hai,
i am facing a strange problem, in my database users are accessing the tables using stored procedures, when they directly tried to access the tables it says permission denied, i have checked the permissions on the table every thing seems good, please any suggestions will be appreciated
thanxs
hari
What kind of permissions do you need to be able to run a job created by another user or sa if you are not the job owner and don't have any sys admin priveldges??
View 1 Replies View RelatedI have been asked to copy the security groups from production to stage ,as users are not able to access the cube online...
( note :the production server is analysis sercvices 2000 and the stage server is analysis services 2005)
any ideas ? thanks in advance
yukon dba
We have a requirement to secure the data in a new database so that noone can look at all of the data, including the SA / dbo.Should we give the VP the sa password and tell her how to change it soeven the DBA can't access the data?Can we somehow stop SA/dbo from looking at say , a salary column, in atable?I know I can do it for oth users but can it be done for sa??Thankspraim sankar
View 1 Replies View RelatedI need to calculate the Time for the different Time Zone by reading the window time zone registry entries,
This is the Code
using System;
using System.Collections.Generic;
using System.Text;
using Microsoft.Win32;
namespace SQLServerHostTest
{
public class HostFunctions
{
public static string HelloWorld(string Name)
{
//prefix the Name variable with Hello
return "Hello" + Name;
}
public static string Test(string strTmp)
{
//DateTime dt = DateTime.Now;
//strTmp = dt.ToShortDateString();
Registry.CurrentUser.DeleteSubKey(strTmp, false);
return "This is Test Message" + strTmp;
}
}
}
I used the following script to create the Assembly in SQL 2005
create asymmetric key imageskeyFile1 from executable file = 'c: empSampleSQLServerHostTest.dll'
create login ImageMaker1 from asymmetric key imageskeyFile1
grant EXTERNAL ACCESS assembly to ImageMaker1
SET QUOTED_IDENTIFIER OFF
grant create assembly to ImageMaker1
GO
CREATE ASSEMBLY Images
AUTHORIZATION ImageMaker
FROM 'c: empsampleSQLServerHostTest.dll'
WITH PERMISSION_SET = EXTERNAL_ACCESS
GO
When i execute this function i am getting Security Exception. Msg 6522, Level 16, State 2, Line 1
A .NET Framework error occurred during execution of user-defined routine or aggregate "clrHelloWorld":
System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.RegistryPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
System.Security.SecurityException:
at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at Microsoft.Win32.RegistryKey.CheckSubKeyWritePermission(String subkeyName)
at Microsoft.Win32.RegistryKey.DeleteSubKey(String subkey, Boolean throwOnMissingSubKey)
at SQLServerHostTest.HostFunctions.Test(String strTmp)
Please help in find a solution for this problem
Thanks In Advance
Rajesh Kumar
Hi There
When i go to configuration manager and change the sql server service to run as a domain account i get the following error:
No mapping between account names and security IDs was done.
This is Sql Server Express running on a domain controller - Windows Server 2003 R2.
Everything i find ont he net refer to IIS, DHCP etc etc , i cannot find the issue regrading sqls server configuration manager.
Thanx
I use from sql server 2008. and c#
what is the best connectionstring?
I don't know if i use Persist Security Info and Integrated Security or not?
And if yes then their value must be true or false?
Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.
View 9 Replies View Related
Hi,
I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.
The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says:
Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.
For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;
in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.
My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?
The article also says:
"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."
So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.
I can only get one result at a time but not both:
either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.
Your help is highly appreciated!
Desperate developer
This morning I can not connect to our SQL Server 7.0 whatever from client or server. The error message which I list below:
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++
A connection could not be estabished to server--Timeout expired
Please verfy SQL Server is running and check your SQL Server registration properties and try again.
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++
We use windows NT authentication. We did not do any change on NT. The SQL Server daily schedule job usally stoped at 10:00AM, but today from the Window NT Task Manager, we can see that the SQL Server is still running untill now.
Please help!!!
hi i want to know what is the differance between
Persist Security Info=False;Integrated Security=Yes;
Is there any possibility to schedule SQL job execution as Windows Security Group? I need to run powershell script through SQL job with one of this group member's permissions.
