SQL Script To Add A SQL Server Login That Can Access All Databases
Mar 8, 2008
Dear all,
I wrote the below script to add a SQL server login account that is the db_datareader, db_datawriter, and granted permission on all stored procs, functions, and views on all databases within a server.
Code Snippet
USE master
GO
SET NOCOUNT ON
DECLARE @database_name sysname
DECLARE @object_name sysname
DECLARE @object_type char(2)
CREATE TABLE #databases (DATABASE_NAME sysname, DATABASE_SIZE int, REMARKS varchar(254))
INSERT #databases EXEC sp_databases
-- ++++++++++++++++++ add SQL Server Login ++++++++++++++++++
IF EXISTS (
SELECT 1 FROM master.dbo.syslogins
WHERE [name] = 'WEB_USER2'
) BEGIN
DECLARE db_cur CURSOR LOCAL FAST_FORWARD FOR
SELECT DATABASE_NAME FROM #databases
OPEN db_cur
WHILE 1 = 1
BEGIN
FETCH db_cur INTO @database_name
IF (@@FETCH_STATUS <> 0) BREAK
EXEC ('USE ' + @database_name +';
IF EXISTS (
SELECT 1 FROM sysusers
WHERE [name] = ''WEB_USER2''
) BEGIN
EXEC sp_revokedbaccess ''WEB_USER2''
END
')
END
CLOSE db_cur
DEALLOCATE db_cur
EXEC sp_droplogin 'WEB_USER2'
END
EXEC sp_addlogin
@loginame = 'WEB_USER2',
@passwd = 'password'
-- ++++++++++++++++++ loop thro' all User-Databases ++++++++++++++++++
DECLARE db_cur CURSOR LOCAL FAST_FORWARD FOR
SELECT DATABASE_NAME FROM #databases
WHERE DATABASE_NAME NOT IN ('master', 'model', 'tempdb', 'msdb', 'distribution', 'ASPState')
OPEN db_cur
WHILE 1 = 1
BEGIN
FETCH db_cur INTO @database_name
IF (@@FETCH_STATUS <> 0) BREAK
PRINT ''
PRINT 'Current database=' + @database_name
-- add user to databases
EXEC ('USE ' + @database_name +';
IF EXISTS (
SELECT 1 FROM sysusers
WHERE [name] = ''WEB_USER2''
) BEGIN
EXEC sp_revokedbaccess ''WEB_USER2''
END
')
EXEC ('USE ' + @database_name +'; EXEC sp_grantdbaccess ''WEB_USER2''; ')
-- add user to db_datareader
EXEC ('USE ' + @database_name +'; EXEC sp_addrolemember ''db_datareader'', ''WEB_USER2''; ')
-- add user to db_datawriter
EXEC ('USE ' + @database_name +'; EXEC sp_addrolemember ''db_datawriter'', ''WEB_USER2''; ')
-- grant permission on Stored proc, Scalar function, Inlined table-function, Table function, View
-- !! coz EXEC is a self-contained batch, so must use GLOBAL
EXEC('USE ' + @database_name +';
DECLARE obj_cur CURSOR GLOBAL FAST_FORWARD FOR
SELECT [name], [type] FROM sysobjects
WHERE [type] IN (''P'', ''FN'', ''IF'', ''TF'', ''V'')
')
OPEN obj_cur
WHILE 1 = 1
BEGIN
FETCH obj_cur INTO @object_name, @object_type
IF (@@FETCH_STATUS <> 0) BREAK
-- PRINT 'object=' + @object_name + '; type=' + @object_type
IF LTRIM(RTRIM(@object_type)) = 'P' OR @object_type = 'FN'
BEGIN
-- EXEC on Stored proc, Scalar function
EXEC('USE ' + @database_name +'; GRANT EXEC ON dbo.' + @object_name + ' TO WEB_USER2 ')
END
ELSE
BEGIN
-- SELECT ON table function, View
EXEC('USE ' + @database_name +'; GRANT SELECT ON dbo.' + @object_name + ' TO WEB_USER2 ')
END
END
CLOSE obj_cur
DEALLOCATE obj_cur
END
CLOSE db_cur
DEALLOCATE db_cur
DROP TABLE #databases
plz revise it if you have better idea! Thx!
