Security Setup

Dec 16, 1999

We are working on a new Payroll server. Our payroll department wants to lock out MIS and SQL Admins as much as possible. What we would like to do is allow the SQL Admins to still perform admin tasks such as backups, audit tracking, etc, while not being able to get into the tables. Also, we would prefer to do this security at the database level, rather than the server level. Any thoughts on this?

Tim Davis

View 3 Replies


ADVERTISEMENT

Setup Of Security / Integrated Win Security On Vista

Jul 6, 2007

I have Sql Server Express installed on Vista (service pack 2)

I have Visual Studio 2005 with an application that I'm trying to access it with within a WCF service.



The login ID of the service is added to the database.

The database has remote access turned on.

The ID is granted access to all databases within the server.

The thread is being set with WindowsProvider and the services set their thread to WindowsProvider.

The dataserver is set with using Windows Authentication for security.



When I open my connection to the database, though, it reports the typically useless message that the connection is not allowed and that the server may not allow remote connections.



How to I get past this? I've done everything right.

View 1 Replies View Related

Reports Security Setup...

Nov 29, 2007



We are using SQL 2005 / Windows Server 2003 / Sharepoint portal.

Our reports are used through Sharepoint. I have added a web part which displays the folders. There are several reports within each of the folders. Users that have access to the Sharepoint site have access to all of the reports that are available in all of the folders. I would like to control folder access through SSRS.

What is the best way for me to accomplish this?

Thanks in advance.

View 1 Replies View Related

Web Service Setup And Database Security

Sep 18, 2007

Hello,

We have vendor that is implementing an employee self serve application for current and potential employees (employment applications). There is a web server in our DMZ that has the application installed but also on the server is a SQL database that has names and social security numbers. This server will also query the backend accounting server for earnings statements and W2s. We have a Cisco ASA as the firewall and SSL to protect client authentication from the Internet. There is no SSL between the web server and the accounting server. The fact that the SQL database on the web server containing SSN associated with names concerns me. It seems that none of this information is masked or encrypted and can be seen if the server was to ever be compromised.

My idea of such a service involves a web server that queries the backend database over SSL and presents the information to the user over SSL. No personally identifiable information would be resident on the web server at all, just a facade. That is not the case and it is not what we described to them as to what we want.

It seems they have installed it the only way they know how which is not secure, or maybe it is, that's why I am here. They have installed this at numerous locations and they actually wanted any and all ports open between the web server and the backend accounting server. It took us a while to get them to follow the rule of least privilege but we essentially had to do it ourselves.

Also on our main webserver for our Internet site I found the test database they used almost 2 years ago to test this application along with names and SSN. This was before I arrived and there is no encryption or authentication for this server. Is this good secure practice? All my training says no but it is hard to believe a mutli-million dollar organization is this ignorant. I guess it shouldn't surprise me, TJX didn't pay attention either.

I saw this thread which provide some good information but I am not a database admin and I am not familiar with SQL services, etc.

My questions are: Is their implementation secure? Does anyone know where I can find more info regarding web services and HIPAA? I read where 2 firewalls are required but would like documentation to show. Any suggestions on how to implement this securely?

Thanks for the help,

Mike

View 3 Replies View Related

Setup Failing Due To Security Issue With WMI Namespace

Nov 16, 2006

I'm installing SQL Server Express SP1 on a new Windows XP Pro SP2 laptop that is part of a corporate network. The last item in the Setup Progress dialog box says:

Workstation Components, Books Online and Development Tools....Setup failed. Refer to log file.

C:Program FilesMicrosoft SQL Server90Setup BootstrapLOGSummary.txt looks fine except for the last few lines:

--------------------------------------------------------------------------------
Machine : ROVER
Product : Microsoft SQL Server 2005 Tools
Product Version : 9.1.2047.00
Install : Failed
Log File : c:Program FilesMicrosoft SQL Server90Setup BootstrapLOGFilesSQLSetup0004_ROVER_Tools.log
Last Action : InstallFinalize
Error String : SQL Server Setup failed to modify security permissions on WMI namespace \.
ootMicrosoftSqlServerComputerManagement. To proceed, verify that the account and domain running SQL Server Setup exist, that the account running SQL Server Setup has administrator privileges, and that the WMI namespace exists on the destination drive.
Error Number : 29516


Is this a common error when installing on a PC that is part of a corporate network? I didn't dig too far into SQLSetup0004_ROVER_Tools.log; however, it contains a few references to "SOFTWARE RESTRICTION POLICY".

