I have granted execute on the dbo schema to a sql user so that he can execute available procedures in the dbo schema. However when he executes a procedure ie..
exec dbo.myproc
The following error is returned:
Msg 229, Level 14, State 5, Line 2
SELECT permission denied on object 'MyType', database 'Mine', schema 'dbo'.
MyType is a table
How can I correct this behavior?
I don't want the user to be able to access the tables except via the procedure calls.
The permissions granted to user 'domainusername' are insufficient for performing this operation. (rsAccessDenied)
Hi,
I wonder if anyone can help me?
I have installed and configured sql server 2005 express edition with advanced services on an xp box, with the aim of using reporting services.
I have set up reporting services successfully using the report manager, with my web services id = netwrokservice.
I can access both the report manager and report url locally, i.e while using localhost anjd on the machine. The problem arises however when i try to access
the reports from another machine, as i get the message:
"The permissions granted to user 'domainusername' are insufficient for performing this operation. (rsAccessDenied)"
I have looked at various sites (including microsoft) in an attempt to find a solution to this and most sites give exmaples of how to configure the full
version of reporting services which i do not have. The things that I have managed to gleam and try are:
- open up security on dir: C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportServer to everyone and allow all access - added my own username as a new role assigment in the report manager page - added my own username to the reportserveruser and reportingserviceswebservicesuser roles, as indicated by microft:
http://msdn2.microsoft.com/en-us/library/ms365166.aspx, who state that "Custom authentication extensions and custom role assignments are not supported. You
must map existing Windows domain user and group accounts to predefined role definitions."
Can anyone suggest where to look next as I cannot believe that this should be this difficult?
I have an application that talks to an access db located on a 2000 server. I would like grant permissions to the application instead of a specific user. Any help would be great...
Can a user be granted the ability to create stored procedures with read only capabilities? I wouldn't mind be able to UPDATE but simply need to read only.
The Report server is configured to use a custom security extension. i can access the reportserver.
It looks like when i deploy the reports from VS. it does not pass any credentials to the report server. From the error message it looks like there is no username . How do i deploy reports to report server if we are using a custom security extension. How do i grant user rights to deploy report if we are using a custom security extension. Any idea. Thanks!
I have installed and configured sql server 2005 express edition with advanced services on an xp box, with the aim of using reporting services.
I have set up reporting services successfully using the report manager, with my web services id = netwrokservice.
I can access both the report manager and report url locally, i.e while using localhost anjd on the machine. The problem arises however when i try to access
the reports from another machine, as i get the message:
"The permissions granted to user 'domainusername' are insufficient for performing this operation. (rsAccessDenied)"
I have looked at various sites (including microsoft) in an attempt to find a solution to this and most sites give exmaples of how to configure the full
version of reporting services which i do not have. The things that I have managed to gleam and try are:
- open up security on dir: C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportServer to everyone and allow all access - added my own username as a new role assigment in the report manager page - added my own username to the reportserveruser and reportingserviceswebservicesuser roles, as indicated by microft:
http://msdn2.microsoft.com/en-us/library/ms365166.aspx, who state that "Custom authentication extensions and custom role assignments are not supported. You
must map existing Windows domain user and group accounts to predefined role definitions."
Can anyone suggest where to look next as I cannot believe that this should be this difficult?
Hi, I've scoured the forums and tried just about every answer to this problem without any success. What I have is SQL Server 2005 installed on a single machine, and trying to deploy reports to the same machine for testing purposes. When I try to deploy the report I receive the permissions error. Here's what I've gotten to at this point:
I can get to the reports URL (http://machine/Reports)
I can login to Reporting Services via SQL Server Management Studio as the administrator. (Windows Authentication)
I have added my login to the Home Folder-->Permissions in SQL Server Management Studio, and all reports are set to inherit the home folder's permissions
In Reporting Service Configuration Manager the Windows Service Identity is set to Local System, and for web service identity - ASP.NET Service Account is set to NT AuthorityNetworkService; Report Server and Report Manager are set to DefaultAppPool.
In IIS I tried enabling Anonymous Authentication
Current Application pools are set to "Classic" for Managed Pipeline mode (I did this to actually be able to login to Reporting Services via SQL Server management studio; having this set to integrated gives me an error) What gets me is that this is entirely self-contained on one machine, that I set up as an administrator. So why do I get a permissions error when I am the admin on this machine deploying to this machine?
I wanted to deploy my Sql 2005 reports to my local machine and want it to get viewed by all the users through Asp.Net application.
User can directly view the reports by clicking on the direct link to report but when they try to view it using application having Report Viewer, running on iis it gives acess denied 401 error and can't view the reports
If I make my application to run on default port then it works fine
If I give rights to <particularMachineNameASPNET> then that user can view the report but if there are 100 users then will i Add 100 such entries???
i finally got SSRS(SQL Server Reporting Services) to install properly and and it was working before i had to restart my PC after restarting my PC i went back to the Domain/Reports$SQLExpress and the menus where Blank it just showed the help link and the border. so i opened the Domain/ReportServer$SQLExpress and it said
The permissions granted to user 'DOMAINOwner' are insufficient for performing this operation.(rsAccessDenied) Get Online Help and there is no Login Box Popping up How do i get it to Login - Its set to use Windows Authentication what sould i doo please help ive had one problem after another with this SSRS
In some our dotabases I can see Schemas created with the same name as Domain User name (domainusername). Schema owner for those schemas is not dbo but the same user as in schema name. How this happens? Is any way to prevent or prohibit this?
