Hi There,
Do we have any way of hiding SDF file from end-user? When we are installing our application on user's machine, we have to keep SDF file somewhere but anyone who knows about SDF file can open that file in management studio and that exposes our database structure. Is there a workaround for this ? How can we prevent visibility of SDF file ?
Please help. Thanks in Advance.
Rumba.
Has anyone written a RSS file that is used to add new Active Directory User/Group to SSRS, and applying security ROLES such as BROWSER?
I have new IT AD group that I need to apply to ALL folders on my PROD, QA and DEV servers. Way too many folders to do via SSMS or Web interface.
Would you be willing to share the RSS file?
I'm using Outlook 2010
My goal: I want to hide some text or table from inside the email message body. I don't want to attach a file with a table neither I want copy/paste it. I'd like to put that Excel table inside the message but the table is quite big.
Before I used Lotus Notes and it had the option to fold of hide some text from user. User could open when it wants but it will not take the space.
I have a client who would like to access his database via SQL Server Management Studio. I created a login for him. This login has access only to his database on the server (I set this up using the user mapping), the Securables has Connect to SQL checked (otherwise he won't see his database). When I test this login, he is able to see all the other databases on the server, though when he clicks on the ones he doesn't have access to, it will tell him that he can't access that database. He can access his database alright. My question is, can I hide all the other databases from him, and only display that only database he has access to? I have tried many different ways, I can't seem to be able to do so.
View 6 Replies View RelatedI have an app that connects to sqlepress. When run the field are loaded from the db. There are some fields that I don't want some of the users to see. Is there a way to do this without hardcoding the 'username' in the applicaton ?
I looked at the explicit permissions for username for the particular table, but I don't understand some of the terms listed.
Alter
Control
References
View definition
How can I allow a user to run a stored procedure but deny them the ability to see it in SSMS?
I don't mean 'view def' permissions, I mean the actual proc.
I read about encryption which mask the contents but they can still see the proc, any other ways I can accomplish this?
How can i assign permissions to a newly created users as of an existing user?
View 3 Replies View RelatedHi,
I have some sensitive and non-sensitive info/fields in one of my reports. Is there a way to hide/show the info based on the logged in user? or do I have to create separte reports for each type of info like one for sensitive and another one for non-sensitive info.
Thanks inadvace for your help!
How do you handle user level security with SQL Server 2005?
Say I have an HR database.
In Active Directory I have two groups: Managers, Employees.
Now in this HR Database I want to setup permissions in such a way that Managers can see all employees under them (but not other managers) and the employees can only see themselves.
(I'd have various levels of management defined in a table somewhere, so that each employee has a manager ID that links to another employee so that the CEO would be manager of everyone by working down the chain).
What I'm trying to understand is the best way to handle the permissions.
I'm not entirely clear on how to deal with that.
Would I use user chaining to do that, I wouldn't need impersonation (that's just for instances where you want dynamic SQL and it won't execute with user chaining, correct?)
Anyway, just looking for some general direction on this (obviously I need to get a good book it would seem).
Would I create a stored procedure that runs with EXECUTE AS permissions so that I'd have a non-interactive login it uses that has table access then all the other users have permission to execute the sproc?
So that sproc runs, pulls back a SELECT * FROM tbl_HRINFO and using a WHERE constraint limits who is returned WHERE SupervisorID = CurrentLoggedInEmployeeID ?
Also: How can I determine who is logged in and running the procedure, would the sproc use the SELECT USER_NAME command to see who was running it?
As you can see, I'm working from square one on all of this.
Not sure if my posting entirely made sense, but hopefully someone can get me pointed in the right direction, thanks!
Hi all,
I want to create a user with the following criteria:
The user can able to "CREATE","ALTER" the stored proceudres but not "DROP" them.
So for this, I did like this:
--Schema Level
grant control on SCHEMA::dbo TO username
--Procudure level
GRANT CREATE PROCEDURE TO username
--Denying on schema level
Deny alter on schema::dbo TO username --------- But, if i do this, then the user cannot able to create anything in the schema.
