HI, I have set up a database with 5 users, USER1 has default schema USER1, USER2 has default schema USER2 and so on. My problem is that I want to revoke select permission on schema USER1 to user USER2. I issued the following TSQL in SSMS:
REVOKE SELECT ON SCHEMA::USER1 to USER2
Even though I did that, I can still log on as USER2 and be able to issue SELECT statements on USER1 schema tables. The only way I can do to avoid the SELECT on USER1 schema is to DENY select on USER1 schema. Is it normal?
I have a sql server 2012 server and I need to prevent the users from creating new schemas by mistake. Is there any way to revoke that permission alone but still letting the user to create their own objects in dbo (yes I know that shouldn't be in dbo but that is another issue).
I am running a C# asp.met application which most of the application is running ok but several of my aspx. pages are giving me this error. I am currentyly running MS-SQL 2005 Dev ed. using VS.net 2005. I have turned on access in role to everything and still am getting this error. can someone help me please?
hay there...i'm developing a website using visual studio 2005, when i run it from VS it works fine and it can access the DB.but when i make an alias and run it directly from localhost ..i keep getting this message when i try to fill a DATASET ..Line 198: cmd.CommandText = "Select Line From Buses";Line 199: da.SelectCommand = cmd; Line 200: da.Fill(ds);can anyone help me ?thanx
I'm in need of a few more pointers when it comes to SQL Server 2005 Security setup for accessing a database through IIS web services. There's loads of great advise in these forums which I've followed so pls forgive me if I've missed a post that finally resolves this. I know I'm so close but it feels so very far...
Anyhow, here's the set up: - Server 2003 / SQL Server 2005 / .NET 2.0 / Visual Studio 2005 / Client XP PC
The story so far: - Built an ASPX website in VS2005 on a client PC that connects to a SQL2005 db. No probs during development. - Copied website to WS2005 & configured IIS accordingly. No probs browsing non-db webpages.
The problem: As soon as I browse to a page that extracts data from the db I get the following error message..
[SqlException (0x80131904): The SELECT permission was denied on the object 'tbl_location', database 'SmartDMA', schema 'dbo'.]
...plus a whole load of code that I've seen plastered over lots of forums.
My configurations: - The website is in the default SQL Application Pool that has the identity set to 'Predifed: Network Service' (as I'd previously has a similar error; SQLException (blah blah): Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection)
- IIS Website ASP.NET is v2.0.50727 - Website Authentication Methods / Enable Anonymous Access (ticked) Username: IUSR_SERVERNAME Password: *********. Intergration Windows Authentication (ticked). - SQL Server Mngt, Secuirty / Logins / NT AUTHORITYNETWORK SERVICE lists the db in question with dbo as the Default Schema & public ticket as the db role membership. - connectionString="Data Source=SERVERNAME;Initial Catalog=DBNAME;Integrated Security=true" providerName="System.Data.SqlClient"/>
What I've tried already based on forums advise: - Changing Server Properties to SQL Server & Windows Authentication mode. - Rather than using Integrated Security I've tried the SQL 'sa' account, but not 100% is I did that right (still got the same error anyway).
The rest of the advise I've read appears to confirm the rest of my settings, but I'm still getting the error.
Can anyone please shed any light on what I'm missing here. Feel free to ask questions on any configuration settings I've missed that may help.
An error has occurred during report processing. (rsProcessingAborted) Query execution failed for data set 'TestID'. (rsErrorExecutingCommand) For more information about this error navigate to the report server on the local server machine, or enable remote errors
The log file reads:
---> Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: Query execution failed for data set 'TestID'. ---> System.Data.SqlClient.SqlException: SELECT permission denied on object 'TableID', database 'Database', schema 'dbo'.
***Background***
General Users got an error message when trying to access any reports we have created. All admin have no problems with the reports. Users (Domain Users) are given rights (Browser) to the reports and the Data Sources (Browser) and yet cannot view the reports.
An error has occurred during report processing. (rsProcessingAborted) Cannot create a connection to data source 'DS2'. (rsErrorOpeningConnection) For more information about this error navigate to the report server on the local server machine, or enable remote errors
I'll add this from the report logs...
w3wp!processing!1!3/20/2007-11:43:25:: e ERROR: Data source €˜DS2€™: An error has occurred. Details: Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: Cannot create a connection to data source €˜DS2€™. ---> System.Data.SqlClient.SqlException: Cannot open database €œDatabase€? requested by the login. The login failed. Login failed for user €˜DOMAINUsername€™.
