Setting Security Permission As &"UNSAFE&" Is OK ?
Apr 27, 2007
Hello,
I have implemented User-defined Functions in SQL Server 2005 with Managed Code. Inside Vistual Studio Project for SQL Server, there are three different levels of security, which are SAFE, EXTERNAL_ACCESS and UNSAFE. When I set EXTERNAL_ACCESS permission and try to send http web request using HttpWebRequest and HttpWebResponse classes in the .NET Framework, it throws me error message, but If I set to UNSAFE, it works fine. For that I have two Questions.
1) how to run my code with EXTERNAL_ACCESS permission ?
2) If I set UNSAFE permission, is it dangerous for any security issue ?
Looking forward to some help from you guys. Thanks in advance.
Cheers,
Satyam
View 2 Replies
ADVERTISEMENT
Sep 19, 2007
Hello,
I think I have some kind of permission problem. But first things first:
I have code which I would like to run in SQL Server (CLR Integration). First thing is that my code uses third-party-dll. I have to deploy my code as unsafe because of
"
CREATE ASSEMBLY failed because method "add_FunctionAdd" on type "USP.Express.Pro.FunctionsCollection" in safe assembly "USP.Express.Pro.2.0" has a synchronized attribute. Explicit synchronization is not allowed in safe assemblies.
"
Of course I can not create "asymmetric key" for third-party-dll (Or can I?).
So, I tried to use trustworthy DB. But I get all the time error Msg 10327: "Assembly is not authorised for PERMISSION_SET=UNSAFE"
I am using Windows Login to log on Sql Server. Login is granted "Unsafe assembly" and DB has trustworthy setting "on".
Login has server roles "sysadmin" and "securityadmin".
Login is mapped with DB User who has same name ( DOMAINUserName ) and has default schema "dbo".
Login has DB memberships "db_owner" and "db_securityadmin".
DB user owns schemas "db_owner" and "db_securityadmin".
Am I missing something?
Interesting thing is that I can do deployment (as unsafe assembly) in master-database. But not in the other databases.
Questions are:
- Is there other way to authorise third-party-dll than using trustworthy?
- Why deployment can be done in master-database?
And finally:
- Why deployment can not be done in other database?
View 9 Replies
View Related
Jul 4, 2007
Hello,
I develop a database that notifies clients when data changes by sending an UDP broadcast message using an extended stored procedure. Now I want to use a CLR stored procedure to send the UDP broadcast instead:
using System;
using System.Data.SqlTypes;
using Microsoft.SqlServer.Server;
using System.Net.Sockets;
public partial class UserDefinedFunctions
{
[SqlProcedure]
public static void UdpSend(SqlString address, SqlInt32 port, SqlString message)
{
System.Net.Sockets.UdpClient client = new System.Net.Sockets.UdpClient();
byte[] datagram = message.GetUnicodeBytes();
client.Send(datagram, datagram.Length, (string)address, (int)port);
}
};
I have found that to be allowed to send to 255.255.255.255 I must give the assembly permission set 'Unsafe'. If I change to 'External access' I get:
Msg 6522, Level 16, State 1, Procedure UdpSend, Line 0
A .NET Framework error occurred during execution of user defined routine or aggregate 'UdpSend':
System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
System.Security.SecurityException:
at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.Net.Sockets.Socket.CheckSetOptionPermissions(SocketOptionLevel optionLevel, SocketOptionName optionName)
at System.Net.Sockets.UdpClient.CheckForBroadcast(IPAddress ipAddress)
at System.Net.Sockets.UdpClient.Send(Byte[] dgram, Int32 bytes, String hostname, Int32 port)
at UserDefinedFunctions.UdpSend(SqlString address, SqlInt32 port, SqlString message)
I cannot use permission set 'Unsafe' in production environment, so what I want is to customize the effective permissions with higher resoloution than the three pre-defined permission sets 'Safe', 'External access' and 'Unsafe'. Except from what is allowed by 'Safe' I only want the permissions necessary to send an UDP broadcast.
Anyone who has something like this ?
View 4 Replies
View Related
Jul 31, 2007
Hi,
I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.
The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says:
Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.
For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;
in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.
My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?
