Server Role
Mar 24, 2008what views table that I can use to view the server roles on the instance?
thanks,
what views table that I can use to view the server roles on the instance?
thanks,
Ive been reading over the documentation and some stuff online, but I still dont really understand what the difference is and when you would use one vs the other. Can someone put it in simple terms for this dummy (me) ?
thanks
In sql server 2000, I created some custom database roles called ProjectLeader and Developer. I would make these roles a member in the fixed database roles so that I would only have to add the user to the ProjectLeader or Developer role once and they would presto-magico have the security I wanted them to have with no unecessary mouse clicking. I'm not sure how to repeat this process in 2005? Management Studio doesn't seem to allow you to add a role as a member in another role. Is there a work around or solution for this?
View 1 Replies View RelatedHi!
What server role should be assign for individual to create and execute DTS packages.
Thank you,
Elena.
Where can I find the information about dbcc setcpuweight? I checked books online and couldn't find it. I also went and searched Google with the same results. Any help is greatly appreciated.
View 2 Replies View RelatedHi:
I have a couple enter prise SQL 2000 servers, each might contain around 800 customer databases. each of those 800 databases has its own sql standard login and password and corresponding permission on table select/update/delete and proc exec rights.
I want to create a sever level single login and password, which could read-only those 800 databases all tables only data. Those 800 databases are not always the same, some might be dropped out, new might be added.
If this is impossible, what might be the alternative?
thanks
-D :)
I have a user with DBCREATOR Server role only. That user is able to create database but create table permission denied.
how would I set permission on this user, so that this user can create databases and automatically becomes the DBOWNER of that database and can do any action on that database.
Thanks,
In exploring permissions that users have, I find that they all have VIEW ANY DATABASE permission which they inherit from the public server role. You can see this by selecting the Permissions page on the Server Properties dialog and highlighting "public". The permission shows as having been granted by sa. This is listed as a server role. However, it does not show in the list of server roles and I can't find any documentation for it (RTM BOL). Interestingly, if I revoke this permission (which is the only permission this role has), the public server role disappears from view. But I can subsequently regrant the permission with Transact-SQL in master and the role comes back.
I would like more information about this role. It seems to be sort of "secret".
When I revoke the permission, users can't see any databases except master and tempdb (both of which have active guest users) even though they have been granted access to other databases.
What I was trying to accomplish by changing this permission was to allow a user to see only those databases which they are allowed to use. But that does not seem to be possible.
Thanks for the help.
Sharon
Hi all, I am trying to connect to the database using application role. But gives an error An error has occurred while establishing a connection to the
server. When connecting to SQL Server 2005, this failure may be caused by
the fact that under the default settings SQL Server does not allow remote
connections. (provider: SQL Network Interfaces, error: 26 - Error Locating
Server/Instance Specified)
for the given connection string Dim connstring
As String = "Data Source=Northwind;Initial
Catalog=OrderProcessing;Persist Security Info=True;UserID=application_login;Password=wewewe;"
Dim cmd
As SqlCommand
Dim
param As SqlParameter
Dim
cookie As Byte()
Dim cn As New
SqlConnection(connstring)
If
(cn.State = ConnectionState.Closed) Then
cn.Open()
End If Please help..
Thanking you, Nirmala
A problem: I created some user defined roles in SQL SERVER 2000 and assigned users to different roles. Can you help me with a way (stored procedure etc.) to return the correct roles of my logged in users to my ASP.NET application.
View 1 Replies View RelatedI would like to determine if a particular user has sysadmin serverrole. Is there a way to do this via the connection string? Currentlyour code checks if a login is valid using SQLDriverConnect, however weneed to be certain that the user can login and modify the schema.Is it possible to fetch a user's server role to determine if it has asysadmin server role?
View 2 Replies View RelatedI wish to create a user that can backup any or all databases in our SQLServer 2000 Instance. I thought there would be a server role for thisfunction, however I can only find that after I grant access of adatabase to the user, then I can choose ds_backupoperator.I want to create a user that will have the ability to backup all thedatabases. I dont wish to have to come back to the server after a newtable is created and add the backup user to that table.I want SA w/o the full privilage...am I crazy?Any Suggestions?TIARobBackgroup: We currently have about 10 SQL servers, and adding more inthe future. I am using SQLBackup from Idera along with HP SurestoreTape library (60 slots,2- DLT8000 drives with 40/80 GB capacity) withArcServe from Computer Associates. I want to have this automated tobackup to file then tape, regardless of what databases get created.
View 1 Replies View RelatedHi all,
Is it possible to reconfigure the sysadmin server role?
How can I see it's permissions?
