Add A Login To A Database Role (was Very Confusing)
Apr 4, 2006
This stuff makes no sense what so ever,
In the Books on Line of MSSQL2000
In "Adding a Member to a SQL Server Database Role"
There is this
"Note : When you add a Windows NT 4.0 or Windows 2000 login without a user account in the database to a SQL Server database role, SQL Server creates a user account in the database automatically, even if that Windows NT 4.0 or Windows 2000 login cannot otherwise access the database."
I mean how can anyone add a login to a database role without making the login a user of the database.:shocked:
Also if it worked, a new fancy feature to add new logins??:eek:
Plz help:S
In sql server 2000, I created some custom database roles called ProjectLeader and Developer. I would make these roles a member in the fixed database roles so that I would only have to add the user to the ProjectLeader or Developer role once and they would presto-magico have the security I wanted them to have with no unecessary mouse clicking. I'm not sure how to repeat this process in 2005? Management Studio doesn't seem to allow you to add a role as a member in another role. Is there a work around or solution for this?
Ive been reading over the documentation and some stuff online, but I still dont really understand what the difference is and when you would use one vs the other. Can someone put it in simple terms for this dummy (me) ?
Hi, I have a SQL2k STD with SP3 installed. Currently, only one database db_XYZ is there. The server has been started up since 07/03/2003 16:00 pm. But in the sql server current log: "Starting up database 'db_XYZ'." info is spreading from that time (16:00 pm) to this morning 10:00am at an interval from every 1 minute to 4 minutes.
Why need to 'Starting up' this database so much times? This reminds me that this 'Starting up' is kind of 'abused' in many other servers. Any idea?
We're trying to follow the principle of least privilege here in setting up a user account for our website to use to access SQL Server 2005, but we're having a nightmarish time getting it to work.
The issue seems to be trying to get a limited access user account the ability to cross databases.
Here's the situation:
We have a User [WebUser] that we want to grant access to the database. This account has a login [WebUser] that has username=WebUser and password=ALongPassword.
This user only calls stored procedures in the database [WebData].
However, some of the stored procedures in [WebData] call stored procedures in the database [dbutil].
One of the stored procedures in [dbutil] inserts records into a table in a third database [dbutil_temp].[DebugLog].
This all works out great from my development account using Windows Authentication.
But as you might guess, if I do something like "EXECUTE AS [WebUser]" and run the same procedure on [WebData] things fall apart quickly. I've looked online regarding cross-database ownership chaining, but quite frankly, the whole users/logins/roles/schemas security model is confusing, and I'm getting nowhere fast on my own.
We really only want [WebUser] to have CONNECT and EXECUTE permissions on the primary [WebData] database, but it seems like we've got to do a lot more than that to get this to work.
I'm having trouble copying my production database to a development version because I have a login user in the public role that is not a valid user. I can't find any reference to the login/user anywhere in my database or in NT security, on my server for that matter.
When I open the public role through Enterprise Manager, I can see the logins/users in the list, but the 'Remove' button is disabled. I also tried to use the stored procedure 'sp_droprolemember', but it says that 'public' is not a role in the database.
DTS keeps blowing up on this object when exporting, and I need to get this stuff copied ASAP.
The role I have added to the database is an Application Role. It has been added to the Database permissions with Grant checked for "Select" and "Authenticate".
If I test this with query analyzer, it returns expected results (if I remove Grant from 'Select', it fails)
sp_setapprole 'SearchAppRole', 'password'
select * from recipe
If I edit my connection string (for testing purposes) to use the sa account, the application can connect and run the Select statement:
However, I cannot get the application to successfully logon and run the select statement when using the user id and password of the Application Role. I get error:
System.Data.SqlClient.SqlException: Login failed for user 'SearchAppRole'. at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj
I can't find much information on Application Role...I just want one basic permission for the application as a whole. Any help is appreciated. Thanks.