Other than this error, SQL Server Express seems to be working ok. Is this anything to be concerned about?

View 3 Replies View Related

SQL Server Security Setup For Web Application Access

Jun 6, 2007

All:

I am writing an Internet/Extranet based (ASP.Net 2.0) web application that uses SQL server 2005 as the database. I am using forms authentication on my web application. I am also storing the connection string to SQL server in my web config file. The conn string is encrypted using DPAPI with entropy. I currently have created a SQL login account on my SQL server for use by the web application. This is the user ID I am using in my conn string. The reason for this is because all persons using the application will NOT have a windows login.

Here is my question: The login I created currently has defaulted to the "dbo" role and therefore has "dbo" rights to the database. I want to setup up this login account so that all it can do is execute stored procedures. I dont want this SQL login to be able to do anything else. In my application I am using stored procedures for ALL data access functions, via a data access layer in my application. Can someone guide me step by step as to how to setup this type of access for this SQL login.

Thanks,

Blue.

View 1 Replies View Related

SQL Server Setup Failed To Modify Security Permissions

Feb 19, 2007

Last night at home on my 64 bit Vista machine, I encountered the same error 29506 that said that the management studio express could not be installed.  I looked up the error message and below is what I received.  I also installed the 64 bit .net framework which installed just fine before trying to install the SSSME.

I followed the instructions below but this did not seem to make a difference.  However, I did not reboot after applying new permissions.  I have installed this software a few times now on 32 bit machines for both XP and RC1 Vista, and have not had a problem.  Last night, I did use the 64 bit version.  Also, there is no data file yet because after the install it rolls back, so I gave myself Full permissions on the SQL server directory which should include all sub directories, right?  Thanks, Teri
Error 29506.
SQL Server Setup failed to modify security permissions on file Drive:Program FilesMicrosoft SQL ServerMSSQL.xMSSQLData for user SYSTEM. To proceed, verify that the account and domain running SQL Server Setup exist, that the account running SQL Server Setup has administrator privileges, and that exists on the destination drive.

Note A SQL Server service pack refers to SQL Server 2005 Service Pack 1 (SP1) and later service packs.
CAUSE
This problem occurs because one or more data files exist that do not have the required permissions. By default, the Full Control permission of the Administrators group is granted to the data file when you create a database. If the permission of this group is removed from the data file, the SQL Server 2005 service pack setup will fail.
RESOLUTION
To resolve this problem, grant the Full Control permission to the Administrators group on all data files and on the Data folder. To grant the Full Control permission to the data files, follow these steps:



1.
Locate the folder that contains the data files. By default, these files are located in the following folder:
C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLData

2.
Right-click the data file that has no required permissions for the Administrators group, and then click Properties.

3.
If the Administrators group is not in the Group or user names list, click Add, type Administrators, and then click OK.

4.
Click Administrators in the Group or user names list, and then click to select the Allow check box for the Full Control item in the Permissions for Administrators list.Note If the files in the Data folder have an orphan owner, you have to take ownership of the files and then grant the Full Control permission to the files. We recommend that you do not change the default permissions for the data files.

View 5 Replies View Related

Setup And Upgrade :: No Mapping Between Account Names And Security ADs Was Done

Aug 26, 2015

Our software vendor rep is trying to upgrade MS SQL server 2008 SP4 to 2012 SP1. Get an error message: no mapping between account names and security ADs was done. He says that we get this error message because we have two domain controllers in our network, and one is running on the same windows server that run sql server. Out IT support disagrees to delete the second domain controller, saying it is recommended by Microsoft and he suggests that the problem is in Active directory.

View 2 Replies View Related

How To Setup User Security For Reporting Services Used Inside ASP.NET Web Applications?

Dec 13, 2007

I'm working on a project that requires integration of SQL Server Reporting Services with ASP.NET 3.0 Web Applications.
I'm working on Visual Studio 2005, with SQL Server 2005 on an XP development workstation.
SQL Server, Reporting Services, and IIS are all running on my local machine.

