We have several departamental "database administrators" that needs access to their databases "only" and cannot perform maintenance tasks administrative tasks such as backup and create new server login. We basically function as a "database hosting services" to these departamental dbsa. I granted rights to these departamental dbas to their database and I assigned the db_ddladmin role to them. They can create the objects within their database but they cannot read the records because when the table was created it belongs to the dbo schema - I don't want to assign them to the db_owner role, this role is much more permission that they need.
My question is: What is the best way to give these departamental dbas rights to manage their databases without having too much permission to maintain the database permission and settings?
Whats the difference between db_owner and public role... I want to create a role and add user to it..that user will have all the permissions on all the tables (our tables), all permissions on all stored procedures, triggers, views...that user is owner of all objects....right now we have to manually grant these permissions to each user, and I was think if I create a role I don't have to what happens with stored procedures and jobs ??
Can some one help me the script to do this... am reading lots of articles about these but none have clear instructions... How do you create db_datareader, db_datawriter roles ?? I cannot use EM as I have to send this script with our application.. Thanks Sonali
Hello: I have read that giving a User the DB_DDLAdmin role in SQL might causes problems with ownership chains in the future. Since the User will have ownership to all objects created, what preventive measures can one take to help avoid any problems which might loom in the distant future due to ownership chains? Thank you, -H
I am new user of SQL Server. I have some problems with these words. I want to make my database works in my specified permissions. I will specify permissions with schemas and these schema wants an owner. I want this owner should be my user. When creating a user it needs a valid login. I am selecting my login and it occurs and error says this login has an different user. I am specifying permissions with roles. But i can't make association all of them. I hope i told my problem to you as well. If you explain these words to me and tell me how can i do my database's works with my own schemas, users and roles i'll be grateful. Thanks for advices.
Apologies if my post does not fit into this forum. I initially tried the SQL Server Data Access forum but I now think my question is more security related.
Is it possible for a web user who has been successfully authenticated with forms authentication to be authorised to use a SQL Server 2000 role depending on a particular ASP.NET 2.0 role that they have been authorised to use? I understand that that I can assign a SQL Server 2000 role to the ASPNET or NETWORK SERVICE account but this will grant access to anonymous web users to the database role. I can ensure that I only call stored procedures which access sensitive data in web pages that are in restricted by ASP.NET roles. However, it would be nice to also restrict stored procedures via the ASP.NET 2.0 Forms Authentication roles.
If this is not possible have you got any bright ideas how I could restrict access to stored procedures who are anonymous web users.
I'm developing an ASP.NET2.0 application which accesses a SQL Server 2005 Express database. I plan to use integrated security for access to the database.
I'm confused about the relationships between Windows groups, the ASP.NET web.config file <allow roles=.../> and SQL Server roles.
I would like to create a Windows group to which I can assign multiple users and grant that group access to a Web Site using windows authentication and also grant that windows group access to the database my web application uses.
I have gotten the combination of Windows Authentication to the web site and to the database to work for a specific windows user but I am having trouble determining the combination of database security entities I must create to allow access to my database by members of the windows group.
For a Windows user:
1. Create Windows user
In SQL Express
2. CREATE LOGIN FROM WINDOWS WITH DEFAULT_DATABASE =
3. CREATE USER FOR LOGIN
4. CREATE ROLE
5. EXEC sp_addrolemember <role-name> <user-name>
For a Windows group, what would be the equivalent commands necessary to grant a windows group access to my database? Specifying the Windows Group name in sp_addrolemember does not appear to be sufficient even though the documentation states that a windows group name is a valid value for the member name argument.
After reading Books Online, I am still confused with Database Role vs Application role.
My intention is to control the end users' authority on the database, where the end users will access through Winforms client application. With proper assignment of schema and database roles to an user, I believe this will enough to control the permisison of an user.
If this is the case, why Application role exists? When and why should I use Application Role? How is it different from Fixed Database Role?