Can anyone give the workaround so that the user can able to "Create" as well "Alter" the stored procedure but not able to "Drop" the stored procedure.
Thanks.
We have a a DTS package set up to run against another SQL Server. Using an integrated login is there a way to map an NT Authenticated users is
the sql server login id mapping to this attached server. The DB we are going against only uses NT authentication to attach to.
I have an asp page that currently is creating a database and a userlogin for that database. After everything successfully (I thought)executed, I tried to change my connection properties for the serverand then login as this new user. It wouldn't allow me to, so I loggedback in as the administrator and looked at the properties for the newlogin. On the general tab, it had the user's default databasespecified as the new database that I had created in the asp page, butwhen I went to the database access tab, the database was not selected.So, I'm not sure how to set that in my script. I've done somesearching in BOL, but I can't figure it out. Also, if there's a wayto do this in a query, or stored procedure, will it also specify whattype of role the user has (public, db_owner, etc.)? Thanks.
View 5 Replies View RelatedI was just analysing the security which can be given to different users to access respective databases. So i tried, on my local server, to deny permission to myself to access Model database. After this i am not able to connect to my local server at all. Error: Permission denied. I am using windows authentication mode.
I have also deleted the local server registration, and re-registered it, but still the condition is same. Do i need to uninstall SQL Server completly to get rid of this prob.? I also registered a new data server, and there every thing is going fine. So now what do i do to get connected to my local server.
In some our dotabases I can see Schemas created with the same name as Domain User name (domainusername). Schema owner for those schemas is not dbo but the same user as in schema name. How this happens? Is any way to prevent or prohibit this?
View 9 Replies View RelatedWhat is the easiest way to find out what objects a security login has mapped to it? Something that would show all the explicit grants a specific user has.
View 6 Replies View RelatedIn database we are planning to implement row level security.For this we need to create users or we need create login for each one?
View 1 Replies View RelatedI have created a user Finance and I want to grant him access only to see views which are created under Schema called "FinanceQuery".
Note: View may use tables from multiple schemas example: dbo. Staging. ect
By doing this, I want to achieve that this user Finance can see only Views created under Schema FinanceQuery and should not see any other objects (tables, Stored Procedures, Functions etc.)
I need to provide a User with below permissions:
1. Ability to read and write records in tables in both the X schema and Y schema
2. Ability to read metadata about objects in the X and Y schema
3. Ability to execute stored procedures in the X and Y schema
4. Ability to create and update the necessary schema objects used by X, including but not limited to tables, views, and indexes
5. CREATE FUNCTION permission
6. ALTER and EXECUTE permissions on the X schema
7. VIEW DEFINITION permission on the X and Y schemas to enable view export.
For the point 1, I will assign db_datareader,db_datawriter database roles to the user
For the point 2, when I have searched web, I found out ReadDefinition permission should be granted. I could find only viewDefinition but not ReadDefinition.
For the point 3, 'USE DataBaseName GRANT EXECUTE TO User; Go' - does this sql suffice?
For the point 4, I am not sure what should be done.
For the point 5, 'USE DataBaseName GRANT CREATE FUNCTION TO User; Go' - I guess this will work
For the point 6, Can I use same SQL as point 3 including ALTER ?
For the point 7, 'USE DataBaseName GRANT VIEW DEFINITION TO User; Go'
Is there a kind of log to trace the change on DB user, such as when the password/permission is changed, etc. If yes, how can i get this log; If no, is there a way to achieve this thing?
View 2 Replies View RelatedWe have a user who is set to following permission on a DB,
server role: public
db permission: db_datareader
But when user tries to use following query on xml column he getting error as below,
SELECT ticket_id FROM dbo.Form WITH(NOLOCK)
WHERE LEN(form_document.value('(/Form_Fields/Form_Field[@field_type_desc="Number"]/@field_value)[1]','varchar(100)')) > 0
Error:
The EXECUTE permission was denied on the object 'testDB_Form_Schema', database 'testDB', schema 'dbo'.Do i have provide any additional permissions to query xml content ?