My question is: What is the difference b/w schema, owner and user in SQL Server 2005. The reason for asking is that when I login as a user say 'user1' and create objects under it.. they should show up in its own schema - right. Because this is how Oracle works. Now we are not seeing this behaviour in SQL Server2005. Instead, we see the object created with <dbo>.<object_name>.
Is it possible to set up the permissions to not allow a specific user to create schemas, but to allow that user to create tables and procedures and functions in one schema, and to create procedures and functions but not tables, in a different schema within the same database?
I have created a user Finance and I want to grant him access only to see views which are created under Schema called "FinanceQuery".
Note: View may use tables from multiple schemas example: dbo. Staging. ectÂ
By doing this, I want to achieve that this user Finance can see only Views created under Schema FinanceQuery and should not see any other objects (tables, Stored Procedures, Functions etc.)
1. Ability to read and write records in tables in both the X schema and Y schema 2. Ability to read metadata about objects in the X and Y schema 3. Ability to execute stored procedures in the X and Y schema 4. Ability to create and update the necessary schema objects used by X, including but not limited to tables, views, and indexes 5. CREATE FUNCTION permission 6. ALTER and EXECUTE permissions on the X schema 7. VIEW DEFINITION permission on the X and Y schemas to enable view export.Â
For the point 1, I will assign db_datareader,db_datawriter database roles to the user
For the point 2, when I have searched web, I found out ReadDefinition permission should be granted. I could find only viewDefinition but not ReadDefinition.
For the point 3, 'USE DataBaseName GRANT EXECUTE TO User; Go' - does this sql suffice?
For the point 4, I am not sure what should be done.
For the point 5, 'USE DataBaseName GRANT CREATE FUNCTION TO User; Go' - I guess this will work
For the point 6, Can I use same SQL as point 3 including ALTER ?
For the point 7, 'USE DataBaseName GRANT VIEW DEFINITION TO User; Go'
Hi all, I am trying to establish a "sandbox" database for a group of users/developers whereby each user has their own schema and complete control over their schema and only their schema.
I began by creating user logins (Windows Authentication), created schemas for each user where the corresponding login is the owner, and set the schema as default for the user.
At this point, the logins only had "public" and could not create tables. I then granted the Create Table privilege which allowed them to create a table in their schema. However, they could also create tables anywhere else in the database including another user's schema. How can I set up an enironment where each user has control over just their schema? What permissions would I need to grant and at what level (database,schema, etc.). I also need them to be able to grant privileges on their own schema and/or schema objects. Any help would be greatly appreciated.
do the following steps:1:Use Manage Studio login the server with Integrated security.2:Create a dabase named testdb;3:Create a SQL Server login named amber ,and set it to be dbowner oftestdb;4:Create a SQL Server login named guxiaobo ,set it's default databse tobe testbd,and in the testdb databse map login guxiaobo to userguxiaobo;5:Close Manage Studio and reopen it ,this time use login amber log tothe server.6:In database testbd create a databse role role1 owned by dbo;7:In database testdb create a schema schema1 owned by dbo;8:Set user guxiaobo to be member of role1,and set guxiaobo's defaultschema to be schema1;9:In the schema properties-schema1 dialog choose permissions,in theusers or roles listview I add role1 to it.in the explicit permissionsfor role1 listbox,I choose select /update/insert/delete/view definitiongrant checkboxes.and apply the selects.10:In the schema1 schema I create a table:create table a(a int ,bvarchar(10));11:In the dabase role properties-role1 dialog choose securables panel,int securable listview I add the schema1.a table( choose all thecolumns of table a for all permissions),and in explicit permissions forschema1.a I choose all for grant ,then apply the selects.12:Now I use login guxiaobo to log into dabase and issue "select * froma",but got a error msg saying guxiaobo has not enough permission toselect form table a.Does anyone has found anything I missed?
SQL Server Security is not my strong point so forgive me for asking stupid questions.
I have a bunch of tables and sprocs within a schema 'MySchema'. I have a user 'MyUser' defined in the database.
I would like to give MyUser permission to SELECT from tables and EXECUTE all sprocs in MySchema. What is the simplest way of doing that? Will the following:
GRANT EXECUTE ON SCHEMA::[MySchema] TO [MyUser] WITH GRANT OPTION AS [db_owner] GRANT SELECT ON SCHEMA::[MySchema] TO [MyUser] WITH GRANT OPTION
accomplish that? (I can't test it out at the moment because our DBA isn't around and I don't have permission)
With best practices in mind - is what I am doing here considered "ok". Any suggestions/comments are welcome.
-Jamie
P.S. Can anyone recommend any documentation that talks about what best practices should be in the use of schemas. BOL is a bit sparse. Thanks.