The article also says:
"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."
So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.
I can only get one result at a time but not both:
either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.
Your help is highly appreciated!
Desperate developer
View 1 Replies
View Related
Jul 11, 2006
Does anyone know if it is possible to set permissions on certain fields in a way that will restrict access for reading a field but will allow a user to do a select using that field? I am looking for a way to block read access to a sensitive field but I want to be able to query other fields using the value that is in the field.
Thanks.
View 2 Replies
View Related
Mar 22, 2007
Hi,
How can I set the permissions on all tables in a database to be exactly the same for 1 user name? Let's say I need all the tables in the DB to allow the user to Select,Update,Delete. Can this be done without going to the properties of each individual table?
Thanks,
Razzle
View 2 Replies
View Related
Jul 19, 2004
Hi Every body,
I have newly joined this group. I am new to DB administration.
I wanted some information as to if my Server crashes (which has) & i reinstall SQL server, will restoring master database restore all my permissions & security which was set before crash. It would be great in anybody can help me on this.
Regards,
Krishna
View 1 Replies
View Related
Oct 26, 2015
What is the correct way to create a security group that allows the group members to Select (Read) the content of a database?
1. Create a security group in AD
2. Add the required members to the group
3. Add the security group as a login on the SQL server (Under Security>Logins)
4. Add the security group to the specific database with Grant in Connect and Select
View 11 Replies
View Related
May 31, 2015
How can I assign permission to new database for all the existing user in SQL.?
View 3 Replies
View Related
Jan 16, 2007
Hi all,
Okay, here's my problem:
After I login into the Reports Server (<servername>/Reports1/Pages/UILogon.aspx?) the Home page is blank ( accpet for links to Home |MySubscriptions | Help in the upper right corner). Please read on before thinking you know the answer. I am using Reporting Services with Forms Authentication with a custom security extension. In the LogonUser methothd I validate the user and return True if the user is good. Should I be doing anything else in this method or any of the other methods in my custom extension? I'm asking because, I can use Sql Server Management Studio to login into the Reporting Server, view any folders such as the Data Sources or Models folder, but can't make any changes. In the Users table in the ReportServer database the user I'm logging in with has a UserType of 0 and AuthType of 3. I've tride changing these to match the BUILTINAdministrators user but still no luck. Also, I can not login as the BUILTINAdministrators because that user would not be in our database. Any help with this is appreciated. Thanks.
View 4 Replies
View Related
Jul 18, 2006
New to this game so please bare with me ;)
const string ConnectionString = "Data Source='db.sdf';";
SqlCeEngine mydb = new SqlCeEngine(ConnectionString);
mydb.CreateDatabase();
create table Eaddress (OID int IDENTITY, title nvarchar(20), name nvarchar(80), lastname nvarchar(70)
)";
database is created and works but how do i set a username and password for the db (an example would be great)
View 3 Replies
View Related
May 15, 2015
I am trying to do a schema compare and data compare via VS2012 and I am getting below error: The reverse engineering operation cannot continue because you do not have View Definition permission on the 'Target' database.
Whats interesting is I created a viewdefinition role and added the group(to which the user belongs) to the role. However I dont get the error if I make the group the dbowner. Is this a bug?
View 2 Replies
View Related
Jun 20, 2007
I have windows 2003 reporting services 2005 that has been working fine. Now all of a sudden when I go to http://localhost/reports I am unable to assign security to folders(the link is hidden) the New data source button is hidden, the new folder button is hidden, upload folder and report builder are also hidden. I am logged in as aministrator.
Also when I connect to reporting services through SQL Mgmt Studio I have the same issue, there are no options for permissions only a general option.
I'm sure it's a permissions issue but what do i do to resolve?
Thx
View 2 Replies
View Related
May 1, 2015
best possible way to provide truncate table permission to a SQL Server Database user (ddl_admin role cannot be granted to the user in my case)
View 3 Replies
View Related
May 10, 2000
Does anyone know the best way to set up NT security. It seems a little confusing as to how to set up NT groups and assign permissions (where do the roles come into it?).
Any help would be much appreciated
thanks
Paul
View 1 Replies
View Related
Nov 9, 2015
I want to grant CREATE, ALTER, VIEW permission to user but not DML permission?