View 4 Replies
ADVERTISEMENT
Oct 24, 2015
Deleting a Login from a server instance and adding it back did not show that the login was still mapped to databases. In SQL Server 2008, adding a Windows Login did not permit access to end user databases until the Windows Login was mapped to various databases. In SQL Server 2012, once a Windows Login is added to SQL Server Security, it may access ANY end user databaseWe use the following to circumvent this problem, Windows Login by Windows Login: DENY VIEW ANY DATABASE TO [TESTTest1]
View 6 Replies
View Related
Feb 9, 2015
I have migrated over 700 databases to another server and now I have to add a specific user to all these databases and sync , looking for script to add this user at once to all these databases.
View 9 Replies
View Related
Feb 6, 2007
Hello,
My company works with SQL Server 2005 express locally with Visual Studio to develop websites. Everything works very well.
We use SQL Server 2005 express on our production server as well. We change the database over to a non-User Instance when the site is ready to go live. Everything works fine here as well.
We run into issues when databases get near 100 MB. This is well below the stated database size limit for Express of 4GB.
At that point, about once a day, a site with a "large" database will stop responding. The error that we'll get is "Cannot open database 'DBNAME' requested by the login. The login failed. Login failed for user 'DBUSER'
The only way we've found to fix this is to restart the SQL Express service. Obviously, that isn't a very useful alternative.
Has anyone run into anything like this? Could we have some setting wrong?
Would moving to the full version of SQL Server 2005 fix this?
View 3 Replies
View Related
Jan 18, 2008
Hi,
How can I provide a user read only access to all the databases on the server. I have 15 databases on the server. I know I can give db_datareader access in each database individually but that is time consuming and I have 10 servers for this to be done.
thanks in advance.
View 3 Replies
View Related
Jul 23, 2005
Hi there,I have a situation where an application needs to import data fromnumber of access mdb files on a daily bases. The file names changeevery day. The data import is very straight forward:insert into sql_table select * from acess_tableThere are up to 8 tables in each access file and some access files willhave less. So the process needs to figure out which tables exist inAccess mdb file and import them whole into sql staging tables.Any recommendations are appreciated.Thanks
View 2 Replies
View Related
Jun 13, 2002
I have a test server where I was experiencing security/rights anomalies. I tried disabling the BUILTINAdministrators account, closed SEM, and when I reopened it, I could not access my Server (all databases,etc.are on local machine). I thought I could just use the SQL accounts (sa, etc.) to connect, but they all fail?? I tried creating a new registration, and that didn't work either. Since I deleted the old registration, and I cannot reconnect, what are my options(short of restoring image)? If I re-install SQL will all my databases still be there? Is there another way to get access back?? Any help would be appreciated.
rob
View 3 Replies
View Related
Nov 18, 2010
I have around 600 databases in my server, a user need select access of all the databases. will i have to go one by one in all the dbs and create that user and give datareader role to him. or is thr any shorter way to do so????
View 8 Replies
View Related
Feb 27, 2008
I have a small client installable web application which used to work great on 32 bit machines. Well now clients are starting to use x64 Windows 2003 servers and things have begun to unravel. W2K3 x64 does not have any of the JET database drivers needed to communicate to the Access databases and it doesn't look like they're coming anytime soon.
Is SQL Server Express the new replacement for Access databases on x64 machines. Does Microsoft intend on moving some of the JET drivers over from 32 bit servers. I know that you can run IIS in 32 bit mode and everything is fine, but I can't ask everyone to do that.
Is SQL Server Express something that I can expect people to have installed, it sure doesn't sounds like it. After reading some posts, it sounds like it's a bit of a hastle to install.