I'm trying to prototype two approaches, one using the Report Viewer control, and the second using the Reporting Services Web Service. I have the two examples setup in projects in Visual Studio.
The sample reports and data sources work fine in Visual Studio. I can access the report using the Reporting Services URL like this: http://localhost/Reports/Pages/Report.aspx?ItemPath=%2fBTT_BDS_DEV%2fCustomers; Report works fine.

My problem is, that when I try and access the report using the Report Viewer inside an ASP.NET page or from the Web Serivce hooked up inside an ASP.NET Page I get a security errors. I have chosen Windows Security for the Datasource, and ASP.NET pages. In the case of the Web Service, I'm passing in my local domain user name as the credentials.

I'm prototyping this on my local workstation, but I need to design this to be used on our corporate Intranet using Windows Security.

My questions are:

1. How do I need to setup users on my local development workstation to get this to work.
2. How should I plan for user security for enterprise deployment, i.e. using Reporting Services inside a large ASP.NET Web Application?
3. Can anybody give me some links to some good developer type working examples of doing this. I've looked but have not found the answers
to the "how do I setup users" part of the question specifcally related to ASP.NET apps?

Below is the code example of the Web Services example app I'm working with which came out of a book I have on
Reporting Services. This example compiles and seems like it would work but doesn't. Also following are a few of the
error messages I get when experimenting with the example apps:

Errors:

1. The permissions granted to user 'LocalMachineNameASPNET' are insufficient for performing this operation. (rsAccessDenied)

2. System.Web.Services.Protocols.SoapException was unhandled by user code
Message="System.Web.Services.Protocols.SoapException: The permissions granted to user 'LocalMachineName\ASPNET' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'WCRBUSCNC2830B\ASPNET' are insufficient for performing this operation. at Microsoft.ReportingServices.Library.RSService._GetReportParameterDefinitionFromCatalog(CatalogItemContext reportContext, String historyID, Boolean forRendering, Guid& reportID, Int32& executionOption, String& savedParametersXml, ReportSnapshot& compiledDefinition, ReportSnapshot& snapshotData, Guid& linkID, DateTime& historyOrSnapshotDate, Byte[]& secDesc) at Microsoft.ReportingServices.Library.GetDataForExecutionAction._GetDataForExecution(CatalogItemContext reportContext, ClientRequest session, String historyID, DataSourcePromptCollection& prompts, ExecutionSettingEnum& execSetting, DateTime& snapshotExecutionDate, ReportSnapshot& snapshotData, Int32& pageCount, Boolean& hasDocMap, PageSettings& reportPageSettings) at Microsoft.ReportingServices.Library.GetDataForExecutionAction.ExecuteStep(CatalogItemContext reportContext, ClientRequest session, DataSourcePromptCollection& prompts, ExecutionSettingEnum& execSetting, DateTime& executionDateTime, ReportSnapshot& snapshotData, Int32& pageCount, Boolean& hasDocMap, PageSettings& reportPageSettings) at Microsoft.ReportingServices.Library.CreateNewSessionAction.Save() at Microsoft.ReportingServices.WebServer.ReportExecution2005Impl.LoadReport(String Report, String HistoryID, ExecutionInfo& executionInfo) --- End of inner exception stack trace --- at Microsoft.ReportingServices.WebServer.ReportExecution2005Impl.LoadReport(String Report, String HistoryID, ExecutionInfo& executionInfo) at Microsoft.ReportingServices.WebServer.ReportExecutionService.LoadReport(String Report, String HistoryID, ExecutionInfo& executionInfo)"
Source="System.Web.Services"
Actor="http://localhost/ReportServer/ReportExecution2005.asmx"
Lang=""
Node="http://localhost/ReportServer/ReportExecution2005.asmx"
Role=""
StackTrace:
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at WebReportTester.localhost.ReportExecutionService.LoadReport(String Report, String HistoryID) in C:Documents and SettingsconbcxMy DocumentsVisual Studio 2005ProjectsBTT_BDS_DEVWebReportTesterWeb ReferenceslocalhostReference.cs:line 242
at WebReportTester._Default.btnExecuteReport_Click(Object sender, EventArgs e) in C:Documents and SettingsconbcxMy DocumentsVisual Studio 2005ProjectsBTT_BDS_DEVWebReportTesterDefault.aspx.cs:line 82
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Web Service Code Example:

protected void btnExecuteReport_Click(object sender, EventArgs e)
{
byte[] report;

