Security - Admin Access
Mar 22, 2007
How do I grant admin access to a windows account withou having them a part of the administrators group...
I need to give a user access to every report on the server and the ability to administrate the application side of the server but I cannot give them Administrative access to the machine as a whole. I added the user to the system administrators role in team services but this did not allow here to see all the reports. How does she get access to all the reports without being in the Windows local Administrators group?
Thanks
Chris
View 2 Replies
ADVERTISEMENT
May 31, 2007
i have an asp.net web application that uses SQL2000 backend. any users login to the application using a proper SQL login. so each user has unique logins
One of the roles within the application is to allow the user to create new logins for the application which inturn creates a SQL login. for this i have been using the following special sp's within an application specific sp:-
EXEC sp_addlogin @strUsername, null, 'WEA_MIS', @loginlang
EXEC sp_grantdbaccess @strUsername, @strUsername
EXEC sp_addrolemember @strRole, @strUsername
EXEC sp_password NULL, @strPassword, @strUsername
the only way ican get this to run is if the user executing the sp is a member of sys admin, ideally i dont want to be giving anyone access to sys admin. i thought security admin would allow me to do the above but it doesnt. Is there any other ways or ideas to get around this problem
Cheers,
Craig
View 5 Replies
View Related
Jun 19, 2015
we recently migrated from our in-house domain to the Enterprise domain. Everything went smooth except for the fact that I can no longer accept my dBs using my SA or my domain admin account. There is only 1 account I can get into the management studio with but it has no admin privileges, so I can't make any password changes or add accounts. I don't have a test environment so kind of hesitant to experiment with our production system.
View 6 Replies
View Related
Aug 27, 2015
I want to set up a database role so that users can use sp_readerrorlog through SSMS. It does a check on membership in the securityadmin role.
I have tested it and can see you can grant execute on xp_readerrorlog but the SSMS GUI uses sp_readerrorlog.
I thought I could create a user/certificate and add the signature to sp_readerrorlog but it's not permitted (likely because it's not a normal database object).
So the other solution is to add the users to the securityadmin role but then explicitly deny alter any login (best done with a custom server role in 2012+ but otherwise just manually in 2008). I tested this out and it works, I'm not able to alter any logins or increase my own permissions, I also did a check of what's reported from fn_my_permissions(null, null) and it shows minimal permissions like I'd expect.
View 0 Replies
View Related
Sep 6, 2007
We are using Win2k3 R2 with SQL 2000 in a domain environment.
Is it possible to create a domain group to grant admin level and user level access to SQL2000/2005 without giving users server admin or domain admin access?
It has always been my impression that to have admin access to SQL that you had to at least had admin level access on the server.
Any clarification would be greatly appreciated.
Thanks!
View 1 Replies
View Related
Oct 14, 2005
Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.
View 9 Replies
View Related
Oct 3, 2005
I like the new gig a lot. Real busy, smart folks and I have been in high demand since 5 minutes after my butt hit the chair. I already have code in production.
Anyhow, we have a security situation on the sql servers I pointed out on my first day. So they want me to roll everything over to Windows Authentication and give the developers and report writers more restricted rights inside SQL Server. So they have NT Groups for different kinds of users and all of that jazz and I layed on the typical stuff about using NT groups vs individual accounts and ease of admin vs granularity of control. Well the boss came back and said he wants ease of admin and granularity of control over security. So, does anyone have any fresh thinking on turning my eitheror into an AND.
View 5 Replies
View Related
Sep 21, 2005
I am working with a SQLServer installation where all public permissionshave been revoked from the system.I currently hold the securityadmin and sysadmin roles to perform mylogicall access control work (creating logins and adding users todatabases and changing group memberships.)There has been a question as to whether or not I need the sysadmin roleto do my job, so we tried an experiment in dropping the sysadmin rolefrom my id.With no public permissions, I see no user information on the server,which really limits my ability to do the job.Has anyone ever worked with a super-locked-down server without thesysadmin role for doing security admin work?What I'm looking for is hopefully SQL to perform the access privilegesneeded for the security admin role by itself.Thanks in advance!