So user can create Object but can't drop and delete it or user cant insert , update,delete from table.
I have Given db_datareader,db_denydatawriter, and granted create, select, alter permission.
But user is able to drop.
View 3 Replies
View Related
May 21, 2013
My company is new to MDS. I am trying to set an attritube in an entity to read only so the users can't change the value in that field. When I did that, the whole model disappeared. I thought I had deleted it by accident so I created a test model and tried to do the same. The test model disappeared. This time, before saving the new settings I took a snapshot. After saving I took another snapshot. You can see that the whole model is gone (zz_RN_Permissions_Test). I tried every other coworker with admin rights and nobody shows it on the Models list. The behavior on the Excel add-in is correct. I can't change any values on that column. But I need to keep the models available.
See before and after snapshots below.
View 8 Replies
View Related
Jan 4, 2008
Hi
I just deploy a report model and want use report builder to create ad-hoc using this report model.
I want some entitis and attributes are not visiable for some user, so I config the model item security for this model.
But no matter which user I use to login the report server, I always can access all the entities.
Even I delete all the groups and users in "Permissions" property of the model, I still can access this model through report builder.
All the user I used to test are local user of server with report service, my server is SQL Server 2005+SP2.
How can I fix it?
View 3 Replies
View Related
Jul 3, 2007
Hi!
Is there a possibility to set the folder security on the report server programatically?
Thanks
Klaus Aschenbrenner
http://www.csharp.at
http://www.csharp.at/blog
View 1 Replies
View Related
Apr 16, 2008
I am having a little trouble with my SRS installation. I have a fresh-out of the box server running Win 2003. I installed SQL & SRS on it. I have successfully deployed my report project and can run reports, etc.
The problem is, even when logged in on the console as the local admin, I can't seem to perform the usual administrative functions on the report server- simple things like hide items in list view. I have no menu options for any of the security stuff, either. I though that the local admin was able to do these things by default. I have a feeling that this has something to do with active directory & role membership? It is like the administrator only has guest privledges.
When I connect to the report server from management studio, I can see the roles but no information about users, no options ot add users to the roles, either. My goal is to simply add a user (Administrator) to the proper role to be able to configure the report server environment.
For what it is worth, this box is simply set up in my home office, no domain, etc. Please be gentle, I am mainly a SQL geek, very little knowledge of Server OS & Windows security.
Any help is greatly appreciated.
JB
View 1 Replies
View Related
Aug 19, 2005
I have just reciently installed and started upgrading the last beta code to this beta and am having a problem conecting to my sqlinstance with the WebSite Configuration Tool.
View 16 Replies
View Related
Nov 9, 2005
The last few lines of the log show:
View 4 Replies
View Related
Oct 30, 2015
If user want to see the grand total for a measure with include all members, even though the user has limited access for that member, so how we can do using DAX?For example, let’s say the total revenue for all the divisions in a cube is $15,000. You create a role called “Division A”, and set it up so members of that role can only see the revenue for Division A, which totals $3,000. If you use a front-end tool like Excel to access the cube and use the division hierarchy to see the total revenue, you will see the revenue of $3000 for Division A, but also want to see the Grand Total for the revenue as $15,000How we can achieve above scenerio in tabular model (DAX).