Thanks in advance for your time.
-Mark
View 3 Replies
View Related
Jul 20, 2005
Hi there...I use SQL server integrated security so when a user opens a database inaccess it prompts the username & password in a small popup box onconnection, but I'd like to use my own customised form for theauthentication process, is this possible? I do know that this login popboxis displayed before any forms are loaded, can it be said that on databaseconenct that the form is opened? How will I transfer the values entered intothe login form to the sql server for authentication?Thanks alot in advanceRudi Groenewald
View 3 Replies
View Related
Jul 7, 2007
Hi everyone,
Hope somebody can help me on this.
I did a full BACKUP for two SQL databases using SQL Server Managament Studio. When trying to RESTORE the DBs, I get the following error:
"System.Data.SqlClient.SqlError: Exclusive access could not be obtained because the database is in use. (Microsoft.SqlServer.Smo)"
There are NO users using the application. These are DBs for the Portfolio Server 2007 application.
After exploring a little bit, I found that there are several "SLEEPING" processes with an "AWATING COMMAND" flag. The processes come from the Portfolio Server Application, maybe from previous sessions.
Can they be deleted? if so, would there be any serious consequences?
Thank you for your help on this.
Oscar E.
View 4 Replies
View Related
May 14, 2015
If we have a "pool" SQL login, a one that uses SQL Server authentication, and this login is used by different domain account to access SQL Server, is there a way to audit which domain account used that "pool" login to do something on a object in SQL Server? I have to keep this way of accessing SQL Server, so how to create a login for every domain account accesses SQL Server
View 7 Replies
View Related
Jul 6, 2007
I am using an unattended install script to install the database on the client machine. All the settings look correct. But my application cannot access the db -
Error: Cannot open database requested by the login.
Now when I install SQL Server Express manually, it works fine. I have the service running under local system and enabled user instances is true. I cannot figure out the problem(been working on it for 2 days).
Any ideas?
View 1 Replies
View Related
May 17, 2006
We are having problems with the response times from UPS WorldShip after switching from SQL Server 2000 to 2005.
I think that the problem can be fixed from the database end by setting the permissions correctly for the user/role/schema that is being used by WorldShip to connect to the server but, I'm not sure how to do it.
The Setup
Client
UPS WorldShip 8.0 running on XP Pro SP2
Connecting via Sql Native Client via SQL Server Login
Connection is over a T1 via VPN
Server -
SQL Server Standard Edition on Windows Server 2003
2x3ghz Xeon processors w/ 4gb ram
The user that is being used to connect runs under it's own schema and role and only needs access to two tables in a specific database on the server.
What UPS WorldShip seems to be doing is on a continual basis retrieving information about the layout of the database via calls such as the following
exec [sys].sp_tables NULL,NULL,NULL,N'''VIEW''',@fUsePattern=1
exec [webservices].[sys].sp_columns_90 N'CHECK_CONSTRAINTS',N'INFORMATION_SCHEMA',N'webservices',NULL,@fUsePattern=1
exec [webservices].[sys].sp_columns_90 N'COLUMN_DOMAIN_USAGE',N'INFORMATION_SCHEMA',N'webservices',NULL,@fUsePattern=1
This seems to happen whenever WorldShip contacts the database to find out information in order to be able to create a mapping to the database as well as exporting information to it. Because of the VPN connection these calls take anywhere from 20 seconds to 3 minutes.
I am fairly confident that the problem lies with these calls to the database which I was able to capture using the SQL Server Profiler. We have experimented with the following setups.
1. Connecting to SQL 2000 over VPN with SQL Native Client - No noticeable lag
2. Connecting to SQL 2000 over VPN with SQL Server 2000 driver - No Noticable lag
3. Connecting to SQL 2005 locally with SQL Native Client - No Noticable lag
4. Connectiong to SQL 2005 over VPN with SQL Native Client - Lots of lag
Our network admin has been testing the network connections over the VPN and it is very responsive with none of the long wait times found when using UPS WorldShip.
