_Endpoint.OSTC_LMS_Endpoint wsSQLTester = new LMS_Endpoint.OSTC_LMS_Endpoint();
SqlSoapHeader.Security sqlSec = new SqlSoapHeader.Security();
sqlSec.Username = sUserName;
sqlSec.Password = sPassword;
XmlWriter writer = XmlWriter.Create("Security.xml");
writer.WriteStartElement("security");
sqlSec.WriteXml(writer);
wsSQLTester.sqlSecurity = sqlSec;
DataSet dsMySet = wsSQLTester.ostc_SQLSoapTester("RH6915145507");
Basically authorization is denied 401.
Hope someone can help here as have tearing my hair out.
Thanks in advance
My SQL 7.0 server is currently querying the SAM database on the PDC for Windows NT authentication. How can I force it to use the SAM database on the server(BDC) that I specify?
View 1 Replies View RelatedHere is my Problem:
1. I have sql 2008 R2 running on my LocalHost.
2. Created Data Base [Customer].
3. Created Linked Server [CUSTOMERLINK] USING Microsoft Jet 4.0 to link to Drive F:Data which has DBF files in it.
4. Create dbo.Customer_Upload Table.
5. INSERT INTO [Customer].[dbo].[Customer_UpLoad]
([Name],[Email])
SELECT
NAME,EMAIL
FROM [CUSTOMERLINK]...[CUS]
All this works fine. I can even put it in to an After Insert Trigger on another table and it works.
My problem is that I need this to work in a scheduled job.
F:Data is just a folder with files in it.
This info is from a Restaurant POS system and I need to update it every night.
I have tried every which way to to setup the security issue as there isn't any login security on the folder and SqlServerAgent wants security.
If we have a "pool" SQL login, a one that uses SQL Server authentication, and this login is used by different domain account to access SQL Server, is there a way to audit which domain account used that "pool" login to do something on a object in SQL Server? I have to keep this way of accessing SQL Server, so how to create a login for every domain account accesses SQL Server
View 7 Replies View RelatedIs there anybody out there with a MS SQL 2K Security Baseline orSecurity Checklist. Where can I get one????Thanks in advanceDavid
View 1 Replies View Related
Hi;
I am looking for a way to log all security related events for SQL in Windows Security Log. I am trying to use SCOM for monitoring SQL and I am looking at ways to generate alerts in my SCOM Console for specific events in SQL e.g. A table is deleted, user is modified, deleted, etc. Is this possible and if yes how do I achieve the same?
Rgds;
In an environment where there are many initaitors speaking to a central target with frowarders in between, from what i can understand this best policy is to disable encryption on the endpoints, since dialog encryption will be enforced this is all that is really required, is this correct.
If the endpoints used encryption the message would need to be encrypted and decrypted at each forwarder resulting in slower perfromance, where as dialog encryption would only encrypt at the sender and decrypt at the target, so is this the best way to go?
Secondly is it best practice to open a dialog initally and send messages over this dialog for years never ending the conversation? This way the services only have to authenticate eachother once, if there are no reboots etc that is of course.
I would think performance wise sending each message and ending the conversation each time is a much greater overhead ? So would it be best practice to keep dialogs open and keep sending messages ?
Initally when i was learning service broker i thought that one must send a message and end the dialog until the next message, but i think the other way is the best option ?
Is this correct ?
Thanx
Hi
I'm designing a distributed application where I will have SQL Server 2005 distributed databases replicating data to my central hub which is again a SQL Server 2005 database using SQL Service Broker. Data will be sent from the central hub to the distributed sites and vice versa. I need to authenticate the communication and also secure the communication by encrypting the messages. Which security shall I use? Where do I configure the type of security being used? What is the difference between transport security Vs dialogue security - Full security model?
Thanks
Hello.