View 3 Replies
View Related
Feb 12, 2007
I'm attempting to setup the defaco MS security for membership and roles, using a newly created database under SQL 2005 (not express). I created the database using the aspnet_regsql.exe utility and that worked fine. I created my provider connection string logging in as 'sa' wit the proper password. All that seemed to work okay too. However when I attempt to change any of the settings like setting the authentication type or enabling roles, I get the follwing error message: The following message may help in diagnosing the problem: Attempted to perform an unauthorized operation. at System.Security.AccessControl.Win32.SetSecurityInfo(ResourceType type, String name, SafeHandle handle, SecurityInfos securityInformation, SecurityIdentifier owner, SecurityIdentifier group, GenericAcl sacl, GenericAcl dacl) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, SafeHandle handle, AccessControlSections includeSections, Object exceptionContext) at System.Security.AccessControl.NativeObjectSecurity.Persist(String name, AccessControlSections includeSections) at System.Security.AccessControl.FileSystemSecurity.Persist(String fullPath) at System.IO.File.SetAccessControl(String path, FileSecurity fileSecurity) at System.Configuration.Internal.WriteFileContext.DuplicateTemplateAttributes(String source, String destination) at System.Configuration.Internal.WriteFileContext.DuplicateFileAttributes(String source, String destination) at System.Configuration.Internal.WriteFileContext.Complete(String filename, Boolean success) at System.Configuration.Internal.InternalConfigHost.StaticWriteCompleted(String streamName, Boolean success, Object writeContext, Boolean assertPermissions) at System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext, Boolean assertPermissions) at System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext) at System.Configuration.Internal.DelegatingConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext) at System.Configuration.UpdateConfigHost.WriteCompleted(String streamName, Boolean success, Object writeContext) at System.Configuration.MgmtConfigurationRecord.SaveAs(String filename, ConfigurationSaveMode saveMode, Boolean forceUpdateAll) at System.Configuration.Configuration.SaveAsImpl(String filename, ConfigurationSaveMode saveMode, Boolean forceSaveAll) at System.Configuration.Configuration.Save(ConfigurationSaveMode saveMode) at System.Web.Administration.WebAdminPage.SaveConfig(Configuration config) at ASP.security_setupauthentication_aspx.UpdateAndReturnToPreviousPage(Object sender, EventArgs e) at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)Anyone have any clue why this is happening? Do I need to add something to the database as far as users/roles go? I figured 'sa' would have free roam, but something permission-wise just isn't jiving.
View 2 Replies
View Related
Aug 11, 2014
I work on test SSRS setup and trying to give one user enough rights so she can download RDLs from server, but no matter what I do on Folder leverl, on report level her security are still only as a <Browser>. Structure of our Server is:
Home/NewReports/Misc/Report01.
I'm checking those in <Folder Settings>/<Security> where this user is OK (Browser, Content Manager, Publisher, Report Builder).
So she looks OK in all folders Home/NewReports/Misc, but on report level she still only a browser.
Our db team tried everything on SSRS server working with Site settings and Folder option, how to make that report inherit security ?
View 3 Replies
View Related
Nov 28, 2007
Greetings
Running SQL Server 2005. The developers on the project can see and edit stored procedures from within the Visual Studio IDE (via Server Explorer) but when they connect through management studio, the stored procedures do not show up at all.
Is there a seperate security setting specifically for management studio?
The user has:
The dbCreator Server Role
Is mapped to the development database as dbo with datareader/datawriter/db owner/public role
Is mapped to master reader/writer/public
Is mapped to model reader/writer public
Is mapped to msdb reader/writer public
Is mapped to tempdb reader/writer publuc
This is probably more security than the user needs, but was grasping at straws to let them edit stored procedures...
View 4 Replies
View Related
Jan 30, 2008
Hi,
I would like to demonstrate mining temporary models in an ASP.NET application.