Now for a possible solution other than getting UPS to fix their software. I think that by limiting the tables and views that the login is able to see will cut down significantly on the lag times that are being experienced. The problem is that there were 264 items that were being returned by sp_tables. I was able to cut that down to 154. I am unable to disable access to any of the rest of the items because they are server scoped.
Take for example the INFORMATION_SCHEMA.CHECK_CONSTRAINTS view. When I try to deny access to it in any way I get the following error:
Permissions on server scoped catalog views or system stored procedures or extended stored procedures can be granted only when the current database is master (Microsoft SQL Server, Error: 4629)
Am I able to deny access to these types of object and if so how? Also, what objects should be accessable such as sys.database_mirroring, sys.database_recovery_status, etc?
View 18 Replies
View Related
Apr 23, 2015
SQL server job or SP to deny access to an AD login for certain period of time to SQL server instance...i.e. to deny access to login ADxyz from 12 PM to 10 PM and revoke access to same login at 10:01 PM...
View 3 Replies
View Related
Mar 21, 2014
I have a windows 2008 with SQL Server 2008 R2 VM on Azure. I am trying to connect to the SQL server for the first time using SSMS, but have not been able it. I have a VPN tunnel, so I am connecting using Windows authentication. The error I get back from SSMS is:
Login failed for user 'domainusername'. (Microsoft SQL Server, Error: 18456).In the event viewer I see this error message: Login failed for user 'domainusername'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <local machine>]
I have done the following:
- created an endpoint for port 1433
- opened port 1433 in the firewall
- Ran the MSSQLSERVER service as the build-in users Network Services, Local System, and Local Service, and as a local and domain administrator, with the same exact result each time.
- I get the same result trying to connect locally or remotely.
- I get the same result trying to connect using sqlcmd.
View 4 Replies
View Related
Mar 25, 2008
I need to determine the following about the current authenticated Windows domain user who is trying to access a SQL Server via a trusted connection.
1 Has the current user been granted login access to the trusted SQL Server?
2 Has the current user been granted access to a specific database?
3 Is the current user a member of a specific database role such as (DB_ROLE_ADMINISTRATORS)?
Thanks,
Sean
View 6 Replies
View Related
Aug 13, 2006
Hi
I am new to SQL server and I have been trying hard to make a client computer to remote connect to a SQL express database on host computer
I have a VB6 application that can connect to SQL server database LOCALLY without problem:
Connection String is:
my_connection.ConnectionString = "Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=MyMushroom;Data Source=LAPTOPSQLEXPRESS"
I have followed instruction on enabling remote connection function from this blog:
http://blogs.msdn.com/sqlexpress/archive/2005/05/05/415084.aspx
I then try to run the same app from the client computer, it gives me:
Login failed for user 'LAPTOPGuest'.
After looking up the web for solution, I found that I can test the connection from the HOST computer in this way:
C:Documents and Settingskit>sqlcmd -E -S laptopsqlexpress
1>
2>
The test is successful
Now I run the same command on the CLIENT computer
C:Documents and SettingsKit>sqlcmd -E -S laptopsqlexpress
Msg 18456, Level 14, State 1, Server LAPTOPSQLEXPRESS, Line 1
Login failed for user 'LAPTOPGuest'.
Now I can sure that from the client computer it cannot make a connection to it, then I look at the errorLog from my host computer
2006-08-13 21:41:00.34 Logon Error: 18456, Severity: 14, State: 11.
2006-08-13 21:41:00.34 Logon Login failed for user 'LAPTOPGuest'. [CLIENT: 192.168.0.5]
2006-08-13 21:45:10.64 Logon Error: 18456, Severity: 14, State: 11.
2006-08-13 21:45:10.64 Logon Login failed for user 'LAPTOPGuest'. [CLIENT: 192.168.0.5]
2006-08-13 21:48:41.80 Logon Error: 18456, Severity: 14, State: 11.