Hi! Can anyone say which ms sql server predefined roles are similar to the following oracle predefined roles: dba, connect, resource. I already know that sysadmin in MS SQL Server is the same as DBA in Oracle but what about the rest? Thanks a lot.
I am in the process of locking down the SQL Server in an environment that is considered to be in production (pilot stages) and there is no staging or test environment that mirrors it. I need assistance in determining the server and database roles to assign to existing logins, most of which currently have sa and dbowner rights. Because it is not a development environment, I need to be sure that downgrading the server and/or database level permissions will not break any functionality.
I'm starting with the logins that have the SA fixed server role. These logins need to be able to install applications that require the use of a backend database, which will be stored on SQL Server. In addition, through the installation process a new login/password for the newly created database(s) is normally created. For the existing logins with the SA fixed server role, will downgrading to the securityadmin and dbcreator roles be sufficient to facilitate those needs, or are those too much/ too little? And should any user account ever be granted the SA role? If so, what questions could I ask to determine this need?
Since these install process for these applications usually prompt to install using SA or local system account to authenticate to SQL to create the new database(s), that account should have securityadmin and dbcreator roles to create the database and its tables, as well as add a new login to that database.
Please address this question, keeping in mind that the logins will only be performing the described actions, installing apps using SQL Server as the backend database and adding a login to that database (which may or may not be done during the installation process).
I'm looking for some guidance/help regarding setting up a sa - lite account in SQL 2005. I need to give another admin rights to create/monitor maintenance plans, backup and restore databases, monitor performance/logins, but NOT be able to have any rights on several tables (and of course not being able to set user permissions).
I've tried using server and db roles but haven't been able to determine how to give someone w/o full sa rights access to maintenance plans.
If you can think of soemthing, please let m eknow.
I have MS SQL Server 2000 DB. I have created a User and created some tables for the same. I created a Role named A and granted Select Permissions for few tables to that roles.
When I created another Role named B and added this role (A) to B, the permissions are not being xferred to B. Bcos of which, if i assign an User to Role B, he is not able to select the tables for which permissions have been given thru role A.
Note : If i give assign directly the user to Role A, it is working. But i want to assign User to role A only thru B.
I have a database which contains 5 db_owner. If I need to remove two of them (they have left the company and are not being replaced) so db_changedowner is out of the question.
What is the proper way to do this?
Do I need to transfer their ownerships to one of the existing db_owner?
I recently registered my hosted database server on my pc. When I ran aspnet_regsql.exe the table created have dbo as schema, but when I create a news table throught stored procedure it has my username as schema.When I buildt my site on my pc all tables have dbo as schema.How do I make all tables on my hosted server db have same schema?Thanks The very Newbie
is there a command that can change a login role to db_owner in all thetables, or do i have to use{USE table_nameEXEC sp_adduser 'login name'EXEC sp_addrolemember 'db_owner', 'login name'}for each of the tables ?thanks
Im duplicating a database by running the script below. This works fine. My only problem is that the dbo user does not by default have any role memberships in the new database hence no access. I have tried using sp_addrolemember but dbo is not a valid user for this procedure. Adding dbo to the db_owner role through the sql2005 MS works fine, but I would very much like to script this. Any suggestions?
--copy databaseuse master;alter database polaris_regular set single_user with rollback immediate;DROP DATABASE polaris_regular;backup database polaris to disk = 'c: mppolarisbak.bak' with INIT,format;restore filelistonly from disk = 'c: mppolarisbak.bak';restore database polaris_regular from disk = 'c: mppolarisbak.bak'with move 'polaris' to 'C:Datapolaris_regular.mdf',move 'polarisLog' to 'C:Datapolaris_regularLog.mdf';
I am getting this error message when disabling a job. The user is not a SA.
TITLE: Microsoft.SqlServer.Smo ------------------------------ Alter failed for Job 'XYZ'.