//Create an instance of the Reporting Services Web Reference
localhost.ReportExecutionService rsv = new localhost.ReportExecutionService();

//Create the credentials that will be used when accessing Reporting Services
//This must be a logon that has rights to the Customers Report
rsv.Credentials = System.Net.CredentialCache.DefaultCredentials;
rsv.PreAuthenticate = true;

//The Reporting Services virtual path to the report.
string reportPath = @"/ReportFolder/Customers";

//The rendering format for the report
string reportFormat = "HTML4.0";

//The devInfo string tells the report viewer how to display with the report
StringBuilder deviceInfoBuilder = new StringBuilder();
deviceInfoBuilder.Append(@"<DeviceInfo>");
deviceInfoBuilder.Append(@"<Toolbar>");
deviceInfoBuilder.Append(@"False");
deviceInfoBuilder.Append(@"</Toolbar>");
deviceInfoBuilder.Append(@"<Parameters>");
deviceInfoBuilder.Append(@"False");
deviceInfoBuilder.Append(@"</Parameters>");
deviceInfoBuilder.Append(@"<DocMap>");
deviceInfoBuilder.Append(@"True");
deviceInfoBuilder.Append(@"</DocMap>");
deviceInfoBuilder.Append(@"<Zoom>");
deviceInfoBuilder.Append(@"100");
deviceInfoBuilder.Append(@"</Zoom>");
deviceInfoBuilder.Append(@"</DeviceInfo>");

string deviceInfo = deviceInfoBuilder.ToString();

//Create an array of the values for the report parameters
localhost.ParameterValue[] parameters = new localhost.ParameterValue[1];
localhost.ParameterValue parameterValue = new localhost.ParameterValue();
parameterValue.Name = "@WTRKCustomerCode";
parameterValue.Value = "B34186";
parameters[0] = parameterValue;

//Create variables for the remainder of the parameters
string historyId = string.Empty;
string credentials = string.Empty;
string showHideToggle = string.Empty;
string extension = string.Empty;
string mimeType = string.Empty;
string encoding = string.Empty;
localhost.Warning[] warnings;
localhost.ParameterValue[] reportHistoryParameters;
string[] streamIds;

localhost.ExecutionInfo execInfo = new WebReportTester.localhost.ExecutionInfo();
localhost.ExecutionHeader execHeader = new WebReportTester.localhost.ExecutionHeader();
rsv.ExecutionHeaderValue = execHeader;

execInfo = rsv.LoadReport(reportPath, null);
rsv.SetExecutionParameters(parameters, "en-us");

try
{
//Execute the Report
report = rsv.Render(reportFormat, deviceInfo, out extension, out mimeType, out encoding, out warnings, out streamIds);

//Flush the pending response
Response.Clear();

//Set the HTTP Headers for a PDF response.
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ContentType = "text/html";

//Filename is the default filename displayed
//if the user does a save as.
HttpContext.Current.Response.AppendHeader("Content-Disposition", "Customers.htm");

//Send the byte array containing the report as a binary response.
HttpContext.Current.Response.BinaryWrite(report);
HttpContext.Current.Response.End();

}
catch (Exception ex)
{
if(ex.Message != "Thread was being aborted.")
{
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ContentType = "text/html";

StringBuilder errorMessageBuilder = new StringBuilder();
errorMessageBuilder.Append(@"<HTML>");
errorMessageBuilder.Append(@"<BODY>");
errorMessageBuilder.Append(@"<H1>");
errorMessageBuilder.Append(@"Error");
errorMessageBuilder.Append(@"</H1>");
errorMessageBuilder.Append(@"<BR>");
errorMessageBuilder.Append(@"<BR>");
errorMessageBuilder.Append(ex.Message);
errorMessageBuilder.Append(@"</BODY>");
errorMessageBuilder.Append(@"</HTML>");

string errorMessage = errorMessageBuilder.ToString();

HttpContext.Current.Response.Write(@errorMessage);
HttpContext.Current.Response.End();

}
}

}



Any direction here related to best practices on setting up users for code use with
ASP.NET applications would be greatly appreciated...

Thanks in advance...

View 8 Replies View Related

SQL Server 2005 Security Setup For ASP.Net Web Application Data Access - HELP!