I've read a bunch of articles saying you should always remove the guest user from the user databases and model. It seems to me that if a user only has public access then the user can't do anything on the database. If the guest user only has public access to a user database how is it a security threat? I must be missing something.
View 0 Replies View RelatedCurrently studying for 70-229.I'm trying to understand how security for users is managed in SQLServer. I've been using SQL Server for a few years now, but withoutinvestigating the bits that "just work".So, here's the scenario. This is more or less how I create all myapplications (which these days are all ASP.NET).I have a database called "TESTDB" (original, huh?)Now, I want to create a method for users to access this database, so Iopen EM, locate and expand the node for the server containing thedatabase, and open the "Security" node. Click on the "Logins" leaf,and in the pane right-click and select "New Login.."On the "General" tab I enter "TESTDBLOGIN" as the Name.Select "SQL Server Authentication", and put in a password.In the drop-down list of databases select "TESTDBLOGIN"Ignoring the "Server Roles" tab, I go to the "Database Access" tab andscroll down until I can see the "TESTDB" database. Check the "Permit"checkbox, and lo!, the "Database Roles for TESTDB" list is populated,with "public" already ticked. I check the "db_owner" box, and press"OK". It asks me to confirm the password, and once that's done there'sa new login called TESTDBLOGIN. What's more in "Users" leaf in the"TESTDB" database node there's a new user called "TESTDBLOGIN".All well and good. I can now create a connection using this login anddo more or less what I want in the TESTDB database.But.If I click the "Users" leaf in the "TESTDB" node, there are two users -"dbo" and "TESTDBLOGIN". If I right-click the "TESTDBLOGIN" user, Ican see that it has Database Role Memberships for the "public" and the"db_owner" roles. But if I examine the permissions on these two roles(by selecting the row, and then pressing the "Permissions" button) Ifind that there are permissions set for EITHER role - all the checkboxes are blank!So, how is it that I can do SELECT, UPDATE, INSERT and DELETEoperations via this login/user?Sorry it all took so long - I just wanted to get it right.ThanksEdward--The reading group's reading group:http://www.bookgroup.org.uk
View 3 Replies View RelatedWe have a Web application that requires user authentication. We have a Login Page for user's to login and be authenticated. We also manage the user accounts using SQL Server Membership Provider. We created aLogin user in SQL Server and used this user's privileges to connect to SQL Server in our website's connection strings. Example, in our Web.config file, the connection string is:
<connectionStrings>
<addname="MyConnectionString"connectionString="Server=MYSERVERNAMESQLSERVER2012;Initial
Catalog=MyDatabase;User Id=TUser;Password=MyPassword"providerName="System.Data.SqlClient"/>
</connectionStrings>
The problem now is when a user logs in, it's throwing an error that TUser's password has already expired. We did not enforce the password policy and expiration date for this user. So, I'm wondering why it's giving me this error.
I'm trying to get specific permissions per user on each SQL database, would you let me know if it could be achieved e.g on an object level?
View 5 Replies View RelatedHow Sync the user and password from my Active Directory, to a SQL Database. Actually, my environment have a database with users and password added, my custom applications uses it like a passport, but now I want to use Active Directory to control these users, but I can't use windows authentication in my old apps. I was reading about Forefront Identity Manager to do this, but I need a free solution. The Sharepoint database sync user credentials with AD?
MCTS Exchange 2010
We can restrict users from accessing the databases from the security. But is there anyway , we can restrict users from seeing the available databases on the server, user can access and see the database he or she has access to other databases will not be visible?
View 13 Replies View RelatedHow do I add an Importer as a user in my sql server database security folder.