We are building an ASP application with a SQL Server 2000 as a backend. I am working on SQL Server Security. The ideal picture of security is: only database administrators have permissions to alter and create database objects and all DML permissions; developers have permissions to create new stored procedures, but do not have permissions to alter any of the stored procedures that were created by dbo; all other access should be through the application roles. My biggest problem is assigning permissions to the developers. How can I modify DDL permissions?
Any helpful literature, online documentation, or personal suggestions are greatly appreciated.
Thank you,
Anastasia
I'm using SQL Server 7.0 with MS Access 2000.
I have four users: A,B,C,D
They have an application named Projects
All four users enter their projects into the Projects application. All four users need to see all projects in the Projects application, but user A can only modify the projects he has entered into the Projects Application and user B can only modify the projects he has entered into the Projects Application.
If the Manager locks a project, then it can still be seen in the application but certain fields of the project can not be changed.
How do I setup SQL Server security for this application?
Wondered if someone might be able to help me with the following problem.
We have a SQL Server 6.5 set to use standard security, however the developers are still able to register the server using Integrated Authenication & whats more worrying is that they seem to then have sa rights!!
Research with BOL & other sources have shown me a way to disable all trusted connections but this would also disable the Enterprise Manager as it uses a trusted connection?
What does this all mean?? Is this really a security loop hole with ver.6.5? or am I missing something?
Thanks in advance.
Mujeeb H Moosavi
SkyBridgeGroup plc
Database Administrator.
Hi,
just a quick thought on the following from anyone would be great.
I have been asked to provide Enterprise Manager to non ICT staff so that they can use the table view to edit data.
It strikes me that untrained staff with this tool could be a bad combination?
I want to install Access instead but am likely to get over ruled at a higher level. What arguements, other than :eek: and 'no way' can i put up or is it common practice to let anyone use EM?
TIA
I have problem regarding logins in SQL Server 2000.I have created login named tina with SQL Server Authentication and I have given him access to only pubs DB.I have also checked these fact by checking Users for each DB, e.g Northwind.It does not have entry for the account tina.But when I go to Query Analyzer and log in using the tina accnt,I am able to access all the DBs for e.g Northwind.
How is these possible.Pls help
Thanks in Advance
Is this possible? if yess how can i implement this?
At the time of the initial login,(Via web) the user should be forced to change the password to a unique and proper password known only to the user. The new password should be stored in the database in encrypted form so that even a Database administrator will be unable to read. (The administrator could reset the password, after which time the user would know a change occurred if the request to change was not authorized.)
Dear allI had a problem connecting to my website (through lan) from other machines in the company here.I googled some and figured out that I have to change the security settings of aspnet in my sql server express 2005.I did as suggested and now its workingMy question is - what should be the real security settings for aspnet on my sql server ?Should I really add it to the sysadmin ? (what solved the problem....) Guy
View 3 Replies View RelatedI develop a program on my new server in asp.NET. My Developing Studio is on the server. The program access data through my SQL Server on the same server. When I run the program with the Developing Studio the program runs and access data perfect. When I try to access the same file/program from the internet I get the following error in the browser. I don't know what the problem is. How can the program work when the Studio access it, but not when a browser access it.I am using the following statement to access the SQL Server:Public Conn As New SqlConnection("Data Source=wdc168;Initial Catalog=tblusers;Integrated Security=SSPI")I am getting the following error:SQL Server does not exist or access denied. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: SQL Server does not exist or access denied.Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [SqlException: SQL Server does not exist or access denied.]