2006-08-13 21:48:41.80 Logon Login failed for user 'LAPTOPGuest'. [CLIENT: 192.168.0.5]
Now I know it is actually Error: 18456, Severity: 14, State: 11.
From this site : http://blogs.msdn.com/sql_protocols/archive/2006/02/21/536201.aspx
11 and 12
Valid login but server access failure
It tells the connection string and SQL Express seem to be set up properly but the server access failed the remote connection
I have previously had SQL Server 2000 installed. I uninstalled SQL 2000 before I install SQL express but somehow the SQL Server Service Manager is still running at startup, and C:Program FilesMicrosoft SQL Server80 and its files are still exist after uninstallation..... Could this be a problem?
The Knowledge base suggestion on "enabling remote connection" is very simple and I do not understand why it is so difficult to me just to make a remote connection test work..... please, I need your help.
View 14 Replies
View Related
Oct 26, 2007
I am trying to use a linked server and it works as long as I do not specify the sp_addlinkedserver @provstr parameter. If I specify that parameter I always get a 7416 "Access to the remote server is denied because no login-mapping exists" error. I have tried adding the logins various ways but it's very specific to the @provstr parameter, and it doesn't even matter what I put in that parameter. As soon as I put something in there whether it is valid or invalid, I get the error.
Anyone else seen this? There is an amazing lack of any discussion about the error when I search for it.
If I do this it works fine,
EXEC sp_addlinkedserver @server= 'linkedname', @srvproduct='', @provider='SQLNCLI', @datasrc='servername', @catalog='mydatabase'
EXEC sp_addlinkedsrvlogin 'linkedname', 'true', 'AppUser'
But as soon as I add the @provstr parameter, then I get the error if I try to use linkedserver,
EXEC sp_addlinkedserver @server= 'linkedname', @srvproduct='', @provider='SQLNCLI', @datasrc='servername', @catalog='mydatabase', @provstr='Failover Partner=otherservername'
EXEC sp_addlinkedsrvlogin @rmtsrvname='linkedname', @useself='true', @locallogin='AppUser'
It doesn't even make any difference what I put in the @provstr parameter - the sp_addlinkedserver statement always executes without an error, but running a query that uses the linked server generates the error.
View 12 Replies
View Related
Jul 26, 2007
Recently, one of my clients began receiving this error. My team gave them sysadmin permissions, but this is terrible practice. I have read into disablying simple file sharing, but I don't even think I have the option to do it. I look in mycomputer > tools > view and don't see any option for this. Besides, the problem just started occuring recently, within the last week. The server is a cluster with veritas clustering and the edition is sql server 2000. Has anybody ever had a problem like this and have a good fix?
Thanks for any help in advance...
-Kyle
View 4 Replies
View Related
Nov 26, 2007
Hi everyone,
I have an instance with many databases in it. I am looking for the easiest way to see which of those databases a user has a login on. What is the most efficient way of doing this?
Thanks,
Anil
View 5 Replies
View Related
Apr 27, 2008
I have created a database test and created a login name devloper for the database test
Now I have created database test2 and want to connect to the database test2 with same login developer.
How can i do that .
I have changed in the security able to connect to test2 but unable to see tables and views.
What may be the cause.
View 3 Replies
View Related
Jun 7, 2007
Hi
I have created a new login in SQL Server 2000.
I have hooked up to more than one database which creating the login.
In syslogins we can see only the default database associated with that login.
I want the list of all the databases for that specific login..
How could I get them?
-------------------------------------------------------------------------------
My main task is to create a login under a specific database.
For which I'm validating whether that login already exists or not I'm checking it in the syslogins table. I need to specifically check it is in my databse or not....for that what should I do...
Thanks in advance
View 4 Replies
View Related
Oct 16, 2006
I am attempting to import data from Microsoft Access databases to SQL Server 2000 using the DTS Import/Export Wizard. I have a few errors.
Error at Destination for Row number 1. Errors encountered so far in this task: 1.
