Lets say i have a database user usrJohn. I have a set of views i want John to see, but i don't want him to be able to see the query that builds that view, but i want that view to show up in his View list. how can I make that possible?
I have an application that uses Integrated Windows authentication. My Web.config looks like below <add key="dbconnection" value=" server=XXX;Initial Catalog=XXX;persist security info=False;Integrated Security=SSPI;Pooling=true" /> When users try to access my application, they get the below error: Execute permission denied on object 'SprocName', database 'DBNAME',Owner,'dbo' The Only way I could get rid off the error is if I set DBO permissions for the user group on the databse. Can someone suggest how to set up a security group with the ‘necessary’ permissions on SQL SERVER (ie read,write execute Sproc etc) and not too many extra ones, like DBO. Thanks,
SQL Server 2005 anomoly? In SQL Server Management Studio I granted specific permissions to user "A" to do Select, Insert, Update, Delete on Table "B" - When I logged on as User "A" and attempted the Insert imto table "B" I got the following error: "Insert Permission Denied on Table B, Database C, Schema dbo" Is this a problem with the dbo schema?
Then I went back and created a stored proccedure "D" with the exact same Insert statement inside the procedure. I granted User "A" execute permission on the stored procedure "D". I then logged on as User A and executed Stored Procedure "D". No Problem - stored procedure executed fine with the Insert. I attempted the Insert statement again - straight SQL - as User "A" and got the same error as above ("Insert Permission Denied.....") Strange behavior - cannot do a SQL. Insert even though user has permissions but can execute a store procedure with the same Insert statement. What gives?
I am attempting to setup SSL with SQL Server 2005. I do not wish to have the domain account that is running the SQL Server Service be an administrator. What rights/permissions does this account require in order to start sql server with an SSL certificate?
I have tried putting the certificate in the local store but you need to be an admin to see it there. If I put the certificate in SQL Server Service account's personal store, I can't start sql server. "The server could not load the certificate it needs to initiate an SSL connection. It returned the following error: 0x8009030d. Check certificates to make sure they are valid." Is the error I get.
I have a custom made database role that has permissions to execute a stored procedure. The store procedure then selects data from some tables. But the role does not have select permissions on the tables. Do I have to allow select on the tables, or can I do this another way?
Hi, I always had the impression to use asp.net membership, in sql server, I needed dbo permission because all its tables and what not always had [dbo] in front of them and "dbo." is all hard coded into their build-in membership classes. In my shared hosting enviornment, I always had to ask my db admin to give me dbo permission explicitly. I saw this article today http://www.aquesthosting.com/HowTo/Sql2005/Providers.aspx and after I followed their direction, by using ec sp_addrolemember 'aspnet_Membership_FullAccess', 'yourUser' go Exec sp_addrolemember 'aspnet_Personalization_FullAccess', 'yourUser' go Exec sp_addrolemember 'aspnet_Profile_FullAccess', 'yourUser' go Exec sp_addrolemember 'aspnet_Roles_FullAccess', 'yourUser' go Exec sp_addrolemember 'aspnet_WebEvent_FullAccess', 'yourUser' got
We resent installed SQL Server 2005 and I am very new to It. Here is what I have done.
Created a new user in SQL server and denied everything for a particular table to that user so that a select * from that table will result in a permissions error. Also that user cannot view the table in SQL manager
The problem now is that that user can create a stored procedure that has the SQL statement Select * from that table and execute the stored procedure to view the table. The reason I created this user is to allow a team in the company to create stored procedures for Crystal. In theory he should be able to create stored procedures but not get any data from the denied tables. How can I achieve this?
Can u guys help me out here? I cannot connect to database from localhost. If i type http://localhost/mobile/default.aspx it will show SELECT permission denied on object 'KATEGORI', database 'mobile', schema 'dbo'. I try giving permission to ASPNET account and also IIS account to the database 'mobile' but nothing works. But if i give permission to IIS using integrated windows authentication it works in localhost but not when i use ip address example : 202.189.176.145:10334/mobile/default.aspx. It will prompt username, password and domain i think. How can i configure sql server to give permission for iis ?