Thanks,
Assaf
There is a STIG Check that does not allow grant "Connect SQL" directly to any logins except SQL System and the SA account. My way of resolving this is to do the following:
Step One:
We create a Server Role called SQL_APPLICATIONS – for the application accounts
We create a Server Role called SQL_DBA – for the DBA accounts
and give them direct “Connect SQL’ server permissions. MAKE THE ROLE OWNER = sysadmin (group)
Note: I think that creating a Server Role is only available starting with SQL Server 2012, but not sure. I am using SQL 2012
Step two:
I add the members (Logins - SQL & Windows) – in this case any application accounts and DBA accounts to the new roles respectively
Step three:
I remove the “Connect SQL” Permission from each Login
The first problem i noticed is that the maintenance plans failed with "The owner domainusername of job db_backup does not have server access.I am currently using a test system and wondered If you think I will have trouble with the application connecting when I try and implement on the production systems.
Experiencing a little weirdness with SQL Server Management Studio...Have created a login, that has fixed server role "securityadmin".The login can create/drop logins, add/remove them as users indatabases, etc.The login can change another login's password, using SQLfrom a query window (e.g. alter login bob with password='abc')However, the login *cannot* change another login's password,using SSMS GUI (e.g. "Security", "Logins", double-click "Bob",change password, say "OK"). The error text is:Change password failed for Login 'Bob'. (Microsoft.SqlServer.Smo)Additional information:An exception occurred while executing a Transact-SQL statement orbatch.(Microsoft.SqlServer.ConnectionInfo)Cannot alter the login 'Bob', because it does not exist or you donot have permission.(Microsoft SQL Server, Error: 15151)Has anybody else experienced this?
View 3 Replies View Related
Hi all.
I have developed a VB6 program which will activate an Application Role to UPDATE and INSERT some tables in SQL Server 2005.
My program will login with a username, say USER and then run with the rights of the Application Role which will SELECT, UPDATE and INSERT the following tables:
1) Table A
2) Table B
3) Table C
The USER login is a restricted user which has only SELECT permission to Table A, B and C.
I encounter a problem in which my program can only UPDATE table B and table C but Table A. I have double checked the settings of Table A, Table B and Table C. Theirs are all same. Fyi, the column which can't be updated is of type "datetime".
Once i grant USER login UPDATE permission to Table A, my program works perfectly in which it can UPDATE all the tables including Table A.
I have tried for almost 2 days but am still clueless. Any ideas?
Thank you so much.
Hi every body
I'm developing a web application and i like to use the sql server 2005 role management features istead of developing a role management package in my program, I can do it on my tables and othe database items but I have no idea about using database access rights in my web pages to permit some one viewing or updating a web form... Is there any system table or system stored procedure showing access rights in my data base? or is there another idea to do this??
by Thanks
Javaneh
Listed below are some basic info about my application.
.net 2.0 web application
SQL 2000 database
Single sign-on. Windows Authentication with impersonate set to true in web.config:
<authentication mode="Windows"/>
<identity impersonate="true"/>
Connection String in web.config: <add name="conn" connectionString="Data Source=MyRemoteSeverName;Initial Catalog=MyDBName;Integrated Security=SSPI; " providerName="System.Data.SqlClient;"/>
The problem I'm having now is that any users that are not in the sysadmin server role can't read any table. Say if I have 2 users:
Domain1User1 ( in db_datareader and db_datawriter Database Role, no sever role assigned)
Domain1User2 ( in db_datareader and db_datawriter Database Role, sysadmin Server Role)
Here is what's expected to happen if everything goes well.
A list of customers ( first name, last name, age, etc) in a gridview should show up after login.
After both users logged in, Domain1User1 received an exception message of "Object reference not set to an instance of an object".
Domain1User2, however, was able to see the list.
I checked SQL Server Logs, and found 2 items:
Login succeeded for user 'Domain1User1' ... Connection TRUSTED
Login succeeded for user 'Domain1User2' ... Connection TRUSTED.
Based on the log file, it appears that both users had good connections to the database. Then why is it that User1, which is not in sysadmin Server Role, was not allowed to make a query?
Now if I assign sysadmin Server Role to Domain1User1 as well, the User1 will be able to see the list without seeing the exception.
Can someone shed some light for me please ?
How can I implementing Membership and Role Management on SQL Server 2005 (not Express)? Anyone have any documentation? Are there any scripts to run that will basically set up the same Database schema on SQL Server 2005 that Express uses?
Thanks.
SQL Server 7
i did a restore of a database, then tried to add the User login
to it, but when i select database access, i get the followinf error :-
"Error 15023, user or role already exists !
the user did exist on the Database, but when i select Database,Users or
Database,Roles the User doesn't exist !! so i can't drop it !
any ideas ??
