Diffrence Between Roles, Accounts, Login, Users Permissions And Groups?
Dec 20, 2000I have jsut started using SQL server 7 and am having problems with accounts permissions, users,roles, groups, owners etc what are the differences?
View 1 RepliesI have jsut started using SQL server 7 and am having problems with accounts permissions, users,roles, groups, owners etc what are the differences?
View 1 RepliesI am in need of a utility (stored procedure, third party app, etc)that will help streamline the process of managing and auditing objectpermissions, users and roles on multiple sql server 2000 instanceswith multiple databases on each instance. That's a quick overview ofwhat I need, do I need to be more specific?Thanks.
View 2 Replies View RelatedA question on the permissions hierarchy:
Since logins, database users, and database roles are both principals and securables - what does it mean to GRANT permission on a login/user/role to another principal? Does it mean that for a login - you can GRANT permission to EXECUTE AS that login or modify it, for example?
I'm developing an ASP.NET2.0 application which accesses a SQL Server 2005 Express database. I plan to use integrated security for access to the database.
I'm confused about the relationships between Windows groups, the ASP.NET web.config file <allow roles=.../> and SQL Server roles.
I would like to create a Windows group to which I can assign multiple users and grant that group access to a Web Site using windows authentication and also grant that windows group access to the database my web application uses.
I have gotten the combination of Windows Authentication to the web site and to the database to work for a specific windows user but I am having trouble determining the combination of database security entities I must create to allow access to my database by members of the windows group.
For a Windows user:
1. Create Windows user
In SQL Express
2. CREATE LOGIN FROM WINDOWS WITH DEFAULT_DATABASE =
3. CREATE USER FOR LOGIN
4. CREATE ROLE
5. EXEC sp_addrolemember <role-name> <user-name>
For a Windows group, what would be the equivalent commands necessary to grant a windows group access to my database? Specifying the Windows Group name in sp_addrolemember does not appear to be sufficient even though the documentation states that a windows group name is a valid value for the member name argument.
Hello,
I am new user of SQL Server. I have some problems with these words. I want to make my database works in my specified permissions. I will specify permissions with schemas and these schema wants an owner. I want this owner should be my user. When creating a user it needs a valid login. I am selecting my login and it occurs and error says this login has an different user. I am specifying permissions with roles. But i can't make association all of them. I hope i told my problem to you as well. If you explain these words to me and tell me how can i do my database's works with my own schemas, users and roles i'll be grateful. Thanks for advices.
Happy coding...
I am trying to revert back to Windows 7 after upgrading to Windows 10, however it will not let me and the following message occurs: "Remove new accounts.Before you can go back to a previous version of Windows, you'll need to remove any user accounts you added after the most recent upgrade. The accounts need to be completely removed, including their profiles.You created one account (NT SERVICEMSSQLSERVER) Go to Settings> Accounts> Other users to remove these accounts and then try again".However I did not create any new users and there are no other users listed in the Accounts section.
View 2 Replies View RelatedI have 4 new SQL Server 2005 installations on Windows 2003 that I configured at our main office and shipped to a hosting center. All four servers are members of our domain. I set up test datbases with replication on one of the servers and facilitated this with a domain account.
Now that I've moved the servers to the hosting center (which has a DC) and I'm not having any luck adding domain accounts to the permissions section on any of the the SQL Server boxes.
When I try to add a domain account in the SQL Server's permissions window I get "Name Not Found". By every indication the server is connected to the domain. I can log on using my domain account; I can create shares specifying domain accounts but I can't seem to add domain accounts to the SQL server permissions. When I look in the permission's tab I still see the original domain account, I had added back in the main office, stranded by itself in the list of users. We're using mixed authentication by the way.
Why doesn't SQL Server recognize the domain? Where does it get it's list of users? Does the account I'm logging in with just not have the permission to add domain accounts? These diaglogs are slightly different from the normal 'add a user' dialog boxes.
I feel like this must be a simple oversight. Any help would be appreciated. I'd prefer to move away from local accounts to keep things simple.
I'm trying to harden our SQL Server environment to improve overall security of our systems. I would like to check what specific permissions are granted to SQL Server, SQL Server Agent and SQL Server Integration Services account. I've tried with the "sc qprivs <service_name> " command, but it returns an empty privilege list. Is there a way to retrieve the permissions using a cmd or powershell command?
View 2 Replies View RelatedIs there a script or can I make a script to find out what roles and what users are assigned to the roles are?
View 4 Replies View RelatedHow to generate script which can move users with his roles from one DB to another (SQL 2005) ?
View 1 Replies View Related
In SQL 2005, is this an acceptable (prefered) way to give an application account EXEC permissions for sprocs and funcs in a specific database?
CREATE ROLE db_executor
GRANT EXECUTE TO db_executor
And then of course assign my user to this role on the database level.
I am trying to get away from adding exec to every sproc "manually" and then of course also having to add exec for any new sprocs that get added into the database.
I'm trying to find some documentation or procedures that will allow me to xfer existing users' roles, etc from sql2000 to sql2005.