Environment: Visual Studio .NET 2003 on pc (Windows XP Pro) in workgroup A, ASP .NET application on server (Server 2000 w/ IIS 5 in workgroup A), SQL Server 2000 on same server (Enterprise Edition)..........all on Intranet with static IP's for all machines.
I have the {servername}VSDevelopers group with sysadmin priveleges on SQL Server. I have the {servername}ASPNet user with public on SQL Server.
I can create stored procedures in database ABC on SQL Server from Visual Studio on pc(default named to dbo.{stored_procedure_name}).
I can edit same stored procedures in database ABC on SQL Server from Visual Studio.
I get EXECUTE error when trying to run stored procedure via ASP.NET application on server.
I check, and permissions to objects on SQL Server for VSDeveloper group shows as no permissions.
I set the permissions for all user created objects (tables, stored procedures) to "full" for VSDevelopers.
I'm trying to run the Bulk Insert statement but in order for me the run it, i need to have the sysadmin permission. Can someone show me how to grant sysadmin permission to my SQL Server user? This is really urgent. Thank you in advance.
I originally installed SQL Server Express 2005 on my computer using Windows Authentication mode, and discovered when I tried to add another user/login that I didn't have permission to do so. This is rather odd as the windows account that I installed SQL server with is the system admin for the computer.
I have successfully changed the login mode to mixed, and have tried to login in as "sa", but it appears that "sa" was given some sort of password (did SQL server automatically generate one?), and I don't know what it is. When I go into command prompt and try to change the password, it says that it cannot alter the login 'sa' because it does not exist or I do not have permission (i'm pretty sure it's the later, as 'sa' shows up on the list of logins in SQL server express).
TITLE: Surface Area Configuration ------------------------------
System.Web.Services.Protocols.SoapException: The permissions granted to user 'KAMRANSHAHIDIUSR_KAMRANSHAHID' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'KAMRANSHAHIDIUSR_KAMRANSHAHID' are insufficient for performing this operation. at Microsoft.ReportingServices.Library.RSService.SetSystemProperties(Property[] properties) at Microsoft.ReportingServices.WebServer.ReportingService.SetSystemProperties(Property[] Properties) --- End of inner exception stack trace --- at Microsoft.ReportingServices.WebServer.ReportingService.SetSystemProperties(Property[] Properties) (System.Web.Services)
The permissions granted to user 'KAMRANSHAHIDIUSR_KAMRANSHAHID' are insufficient for performing this operation. (rsAccessDenied) (Report Services SOAP Proxy Source)
For help, click: http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings&EvtID=rsAccessDenied&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=9.00.1399.00
------------------------------
The permissions granted to user 'KAMRANSHAHIDIUSR_KAMRANSHAHID' are insufficient for performing this operation. (rsAccessDenied) (ReportingServicesLibrary)
For help, click: http://go.microsoft.com/fwlink/?LinkId=20476&EvtSrc=Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings&EvtID=rsAccessDenied&ProdName=Microsoft%20SQL%20Server%20Reporting%20Services&ProdVer=9.00.1399.00
I'm having trouble doing a basic permission, I need to prevent one user from seeing one column in a view, such as a students phone number. However, when I deny the user from seeing the column it denys the user from viewing the entire view. Can someone tell me the correct way to deny the user from just the one column.
We have a web app that accesses Sql Server 2000 using windows authentication. We recently installed SQL Server 2005 on a new server and are in the process of porting the data from SS2000 over to 2005. I expected some problems, but I've run into something that seems like it should be relatively simple to solve, yet I have been banging my head against the wall for a couple of days. After changing the connection string in web.config of the web app to point to the new SQL Server 2005 database, I keep getting ... SELECT permission denied on object 'tUser', database 'GDoc', schema 'dbo'. The problem is, when I go into Management Studio and check the permissions, the user I'm logged in as DOES have select permissions on that database. What am I not doing? Am I forgetting something simple?
I gave a user all required permission to view the SSRS report. User is able to select from the dropdown list but unable to view the data, It is showing a blank screen.