I am trying to add Login user 'NT AUTHORITYNetwork Service' to role 'aspnet_Membership_FullAccess' using the following statements. I have attached database ASPNET.mdf to SSMS. -- Create a SQL Server login for the Network Service accountsp_grantlogin 'NT AUTHORITYNetwork Service'-- Grant the login access to the membership databaseUSE aspnetdbGOsp_grantdbaccess 'NT AUTHORITYNetwork Service', 'Network Service'-- Add user to database roleUSE aspnetdbGOsp_addrolemember 'aspnet_Membership_FullAccess', 'Network Service' I am getting the following error message Msg 911, Level 16, State 1, Line 5 Could not locate entry in sysdatabases for database 'ASPNETDB'. No entry found with that name. Make sure that the name is entered correctly. Msg 911, Level 16, State 1, Line 4 Could not locate entry in sysdatabases for database 'ASPNETDB'. No entry found with that name. Make sure that the name is entered correctly. Msg 15014, Level 16, State 1, Procedure sp_addrolemember, Line 36 The role 'aspnet_Membership_FullAccess' does not exist in the current database.
On displaying the contents of view sys.databases, I am able to see row for ASPNET. Please let me know what the problem is and how I could fix it. Thanks, Anita
I have SQL server 2005 (Developer edition) installed and I want to add a database role to a database role. It is working on my SQL 2000 server,however, when I tried to do the same thing on SQL2005, It didn't allowed me.
When I go to the Add role and then adding members to the role, the browse screen does not allow me the choice of object type Roles. It only shows me "Users".
Can someone please help me with this and provide me some information of how / what should I set to get the Roles in object types list so I can add a role to a role.
Hi, Im getting this error when attempting to retrieve data from an sql database.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Cannot open database requested in login 'projectAllocations'. Login fails. Login failed for user 'sa'.
Source Error:
Line 13: objConn = New SqlConnection( "Server=LAB303-066NETSDK; Database=projectAllocations; User ID=sa;Password=mypassword") Line 14: objCmd = New SqlCommand("SELECT * FROM project_descriptions", objConn) Line 15: objConn.Open() Line 16: objRdr = objCmd.ExecuteReader() Line 17: While objRdr.Read()
Been looking through the forums for a solution to this problem.I already tried granting access through statements such as:exec sp_grantloginaccess N1'machineNameASPNET'But they don't seem to work.. i vaguely remember seeing somewhere a DOS command line statement that grants access to the ASPNET_WP and that fixed my problem before on another computer.. but this is a new computer and i forgot to write down the command.Can anyone help explain and propose a solution to my problem. Many thanxs.
I am using the MSDE to connect to my ASP.NET application. I get this error after clicking the login button of my login page. Anyone know why this would happen?
Thanks for any help,
Cannot open database requested in login 'DataSQL'. Login fails. Login failed for user 'serverASPNET'.
When assigning permission to an authentication user to connect to a server database, if I want the user to be able to insert / update / delete data on db objects specifically tables, what permission should be assigned to that user?
My thoughts were Insert / Update / Delete; however, someone suggested that the Execute permission would do this ...
Question to those who may have had this same error- it seems that I am not able to delete some of the reports that I have created. This just started happening recently and according to our system admin nothing has changed as far as permissions are concernced. We installed SP2 the other day and I was wondering if this could have anything to do with the error message below
by the way I am a member of the sysadmin group
thanks in advance
km
System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Data.SqlClient.SqlException: Only members of sysadmin role are allowed to update or delete jobs owned by a different login. Only members of sysadmin role are allowed to update or delete jobs owned by a different login. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at Microsoft.ReportingServices.Library.InstrumentedSqlCommand.ExecuteNonQuery() at Microsoft.ReportingServices.Library.DBInterface.DeleteObject(String objectName) at Microsoft.ReportingServices.Library.RSService._DeleteItem(String item) at Microsoft.ReportingServices.Library.RSService.ExecuteBatch(Guid batchId) at Microsoft.ReportingServices.WebServer.ReportingService2005.ExecuteBatch() --- End of inner exception stack trace ---
I have dw schema in the database, owned by user dw.The login name is dw. The login had db_owner right in the database. The default schema for the login on the database is dw.Now Once I assign 'sysadmin' serverrole to dw login, I started seeing stored proc not found error, if try to execute stored proc without mentioning dw.spname...Also I am seeing table not found error while quering tables under dw schema, after the change.