The user has rights via a local group to the report and data source (Browser rights) and the local group has been added as a SQL login.
I gave rights to the databases themselves instead of just to SQL and the error changed (Ah-ha...progress, but why!?!?)
I am trying to clean up security. When I check tables in a specific database I see a list of users with select access. There are 1000+ tables in the database. I know I can do 'revoke select on table_name to user_name' ....
I have a permissions problem with a table/procedure that I hope someone can help me with.
To set the scene .......
All my procs/tables/functions etc are owned by dbo. I have a windows security group that is granted permissions to EXEC all procs. No one has permissions to tables. I have a table that has an XML column and the column has a schema collection bound to it. The table has a computed column that relies on a function to extract a datetime element from the XML in the XML column and I have an index on this computed column. I have a proc that selects from this table and uses the computed date column for filtering. However, the select statement is build dynamically and uses sp_execute to perform the SELECT. This of course breaks the ownership chain. To fix the above I have a user that was created from a certificate and the above proc is signed with the certificate. The user is granted select privileges on the table. This fixes the problem. (In fact, all procs/functions/triggers are signed in this way).
Now (finally) the problem ....
When I run the above proc as admin, it works fine.
When I run it as a member of the security group (mentioned earlier) I receive ...
EXECUTE permission is denied on object 'my_schema_collection', database 'mydb', schema 'dbo'
The 'my_schema_collection' mentioned above is the schema collection to which my xml column is bound.
What? How can I grant EXEC permission to a schema collection?
The requirements are: 1. the user has read-only permissions to dbo tales. 2. the user can do everything within the rpt schema, which contains all objects analyzing dbo tables. 3. the user does not have any permission outside rpt schema, except permissions in #1.
The current solutions are: 1. grant the user select only on dbo tables. 2. make the user the owner of rpt schema. 3. Grant the user database permission on create table/create procedure/create view/create function.
My question is - in step 3, should I just grant "Alter" database permission to the user? Granting Alter seems to be cleaner and simpler. According to MSDN,
"Alter" confers the ability to change the properties, except ownership, of a particular securable. When granted on a scope, ALTER also bestows the ability to alter, create, or drop any securable that is contained within that scope.
Program launches and runs till I want to navigate to a form that uses a table called 'gav' and the error above is tossed.
So I proceed to use Enterprise Manager, from another machine, and look in the 'Roles' section of the dbase, I see a 'AppRole' defined with a type "Application", if I click on this to see the properties for this role, I see the 'Application role' option button selected and greyed out along with the password text box with a password in the box, looks good I guess. If I click on the 'Permissions' button, this role has 'Select', 'insert', 'update' and 'delete' rights on all the tables we created in the database(to log our data in) including the 'gav' table in the error. This all looks good.
Okay, so I suspect it may be related to the 'User's defined so I go to the 'User' section of the dbase. I see several listed including one for the machine I'm using to connect to the dbase. When open the Properties for this user, two 'role membership' checkboxes are selected, 'db_public' and 'db_datawriter'. Finally, if I click on the 'Permissions' button for both memberships I see that NONE of the check-boxes are selected for either the 'db_public' or the 'db_datawriter'. No 'Select', 'insert', 'update' or 'delete' rights at all for this user it seems. So I think I onto something here.
Can you help me here, what has higher precedence for dbase rights/access. Pointing me to a MSDN link would be GREAT if I'm on the right path here. If not, please steer my in the right direction and if you need more info, let me know.