I just recently updated to SSDT 12.0.50512.0 using Visual Studio 2013 Ultimate. I typically use SSDT Schema Compare to synchronize my schema across multiple databases and different environments. After updating i encountered a major bug while updating our production schema.Typically during schema compare, the compare will prompt me to drop users and user roles from the database as they are not present in the project. I will exclude these so they database users and their roles aren't affected. After the update to SSDT I noticed that schema compare was only prompting me to drop the User, but didn't show anything about the user's roles. Not thinking much of it I went through my usual task of updating all the production databases. I soon found out that this did in fact remove the user roles even though it showed NOTHING in the schema compare UI indicating it would do so.
GO PRINT N'Dropping <unnamed>...';
GO EXECUTE sp_droprolemember @rolename = N'db_datareader', @membername = N'dbuser';
GO PRINT N'Dropping <unnamed>...';
GO EXECUTE sp_droprolemember @rolename = N'db_datawriter', @membername = N'dbuser';
You could say this is partially my fault for not checking the generated script before running it, but after months of this routine task I've never had an issue until this update.i'm not seeing the changes that will happen to my user roles in the schema compare UI?Â
i have database and set default table schema to "ray" and me must input ruy.TABLE-NAME for retrive data !!! , i need set Default Schema to current user for call database as just database name(for my program) , how changed it ? (i change default schema for current user by alter command but not worked !)
I am using SQLServer 2005, I have setup a login user "User1" and next I setup database user using the same username and login name. After that I create a new schema "mySchema" and make "User1" as the owner of the schema. To "User1" I assigned the default schema to "mySchema", so far its working fine. But when I open the user's property window (dialogbox) the default schema always gets reset to "dbo".
What could be the problem here? Please help me if there is any solution to get the right schema which I assigned to the user.
I created a new login and then created a new user [COM] in DB with default schema pointing to [COM]
I created then schema [COM] WITH AUTHORIZATION [COM]
I want this [COM] user to have all permissions it needs on [COM] schema only. How do I do that? When I try to create table [Com].Table it gives me permission denied.
I have a client who wants to build a database with a user extensibleschema.The client wants to model an entity with about 100 numeric attributes.As time goes on, more numeric attributes will be added. The clientwants an admin function that will allow him to add these attributeswhen needed.My instinct is that this is wrong and that bad things will happen ifwe build this. However, when I went to write up the reasons, all Icould come up with was that* we would need to write dynamic SQL to handle the changing tablestructure,* that table locking would result from field additions* and that it was "non-standard"One alternative is to create a table containing field-name/valuepairs. This is ugly and breaks the ER modelling rules that tell me yoput attributes of an item into the same row. All the same, I wouldprefer this method to the first approach.This problem does not arise on database projects that follow thepattern of only allowing DDL commands to be issued during the initialdevelopment phase and during subsequent change requests.Have any of you been faced with a similar problem? What should I do?Karen
The requirements are: 1. the user has read-only permissions to dbo tales. 2. the user can do everything within the rpt schema, which contains all objects analyzing dbo tables. 3. the user does not have any permission outside rpt schema, except permissions in #1.
The current solutions are: 1. grant the user select only on dbo tables. 2. make the user the owner of rpt schema. 3. Grant the user database permission on create table/create procedure/create view/create function.
My question is - in step 3, should I just grant "Alter" database permission to the user? Granting Alter seems to be cleaner and simpler. According to MSDN,
"Alter" confers the ability to change the properties, except ownership, of a particular securable. When granted on a scope, ALTER also bestows the ability to alter, create, or drop any securable that is contained within that scope.
I'm trying to find out if this is possible.. i know that you can do an execute script command and have it export the results to a script file or clipboard.. then in a new database, run that in the query window and it will recreate the table schema.. but is there a way to do the entire table, contents and all via a script in a similar fashion?
Say i create a login login1 and create a user user1 map to the login1 Then i grant the login a server-level permission.
if i want to perform the operation that need the server-level permission, i should execute as login1. for example i can change the context by execute as login='login1'
but if i change context by execute as user='user1' , then perform the operation , a permission deny error would occur. why?
The user1 was mapped to login1, why failed? what is the permission check mechanicalism of sql server?
I am trying to debug stored procedure using visual studio. I right click on connection and checked 'Allow SQL/CLR debugging' .. the store procedure is not local and is on sql server.
Whenever I tried to right click stored procedure and select step into store procedure> i get following error
"User 'Unknown user' could not execute stored procedure 'master.dbo.sp_enable_sql_debug' on SQL server XXXXX. Click Help for more information"
I am not sure what needs to be done on sql server side
We tried to search for sp_enable_sql_debug but I could not find this stored procedure under master.
Some web page I came accross says that "I must have an administratorial rights to debug" but I am not sure what does that mean?
Hi, I want to execute BCP in Query Analyser in SQL Server 2005 Express for that i surf on net and find that i should execute BCP under xp_cmdShell, That works good for addministritative account on SQL. But i want the working will be done by a non administrative account or non 'sa' user.How can i assign a non sa User permissions to execute xp_cmdShell? or just tell me any other alternative way to run BCP in Query Analyser or code behined. thanx