System.Data.SqlClient.ConnectionPool.CreateConnection() +402
System.Data.SqlClient.ConnectionPool.UserCreateRequest() +151
System.Data.SqlClient.ConnectionPool.GetConnection(Boolean& isInTransaction) +386
System.Data.SqlClient.SqlConnectionPoolManager.GetPooledConnection(SqlConnectionString options, Boolean& isInTransaction) +372
System.Data.SqlClient.SqlConnection.Open() +384
System.Data.Common.DbDataAdapter.QuietOpen(IDbConnection connection, ConnectionState& originalState) +44
System.Data.Common.DbDataAdapter.FillFromCommand(Object data, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +304
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +77
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, String srcTable) +36
LeadApp.CallSchedule.urgentDataBind() in c:inetpubwwwrootSalonSWIPELeadAppCallSchedule.aspx.vb:66
LeadApp.CallSchedule.Page_Load(Object sender, EventArgs e) in c:inetpubwwwrootSalonSWIPELeadAppCallSchedule.aspx.vb:55
System.Web.UI.Control.OnLoad(EventArgs e) +67
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +750
Is there some security that is locking me out. PLEASE HELP!!
Hi,I had to rebuild my machine yesterday and have managed to reinstall XP Professional along with SQL Server 2000. However, in the SQL Server 2000 Properties dialog - I got there right-clicking the computer icon underneath SQL Server Group in Enterprise Manager, and selected Properties and then the Security tab. I am set up to run SQL Server as the system account - the reason for this is that when I put my own credentials in for Startup Service Account / This Account section, I a told the username unknown or bad passowrd, when its the same account and password I use to login into the machine with. Thats my first problem, and as a by-product when I run my website using the System Account for SQL Server since I cannot use my own, my website reports that the ASPNET account fails to login. Any advice?jr.
View 1 Replies View RelatedHi all !
I have a question regarding the security of SQL Server 2005 Express Edition.
What securities options that SQL server 2005 EE provide for its users?
I know that after I deploy my website to a hosting company or a web
server, my database file will be on the net. That means everybody can
type in the file name and download my database file then open it. Just
like that. For example, my database filename is EXAMPLE.MDF. then,
someone just goto my website, say
http://www.cool.com/app_data/example.mdf, and download the database.
To prevent that to happen, what the securities options that available to me beside putting password on my database file?
Thanks for taking time to answer my question. Any help will be appreciated. Have a good day!
Hi,
We are using VB as frontend and SQL Server 7.0 as backend applications in our company. The users are using 'User DSN' to connect the databse with NT logged in user security. User can connect the database if he is having the permissions on the database. We are not using SQL Server authontication like 'sa' user. Till here it is working fine. Our problem is, We want to avoid the users to connect the database using SQL Server Enterprise Manager. We have the SQL Server Enterprise Manager software installed on some machines. because some times we may need that. Right now the users (If he is having the permissions on the database) can directly open the database using Enterprise Manager and they can manipulate the data directly.
We need only specific users like The users who are in System Administrators group has to access the database using Enterprise Manager.
Please help on this.
Thanks,
Arun.
I recently have a security problem with MS SQL 7.0. I awnt to rent my space for other people's database but after I have 2 clients (my friends)I found out that they can view other's database. Suppose I have client A and B, A can view B's database and B can view A's database.
Can you guys help me how to overcome this problem so they can only view thier own database and can not view other folders or even other database?
Is there any method I can use to prevent even myself (as sys_admin) to view my clients database?
In the process of reviewing all Security access into our production servers, I found a user login name of 'BUILTIN/Administrators' with the type 'NT Group' in our production DB. I am not sure whether this Login was setup automatically when SQLServer was installed or it was setup by the administrator, who is no longer with the company? I was able to find out all the users in the Administrators NT group, but what threw me was the word 'BUILTIN' . Are there other Logins besides 'sa' that get setup during the install?
Thanks.
Helen
Does anyone know the best way to set up NT security. It seems a little confusing as to how to set up NT groups and assign permissions (where do the roles come into it?).
Any help would be much appreciated
thanks
Paul
We use Novell NDS security to access applications on NT servers. I have an application on an NT server that will connect to an other NT
server that is running SQL Server 7.0. Is there any way to have/use the Novell login/password passed to SQL Server 7.0 once logged
on to the NT application server?
Either passing as a login/password or converted to a group for SQL Server use. I would like to limit the number of times a business user
needs to type a login/password. Hopefuly this would work like "trusted connections".
Thanks