Hello guys, Been trying out to use SQL server, so got a copy of SQL Server 2000 on windows xp pro, rather old it seems but the only version I can get my hands on. However, I just couldn't get it to work in a simple datagrid. The error message: SELECT permission denied on object 'classList', database 'ck', owner 'dbo'. Code on asp.net page: SqlConnection1.Open() DataGrid1.DataSource = SqlCommand1.ExecuteReader DataGrid1.DataBind() 'Put user code to initialize the page here SqlConnection1.Close() Dim a As SqlCommand a.ExecuteReader() I have already added a localhost server (windows NT) under SQL server group, added localhost/ASPNETas a user for my imported database from access, granted SELECT Permission to the database and all tables, any idea what may be wrong with my configuration. I know it's pretty hard to pinpoint the exact problem since it's on my computer, but I have been clicking around and allowing everything on SQL for a few hours, but nothing good. So please any suggestions? Thanx
Does any body have this problem? when I execut the store procedure in database A that select from a table in database B. I got error message "SELECT permission denied on object", I know that if I have the permission to execute the store procedure, I don't need the select permission to table. Is is a bug in SQL 7.0 version or what? In SQL 6.5, as long as we have execute permission to Store procedure it will work.
Why would we get the error 229 Select Permission on object denied when the user has select permissions granted? All tables in the database are accessible by the user but this one. All tables for this user have the same permissions: Select, Insert & update.
I noticed that the indexes were not set up correctly but even after fixing them it didn't help. what other reasons would cause this error.
I am trying to set up a DotNetNuke installation on Windows XP with IIS 5.1 and MSSQL Server Express 2008. I have checked the permissions on the account trying to access the database and everything is checked. However I keept getting the error, do I need to make ever user in the database an admin to edit and do everything to the database?
Code is Below:
Code: Index #: 0 Source: .Net SqlClient Data Provider Class: 14 Number: 229 Message: The SELECT permission was denied on the object 'sysobjects', database 'mssqlsystemresource', schema 'sys'.
I've been scouring the 'Net and I'm surprised to not find any info on this. Apparently I've screwed up something that nobody else has managed to screw up.
Using Win03EE and SQL2005.
I created the ASPState database using "C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Aspnet_regsql.exe" using "-sstype p" to put the data in ASPState instead of tempdb.
During the creation I used an admin SQL login (let's call it "MyAdmin") that has full admin permissions. (MyAdmin is a SQL login, not a domain account.) I then created an "ASPState" SQL login (not domain) and gave it full permissions within the ASPState database.
I should probably note that the Win03EE server is also a domain controller even though the SQL logins I'm using are non-domain. This is because, currently, the development workstations are not part of the server's domain. Since the entire environment is strictly for research and development, optimum security is not the first concern at this point.
When I run the ASP.NET 2.0 web application with the connection string set to use the MyAdmin account, everything works fine. I can even poke around in ASPState with SSMS and see the session entries being inserted in the tables.
When I run the application with the connection string set to use the "ASPState" login, I get "SELECT permission denied on object 'sysobjects', database 'mssqlsystemresource', schema 'sys'".
If I give ASPState sysadmin priviledges, it works. Of course, I don't want to give ASPState sysadmin priviledges.
I have seen non-ASPState issues posted on the 'Net involving permission denied and mssqlsystemresource. From those I've come to understand that this likely has to do with the changes made to SQL2005 that are probably not anticipated by the current version of aspnet_reqsql.
So... can anyone help me save what's left of my hair from being pulled out any further? I've been clicking various permission settings on and off all day long with no results. The lack of correlation between mssqlsystemresource and what permission setting is needed where is pretty frustrating.
In addition to the solution to this problem, I'd really appreciate any info anyone has on a great place to go read about security setting adjustment considerations in light of the changes made in SQL2005. In particular, what changes from SQL2000 to SQL2005 impact the operation of existing SQL2000 code and what an admin should know about adjusting security settings.
I'm trying to upgrade my SQL 2000 to 2005 and use it with a web site. I've copied the DB from a SQL 2000 server machine to a 2005 machine, attached the DB to the SQL server using the relative function in Management Studio, but I still continue to get the same error: [Microsoft][SQL Native Client][SQL Server]SELECT permission denied on object 'Users', database 'YouPlayIt', schema 'dbo'.
using this query: SELECT UserId FROM USERS.
Querying the DB from an ASP page with the query "SELECT CURRENT_USER", the system return the expected value: NKNLEPETD0IUSR_NKNLEPETD0
In SQL server, I've created a user with this name (taking it from the users list), and granted full access to all the tables of the DB.
In the permission Tab of the USERS table the NKNLEPETD0IUSR_NKNLEPETD0 have all the grant checked.
Which other permission do I have to specify in order to have access to the data ???