------------------------------ ADDITIONAL INFORMATION: An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
I have a server that was upgrade to 7 several months ago. The cmptlevel was set to 7 once upgraded. I have a developer group as dbo_owner role on a database and now on certain tables (not all) they can add fields and save. But then go back in and remove the field then try to save they get the error message "- Unable to modify table. ODBC error:[Microsoft][ODBC SQL Server Driver][SQL Server]SETUSER permission denied, database 'XXX',owner 'dbo'."
I have a number of user databases who have lost their owner. That is, displaying properties for the database says the owner is unknown.
I assume that any user for such a database that's assigned to the db_owner role can admin everything in this database? Which means that the lack of a dbo doesn't cause any other problem than making it impossible to run a sp_helpdb for the database, or...?
Of course I'd like to make someone the owner, but it seems difficult to make an already existing database user the owner, without dropping the user and re-creating it.
I have some users that I need to run stored procedures, but they can'tseem to run them unless they are in the db_owner role of the database.How do I give them access to run the stored procs without giving themthe complete rights of the db_owner role?Thanks in advance.
Hi All,I am facing a problem while executing a statement through C++ codeusing OLEDB API of Sql server.There is a problem with DB_OWNER role. If I will enable the DB_OWNEReverything is going fine but if I will remove this role than I amgetting error "DB_E_ERRORSINCOMMAND".But if I will execute the same in query analyser it is goingabsolutely fine in either case.I am not able to understand why I am getting error while using API.Please help me......thanks in advance
I am receiving this message in my MOM Server: The system stored procedure sp_helpdb, which is used to gather information about the databases, has returned an error that may indicate that it cannot determine the db owner for the database [model]. Here are the details: sp_helpdb @dbname='model' on SQL Server Instance: INSTANCENAME. Error number: 515, Error Information: [Microsoft][ODBC SQL Server Driver][SQL Server]Cannot insert the value NULL into column '', table ''; column does not allow nulls. INSERT fails.
So, I run this script in the Master DB: select name, suser_sname(sid) from master.dbo.sysdatabases where suser_sname(sid) is NULL
And I get the result that the db_owner is set to NULL!
I know that it is not possible to change the DB Owner of the model database but is there any workaround to solve this without reinstalling or similar solutions?
how can i change the database owner field in sp_helpdb. becoz each &every database owner is having different names. so i want to change to administrator.
when i try to change the through exec sp_changedbowner 'administrator' it raises error :
Msg 15110, Level 16, State 1, Line 1
The proposed new database owner is already a user or aliased in the database.
I created SP and enabled db_datareader and db_datawriter for roles for BUILTINUsers on database level.
I can call that SP from my application if I am accessing DB from my app running on the same machine. If I run app on other machine SP throw exception related to lack of permission.
I fixed that by enabling db_owner roles for BUILTINUsers. But it is not good fix from security point of view.
My question is: is there any other way to allow regular user to run that SP by not giving him db_owner privileges?
Also I have to mention that my SP procedure has some dynamic SQL code.
I am getting the following error when trying to create a view in a database.
If I have db_owner rights so I should not have an issue? Any thoughts
TITLE: Microsoft SQL Server Management Studio ------------------------------
Property DefaultSchema is not available for Database '[GiftTraq]'. This property may not exist for this object, or may not be retrievable due to insufficient access rights. (SQLEditors)
I have granted db_owner to a user id. This userid was able to take a database offline, but when trying to bring the database up online, I got an error message 5011, user doens't have permission. Does anyone has any idea why? I read in books on line saying that db_owner fixed roles has permssion to set this database property. Thanks.
I have given a user db_owner role in a database. When he creates a table using Enterprise manager the table owner is dbo. When he creates a table using Query Analyzer the table owner is the user. eg
Enterprise Manager = dbo.Table1
Query Analyer = username.Table1
This causes a problem when the user is writing web applications. Is this an error in the way i have set up permissions ? How can i make them behave the same way?