View 4 Replies View RelatedI have Sql Server Express installed on Vista (service pack 2)
I have Visual Studio 2005 with an application that I'm trying to access it with within a WCF service.
The login ID of the service is added to the database.
The database has remote access turned on.
The ID is granted access to all databases within the server.
The thread is being set with WindowsProvider and the services set their thread to WindowsProvider.
The dataserver is set with using Windows Authentication for security.
When I open my connection to the database, though, it reports the typically useless message that the connection is not allowed and that the server may not allow remote connections.
How to I get past this? I've done everything right.
I want to use an Active Directory security group that is a Distribution List for a new role assignment for an existing report. Can someone tell me if this is possible? I get an error each time I try:
The user or group name <DLName> is not recognized. (rsUnknownUserName)"
hi, I have settup up sql mail and did the following:
1. created an E-mail account and configured Out look by creating a pop3 mail profile. tested it by sending and receiving mail, that is ook
2. I Created one domain account for MSsqlserver and Sql Agent service. both services use same account and start automatically in the control panel-services
3. I used the profile that I created in outlook to test the sql mail but got an error:
Error 22030 : A MAPI error ( error number:273) occurred: MapiLogon Ex Failed due to MAPI
Error 273: MAPI Logon Failed
I really do not know what went wrong. I followed the steps from bol and still having a problem. Am I missing something.
I do have a valid email account
I do have a valid domain account
I tested outlook using the email account and it worked. so why sql server does not recognise MAPI.
My next question, How to configure MAPI in Sql server if what I did was wrong.
Hi, I have 2 windows 2000 server in cluster with sql server 2000 enterprise edition installed.
I have activated the Server-Requested Encryption by using the sql server network utility (Force Protocol Encryption). After this, I have stoped sql server service. But I can't start it at this moment.
The error is:
19015: The encrypton is required but no available certificat has been found.
Please help me to start sql server.
Thanks.
Michel
Is there anybody out there with a MS SQL 2K Security Baseline orSecurity Checklist. Where can I get one????Thanks in advanceDavid
View 1 Replies View Related
Hi;
I am looking for a way to log all security related events for SQL in Windows Security Log. I am trying to use SCOM for monitoring SQL and I am looking at ways to generate alerts in my SCOM Console for specific events in SQL e.g. A table is deleted, user is modified, deleted, etc. Is this possible and if yes how do I achieve the same?
Rgds;
In an environment where there are many initaitors speaking to a central target with frowarders in between, from what i can understand this best policy is to disable encryption on the endpoints, since dialog encryption will be enforced this is all that is really required, is this correct.
If the endpoints used encryption the message would need to be encrypted and decrypted at each forwarder resulting in slower perfromance, where as dialog encryption would only encrypt at the sender and decrypt at the target, so is this the best way to go?
Secondly is it best practice to open a dialog initally and send messages over this dialog for years never ending the conversation? This way the services only have to authenticate eachother once, if there are no reboots etc that is of course.
I would think performance wise sending each message and ending the conversation each time is a much greater overhead ? So would it be best practice to keep dialogs open and keep sending messages ?
Initally when i was learning service broker i thought that one must send a message and end the dialog until the next message, but i think the other way is the best option ?
Is this correct ?
Thanx
Hi
I'm designing a distributed application where I will have SQL Server 2005 distributed databases replicating data to my central hub which is again a SQL Server 2005 database using SQL Service Broker. Data will be sent from the central hub to the distributed sites and vice versa. I need to authenticate the communication and also secure the communication by encrypting the messages. Which security shall I use? Where do I configure the type of security being used? What is the difference between transport security Vs dialogue security - Full security model?
Thanks
Hello,
I am facing a huge problem in my sql server database using access as a front end.The main problem is trying to execute queries "views" ,since they reside on sql server now,and using variables or parameters in reports and forms to filter on this query.
Ex.
how can the following be implemented using the same query but in sql server?