Regards
Karen
On the other database types, there is an audit capability in that yourecord such items asfailed login attemptsattemtped access to tables user is not authroized tochanges to databse schemachanges to permissionschanges to logins (add, delete, lock, unlock, passwrod reset)All I can find in the SQLServer documentation is the reference totracking failed logins when you set up a database, plus the Profiler'sactivities.Yes, I'm taking voer my first SQLServer database and have been asked tomake sure that this database is closely monitored for inappripriateactivity.Questions:1) Does SQLServer have this capability? (Sybase has this, which iswhere I'm coming from)2) Does SQLServer do this automatically or do I have to set up theevents to be tracked as happens with Sybase?3) What commands are there for setting up these events to be tracked?Thanks in advance!
View 2 Replies View RelatedHiI need to set security for row level but not based on Database user'slogin. It should be based on the user table login. For the particularuser I need to allow only the particular records to access insert,update delete and select.Let me explain clearlyFor example think we are using asp/asp.net websiteEg:www.test.comSo take this is our website and if you try this URL then you will get awindow for Login name and password.For example the Login name is windows user name (Here windows usermeans server windows user and not client) and windows password. So ifyou have login user id you can able to login in our site and we haveanother check. We have our own usertable this table consist all theuser login names and user rights. We will check the windows user whologin in our site has rights in the usertable I mean he is present inthe usertable if he is not present then we will display a message youhave no rights to access this site.If he has login id in our usertable then he allowed viewing ourpages. Still if he has the login id we will check the user who loginhas how much right to access to each page and the records of each tableits all depend on the user rights.So, here I need the row level security. For each and every table weneed to check the corresponding user and executing the record producelot of business logic problem for us.So after the user login we need automatically to set row levelsecurity for all the tables. Based on the user who login.So from there if we try select * from <tablename> then we can only ableto get the allowed records to select, insert, update, delete.Please can some one help how to solve this?Note:For some help you can refer the below URL (See in that they only givenabout the row level and column level security for each database usersnot for our required concept)http://www.microsoft.com/technet/pr...5/multisec.mspxThanks in advanceRams
View 1 Replies View Relatedi want to create new sql user and grant him two tables access. we have several databases created on same server so we want to allow only two table in ABC database. user should not be able to see other databases and their tables. And user also should not be able to access any other tables in ABC database except two tables.
is there any query to deny all tables in schema for all clauses (Select, Update, Insert) then grant two tables to user with select clause?
Database 'TEST' is already open and can only have one user at a time.
I also tried this command but having the same error.
Use Master
GO
Select * from master.sys.sysprocesses
Where spid > 50
And dbid=DB_ID (‘StuckDB’)) -- replace with your database name
Hello Everyone,
I am trying to connect SQL database through code but I get this error,I have spent days to solve it but unfortunately I couldn't...Here is my code in VB express(OP:windows 2000 with SP4)I am new to VB,so it makes the situation more difficult for me.
my code is:
Public Class Form1
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Dim conn1 As SqlConnection = _
New SqlConnection("Data Source=.SQLEXPRESS;" & _
"Integrated Security=SSPI;" & _
"database=deneme3_database;")
'Open connection
conn1.Open()
MessageBox.Show("Connection succeeded.")
'Close connection
conn1.Close()
MessageBox.Show("Connection closed.")
End Sub
The error message is,it is in german but it is clear I guess:)
" Die von der Anmeldung angeforderte "deneme3_database"-Datenbank kann nicht geöffnet werden. Fehler bei der Anmeldung.
Fehler bei der Anmeldung für den Benutzer 'ADPLANatalay'. "
Thank you in advance!
Can
Is it possible for a batch command to give access or add a new role for the user to database? Basically:
USE my_Database
CREATE USER [User1] FOR LOGIN [User1] WITH DEFAULT_SCHEMA=
[dbo];
EXEC sp_addrolemember 'Application1', 'User1'
EXEC sp_addrolemember 'SQL_Read_Only', 'User1'
If User1 was already created then ignore that and run the exec sp_addrolemember. Next,
EXEC sys.sp_change_users_login
@Action = 'Update_One',
@UserNamePattern = 'User1',
@LoginName = 'User1',
@Password = NULL
to link the orphan user within database.