<add name ="ASPNETDBConnectionString1" connectionString ="Data Source= .SQLEXPRESS; Integrated Security = True; DataBase = ASPNETDB.MDF; User ID = MyWindowsUserName; Password = MyWindowsPassword; User Instance = False; Connect Timeout = 30" providerName ="System.Data.SqlClient"/>
I tried to research on the internet and i got a solution on changing the permissions for this database to enable user SystemName/ASPNET, but iam not able to access this ASPNETDB.MDF from SqlServer and if i go to server explorer in vs2005, i dint know where to chage the permissions.
I want to set up a database role so that users can use sp_readerrorlog through SSMS. It does a check on membership in the securityadmin role.
I have tested it and can see you can grant execute on xp_readerrorlog but the SSMS GUI uses sp_readerrorlog.
I thought I could create a user/certificate and add the signature to sp_readerrorlog but it's not permitted (likely because it's not a normal database object).
So the other solution is to add the users to the securityadmin role but then explicitly deny alter any login (best done with a custom server role in 2012+ but otherwise just manually in 2008). I tested this out and it works, I'm not able to alter any logins or increase my own permissions, I also did a check of what's reported from fn_my_permissions(null, null) and it shows minimal permissions like I'd expect.
hi, so i have a new box and I'm trying to get my websites and SQL Server 2005 Standard Edition working on it, but the pages give me the following error when I try to load them: "Cannot Open Database "XXXX" requested by login. The login failed. Login failed for user 'xxx'" Everything seems exactly the same settings and user-wise from my old box to my new one, but nevertheless everything I've tried gives me the same error. I've tried creating new users in SQL Server and giving them appropriate permissions to my database. I've even tried just using the built in 'sa' account. Nothing seems to change the error, except when I give it the incorrect password then it just says 'login failed' This leads me to believe that i'm successfully logging into the SQL Server, but it doesn't want to give me access to the database I'm requesting access too. But "apparently" the account i'm using should have access to the database. If nothing else the 'sa' account should, but that didn't work either. I'm stumped. Any ideas?
I want a database user to be able to alter login, database user and database role from my application. so, i assigned that user to sccurityadmin server role, db_accessadmin and db_securityadmin database roles....By now, the user can add or remove login and database user. However, the user cannot add or remove any database role membership. What am I missing here?? What should I do so that the user can create, and alter database roles in the database??
Hi I have asp.net2 app using SQLExpress which works fine in VS2005. When I compile it and try to run it from IIS on the same machine using the same sql server database with: connectionstring="server=.SQLEXPRESS;Database=abc.mdf;Trusted_Connection=yes"/> I get the following error. Cannot open database abc.mdf requested by login. The login failed. Login failed for user 'machinenameASPNET' Any help much appreciated
Cannot open database "QuoteSystem" requested by the login. The login failed.Login failed for user 'NT AUTHORITYNETWORK SERVICE'. Last time I recieved this error I had to add ASPNet, NTAuthority, and myWebSiteUsers USERS under the database properties-->permissions setting for the specific database I am trying to access with the website but this database(QuoteSystem) does not lists any of these objects so I can add them. Does anybody know what I have to do to fix this? I am using SQL Server 2005.
Please, can anyone tell me why I am getting the undermentioned error message when I develop my application as an IIS Site in Visual Web Developer 2005 Express ? I have already developed and successfully tested it as a 'FileSystem Web Site' .I am using SQLSErver Express 2005 edition and have which I have installed along with the Northwind database as per the download instructions. My IIS software is version 5.1 which I have checked and it is configured to allow Integrated Windows Authentication. the relevant code is (1) web.config file connection strings <connectionStrings> <add name="NorthwindConnectionString" connectionString="Data Source=.sqlexpress;Initial Catalog=Northwind;Integrated Security=True" providerName="System.Data.SqlClient"/> </connectionStrings>(2) the grid view control and sqldatasource <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" DataKeyNames="CategoryID" DataSourceID="SqlDataSource1"> <Columns> <asp:BoundField DataField="CategoryID" HeaderText="CategoryID" InsertVisible="False" ReadOnly="True" SortExpression="CategoryID" /> <asp:BoundField DataField="CategoryName" HeaderText="CategoryName" SortExpression="CategoryName" /> <asp:BoundField DataField="Description" HeaderText="Description" SortExpression="Description" /> </Columns> </asp:GridView> <asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:NorthwindConnectionString %>" SelectCommand="SELECT [CategoryID], [CategoryName], [Description] FROM [Categories]"> </asp:SqlDataSource>This is the full error message and details: Server Error in '/sqlservertest' Application.