I have a stored procedure in my asp.net 2.0 app that will not run. I am using an sqlcommand object and executenonquery. At first I received an error "execute permission denied". I had already given the user on sql server read and write permissions. So -- since I was not passing the sql server userloginid or password in the connection string, I tried changing the connection string in my web.config to:
"data source=xxxSQL2005;initial catalog=AdventureWorks; User Id=myid;password=mypasswd"
now I get an error that the login has failed for user xxx. So I am wondering what I need to do to run stored procedure in a web app. I am using the full sql server version not express.
I was able to build and Preview the report, but ran into an issue when trying to deploy the report that I created. After reviewing various postings on this issue, I still can't seem to get past the issue.
Currently running SQL 2014 Developer Edition, SQL Server Data Tools for VS 2013, and O/S Windows 8.1 all on the laptop. I followed the video and left the default value of LocalHostReportServer. System said LocalhostReport Server could not be found.
I went to SQL Configuration Manager and tried using the Logon as the URL. Still received the same error.
I went to Reporting Services Configuration Manager and used the URL, still received the same error.
Setting status of unmanaged components and removing unmanaged resources
Error Code: 29506 MSI (s) (20:FC) [09:07:19:951]: Leaked MSIHANDLE (15949) of type 790531 for thread 1116 MSI (s) (20:FC) [09:07:19:951]: Leaked MSIHANDLE (15835) of type 790531 for thread 1116 MSI (s) (20:FC) [09:07:19:951]: Note: 1: 2769 2: Do_sqlFileSDDL.D20239D7_E87C_40C9_9837_E70B8D4882C2 3: 2 MSI (s) (20:28) [09:07:19:998]: I/O on thread 2876 could not be cancelled. Error: 1168 MSI (s) (20:28) [09:07:19:998]: I/O on thread 3704 could not be cancelled. Error: 1168 MSI (s) (20:28) [09:07:19:998]: I/O on thread 172 could not be cancelled. Error: 1168 MSI (s) (20:28) [09:07:19:998]: I/O on thread 1360 could not be cancelled. Error: 1168 MSI (s) (20:28) [09:07:19:998]: I/O on thread 1908 could not be cancelled. Error: 1168 MSI (s) (20:28) [09:07:19:998]: I/O on thread 3180 could not be cancelled. Error: 1168 MSI (s) (20:28) [09:07:19:998]: I/O on thread 3836 could not be cancelled. Error: 1168 MSI (s) (20:28) [09:07:19:998]: I/O on thread 2784 could not be cancelled. Error: 1168 MSI (c) (7C:58) [09:07:19:951]: Disallowing shutdown. Shutdown counter: 0 Error 29506. SQL Server Setup failed to modify security permissions on file C:Windowssystem32SQLAGENTCTR90.DLL for user Rick. To proceed, verify that the account and domain running SQL Server Setup exist, that the account running SQL Server Setup has administrator privileges, and that exists on the destination drive. MSI (s) (20!5C) [09:07:19:998]: Product: Microsoft SQL Server 2005 -- Error 29506. SQL Server Setup failed to modify security permissions on file C:Windowssystem32SQLAGENTCTR90.DLL for user Rick. To proceed, verify that the account and domain running SQL Server Setup exist, that the account running SQL Server Setup has administrator privileges, and that exists on the destination drive.
MSI (s) (20:74) [09:07:20:014]: Executing op: ActionStart(Name=Rollback_SetServerSSNLDefaults.D20239D7_E87C_40C9_9837_E70B8D4882C2,Description=Setting Client Network Default Settings,) Info 2769.The installer has encountered an unexpected error. The error code is 2769. Custom Action Do_sqlFileSDDL.D20239D7_E87C_40C9_9837_E70B8D4882C2 did not close 2 MSIHANDLEs. MSI (s) (20:74) [09:07:20:045]: Executing op: CustomActionSchedule(Action=Rollback_SetServerSSNLDefaults.D20239D7_E87C_40C9_9837_E70B8D4882C2,ActionType=1345,Source=BinaryData,Target=Rollback_SetServerSSNLDefaults,CustomActionData=010Setting Client Network Default Settings10000MSSQLSERVERMSSQL.1MSSQL.111)
I'm trying to figure out why this SQL Agent job keeps failing.