I am using VB 2005 express edition with sql express 2005. I did it this little application that select data from a table. Everything Ok on local but if I use it over lan (it is a workgroup) I obtain this error:
SELECT permission denied on object 'Consensi' on database 'C:dbmarcoplate_dati.mdf' with schema 'dbo'
I used SQL Server Management Studio Express to give all permissions to the user for the Plate_Dati database but nothing changed
this is the program:
Imports System.Data.SqlClient
Public Class Form1 Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim Stringa As String = "Data Source=TAPFWSQLEXPRESS;Initial Catalog=c:dbmarcoplate_dati.mdf; Integrated Security=SSPI;" Dim cnn1 As New System.Data.SqlClient.SqlConnection(Stringa) Try cnn1.Open() MessageBox.Show("Connection opened") Dim sqlQuery As String = "SELECT Targa FROM Consensi WHERE Targa = 'AJ385SW'" Dim cmd1 As New SqlCommand(sqlQuery, cnn1 Dim rdr1 As SqlDataReader rdr1 = cmd1.ExecuteReader() Try Do While rdr1.Read() MessageBox.Show(rdr1.GetString(0)) Loop Catch ex As Exception MessageBox.Show(ex.Message) Finally rdr1.Close() End Try Catch ex As Exception MessageBox.Show(ex.Message) Finally cnn1.Close() MessageBox.Show("Connection closed") End Try End Sub End Class
I have just begun to develop a simple web application to maintain phone book / contact details of people. I have been facing problems wrt the connection to the database, while trying to execute the reader it throws this error - Server Error in '/phonebook' Application.
SELECT permission denied on object 'PhoneBook', database 'Northwind', owner 'dbo'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Hi all, I know this error (below) has been presented before, but I have tried the typical solutions without any luck. The solutions I have tried involve insuring cross-database ownership is enabled. We have run the following query, without any luck with fixing the error. Is it possible we have something wrong with the tempdb, or modeldb? All the settings appear to be normal (dbo public access). Any ideas would be appreciative. Thanks, Oun
To reconfigure SQL 2000 SP3 for ASP.net session state you must runuse master go EXEC sp_configure 'Cross DB Ownership Chaining', '0'; RECONFIGURE GO
Hi all, I have my asp.net application with crystal reports which is using OLE DB connection , when I published the application on my test server every thing was ok and I was able to view,print and exprot my reprot (test server is not a domain controller), BUT when I published the application on the production server which is a domain controller it is giving me this error: Failed to open a rowset. Details: ADO Error Code: 0x Source: Microsoft OLE DB Provider for SQL Server Description: The SELECT permission was denied on the object 'MyTable', database 'MyDatabase', schema 'dbo'. SQL State: 42000 Native Error: Failed to open a rowset. Error in File C:WINDOWSTEMPMyreport {C4BCF4E0-469D-4425-8556-A3D2A17059B8}.rpt: Failed to open a rowset
I tried to give the IIS user all the permisions on the database, no result I tried also to make the authentication mode in IIS to Integrated windows authentication (Disable the user IISER_---) but it still give me the same error
Getting the error message System.Data.SqlClient.SqlException: SELECT permission denied on object 'mytable', database 'master', owner 'dbo'. at System.Data.SqlClient.SqlCommand.ExecuteReader...
1. After a lot of googling I've done the following: EXEC sp_grantlogin 'MYMACHINEASPNET' to grant the ASPNET logon access to the DB
2. Changed the HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSSQLServerMSSQLServerLoginMode to 2 to allow mixed mode.
3. using my connection string in web.config - have experimented with different strings with/without trusted_connection and the sa uname and pwd. (Current connection string is "server=localhost;Integrated Security=SSPI;Database=master;Data Source=MYCOMPUTERNAME;trusted_Connection=yes"
I'm NOT using SQL Server so what commands do i need to give my db/table SELECT permissions? (and who am I giving permission to - very confused)
I had no bother accessing the server and DB from a simple C# command line program.
Been pulling my hair out for many hours now... any help would be greatly appreciated!
(Not having a great day - didn't mean to lock that last post - apologies)
First off - complete newbie using MSDN.
Getting the error message System.Data.SqlClient.SqlException: SELECT permission denied on object 'mytable', database 'master', owner 'dbo'. at System.Data.SqlClient.SqlCommand.ExecuteReader...