Cannot open database "Northwind" requested by the login. The login failed.Login failed for user 'JERRY-3C9615BAAASPNET'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Cannot open database "Northwind" requested by the login. The login failed.Login failed for user 'JERRY-3C9615BAAASPNET'.Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace:
Hi all, Iam getting this error System.Data.SqlClient.SqlException: Cannot open database "XYZ" requested by the login. The login failed.Login failed for user 'xyz-abcASPNET'. when trying to open the page.... http://localhost:1807/projectname/WebFormName.aspx as http://localhost/projectname/WebFormName.aspx Couldnt figure out the solution.Please help Soujanya
Hi, I just installed Visual web developper 2008 express with all options including SQL srvr express 2005!
This is from default iso image on the official website.
I create my first project and when I want to do ASP.NET configuration from web site menu, i got this error:
"Cannot open database "aspnetdb" requested by the login. The login failed."
I am just trying to learn here so i even did not create any dB or something, it is 1st time I run configuration to add security roles and users for testing!
I also un-installed all and re-installed, still the same...
Error!!! 1>Cannot open database "intranet" requested by the login. The login failed.Login failed for user 'RAGHAVEN-71AF9BASPNET'. Error!!! 2> An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) These both errors r coming simultaneously when start to debug only when i tried to retrive data from database , from past two days not able to work on database,plz help me in solving this ,i tried everything what i know and even on experts advice from recommended websites, forums and on google search..
I am getting the above error. On server1 I am running a dts package via a sql server job (sql server2005). This has been working perfectly for over a year. This package needs to access a database on server2. The database in question on server2 was recently restored from our produciton environment to refresh the data. Every since thsi time the job on server1 is failing with the above error.
Steps I have taken so far: droped the user from server2 and recreated it gave the user sysadmin rights on server 2 and server1
I'm using Visual Web Developer, .NET Framework 2.0, ASP.NET 20., IIS 5.1. on Windows XP Pro SP2.
I have assigned every possible user i can think of full permissions to the web folder, all of the subfolders, and the database files. This includes Administrator, Administrator Groups, ASPNET user, IUSR_Machine, Interner guest account, Network Group, Network Service Group, Power Users Group, Users.
I'm logged on as administrator.
When i run the web service from within VWD, i get this error.
Cannot open database "eBayTrader" requested by the login. The login failed. Login failed for user 'DHJC2R91ASPNET'.
Does anybody know how to resolve this problem ?
I have been working on it for days. I will gladly pay someone to work this out with me over the phone/email. I'll send you a check before we start.
I have created a new database within SQLServer Express 2005 and have an ASP page in IIS. Any time i attempt to access the database I get the following error:
[Microsoft][ODBC SQL Server Driver][SQL Server]Cannot open database "testDB" requested by the login. The login failed.
The ODBC connection that I have created works fine if connecting to the same table (literally three sample fields with two records) in an Access database.
The database connection that I am using is:
Set DatabaseConnection = Server.CreateObject("ADODB.Connection") DatabaseConnection.Open "DSN=testDB;UID=EINSTEINAdministrator&pwd=password;DATABASE=testDB;APP=ASP Script" Set rs = Server.CreateObject("ADODB.recordset") SQLString = "SELECT * FROM testTable" rs.Open SQLString, DatabaseConnection if NOT rs.EOF then Response.Write(rs("testField1") & " - " & rs("testField2")) end if rs.Close DatabaseConnection.Close Set DatabaseConnection = Nothing
EINSTEIN is the name of the server, rs = Recordset. I have tried changing to just Administrator instead of machinenameAdministrator with no success. I have got SQL Server Management Studio Express CTP, and can log in fine to SQL Server using EINSTEINAdministrator.