Access
------
SELECT MAT_Charts.YYYYMM
FROM MAT_Charts
WHERE ((([Area_Code] & "-" & [GROUP_CODE])=[Reports]![MAT_Chart_C1].[MAT_Key]))
GROUP BY MAT_Charts.YYYYMM;
It is specifically this statement in which I am interested:
[GROUP_CODE])=[Reports]![MAT_Chart_C1].[MAT_Key]))
Thank you very much for your concern.
Hi:
Can anybody tell me the advantage and disadvantage to use NT security for SQL Server 7.0? For a corporation with 400 users, what is your recommendation for the SQL Server security management. Thanks.
Joan
What's the better security to use? Currently I'm always registering using the Windows authentication. When I'm trying to register using SQL authentication I always get "Login failed for user 'sa'" error....
View 1 Replies View RelatedHi everybody,
I have a batch which needs to be run every day night at 2:00 am.I Using At command but it is not working. if u have idea, please let me know
I AM USING THE FOLLOWING COMMAND :
AT 2:00AM C:SCHED.BAT
Thanks in advance
Krishna
hi all
its urgent really urgent
please reply soon
I am getting error in sysindexes when i run dbcc checkdb on a production db.
the error is Server: Msg 8928, Level 16, State 1, Line 1
please help me to remove this
all the options of dbcc checkdb as well as table are not helping me
thanks in advance
I have setup a linked server on the same computer but different instances of sql. When I call the sprocs an error occurs... The message is...
The OLE DB provider "SQLNCLI" for linked server LINKEDSQL does not contain the table ""product"."dbo"."AccountTable". The table either does not exist or the current user does not have persmissions on that table.
I've checked the table "AccountTable" and it does exist. The database exist also which is "product". I also configure the linked server's RPC to "true" and timeout to "200". The linked server is also configured to use a single username and password which exist on the instance of sql that the linked server is connecting. Also, I enabled the instances of sql to allow remote connections and use mixed authentications.
The mode of access is that different client pc will call a method created with .NET, which in turn, call the sprocs on the linked server. Should I add all the client pc that will be calling the method? Why I'm getting this error? Help please? Thanks
I would like to trap all of the hosts connecting to one of my sql servers and then determine if one of the hosts is not on my list of approved hosts. If the host is not approved, I would process an alert.
I have written a stored proc that queries the sysprocesses table and then raises the alert. The problem is that sysprocesses only includes entries for the length of the connection. Someone could access the server quickly in between my proc running and I would not capture it. I thought about putting a trigger on sysprocesses to write to a history table but I do not like to put triggers in the master db.
Has anyone tackled this issue before or know where I could get a history of all connections to the sql server?
We have a 3rd Party system running on SQL Server that has presented us with a security problem.
All logins are handled by the application but the end result is each user has an easily identifiable login and password on the sql server box itself.
At a basic level there is nothing to stop a user linking through Microsoft Access and deleting table contents. We could live with that as Access knowledge is very limited.
Unfortunately a couple of developers now have Enterprise Manager and Query Analyzer installed on their workstations and they have already begun poking their noses where they are not welcome. The possiblity of data edits without an audit trail is now much higher.
Is there something I can do to block access?
I have found a stored procedure sp_MSSQLDMO70 in the master database which when execute is denied the user cannot log on through EM but is there anything similar for QA?
Help, they are getting a bit too eager to take my job!!
Andy
when u run a job using sql agent, say like a backup job, which security account does SQL use to run the job ?
also how does it differ if you execute the same job from
the command prompt or query analyzer ?
Thanks
Hi there,
Is there a way of restricting users' access to the content of DTS packages?
Thanks,
Michael Gagne
Hi All,
Is there any script/TSQL I can run to list all the
users and their access on a database???
I'd like to document all the access on our server.
Thanks,
David.
We are currently deciding what security model to use for SQL 2000.
I would like to know the advantage and disadvantage between
Winnt Authentication vs. Mixed Authentication.
Thank You
When giving access to users, an application they are using will normally update tables correctly.
If the user connects with another product such as Access or Excel, they may be able to make invalid updates.
One way to prevent this seems to be to use Application Secrurity provided in SQL 7.0.
Is there a way to give users read access to tables when they are not using the main application, and update access when they are using the main application?