Insert error column 152 ('ViewMentalTime', DBTYPE_DBTIMESTAMP), status 6: Data overflow.
Insert error column 150 ('VRptTime', DBTYPE_DBTIMESTAMP), status 6: Data overflow.
Insert error column 147 ('ViewAppTime', DBTYPE_DBTIMESTAMP), status 6: Data overflow.
Insert error column 144 ('VPreTime', DBTYPE_DBTIMESTAMP), status 6: Data overflow.
Insert error column 15 ('Time', DBTYPE_DBTIMESTAMP), status 6: Data overflow.
Invalid character value for cast specification.
Invalid character value for cast specification.
Invalid character value for cast specification.
Invalid character value for cast specification.
Invalid character value for cast specification.
Could you please look into this and guide me
Thanks in advance
venkatesh
imtesh@gmail.com
View 4 Replies
View Related
Sep 9, 2015
Many a times see the below error in SQL Error log.
Login failed for user 'NT AUTHORITYANONYMOUS LOGON'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: ]
Is this something to do here?
Note: If I run the below statement I know that the SQL Error log entry will go off, but wanted to know the real significance of this error?
CREATE LOGIN [NT AUTHORITYANONYMOUS LOGON] FROM WINDOWS
View 1 Replies
View Related
Jun 22, 2015
How to find last login date/time for user DML acitivity on databases on Instance?
Is there any way we can find our the last login date/time for databases?
Note: 1. We can find if the SQL Trace is running and store.This is not good solution
2. Audit logins off/on is also not good solution.
3. Using DMV's also not good option, if reboot sql server instance then historical values can not see.
View 5 Replies
View Related
Apr 16, 2008
Hi all,
Have just tried my sql server 2005 connected asp classic website on II7 for the first time and have gotten some errors.
First off I have unchecked show friendly errors in IE and have enabled ASP to send error messages to the browser.
My error I get is when I execute a basic .asp page:
Microsoft OLE DB Provider for ODBC Drivers error '80004005'
[Microsoft][ODBC SQL Server Driver][SQL Server]Cannot open database "mydatabasename" requested by the login. The login failed.
/index.asp, line 10 which is dbConnect.Open cstring
from this peice of code:
sub dbOpen()
set dbConnect = Server.CreateObject("ADODB.Connection")
cstring = "DSN=mysqldsn; Trusted Connection=yes"
dbConnect.Open cstring
end sub
I have gone into ODBC and have setup both a user dsn and file dsn that equals mysqldsn and points to my database (I know you only need to set up one DSN but I'm not sure which)
I also notice under mywebsite home panel there is a connection string option. Do I do anything with that?
Definatley a lot more to it than XP's II6!
Any help or advice would be greatly appreciated.
View 3 Replies
View Related
Jun 2, 2004
I've read afew articles about .Net and they mentioned not using Access when developing with VS.Net, but the articles didn't go into why. Between the two, is one better/easier to use than the other? Is there a cost difference? Or does it depend on what you are doing?
Any input would be appreciated. Thanks.
View 26 Replies
View Related
Sep 20, 2005
Hi I am using Visual Studio.Net 2003 and SQL 2000 Web applications run using the ASPNET user account.
I have to set up this account and grant it permissions before my Web application will have access to a SQL database. How do I grant permissions ?.
View 1 Replies
View Related
Apr 18, 2001
what is the proper method of taking a database made in MS Access and converting it so that it runs in SQL Server 7?
View 1 Replies
View Related
Mar 27, 2006
Is it possible to have an ID that can access 2 databases? If it's possible, I have to create the same ID and password under each database?
View 6 Replies
View Related
Apr 16, 2007
Hi everybody,there are several SQL-Server 2000 databases within a company locatedon different servers in different domains. On every database you canfind the same table X.I want to merge these tables X (UNION query) and print the result witha Crystal Report.Unfortunately I only have little knowledge on security, domains,distributed applications.Thanks for help.
View 2 Replies
View Related