1. After a lot of googling I've done the following: EXEC sp_grantlogin 'MYMACHINEASPNET' to grant the ASPNET logon access to the DB
2. Changed the HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSSQLServerMSSQLServerLoginMode to 2 to allow mixed mode.
3. using my connection string in web.config - have experimented with different strings with/without trusted_connection and the sa uname and pwd. (Current connection string is "server=localhost;Integrated Security=SSPI;Database=master;Data Source=MYCOMPUTERNAME;trusted_Connection=yes"
I'm NOT using SQL Server so what commands do i need to give my db/table SELECT permissions? (and who am I giving permission to - very confused)
I had no bother accessing the server and DB from a simple C# command line program.
Been pulling my hair out for many hours now... any help would be greatly appreciated!
My hosting company created a database for me a few day ago.
To make queries into a database,I made aspx page with textarea for query text and two radio buttons for select/insert.
I can create a table but if i make a SELECT or INSERT statement I get permission denied error.In that error database and owner data are the same as my database and user ID I use in a connection string. So why dont I have permissions?
I created an account in webmatrixhosting to test my application and there everything works just fine.
So I tried to use "sp_tables" query before I make any table.
On my hosting company I got nothing but in webmatrixhosting I get 16 rows of SYSTEM_TABLES and 2 rows of VIEWS.
Did my hosting company correctly set up my database? They say they did but I Im not so sure.
A client has the following SQL Server 2005 error. The user is unable to log into Management studio. We deleted the user and login and re-created the user and login and get the same error. FYI: If the user is given db_owner and all login privs except sysadmin he gets the error. Only syslogin grants him access. It looks like he is denied access to sys.configurations via the new resource database. Any thought?
The error:
Cannot get to <instance name>.
Failed to retrieve data for this request. (Microsoft.SqlServer.SmoEnum)
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
The SELECT perrmission was denied on the object 'configurations", database 'mssqlsystemresource', schema 'sys'. (Microsoft SQL Server, Error: 229)
What is the correct way to create a security group that allows the group members to Select (Read) the content of a database?
1. Create a security group in AD 2. Add the required members to the group 3. Add the security group as a login on the SQL server (Under Security>Logins) 4. Add the security group to the specific database with Grant in Connect and Select
We have a web app that accesses Sql Server 2000 using windows authentication. We recently installed SQL Server 2005 on a new server and are in the process of porting the data from SS2000 over to 2005. I expected some problems, but I've run into something that seems like it should be relatively simple to solve, yet I have been banging my head against the wall for a couple of days. After changing the connection string in web.config of the web app to point to the new SQL Server 2005 database, I keep getting ... SELECT permission denied on object 'tUser', database 'GDoc', schema 'dbo'. The problem is, when I go into Management Studio and check the permissions, the user I'm logged in as DOES have select permissions on that database. What am I not doing? Am I forgetting something simple?
I am trying to grant solely the SELECT privilige to a particular user and to a particular database.I am using Sql server management studio express to do this and SQL Server 2005.
I have created a new login and set the server roles to public, then on the user mapping page, I have checked the box next to the table I wish the user to access and have selected the database membership role - public. Next, On the Table Properties, I have added the user on the Permissions Page and Selected "Select" under the grant column
When I click on effective permissions, the select command does not show and when I try to login with that user, the table does not display.
I have a schema XXX. This schema owns a set of tables say XXX.A, XXX.B and XXX.C.
I have a login XXX mapped to the user XXX.
When I connect to the SQL Server using login XXX and execute the query.
Select * from A, it throws be an error saying that"Invalid Object Name A".
Now when I modify the select statement specifying the schema it works. i.e. Select * from XXX.A
In the former case, is it not that SQL Server tries to search for the table in the current user's account and then if it not available it look's in the dbo's account.
HOw can I make a select without specifying the schema ?
I create a new user who will have a read only permission on TestDB.
I want to give only select permission on TestDB and also I don't want that the new user will not see any other database.
DENY VIEW ANY DATABASE to user_readonly
ALTER AUTHORIZATION ON DATABASE :: TestDB TO user_readonly
but when I am using the above query then the new user is the owner of the testdb. i don't want that. I want that the user will have only select permission on the table.is there any way?