Hi,
I want to know how to assign a normal user to take backup,Restore and attach and detach the database in sqlserver2000.
Please can anyone help me to find out which server role or database role will suites my requirements.
Regards
Md S.Hassan
Hello,
Does anybody have the transact SQL to find the permissions granted to the public role in a Database ?
Also looking for the SQL to find the permissions granted to the user Guest in a database ?
thanks
I had thought that I had posted this yesterday but since I cannot findit here we go again.I have searched the archives but either the code I want is not postedor I missed it.I have a user create role in a database that I need to reproduce inanother version of the database. Does anyone out there have the SQLor T-SQL necessary to generate all the grants to a role?-- Mark D Powell --
View 2 Replies View RelatedGood Day,
I am having a problem with creating databases in MS SQL 2005 Server. When I attempt to assign an User Mapping for my SQL user account to the newly created database, the "dbo" user and schema is already assigned. When I try to drop this user in favor of my own, I receive an error message: Cannot alter the user "dbo" (Microsoft SQL Server, Error: 15150). I am connected to my database engine through the "sa" account.
Regards,
Keith
Hello all,
On Analysis Services 2005 the members of the Administrators local group are also members of the fixed server role, therefore they have full control over Analysis Services databases.
I think this can be a problem becouse many system administrators don't need full control over AS. Does someone kwon how can I remove those high privileges to the local administrator?
Thank you.
Hernan.
Hi All,
Is there any limitation for setting password to an approle (like it should be 8 character long, should not start with numbers) ?
If so, what are those limitations ?
Does the same is applicable for sp_setapprole which uses the same password ?
please confirm, for both SQL Server 2000 and 2005 versions.
thanks in advance,
Regards,
Kailai
Hi there. I work in a support department and on great occasion (such as this morning), I am RASd in to a client and try running a SQL trace, only to receive an error when setting it up, 'In order to run a trace against SQL Server you have to be amember of sysadmin fixed server role.'
Today, I even called their DBA and asked him if he could set our userid up with the proper permissions to all us to run traces (I'm debugging a RTE). He stated that he was unfamiliar with the error and didn't know where to assign us to resolve this problem.
Does anyone know how to resolve this?
Many thx.
In my environment always on is there. Today I observed that primary server fail over to secondary server .now the secondary server acting as primary role.
Can I know when is fail over is happened and who did the fail over. Is there any script to find this?
Does securityadmin Server level role can add, alter logins and corresponding users on all databases ?
If not what is the best role other thn SA to have to manager logins and users.
I am very frustrated. Everything works on the local host but when I upload to server I can login to the admin role I created, but when I try to access pages that have role priveleges I get the following error:
The SSE Provider did not find the database file specified in the connection string. At the configured trust level (below High trust level), the SSE provider can not automatically create the database file.
The ASPNETDB.MDF database was uploaded using the Database Publishing Wizard.
Please help!
I have more than 3000 Active Directory Users, I have created Role Level Security on one table by using Suser_name(), Now all the active directory users need to connect sql server and access the database role object. How can I achieve that without Using .net?
I am able to add all active directory users to sql server in one go, but I am also trying to achieve same time to map with database role as well? Is it possible ?
Edition: SQL Server 2005 Standard
I am trying to take a snapshot of a database for use in a publication. The account under which the snapshot agent is running is set to have the db_owner role for the database and have write access to the snapshot share.
I can not get the snapshot to run unless the account under which the snapshot agent is running is granted the sysadmin fixed server role. Because of the security implications of this, I don't want to grant these permissions.
As far as I am concerned, the minimum requirements for the snapshot account have been met and I have tried every other alternate that I can think of. I've checked MSDN and the newsgroups but I still have not solved the problem.
The error that I get when I run the snapshot.exe from the command line is:
The remote server "TURING" does not exist, or has not been designated as a valid Publisher, or you may not have permission to see available Publishers.
This error message has now inexplicably changed to:
You do not have sufficient permissions to run the command...
Any ideas? Thanks.
An old website I inherited uses sa to connect to SQL SessionState and had the details in the web.config. This is bad for security.The session state database is of -sstype "t" which is defined as:Temporary. Session state data is stored in the SQL Server tempdb database. Stored procedures for managing session state are installed in the SQL Server ASPState database. Data is not persisted if you restart SQL. This is the default.What kind of WIndows user, SQL Login, role and permissions do I need to create to make Session State secure? (Windows Server 2012 and SQL Server 2012 mixed mode authentication, Webfarm).
View 4 Replies View Related