View 2 Replies
View Related
Jun 12, 2015
Is SQL Server sensitive to Domain group name? Like "Domain Admin"?
I have user that belong to "myDomainDomain Admin" group. Group is in SQL as sysadmin but user cannot login using domain credentials. When I move that user to a different domain group which that group is in SQL again as sysadmin my user is able to login.
Environment: SQL 2008 Standard Edition.
View 12 Replies
View Related
Jul 16, 2015
I have a SQL Server 2014 instance running on a SQL Server 2008 R2 server. The server is not clustered, it is just a stand alone SQL Server. The syspolicy_ purge_history job fails every now and then with the error message: "A job step received an error at line 1 in a PowerShell script. The corresponding line is 'import-module SQLPS -DisableNameChecking'. Correct the script and reschedule the job. The error information returned by PowerShell is: 'Access to the path 'PowerShell_CommandAnalysis_Lock' is denied. '. Process Exit Code -1. The step failed."
Google isn't bringing up much besides the whole"If this is a clustered server make sure you have the right server name in the command" answer, which isn't the case here. Some days this job fails and some days it succeeds. I have checked out task scheduler to see if there were any conflicts there, found nothing. Nothing in the event viewer either.
View 2 Replies
View Related
May 21, 2014
how does security works between availability groups.
ex if i create an object and grant permissions to a user will that be replicated to secondary replica .
View 4 Replies
View Related
Jan 21, 2015
SSISDB 2014 - Enabling CLR - Is there are kind of security risks for enabling CLR when creating SSISDB?
View 0 Replies
View Related
Apr 17, 2002
hello,
i have a simple question and i am not familiar with sql7.
HOW can we access sql 6.5 databases from the admintools installed with sql 7.0. Is it necessary to install additionaly to the 7.0 Admintools the 6.5 components also?
can somebody help for that?
thanks
klaus
View 1 Replies
View Related
Jul 20, 2005
Hi All hope you can help.I have a SQL 2k Standard Ed. SP3 server that is in mixed securitymode.I have logged into EM with the sa account.Then added a Active Directory group (i.e. DomainDBAdmins) to theSystem Administrators for that server.When I try and modify the SQL server registration in EM to use trustedauthentication instead of sa I get a connection failed. Any ideas?Thanks,
View 3 Replies
View Related
Jul 20, 2005
I am interested if anyone can point me to "best practices" regarding thelevel of administrative authority a SQL Server database administrator shouldhave. Alternatively, I'd be interested hearing what level of authority onthe server you/your SQL Admin has. I have been told that in order to dotheir job, a database admin needs full admin authority on the operatingsystem in a Microsoft environment, but I find that hard to believe.Thanks.
View 1 Replies
View Related
Oct 25, 2006
We have SBS2003 and SQL2000 is running on it. Recently we built a trips database and
Installed trips application on it but the problem is that only the administrator can run Trips application. Other domain users cannot get access to the new trips program. I added the users on database and double checked.
When normal user logs on, these messages show up:
Message 1:
"MS sql Server login
Connection failed:
SQLState: '01000'
SQL Server Error: 53
Microsoft ODBC SQL Server Driver DBNETLIB ConnectionOpen (Connect()).
Connection failed:
SQLState: '08001'
SQL Server Error:17
Microsoft OBDC SQL Server Driver DBNETLIB SQL Server does not existor denied."
Message 2:
"File dbo.control could not be opened. Error (r=100).
Press OK to end this application."
Any advance is welcome.
Peter
View 1 Replies
View Related
Mar 28, 2007
Hello,
I have been given the responsibility of administering and trying to maintain an enterprise level database (currently 20GB in size) without local admin privileges on the server that houses my database. Is there any documentation available that can either help me get my job done, or help me convince my supervisors that my position requires that level of access?
I understand the concern about the local admins being able to "do whatever they want", as well as the effort to reduce the amount of risk exposure to major accidents. I just want to be able to do my job effectively.