Creating, trainning, predicating actions are all witten at C# codes as follows:
Code Snippet
using (AdomdCommand cmd = new AdomdCommand())
{
// Build temporary mining model
cmd.Connection = asConn;
cmd.CommandText = "CREATE SESSION MINING MODEL " + modelName +
" (" +
"HCVS_MemberId Text KEY," +
"HCVS_MeasureDate DATE KEY TIME, " +
"SysPressure LONG CONTINUOUS PREDICT, " +
"DiaPressure LONG CONTINUOUS PREDICT," +
"Pluse LONG CONTINUOUS PREDICT" +
") " +
"USING Microsoft_Time_Series(Missing_Value_Substitution='Mean' ) "; // Periodicity_Hint = '{12}'
cmd.ExecuteNonQuery();
// Train Data
cmd.CommandText = "INSERT INTO " + modelName + " (HCVS_MemberId, HCVS_MeasureDate, SysPressure, DiaPressure, Pluse) " +
"OPENQUERY([Healthcare], " +
" 'SELECT HCVS_MemberId, HCVS_MeasureDate, SysPressure,DiaPressure,Pluse" +
" FROM v_VitalSignForecast WHERE HCVS_MemberId=''" + id + "'' AND HCVS_MeasureDate>=''" + from.ToShortDateString() + "'' AND HCVS_MeasureDate<=''" + to.ToShortDateString() +"'' ')";
cmd.ExecuteNonQuery();
// Predict upon the Train Data. In addition, the standard deviation of each predicated value is retrieved
cmd.CommandText = "SELECT FLATTENED " +
"( SELECT *, " +
" SysPressure + PredictStdev(SysPressure) AS [SysPressure_PlusStdev], " +
" SysPressure - PredictStdev(SysPressure) AS [SysPressure_MinusStdev] " +
"FROM PredictTimeSeries(SysPressure, " + fDays + ") AS SysTable " +
") " +
"FROM " + modelName ;
AdomdDataAdapter adapter = new AdomdDataAdapter(cmd);
DataSet sysDS = new DataSet();
adapter.Fill(sysDS);
The problem is that I do not know how to configure my Analysis Service Server to let ASP.NET account can utilize it. And ASP.NET account in trun impersonates the account who is authorized to use Healthcare DB in the Openquery. Please give a help. Thanks a lot.
Ricky.
View 4 Replies
View Related
May 29, 2007
I'm trying to install SQL Server 2005 Express on a Windows 2000 server, but I'm getting the following error message:
"Failure setting security rights on user account SQLServer2005BrowserUser${computerName}"
Can anyone help me please?
View 1 Replies
View Related
Jun 8, 2007
Dear Helpers,
I can not setup SQL server 2005 express and the full trial version as well.
The setup progress stops at "setting file security", and nothing happens. I dont even get an error message.
This is very annoying. I have local administrator access, so it should work. Op system: Windows XP professional.
Machine: Hp Compaq dc7700p, 1 GB RAM, 80 GB HDD
Thanks for your help in advance.
View 5 Replies
View Related
Oct 24, 2015
How can i assign permissions to a newly created users as of an existing user?
View 3 Replies
View Related
Oct 26, 2015
I have installed new SQLServer2012 instance and my domain user have sysadmin privileges on this instance. I have a restore procedure and it will execute WITH EXECUTE AS 'domainmy username', for all the developers have exec permissions to this procedure. But newly installed server this procedure was failing with the following message. But the same procedure executing fine on other servers.
Msg 262, Level 14, State 1, Line 1
CREATE DATABASE permission denied in database 'master'.
Msg 3013, Level 16, State 1, Line 1
RESTORE DATABASE is terminating abnormally.
View 7 Replies
View Related
Jul 27, 2006
I tried to create a sp on one of the databases on my lap top and got this: Pls help i need it bad
Msg 10314, Level 16, State 11, Procedure ap_Hello, Line 5
An error occurred in the Microsoft .NET Framework while trying to load
assembly id 65695. The server may be running out of resources, or the
assembly may not be trusted with PERMISSION_SET = EXTERNAL_ACCESS or
UNSAFE. Run the query again, or check documentation to see how to solve
the assembly trust issues. For more information about this error:
System.IO.FileLoadException: Could not load file or assembly
'vbtriggers, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or
one of its dependencies. An error relating to security occurred.
(Exception from HRESULT: 0x8013150A)
System.IO.FileLoadException:
at System.Reflection.Assembly.nLoad(AssemblyName fileName, String
codeBase, Evidence assemblySecurity, Assembly locationHint,
StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean
forIntrospection)
at System.Reflection.Assembly.InternalLoad(AssemblyNa me assemblyRef,
Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean
forIntrospection)
at System.Reflection.Assembly.InternalLoad(String assemblyString,
Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean
forIntrospection)
at System.Reflection.Assembly.Load(String assemblyString)
The statement has been terminated.
View 8 Replies
View Related
Feb 3, 2006
I try to create assembly with UNSAFE permissions.
I granted "unsafe assembly" to my login, set TRUSTWORTHY property ON.
Now I have this error:
Could not obtain information about Windows NT group/user <MyDomain>/<MyName>, error code 0x5. (Microsoft SQL Server, Error: 15404).
How to resolve this?
View 6 Replies
View Related