We used management studio, and connected as mydomainmyuser, and developed a script to take a backup file from a network share and restore it. It worked fine in SSMS under that login.
After we got it working , we created a SQL Agent job on the same server to run the script, and set the agent job to run under that account that we tested with.
This is the error message we got:
"Executed as user: mydomainmyuser. Create Database permission denied in database master'.
So, I gave that login the rights to Create Database and Create Any Database. Then the error message changed to:
"Executed as user: mydomainmyuser. User does not have permission to RESTORE database 'mydatabase'. [SQLSTATE 42000][ERROR 3013] RESTORE DATABASE is terminating abnormally. [SQLSTATE 42000] (Error 3013). The step failed. "
* I can't use SA for the job account, because the SA account doesn't have rights to see the network folder where the backup file sits, so it has to run under the domain account. * The user is a member of the dbcreator role - and the serveradmin and sysadmin roles * The user is a member of dbowner on the database I am trying to overwrite with the restore * I have given the user the rights CREATE DATABASE and CREATE ANY DATABASE
The only suspicious thing I found was that it appears the server was renamed at one time. When I looked at the login in management studio, I was not able to change some of the rights. On the Securables page, it shows the server name as "MyServer-New", but the server name is "MyServer". It is a replacement, and I suspect that when they did the replacement they named it "MyServer-New", set everything up, then renamed it.
I found this post listed below, and ran the script (shown below), and it showed that the server name was MyServer and the ServerInstanceName is MyServer-New
[URL] .....
SELECT HOST_NAME() AS 'host_name()', @@servername AS 'ServerNameInstanceName', SERVERPROPERTY('servername') AS 'ServerName', SERVERPROPERTY('machinename') AS 'Windows_Name', SERVERPROPERTY('ComputerNamePhysicalNetBIOS') AS 'NetBIOS_Name', SERVERPROPERTY('instanceName') AS 'InstanceName', SERVERPROPERTY('IsClustered') AS 'IsClustered'
I can't reset SQL until the next maintenance window to test changing the server name as outlined in the post.
Am I on the right track with the name change messing up permissions, or is there something else I need to check?
The requirements are: 1. the user has read-only permissions to dbo tales. 2. the user can do everything within the rpt schema, which contains all objects analyzing dbo tables. 3. the user does not have any permission outside rpt schema, except permissions in #1.
The current solutions are: 1. grant the user select only on dbo tables. 2. make the user the owner of rpt schema. 3. Grant the user database permission on create table/create procedure/create view/create function.
My question is - in step 3, should I just grant "Alter" database permission to the user? Granting Alter seems to be cleaner and simpler. According to MSDN,
"Alter" confers the ability to change the properties, except ownership, of a particular securable. When granted on a scope, ALTER also bestows the ability to alter, create, or drop any securable that is contained within that scope.
Edition: SQL Server 2005 Standard I am trying to take a snapshot of a database for use in a publication. The account under which the snapshot agent is running is set to have the db_owner role for the database and have write access to the snapshot share.
I can not get the snapshot to run unless the account under which the snapshot agent is running is granted the sysadmin fixed server role. Because of the security implications of this, I don't want to grant these permissions.
As far as I am concerned, the minimum requirements for the snapshot account have been met and I have tried every other alternate that I can think of. I've checked MSDN and the newsgroups but I still have not solved the problem.
The error that I get when I run the snapshot.exe from the command line is: The remote server "TURING" does not exist, or has not been designated as a valid Publisher, or you may not have permission to see available Publishers.
This error message has now inexplicably changed to: You do not have sufficient permissions to run the command...
What role or system privilege do I need to grant to a user if he need to read the data from a table which is in a link server object? where I can find the document about these commands.
When assigning permission to an authentication user to connect to a server database, if I want the user to be able to insert / update / delete data on db objects specifically tables, what permission should be assigned to that user?
My thoughts were Insert / Update / Delete; however, someone suggested that the Execute permission would do this ...