View 5 Replies
View Related
Jul 5, 2006
On a given Analysis Server the machine level OLAP Administrators group controls which users have admin access to AS Databases and Cubes on that machine. From everything I have read, if you are in the OLAP Administrators group you have full access to administer ALL the databases and cubes.
We have a need to create a OLAP database and grant a few users (a role) full admin access to create and maintain datasouces and cubes within that database but NOT allow them admin access to the other existing databases and cubes on the server. This seems like such a common requirement. Has anyones else encountered and resolved this issue.
Thanks,
Tony
View 2 Replies
View Related
Feb 10, 2014
I am newbie to SQL.I need to create an application will run on server, and of course will be installed by using admin user. I can use the install user to access to database on that server?
View 1 Replies
View Related
Dec 3, 2013
We have applications connected to SQL using windows authentication. While having connection with Application user can also access to Database instance on the same time as well. We need to limit the access of user outside application.
View 6 Replies
View Related
Nov 24, 2014
How do I grant a specific access to a schema. I have a request to grant a ddl access to a schema called Business_Banking.
View 1 Replies
View Related
Jan 5, 2015
I have SQL Server 2014 (Enterprise) on Server A. The service runs under DomainAAdmin.
The Client machine is B, User credentials DomainBUser.
DomainBUser has a share on B that contains a BCP data file. DomainAAdmin has full access to this file.
If I log onto A (the server machine) with either DomainAAdmin or DomainBUser credentials, and run SQL Server Management Studio with Windows Authentication I can run BCP sucessfully using the following:
BULK INSERT [MyTable] from 'Bsharedatafle.tsv' WITH ( KEEPNULLS , KEEPIDENTITY ) However, if I log onto B, (the client machine and the machine hosting the share) and try to run the same bcp command, I get "Access is Denied".
View 5 Replies
View Related
Oct 26, 2006
Do I need admin access on my computer to Run or manage an SSIS Package?
if i dont have admin access on my computer, what functionality of SSIS i cannot use?
View 1 Replies
View Related
Jan 3, 2007
I am using a standard installation of SQL 2005 Express installed with Visual C# Express. I have tried several connection strings, have tried connecting different databases, all of which end up giving me access denied for user <machineName>Greg (Greg is the local admin account for this PC. I found this guideline for connectivity questions (http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=362498&SiteID=1), and have gone through it all, posting the answers to questions here. One thing that may be different about this machine is that it is a tablet PC (WinXP Tablet edition) and I am running VMWare Server. I also tried loading it on a WinXP Pro workstation with no VMWare, and have gotten the same results. Any help will be greatly appreciated.
My connection string:
@"Server=(local);Integrated Security=SSPI;Database=Database1");
Client error message:
Cannot open database "Database1" requested by the login. The login failed. Login failed for user 'GREGBORGGreg'.
Client is local to the SQL 2005 Express - this is an application running on a local PC.
I am able to ping -a GREGBORG (as well as localhost)
I am able to telnet to port 1433 of my local machine, although Ctrl+[ does not give me an SQL prompt
I am using ADO.NET 2.0 and Visual C# 2005 Express
I have enabled Shared memory, named pipes and TCP/IP.
I have no alias' configured, and am not requiring encryption.
=========================
I am using SQL 2005 Express loaded on Windows XP tablet edition.
The SQL browser is not enabled, and it says that it has no enabled devices associated with it.
SQL Server is running under the Network System account
I have tried running it firewalled and not firewalled
I am running Clamwin anti-virus
From the ERRORLOG:
2007-01-03 12:29:56.19 Logon Error: 18456, Severity: 14, State: 16.
2007-01-03 12:29:56.19 Logon Login failed for user 'GREGBORGGreg'. [CLIENT: 10.101.1.200]
From the command prompt I get:
C:Documents and SettingsGreg>osql -E -S (local)sqlexpress
1> use Database1
2> go
Msg 911, Level 16, State 1, Server GREGBORGSQLEXPRESS, Line 1
Could not locate entry in sysdatabases for database 'Database1'. No entry found
with that name. Make sure that the name is entered correctly.