When our sql 2005 database was restored on a new server (from sql2000), all of the database users were orphaned. I need to create identical server logins and then make the logins database users. It is also important to understand the significance of the new schema concept. The Microsoft SQL2005UpgradeTechRef.doc white paper does not explain any of this.
Ultimately, I would like to create a script for the above scenario once a sql2005 db is restored from a sql2000 db.
Could someone please help me out on this?
Guys,
I have 2 users emp_rw (read write) and emp_ro in the database through which application accesses the database.
Now I would like to replace this users with roles and assign emp_rw, emp_ro to roles. Which roles should be created -
database roles or application roles what is the difference between application and database roles.
currently I execute the below statement to grant rights on database objects to emp and emp_ro users, can this be changed
to grant rights to role instead of user.
grant execute on <function name, procedure name> to emp_ro
Any suggestions and inputs would help.
Thanks
Hi, all. I've got a question that's truly newbie. I've added logins to the "users" of a database, but I've never used the "roles" area. What's the difference? Is a role like a group account with some preset permissions?
View 3 Replies View RelatedI'm trying to find some documentation or procedures that will allow me to xfer existing users' roles, etc from sql2000 to sql2005.
When our sql 2005 database was restored on a new server (from sql2000), all of the database users were orphaned. I need to create identical server logins and then make the logins database users. It is also important to understand the significance of the new schema concept. The Microsoft SQL2005UpgradeTechRef.doc white paper does not explain any of this.
Ultimately, I would like to create a script for the above scenario once a sql2005 db is restored from a sql2000 db.
Could someone please help me out on this?
Whats the difference between db_owner and public role...
I want to create a role and add user to it..that user will have all the permissions on all the tables (our tables), all permissions on all stored procedures, triggers, views...that user is owner of all objects....right now we have to manually grant these permissions to each user, and I was think if I create a role I don't have to what happens with stored procedures and jobs ??
Can some one help me the script to do this... am reading lots of articles about these but none have clear instructions...
How do you create
db_datareader, db_datawriter roles ??
I cannot use EM as I have to send this script with our application..
Thanks
Sonali
I have a number of jobs that will need to be run in an adhoc fashion(no set schedule).
I will be utilizing a mainframe operations staff and would like to limit their access on SQLServer
as much as possible while allowing them start jobs and view history. What would be the best way to go about this?
Thanks in advance.
Hi,
How to set permissions for users to run or edit packages?
How to notify the changes made to packages and where to find the change notifications?
We setup a number of roles with access rights to tables in the DB. This week for some unknown reason, rights on these roles disappeared.
We had to run a restore to reset the roles in the database. After the restore, we could not reproduce the problem.
Are there scenarios to avoid that would cause rights to drop from roles and users? (These rights were gone not just hidden)
Tim.
This may be an idiotic question:
I am attempting to use Visual Web Developer Express with a connection to a SQL Express db from a non-admin account on my XP Pro SP2 machine.
I can do everything in the app under an admin login, but can't seem to configure the db to allow the non-admin account access to the db. I've tried tweaking WMI, using Network Service, Local Service, and Local System with NT AUTHORITY, individual logins, and group permissions, but I'm stuck.
Any thoughts?
Hi everyone out there in ASP.NET land.
Have a quick question...
How do I add a role and/or a user through code (Specifically SQL Statements). If not through SQL, then maybe VB.NET?
Thanks ahead of time,
Denvas
Hi there NT Server,sqlserver 7.0, Integrated Security. I used "sp_attach_db" to attach a database to the sql server. The database has 3 standard roles with members in each of those roles. But i am not able to add a user to any of the roles through Enterprise Manager(No users are listed, except the other 2 roles). Also when i click "users" under the Database in EM, no users are listed except "dbo" with sa login. Luckily since some members are there in the roles, they are able to connect to the database. Also i am not able to add the user bcos the user exists in the public role and i get an error message "user already exists in DB". The user has logged into the NT and everything is fine. I copied the .mdf and .ldf files from a "Standard Security" Server.
View 1 Replies View RelatedSHORT VERSION
i am setting up roles, do i also have to set up role-people as users?
LONG VERSION
my db has two owners. both of us run the Access front end happily - everything works perfectly.
now i'm trying to add non-owner users.
i have set up ten people as datareader/datawriter (primitive, but will refine this later).
these people are not able to get into the db.
at the registering DSN stage they can't see the server in the list of servers and if they manually type \myserver they can't connect (doesn't exist or access denied).
in Enterprise Manager,
Users: shows only the two owners
Roles:datareader shows the ten non-owners (ditto datawriter)
am i supposed to setup my datareader/writers as users as well?
should i see them in the Users: list?
thanks for your time.
izy
How can I generate a list/view of all users/groups with appropriate roles and rigths?