I have a user who needs access to views like(dbo.viewnameabc1,dbo.viewnameabc2 and so on...) dbo.viewnameabc* and anytime the user creates the view he already have the permission to view those views....
I'm having trouble getting off the ground with the Web application walkthrough "Walkthrough: Creating a Web Application Using Visual C# or Visual Basic" in VS.NET Pro 2002 [Academic] documentation. After a bit of fishing around, and consulting the MS Knowledge Base, I got the pubs database installed. I also got the connection to work well enough that the dataset would fill in the IDE.
The problem is that when I try to run the web form, either from the IDE debug menu, or by accessing the .aspx file on localhost using Firefox, I get the error: SELECT permission denied on object 'titles', database 'pubs', owner 'dbo'. showing in the browser. My understanding is that this page is running as ASPNET, and I did already carry out the recommended commands to enable access: C:>osql -E -S MY-MACHINE-NAMEVSDOTNET -Q "sp_grantlogin 'MY-MACHINE-NAMEASPNET'" C:>osql -E -S MY-MACHINE-NAMEVSDOTNET -d Pubs -Q "sp_grantdbaccess 'MY-MACHINE-NAMEASPNET'" both of which commands returned successfully. Any suggestions as to what else I should do to get the necessary permissions to actually display the data in my browser? Does the IIS user account need permission also?
Thanks for any insight into this vexing problem. I must say that along the way, I have had some fun exploring the osql comand-line tool. Using the -E switch, I have been able to run select and upgrade queries, but this is all pretty much fishing in the dark. I would like to get back to actually working with the walthroughs in the Visual Studio documentation.
Hello All,I tried to set the access permissions for debugging stored procedure by reading the articlehttp://msdn2.microsoft.com/en-us/library/w1bhybwz(VS.80).aspxandhttp://technet.microsoft.com/en-us/library/ms164014.aspxI have tried to add the role to sysaminas follows1)SELECT * FROM INFORMATION_SCHEMA.ROUTINES WHERE ROUTINE_NAME = 'sp_sdidebug'(to find the sp)Error:--The stored procedure not found2)sp_addsrvrolemember 'Developmentswati.jain', 'sysadmin' though this is executed successfuly . Error is still persisting Cannot debug stored procedures because the SQL Server database is not setup correctly or user does not have permission to execute master.sp_sdidebug.
-A "master domain" AD, a "sub domain" AD, a trust relationship between the two (sub trust master) -A sql server 2005 on a win server 2003 in "sub domain" AD -A linked server to "sub domain" AD -A linked server login using a "sub domain" admin acccount -A view to this linked server -A grant on masterDomain/Domain Users to the database -A grant on subDomain/Domain Users to the database -We want all connections done through "Windows Authentication" not "Database Authentication".
Queries on the view work fine using "sub domain" user accounts. Queries on the view fail using "master domain" user accounts (including master domain admin accounts)
"Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation."
All connections are done through "Windows Authentication" not "Database Authentication".
Can we establish cross domain connectivity with "Windows Authentication" ?
Below are details of the implementation:
SELECT TOP (100) PERCENT * FROM OPENQUERY(ADSI, 'SELECT displayname, givenName, sn, cn (etc...) FROM ''LDAP://OU=PEOPLE,DC=subDomain,DC=com'' WHERE objectCategory = ''Person'' AND objectClass = ''user'' ')
In SQL Server Mngt Studio in Server Objects/Linked Servers/Providers/ ADSI properties security tab I have:
"connections will: <be made using this security context> Remote login:'subDomainAdminAccnt' With password: 'subDomainAdminAccntPassword'
Error: Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
Msg 7320, Level 16, State 2, Line 1
Cannot execute the query "SELECT displayname, givenName, sn, cn
FROM 'LDAP://OU=PEOPLE,DC=subDomain,DC=com'
WHERE
objectCategory = 'Person'
AND objectClass = 'user'
" against OLE DB provider "ADsDSOObject" for linked server "ADSI".
i have created a new login in primary server and provided dbowner permission to primary db.how do i transfer this login to secondary server and assign the same permission to secondary db ?