When I try to attach Database1 in my 'My Documents' folder, it says that access is denied to the file.
I added a user via SQL Management Studio Express and then received the error:
C:Documents and SettingsGreg>osql -S gregborgsqlexpress -U Greg -P ********
1> sp_attach_db "Database1", "C:documents and SettingsGregMy DocumentsVisual
Studio 2005Projects est_SQL est_SQLDatabase1.mdf"
2> go
Msg 5133, Level 16, State 1, Server GREGBORGSQLEXPRESS, Line 1
Directory lookup for the file "C:documents and SettingsGregMy
DocumentsVisual Studio 2005Projects est_SQL est_SQLDatabase1.mdf" failed
with the operating system error 5(Access is denied.).
1> use northwind
2> go
Msg 945, Level 14, State 2, Server GREGBORGSQLEXPRESS, Line 1
Database 'Northwind' cannot be opened due to inaccessible files or insufficient
memory or disk space. See the SQL Server errorlog for details.
In the ERRORLOG I have:
2007-01-03 12:38:27.25 spid51 Error: 5173, Severity: 16, State: 1.
2007-01-03 12:38:27.25 spid51 One or more files do not match the primary file of the database. If you are attempting to attach a database, retry the operation with the correct files. If this is an existing database, the file may be corrupted and should be restored from a backup.
2007-01-03 13:07:16.82 spid51 Using 'xpstar90.dll' version '2005.90.1399' to execute extended stored procedure 'xp_instance_regread'. This is an informational message only; no user action is required.
2007-01-03 13:09:24.68 Logon Error: 18456, Severity: 14, State: 8.
2007-01-03 13:09:24.68 Logon Login failed for user 'Greg'. [CLIENT: <local machine>]
2007-01-03 13:09:27.43 Logon Error: 18456, Severity: 14, State: 8.
2007-01-03 13:09:27.43 Logon Login failed for user 'Greg'. [CLIENT: <local machine>]
Again, thank you for any help. I think I may have been staring at this too long to be productive any more...
--Greg
View 3 Replies
View Related
Jan 3, 2006
Applied Access security feature to a database using its Security Wizard. Procedure went smoothly.
Been developing a software using VB 6.0 using an Access database as the main data source. Haven't had any problem manipulating the database via VB, but recently attempted to modify the database structure via Access, but was unable to do so, because either my username or password is allegedly invalid. Tried all passwords I can recall, but unable to get through. Haven't been able to create a new database, either.
Development of the software and creation of the Access database is being done on a stand alone laptop, that may or may not have been a workstation in a network.
Any help to resolve this issue would be appreciated.
Napatan
View 2 Replies
View Related
Aug 24, 2006
I would like some clarification please...
I have setup Windows Authentication to SQL2005 using a group with a default database. The group has access to the default database.
Now it's my understanding, if I have a user that's a member of the group, idividual access does not need to be setup to connect to SQL Server. Users connect on the credentials of the group... Is this a correct interpretation??
Ex: Windows groupname = SQLConnect Default db = Anydb
Anydb has groupname SQLConnect connect permissions
Windows username = test1 (is member of SQLConnect group)
Problem: test1 trys to login but gets an error that they can't connect to default db...
View 1 Replies
View Related
Jul 6, 2015
I try to connect from a pc to a SQL Server on another pc. Both pc’s are in a workgroup. I want to connect from a Windows Forms application to a named instance on the other computer. By now I have been able to connect from one pc to SQL Server on the other with tcp:smurfin, 52782.
I want to be able to use servernameinstancename (instead of portnumber) to make a connection in a Windows Forms application.