View 3 Replies View RelatedHello,I am trying to write a script using SQL Server 2000 to list all of theroles that have any permissions on a specified object (view, table,sp, etc.). Essentially I am trying to script what is displayed whenone selects the 'list only users/user-defined database roles/publicwith permissions to this object' option under 'manage permissions' inEM but without showing individual users, only roles. I've looked atthe system sp's and the information_schema views but none of thoseseem to give this information. Am I going to have to look directly atthe system tables? If anyone has a script that does this for aspecified object or can point me to more specific information on howto do this I'd appreciate it. Thanks!Bruce
View 2 Replies View RelatedI have developed a site on my local machine utilizing the built-in security/roles provides by ASP.NET 2.0. I am trying to publish the web application to a production server. It will publish correctly, however the ASPNETDB is not recognized. The folder app_data is created with the proper database files. My question is how do I set this up to use the data I have created in this database? I've searched on how to accomplish this but haven't found any definitive answers. I have found ScottGu's blog to be useful, but I was wondering if there is a different way.
1 - Do I push the data to a SQL Server install via SQL scripts?
2 - Can I link to the ASPNETDB that is created locally on my machine?
3 - If I make changes to the application and re-publish, is there a way to keep from overwriting the ASPNETDB on the server?
I am a unsure of how the built-in roles/security works when you are ready to push something to production. If someone wouldn't mind pointing me in the right direction, it would greatly be appreciated. Any literature, advice, links, etc.. would be great.
- Thanks
Andrew
When creating a login account, it is associated with a default database.
Is it then necessary to grantdbaccess to the default database?
I have a SQL2005 in a cluster environment, for some reason the only way that user accounts can login to either the database or SSMS is to grant them the SysAdmin role. This access is a little to high for my liking and am wondering if anyone else has come across this before.
Thank you
set up asp .net user account on sql server 2005Question:
I've read the instructions in this article: http://www.netomatix.com/Development/aspnetuserpermissions.aspxBut do not know how to do this:You can grant 'Network Service' or 'ASPNET' user accounts permissions to connect to database.Please provide example on how to do this, thanks!
Hi,
I am using Sql Server and excel. I create an excel report using pivot tables and the likes that is connected to a sql database and queries three views. It works fine for me because I have access to the DB. But I want everyone in my office to beable to read this excel report. When another user tries to access it, it doesn;t allow them to connect to the DB through ODBC. I was wondering how to add a group, from active directory called Everyone, to my SQL server so that everyone in my office can read this EXCEL report. I can add a user but not a group.
I was given the task of managing the DB as our IT guy left and I really was left to the wolves as this isn't really my area of expertise...
redhanz
Sql 2005
I want to grate execute permissions on my stored procedures to a role. While creating the role, it asks for "schemas owned by this role".
To me, the schema is merely a namespace that allows you to group objects, but arent schemas such as db_datawriter roles that are central to the db and only admin type users should have ownership of these, correct ?
In a nutshell, I want to:
create a new role and assign a user to that role
with a stored procedure, grant execute permissions to this role
I was confused by the sql 2005 dialog that asks me to take ownership of roles such as db_datawriter, db_datareader etc, wouldnt that mess up other things with the database ?
help ...
I think its time I review all of the above items
role
user
login
schema
Hello,
I'm having a problem using Windows Accounts to login to a SQL 2005 Server.
Here is my setup. The SQL server and web server are separate machines. I'm also not developing directly on the web server.
SQL Server - Windows 2003 Server- SQL 2005- Set to use SQL and Windows AuthenticationWeb Server- Windows 2003 Server- IIS 6.0 - Anonymous Authentication is disabled - Integrated Windows Authentication is enabledApplication web.config:
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"><appSettings> <add key="ETR_Environment" value="Dev"/></appSettings>
<connectionStrings> <add connectionString="Data Source=sql-dev-server, 1179;Initial Catalog=ENV_ETR;Integrated Security=SSPI;" name="ETR_Dev"/> <add connectionString="" name="ETR_Prod"/></connectionStrings>
<system.web> <compilation debug="true" strict="false" explicit="true"/> <pages> <namespaces> <clear/> <add namespace="System"/> <add namespace="System.Collections"/> <add namespace="System.Collections.Specialized"/> <add namespace="System.Configuration"/> <add namespace="System.Text"/> <add namespace="System.Text.RegularExpressions"/> <add namespace="System.Web"/> <add namespace="System.Web.Caching"/> <add namespace="System.Web.SessionState"/> <add namespace="System.Web.Security"/> <add namespace="System.Web.Profile"/> <add namespace="System.Web.UI"/> <add namespace="System.Web.UI.WebControls"/> <add namespace="System.Web.UI.WebControls.WebParts"/> <add namespace="System.Web.UI.HtmlControls"/> </namespaces> </pages>
<authentication mode="Windows"></authentication> <customErrors mode="Off"></customErrors> <authorization> <allow users="XXXWilliam.Klein"/> <deny users="*"/> </authorization></system.web></configuration>
The reason why I want to use the windows login to connect to the database is the application needs to keep track of who did what when entering and updating data but still keep them using there windows login accounts. So using a generic account will not work.
What keeps happening is I keep getting this error: Login failed for user 'NT AUTHORITYANONYMOUS LOGON'. When trying to connect the database. I've tried this on two web servers on another I get something slightly different: Login failed for user 'XXXWeb-Server$'.
Anybody able to give me any suggestions on how to fix this?
Is it possible to rename a SQL Login or User account?
View 1 Replies View Related