Nov 17, 2007



Here is my situation: I am creating a database driven ASP.Net web application that will be used over the internet. My ASP.Net application connects to my SQL server 2005 database/server by using a SQL server login. I am using the DPAPI API to encrypt my connection stings with a hidden entropy value for extra security. I am using the SQL login for obvious reasons, as my users will not have a windows login.

What I am trying to do: I want to limit this SQL login account to be able to just run/execute stored procedures and NOT access the tables or views directly. In my ASP.Net application I am using the MS applications data block, and I am using stored procedures for every single database access action. There is no inline SQL being executed from my web application.

What I have tried so far:


I created a new schema and made the above SQL login account owner of this schema. I then granted "Execute" permissions to the SQL login and DENY permissions to all other permissions.

I created an database role with "Execute" only permissions and DENY permissions to all other permissions.

What Happened: In BOTH of the above scenarios I tested a direct SQL statement against one of my tables, from my ASP.Net application and I was able retrieve data back, NOT GOOD, exactly what I am trying to STOP.

If someone could give me (Step-by-Step) guide on how to setup the situation I am looking for, I would be very grateful!


Thanks to all that help!

View 13 Replies View Related

Error 29506. SQL Server Setup Failed To Modify Security Permissions

Aug 15, 2007

Received the following error while installing SP2

MSI (s) (D8!A0) [21:07:09:062]: Product: Microsoft SQL Server 2005 -- Error 29506. SQL Server Setup failed to modify security permissions on file C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLData for user Administrator. To proceed, verify that the account and domain running SQL Server Setup exist, that the account running SQL Server Setup has administrator privileges, and that exists on the destination drive.

Tried running install with a domain account and local account with same results.

Based on the error message, I checked permission on the drive and still received the same error.

Followed resolution based on KB 916766, this did not resolve the error.

Only possible resolution I found was to disable UAP, reboot and retry the install. This will be done as a last resort, but any other suggestion will be appreciated.


Many Thanks

View 3 Replies View Related

Can Not Setup SQL Server 2005, Progress Stops At 'setting File Security'

Jun 8, 2007

Dear Helpers,



I can not setup SQL server 2005 express and the full trial version as well.



The setup progress stops at "setting file security", and nothing happens. I dont even get an error message.



This is very annoying. I have local administrator access, so it should work. Op system: Windows XP professional.

Machine: Hp Compaq dc7700p, 1 GB RAM, 80 GB HDD



Thanks for your help in advance.

View 5 Replies View Related

SQL Server 2k Security Setup On Application Server

Apr 13, 2004

Hi all

If i wanted to set up my SQL Server DB to run in an Application Server environment (i.e. clients connecting to a remote server)
would i be required to give every user a WINDOWS SERVER logon as well as a SQL Server logon or would i only need to setup just a SQL Server logon for them?
(obviously using SQL Server Security opposed to NT Integrated Security)

Thanks in advance for any help

View 3 Replies View Related

MDAC 2.8 Fatal Setup Error. This Setup Does Not Support Installing On This Operating System

Jan 5, 2006

I have XP Pro SP2 with MDAC 2.8.1022.  It had a problem so I tried to reinstall MDAC and got a Fatal Setup Error. This setup does not support installing on this operating system. I downloaded MDAC 2.8 1177 and get the same error.

I thought of uninstalling/reinstalling SP2, but this is a 2 month old Dell Latitude 610 with factory installed XP.  There is no Windows Service Pack 2 option listed in the Control Panel > Add/Remove Programs. 

There's some other strange things, so I wonder if they are related. 

1) I have Paul set up as an administrator account.  Some folders like MSSQL show that account with no permissions.  I grant all the permissions to Paul for that folder.  I come back later and the permissions are gone.

2) I deleted 20 files in Explorer, but 7 of them did not go away. I deleted those 7 again and they instatnly reappeared.  I deleted those 7 again and then they finally went away.

3) I get a slow reaction time for things like Windows Explorer and opening and closing programs. This is suprising since it has 2 gig of RAM and 2.3 Gig processor. Could it be a memory handling problem that's causing OS problems. Probably, the memory didn't handle the OS installation well and the whole system is compromised now.