I’ve checked / tried te following:
•In the properties of the instance, tab Connections, the option Allow Remote Connections is enabled
•In Configuration Manager: TCP is enabled
•The service SQL Server Browser is started
•On the tab IPAddresses, in the section IPAll, there is NO portnumber for TCP Port. And TCP Dynamic Ports has the nummer 52782
•I have created un inbound rule for port 52782 and also for 1434 (SQL Server Browser). And to be on the save side: a rule for 1433 as well.
•Restarted the service
If I run the following code in SQL Server, that same port number (52782) is returned:
EXEC xp_ReadErrorLog 0, 1, N'Server is listening on', N'any', NULL, NULL, 'DESC'
GO
SELECT local_tcp_port
FROM sys.dm_exec_connections
WHERE session_id = @@SPID
[Code] ....
View 5 Replies
View Related
Aug 24, 2015
While running Sql 2014 upgrade advisor against a 2005 remote sql server. Below is the error im getting:
"Could not populate SQL Instances: System.Security.SecurityException: Requested registry access is not allowed"
Its able to connect SQL 2005 DB server and its also populating all the required Databases, but when i'm tring to click Run at the last step above error is coming. I even installed SQL 2012 upgrade advisor in my system and getting the same above error.
However if i use SQL 2008 upgrade advisor and connect to SQL 2005 server im not getting any error.The tool is generating successfully all the Pre and Post upgrade issues.
I'm running the tool with Run as administrator option. Is there any specific change i need to do in my system so that the tool runs successfully.
View 2 Replies
View Related
Mar 6, 2008
I am developing a package to restore a database from backup file on a remote server. I am having problems accessing the remote backup file when it is addressed via the admin share, in this case N$. It runs okay if a specific share is created but for some unknown reason fails via the adminshare.
I am executing the package job with a proxy account that is a member of the local administrators group on the remote server.
It appears that access via a remote admin share isn't possible from within a SSIS package. Is this the case?
View 2 Replies
View Related
May 11, 2007
Hello,
I'm new to ASP, but developping in Sql for years.
What we would like to have is that the user is accessing the database over it's own Windows Logon. Our triggers log quite some changes and are using UserName() for this. I've treid to force the IIS to accept Windows Integration only, the SqlDataSource users a connection that has Integrated Security = True. But when connection to the site i'm gatting error that there is no trusted connection for the user . (dot) ...
I suppose i'm missing something but could you give me a hint where to start looking..... THX
View 3 Replies
View Related
Aug 22, 2001
In the process of reviewing all Security access into our production servers, I found a user login name of 'BUILTIN/Administrators' with the type 'NT Group' in our production DB. I am not sure whether this Login was setup automatically when SQLServer was installed or it was setup by the administrator, who is no longer with the company? I was able to find out all the users in the Administrators NT group, but what threw me was the word 'BUILTIN' . Are there other Logins besides 'sa' that get setup during the install?
Thanks.
Helen
View 1 Replies
View Related
Jan 26, 2001
I am using Access 97 as a front end to access SQL 7 server on NT 4.0 server.
I've set up security model based on NT authentication only. Users have login right to login to SQL and they have public & dataread & denydatawrite access. They also have SELECT permission on a table object and have no permission to INSERT, DELETE and UPDATE.
When I use Access 97 to access a database, users are still capable of inserting and deleteing records in tables.
Am I doing something wrong?
Thanks, Michael.
View 1 Replies
View Related
Jan 20, 2004
I HAVE CREATED A SECURITY DATABASE USING A NEW WORKGROUP FILE WITH A NEW MDW FILE NAME. THE DATABASE ITSELF CONTAINS SEVERAL GROUPS OF USERS AND SEVERAL USERS. THE DATABASE WORKS AS DESIGNED.
THE PROBLEMS IS IF I OPEN THIS DATABASE USING THE SYSTEM.MDW FILE, THE DATABASE OPENS AND GIVE ME COMPLETE ACCESS TO EVERYTHING.
CAN ANYONE EXPLAIN WHAT IS HAPPENING.
ANY HELP WILL BE APPRECIATED
THANKING YOU IN ADVANCE
JOSEPH FORD
View 14 Replies
View Related