 

View 12 Replies View Related

Setup And Upgrade :: 2008 R2 Setup UI Has Incomplete List Of Installed Features - Can't Uninstall RS

Jul 23, 2015

We're doing upgrades from SQL 2008 R2 to SQL 2014. This is blocked due to RS is installed but not configured. Our desired action is to uninstall RS and proceed with the upgrade. But when setuparp.exe is raised, it does not list all the features on the 'Select Features' page.  In fact, it only lists the last 2 shared features (SQ Client Connectivity SDK and Microsoft Sync Framework). However, all items appear to be listed on the 'Select Instance' page including RS. I've seen this issue on 2 of our SQL 2008 R2 Servers already.

View 3 Replies View Related

Setup And Upgrade :: Error Setup Account Privileges

Nov 15, 2015

I'm trying to install SQL Server Management studio 2012 on my Windows 7 (x64) standalone laptop.  When I click "New SQL stand-alone installation..." it runs a Setup Support Rules check and always fails "Setup Account Privileges". I've looked into the error and I keep getting that I need to change security rules but I don't have that option in window 7.  How do I get around this without having to resort to a computer running Windows Server?

I have Visual Studio 2013 premium installed along with Localdb v11.  I just want to connect and manage my database engine through SSMS when developing any application.

View 2 Replies View Related

Please Post Setup And Installation Questions In The Setup Forum

Nov 17, 2005

This forum is intended for users who are new to SQL Server, and have basic usage questions. If you have setup or installation issues or questions, you should check out the Setup forum.

Thanks

View 11 Replies View Related

Setup And Upgrade :: One Machine 6 IPs - How To Setup DNS For Server

Apr 24, 2015

I am running a number of SQL instances on my PC. Within the network, I have think server with various System Center components. For compatibility reasons, some features of System Center 2012 R2 had to be delegated to different SQL databases. My question is, because there is now more than one IP address on my system, and each instance of SQL is assigned to its own IP, is there a way to setup DNS and SQL so the namespace points to the desired IP address? For Instance:

MSSQL2008 instance is set to run on = 11.12.13.1
MSSQL2012 is set to run on = 11.12.13.2
IN DNS:
A Record: Mike-PC = 11.12.13.1
A Record: Mike-PC = 11.12.13.2

If I want to use MSSQL2008 by specifying Mike-PC as the DNS name, how would I do that with 100% accuracy? If there is another way to get the job done, I am more than willing to approach this differently.

View 3 Replies View Related

SQL 2012 :: Persist Security Info And Integrated Security In Connection String

Dec 4, 2014

I use from sql server 2008. and c#

what is the best connectionstring?

I don't know if i use Persist Security Info and Integrated Security or not?

And if yes then their value must be true or false?

View 1 Replies View Related

Code Access Security Across Multiple Assembly Security Extension

Oct 14, 2005

Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.

View 9 Replies View Related

SSRS -- Security Filter And Model Item Security Setting

Jul 31, 2007



Hi,


I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.


The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says:
Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.



For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;

in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.



My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?


The article also says:

"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."



So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.



I can only get one result at a time but not both:

either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.



Your help is highly appreciated!

Desperate developer

View 1 Replies View Related

Differance Between Persist Security Info And Integrated Security

Apr 26, 2007

hi i want to know what is the differance between  
Persist Security Info=False;Integrated Security=Yes;

View 1 Replies View Related

SQL Security :: Running Job As Windows Security Group

Oct 18, 2015

Is there any possibility to schedule SQL job execution as Windows Security Group? I need to run powershell script through SQL job with one of this group member's permissions. 

View 4 Replies View Related

Use An Existing AD DL Security Group For Security Role

Jun 18, 2007

I want to use an Active Directory security group that is a Distribution List for a new role assignment for an existing report. Can someone tell me if this is possible? I get an error each time I try:














The user or group name <DLName> is not recognized. (rsUnknownUserName)"

View 1 Replies View Related

SQL 2K Security Baseline Or Security Checklist

Jul 20, 2005

Is there anybody out there with a MS SQL 2K Security Baseline orSecurity Checklist. Where can I get one????Thanks in advanceDavid

View 1 Replies View Related

SQL Security Events In Windows Security Log

Feb 28, 2008



Hi;

I am looking for a way to log all security related events for SQL in Windows Security Log. I am trying to use SCOM for monitoring SQL and I am looking at ways to generate alerts in my SCOM Console for specific events in SQL e.g. A table is deleted, user is modified, deleted, etc. Is this possible and if yes how do I achieve the same?

Rgds;

View 6 Replies View Related

Transport Security Vs Dialog Security

Aug 3, 2006

In an environment where there are many initaitors speaking to a central target with frowarders in between, from what i can understand this best policy is to disable encryption on the endpoints, since dialog encryption will be enforced this is all that is really required, is this correct.

If the endpoints used encryption the message would need to be encrypted and decrypted at each forwarder resulting in slower perfromance, where as dialog encryption would only encrypt at the sender and decrypt at the target, so is this the best way to go?

Secondly is it best practice to open a dialog initally and send messages over this dialog for years never ending the conversation? This way the services only have to authenticate eachother once, if there are no reboots etc that is of course.

I would think performance wise sending each message and ending the conversation each time is a much greater overhead ? So would it be best practice to keep dialogs open and keep sending messages ?

Initally when i was learning service broker i thought that one must send a message and end the dialog until the next message, but i think the other way is the best option ?

Is this correct ?

Thanx

View 1 Replies View Related

Dialogue Security Vs Transport Security

Feb 19, 2007

Hi

I'm designing a distributed application where I will have SQL Server 2005 distributed databases replicating data to my central hub which is again a SQL Server 2005 database using SQL Service Broker. Data will be sent from the central hub to the distributed sites and vice versa. I need to authenticate the communication and also secure the communication by encrypting the messages. Which security shall I use? Where do I configure the type of security being used? What is the difference between transport security Vs dialogue security - Full security model?



Thanks

View 4 Replies View Related

NT Security Vs SQL Server Security

Jun 19, 2000

Hi:

Can anybody tell me the advantage and disadvantage to use NT security for SQL Server 7.0? For a corporation with 400 users, what is your recommendation for the SQL Server security management. Thanks.

Joan

View 1 Replies View Related

Windows Security Vs. SQL Security

Jul 30, 2004

What's the better security to use? Currently I'm always registering using the Windows authentication. When I'm trying to register using SQL authentication I always get "Login failed for user 'sa'" error....

View 1 Replies View Related

SQL Setup

Apr 9, 2001

Hello everyone

I know this is discussed very often, but please indulge me.
I have two hardware/software configurations for the SQL servers,
(1) NT4 + SQL7 on 2HDD's (C/D-drive) and,
(2) NT4 + SQL7 on 3HDD's (C/D/E-drive).
What will be the best configuration for SQL regarding:
a. RAID,
b. placement of the OS,
c. placement of the data & log files(devices),
d. local(hdd) backups

Regards
George

View 1 Replies View Related

SQL Setup

Jun 29, 1998

Hello!

I`m new to SQL Server, so excuse this if it`s a well-known
problem with a well-known solution.

I tried setting up SQL Server 6.5 (the box but not the
docs or install claims it`s an
upgrade product) but the install hung at "Setup is now
installing the initial SQL Server configuration" for over
10 minutes. That is, the install kept processing
something but did not appear to be coming to an end until
I killed it. This happened repeatedly, and on a second
server, too.

I then installed 6.0 (over 6.5!), and was able to install
6.5 over 6.0. However, I`m not able to install the 6.5
docs.

SQL Server appears to run (although I`ve not tried any
DB stuff).

Any suggestions? Should I uninstall and start over?

best, paul

View 2 Replies View Related

Setup

Mar 7, 2007

Hello,
This is the present setup.
Server A --> sql server 2000
Server B --> sql server 2005

On my machine I point to an instance name of sql server 2000 to use. i.e.
sqlserver2000Serverinstance1
On my local machine I have installed sql server 2000 and can use the enterprise manager. Have the Admin rights.
I have setup a daily backup job on sql 2000...

On server B, I installed sql 2005. Restored the sql 2000 backup onto sql 2005. And now I have the sql 2000 database in sql server 2005.

Now I can use the sql 2005 by refering to the serverB name (Not an instance).

In Server A, the applications are using a login name (sql authentication) i.e. username, password.

Questions
1) How do I install sql 2005 on my local machine (Remember that I have sql 2000)

2) If I should run the setup for sql 2005 on local machine, then during the installation, do I give it an instance name or should this instance name be done on the server i.e. server B ?

Thanks

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved