How To Use Stored Procedure To Change Permission??
Apr 24, 2001
Hi,
I have a schedule task which call one of my stored procedure,
In this stored procedure, I need to change db owner of one of
database, but I find sp_changedbowner do not allow me to specify
db name,it only change current db,so I have to open a db before
call sp_changedbowner,but it is invalid..
CREATE PROC demo
as
begin
...
use demo_db //it is invalid
exec sp_changedbowner 'scott'
one of the developer has a stored procedure that selects a data from one table and update to another table. i moved that stored procedure from development server to production server.
i gave that developer grant execute permission for that stored procedure. since that stored procedure selects and do update the tables, do i need to give update permission to that developer to that underlying tables also.
Which fixed database role allows a user to execute a user defined stored procedure while minimizing the amount of permissions given. I think db_Datareader will do the trick.
If I grant execute permissions on stored procedures in a database and the proc in turn creates tables in the DB, and if the user is not a db_owner, will the procedure be allowed to create those tables? or will the stored procs fail?
Hello,I have a CLR stored procedure which send some values to an external URL by using the webclient, but for some reason I am getting this error.A .NET Framework error occurred during execution of user-defined routine or aggregate "sp_LeadSend": System.Security.SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. System.Security.SecurityException: at System.Net.WebClient.UploadValues can anyone please advice how to resolve this one...I am really having a hard luck....... thanks.
I'm trying to get a stored procedure working for a website on my local machine that uses ASP.NET 1.1 and MSDE. (I have a single instance of the latter installed, using Windows Authentication mode.)
I've been able to run SQL queries and such directly (using SqlCommand and so forth) by adding the proper reader role to the account MACHINENAMEASPNET. (Substituting my actual machine name for MACHINENAME, of course.) However, when I try to run a stored procedure from an .aspx page, I get the following error:
I've researched this problem here and other places, and every time I get to a response that says to grant execute permission (via OSQL -E) with the following statements:
use mydbasename go grant execute on MySPName to MACHINENAMEASPNET go
(There are sometimes some other intervening statements to add ASPNET as a user account, but when I use those I'm told that the account already exists ... I had added it previously via the Web Data Administrator in order to get reader permissions for SELECT statements and so forth.)
My problem is that the GRANT EXECUTE statement always fails with the following error:
Line 1: Incorrect syntax near ''
Using a forward slash instead doesn't make any difference. If I put single quotes around 'MACHINENAMEASPNET', then the error changes to:
Line 1: Incorrect syntax near 'MACHINENAMEASPNET'
And if I eliminate the machine name, then the error is:
Msg 4604, Level 16, State 1, Server MACHINENAME, Line 1 There is no such user or group 'ASPNET'
So can someone please let me know what I am missing that doesn't allow the GRANT EXECUTE to work?
Here is the stack trace (note that I have altered some names and paths for purposes of security):
Suddenly a stored procedure, very much like several others, is givingEXECUTE permission denied on object 'Add_Adjustment', database'InStab', owner 'zhoskin'.server:Msg 229, Level 14, State 5, Procedure Add_Adjustment, Line 18.I'm zhoskin. I am the dbo and created the procedure, and when I lookat its properties, I have EXEC permission. Line 18 is just the returnstatement. The values are all appropriate for the table. So what isusually going on when a stored procedure denies access to its owner?Thanks//Zeke HoskinCREATE Procedure Add_Adjustment (@AdjAcc Int, @AdjType Char, @AdjAmtMoney, @AdjYrMth Int, @AdjDate Datetime)/* Add a Dep Adj (Type Z, Negative) or WD Adj (type Y, Positive) */ASIF @AdjType = 'Z'BEGINInsert Into tblTxn(TxnAcc, TxnType, TxnAmt, TxnSign, TxnYrMth,TxnDate)VALUES(@AdjAcc, @AdjType, @AdjAmt, -1, @AdjYrMth, @AdjDate)ENDIF @AdjType = 'Y'BEGINInsert Into tblTxn(TxnAcc, TxnType, TxnAmt, TxnSign, TxnYrMth,TxnDate)VALUES(@AdjAcc, @AdjType, @AdjAmt, 1, @AdjYrMth, @AdjDate)/*this is just to afect line numbers*/END/* set nocount on *//*space holder*/return/*more space*/GO
I develop a database that notifies clients when data changes by sending an UDP broadcast message using an extended stored procedure. Now I want to use a CLR stored procedure to send the UDP broadcast instead:
using System;
using System.Data.SqlTypes;
using Microsoft.SqlServer.Server;
using System.Net.Sockets;
public partial class UserDefinedFunctions
{
[SqlProcedure]
public static void UdpSend(SqlString address, SqlInt32 port, SqlString message)
{
System.Net.Sockets.UdpClient client = new System.Net.Sockets.UdpClient();
I have found that to be allowed to send to 255.255.255.255 I must give the assembly permission set 'Unsafe'. If I change to 'External access' I get:
Msg 6522, Level 16, State 1, Procedure UdpSend, Line 0
A .NET Framework error occurred during execution of user defined routine or aggregate 'UdpSend':
System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
System.Security.SecurityException:
at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.Net.Sockets.Socket.CheckSetOptionPermissions(SocketOptionLevel optionLevel, SocketOptionName optionName)
at System.Net.Sockets.UdpClient.CheckForBroadcast(IPAddress ipAddress)
at System.Net.Sockets.UdpClient.Send(Byte[] dgram, Int32 bytes, String hostname, Int32 port)
at UserDefinedFunctions.UdpSend(SqlString address, SqlInt32 port, SqlString message)
I cannot use permission set 'Unsafe' in production environment, so what I want is to customize the effective permissions with higher resoloution than the three pre-defined permission sets 'Safe', 'External access' and 'Unsafe'. Except from what is allowed by 'Safe' I only want the permissions necessary to send an UDP broadcast.
VS.NET 2005 automatically deploys a CLR stored procedure when you start a project with debugging. However, if the CLR stored procedure attempts to access external resources you will get a message stating:
System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
I've isolated this to being because the CLR stored procedure does not have the EXTERNAL_ACCESS permission set.
Is there a security attribute that can be used to decorate the CLR stored procedure code so that VS.NET 2005 will register the CLR stored procedure with the correct permission set?
PLEASE PLEASE PLEASE...... I did not get a single response for the last 6 hours... And during this time I was searching and trying to understand the problem but I am really stuck. If this is the wrong forum to ask this question, please redirect me. Really begging for replies...[:'(] If I use the custom SQL statements in SqlDataSource, the application runs fine within the development environment (VS2005) but errors out if I publish the web site and access outside of the environment. In order to find-out the problem, I made the following test: I created a select statement in one SqlDataSource to fill-in a GridView. I used the exact same statement to create a stored procedure and used that SP in second SqlDataSource and I fill a second GridView. When I debug or run the application, both grids are filled OK and everything works fine. However, when I publish the web site and try to do same only the stored procedure works fine and when I try to fill the grid using the built-in SQL, the page gives error. The error mesage is as follows when I use the address 'localhost': Server Error in '/' Application.
The SELECT permission was denied on the object 'Contacts', database 'Homer', schema 'dbo'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: The SELECT permission was denied on the object 'Contacts', database 'Homer', schema 'dbo'.Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace:
[SqlException (0x80131904): The SELECT permission was denied on the object 'Contacts', database 'Homer', schema 'dbo'.] System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +859322.......da da da ....... If I access the page using the IP address the message chages to below but it is not the issue, I just give it if it helps to find the problem: Server Error in '/' Application.
Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine. Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off". My SqlDataSource s are like this: <asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:HomerConnectionString %>" SelectCommand="TestRemoteAccess" SelectCommandType="StoredProcedure"> <SelectParameters> <asp:ControlParameter ControlID="TextBox1" Name="Param1" PropertyName="Text" Type="Int32" /> </SelectParameters> </asp:SqlDataSource> <asp:SqlDataSource ID="SqlDataSource2" runat="server" ConnectionString="<%$ ConnectionStrings:HomerConnectionString %>" SelectCommand="SELECT FirstName, LastName, Business FROM Contacts WHERE (ContactID = @Param1)"> <SelectParameters> <asp:ControlParameter ControlID="TextBox2" Name="Param1" PropertyName="Text" /> </SelectParameters> </asp:SqlDataSource>
Hello. I am trying to change the owner of a stored procedure from a user ID to dbo. How do i do this. I have tried sp_changeobjectowner but I get an error message. Can I do this from Enterprise Manager? btw, I am using SQL 7.0. Any help would be appreciated. Thanx
Can someone explain to me why the following doesn't work?declare @oname sysnameselect @oname=name from sysobjects where name like"df__mytable__mycol%"alter table mytable drop constraint @oname
I am using a web application using asp.net 1.1 vs 2003. i am using sql server authentication where users are using their sql server user id and sql server saved passwords. how can i change their passwords inside the sql server? is there a system sp that allows one to pass one's user id and then change password. I will need to call that sp from a user defined store dprocedure and pass the parameters and that will change the password on the sql server. thanks
My scenario is that I want to change the default SQL server format in my stored procedure more preferably only during the course of stored procedure execution (not permanent changes does any one have idea that how will I able to achieve this simple task...
help i need to create stored procedures that run once month change value (UPDATE) once a month in one table the values from 1,2,3,4 next month 2,3,4,1 ..... 3,4,2,1 .......4,1,2,3 ..... 1,2,3,4 i have this code
Code Snippet SELECT empID, location, ISNULL(NULLIF (( location + DATEDIFF(mm, location_date, GETDATE())) % 4, 0), 4) AS new_location FROM dbo.empList
like this the employee go from one location once amonth to new location
table on this month (5) empid location location_date --------------------------------------------------------------
1111 1 222 2 333 3 444 4
5555 3 666 2 777 3 888 4
table on next month (6) (after a month) empid location location_date -------------------------------------------------------------------
I built a database by using a generated script from the originaldatabase. It built the System Store Procedures as User type. How do Ichange them back to System type?
one of my SQL Developer member had one observation that, size of the parameter 'Parameter_XYZ' in certain stored procedure had changed from 25 to 255 during some production fixes, however suddenly its looks like that, someone has changed it back to 25 instead of 255.
DECLARE @Parameter_XYZ varchar(25);
Can we figure out in which sprint/drop the stored procedure was changed and the Parameter_XYZ back to 25. Can any log recovery mechanism will get such details.
Can we get stored procedure text between different alteration.
need help with my problem i have this view this code change the value field "new_unit" evry month from 1 > 2 > 3 > 4 like this evry 4 month it return to 1 >2.......... ------------------------------------------ for example
if i put unit_date = 01/05/2008 and unit=1 than new_unit=1
my question is how to create a stored procedure that move forward (all the employee) the "new_unit" field in +1 OR "unit_date" value MONTH +1
like create stored procedure name "plus" + so if i run this name stored procedure name "plus"
the stored procedure go to the viewor table and change the code view or table value
so i forward all the the "new_unit" or "unit_date" value IN one (change the cycle)+1
it doesn't matter if it change the "unit" value in the table "dbo.empList" or "unit_date" value
the important thing is that i can forward +1 or backward -1
evry time i run the stored procedure i get +1 (in the "new_unit") and olso create stored procedure name "minus" + so if i run this name stored procedure name "minus" this stored procedure that move backward the the "unit" value in the table "dbo.empList" or "unit_date" value in -1
How Can I Control the data type for each parameter ?? Or How Can I Change the data type of the parameter for the Deployed Stored Procedure ?? Or How Can I defined the new Data type ??
Or
What's the solution to this problem ??
Note : I get Error when I try to use Alert Statement to change the parameter Data type for the SP
ALTER PROCEDURE [dbo].[sp_AddImage] @ImageID [uniqueidentifier], @ImageFileName nText, @Image Image WITH EXECUTE AS CALLER AS EXTERNAL NAME [DatabaseAndImages].[StoredProcedures].[sp_AddImage] GO
Client/Server machine: Windows Xp Pro (SP2) (latest patches) Office Software: Access 2003 (latest patches) Database S/W: SQL Server 2005 (latest patches)
The following error message is displayed when trying to modify a stored procedure.
This version of Microsoft Access doesn't support design changes to the version of Microsoft SQL Server your project is connected to. See the Microsoft Office Update Web site for the latest information and downloads (on the Help menu, click Office on the Web). Your design changes will not be saved.
However, if you save, close and re-open the stored procedure having made the required changes, the changes have been saved.
Is there any way to suppress the error message / hotfix available from microsoft since the error message appears to be completely erroneous ?
Have I provided enough detail as this is my first post ?
Hi all - I'm trying to optimized my stored procedures to be a bit easier to maintain, and am sure this is possible, not am very unclear on the syntax to doing this correctly. For example, I have a simple stored procedure that takes a string as a parameter, and returns its resolved index that corresponds to a record in my database. ie exec dbo.DeriveStatusID 'Created' returns an int value as 1 (performed by "SELECT statusID FROM statusList WHERE statusName= 'Created') but I also have a second stored procedure that needs to make reference to this procedure first, in order to resolve an id - ie: exec dbo.AddProduct_Insert 'widget1' which currently performs:SET @statusID = (SELECT statusID FROM statusList WHERE statusName='Created')INSERT INTO Products (productname, statusID) VALUES (''widget1', @statusID) I want to simply the insert to perform (in one sproc): SET @statusID = EXEC deriveStatusID ('Created')INSERT INTO Products (productname, statusID) VALUES (''widget1', @statusID) This works fine if I call this stored procedure in code first, then pass it to the second stored procedure, but NOT if it is reference in the second stored procedure directly (I end up with an empty value for @statusID in this example). My actual "Insert" stored procedures are far more complicated, but I am working towards lightening the business logic in my application ( it shouldn't have to pre-vet the data prior to executing a valid insert). Hopefully this makes some sense - it doesn't seem right to me that this is impossible, and am fairly sure I'm just missing some simple syntax - can anyone assist?
I have a requirement in SQL 2005 in Development database1. Schema dbo owns all objects (tables,views,SPs,UDFs etc) .2. Only DBA's ( who are database owners ) can create, alter tables .Developer's should not create or alter tables .3. Developers can create/alter Stored Procedure/User Defined functionsin dbo schema and can execute SP/UDF.4. Developers should have SELECT,INSERT,DELETE,UPDATE on tables (tables in dbo schemaHow to achieve this using GRANT SCHEMA statementThanksM A Srinivas
Keep in mind this is my first compiled SQL program Stored Procedure(SP), copied from a book by Frasier Visual C++.NET in Visual Studio2005 (Chap12). So far, so theory, except for one bug (feature?)below. At some point I'm sure I'll be able to laugh about this, akinto forgeting a semi-colon in C/C++, but right now it's frustrating(time to sleep on it for a while).Problem--For some reason I get the error when trying to save files where twotables (called Author and Content), linked by a single key, form arelationship.By simple comparison of the source code in the textbook and my program(below) I found the difference: instead of, like in the textbook, theStored Procedure (SP) starting with "CREATE PROCEDURE", it*automatically* is (was somehow) given the name of 'ALTER PROCEDURE'and I cannot change this to "CREATE PROCEDURE" (you get an error in MSVisual Studio 2005 Pro edition of "There is already an object namedXXX in the database", see *|* below). No matter what I do, the SP isalways changed by Visual Studio 2005 to 'ALTER PROCEDURE'!!!(otherwise it simply will not save)Anybody else have this happen? (See below, others have had this happenover the years but it's not clear what the workaround is)Keep in mind this is my first attempt and I have ordered somespecialized books on SQL, but if this is a common problem (and Isuspect it's some sort of bug or quirk in VS2005), please let me know.Frankly I think SQL as done by VS2005 is messed up.Here are two Usenet threads on this problem:(1) http://tinyurl.com/2o956m or,http://groups.google.com/group/micr...1454182ae77d409(2) http://tinyurl.com/2ovybv or,http://groups.google.com/group/micr...9e5428bf0525889The second thread implies this is a bug--any fix?Also this bug might be relate to the fact I've switched (and notrebooted) from Administrator to PowerUser after successfully changingthe permissions in the SQL Server Management Studio Express (see thisthread: http://tinyurl.com/2o5yqa )Regarding this problem I might try again tommorrow to see if rebootinghelps.BTW, in the event I can't get this to work, what other SQL editor/compiler should I use besides MS Visual Studio 2005 for ADO.NET andSQL dB development?RL// source files// error message:'Authors' table saved successfully'Content' table- Unable to create relationship 'FK_Content_Authors'.The ALTER TABLE statement conflicted with the FOREIGN KEY constraint"FK_Content_Authors". The conflict occurred in database "DCV_DB",table "dbo.Authors", column 'AuthorID'.// due to the below no doubt!--CREATE PROCEDURE dbo.InsertAuthor /* THIS IS CORRECT (what I want)'CREATE PROCEDURE' not 'ALTER PROCEDURE'*/(@LastName NVARCHAR(32) = NULL,@FirstName NVARCHAR(32) = NULL)AS/* SET NOCOUNT ON */INSERT INTO Authors (LastName, FirstName)VALUES(@LastName, @FirstName)RETURN--ALTER PROCEDURE dbo.InsertAuthor /* WRONG! I want 'CREATE PROCEDURE'not 'ALTER PROCEDURE' but VS2005 won't save it as such!!!*/(@LastName NVARCHAR(32) = NULL,@FirstName NVARCHAR(32) = NULL)AS/* SET NOCOUNT ON */INSERT INTO Authors (LastName, FirstName)VALUES(@LastName, @FirstName)RETURN--*|* Error message given: when trying to save CREATE PROCEDURE StoredProcedure: "There is already an object named 'InsertAuthor' in the dB
I executed them and got the following results in SSMSE: TopSixAnalytes Unit AnalyteName 1 222.10 ug/Kg Acetone 2 220.30 ug/Kg Acetone 3 211.90 ug/Kg Acetone 4 140.30 ug/L Acetone 5 120.70 ug/L Acetone 6 90.70 ug/L Acetone ///////////////////////////////////////////////////////////////////////////////////////////// Now, I try to use this Stored Procedure in my ADO.NET-VB 2005 Express programming: //////////////////--spTopSixAnalytes.vb--///////////
Public Class Form1
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Dim sqlConnection As SqlConnection = New SqlConnection("Data Source = .SQLEXPRESS; Integrated Security = SSPI; Initial Catalog = ssmsExpressDB;")
Dim sqlDataAdapter As SqlDataAdapter = New SqlDataAdaptor("[spTopSixAnalytes]", sqlConnection)
'Pass the name of the DataSet through the overloaded contructor
'of the DataSet class.
Dim dataSet As DataSet ("ssmsExpressDB")
sqlConnection.Open()
sqlDataAdapter.Fill(DataSet)
sqlConnection.Close()
End Sub
End Class ///////////////////////////////////////////////////////////////////////////////////////////
I executed the above code and I got the following 4 errors: Error #1: Type 'SqlConnection' is not defined (in Form1.vb) Error #2: Type 'SqlDataAdapter' is not defined (in Form1.vb) Error #3: Array bounds cannot appear in type specifiers (in Form1.vb) Error #4: 'DataSet' is not a type and cannot be used as an expression (in Form1)
Please help and advise.
Thanks in advance, Scott Chang
More Information for you to know: I have the "ssmsExpressDB" database in the Database Expolorer of VB 2005 Express. But I do not know how to get the SqlConnection and the SqlDataAdapter into the Form1. I do not know how to get the Fill Method implemented properly. I try to learn "Working with SELECT Statement in a Stored Procedure" for printing the 6 rows that are selected - they are not parameterized.
i'm using SQLCacheDependency in my code. I have ran following lines to enable SQL notification.
ALTER DATABASE [DataBaseName] SET SINGLE_USER WITH ROLLBACK IMMEDIATE ALTER DATABASE [DataBaseName] SET ENABLE_BROKER ALTER DATABASE [DataBaseName] SET ARITHABORT ON ALTER DATABASE [DataBaseName] SET MULTI_USER WITH ROLLBACK IMMEDIATE In Global.asax file, i have protected void Application_Start(object sender, EventArgs e) { SqlDependency.Start(CONNECTION_STRING); } but whenever my application starts i get error saying "CREATE PROCEDURE permission denied in database", if i give dbo owner permission to SQL user then it works fine, but ofcource i dont want to give dbo owner permission to sql user defined in connection string
we've got a Windows Server 2003 environment with SQL Server 2000 Sp 3.
A stored procedure selects specific data from a user-table which depend on the user executing it. The users are granted execute permission on the stored procedure. But execution fails, if the user is not granted select permission on the user-table, too.
The problem is, that the user must not have the permission on all data in the user-table but on the data concerning him.
In earlier versions of SQL Server and Windows the execute permission has granted sufficient rights to select from the underlying tables. How can this be re-established?
I have some code that I need to run every quarter. I have many that are similar to this one so I wanted to input two parameters rather than searching and replacing the values. I have another stored procedure that's executed from this one that I will also parameter-ize. The problem I'm having is in embedding a parameter in the name of the called procedure (exec statement at the end of the code). I tried it as I'm showing and it errored. I tried googling but I couldn't find anything related to this. Maybe I just don't have the right keywords. what is the syntax?
CREATE PROCEDURE [dbo].[runDMQ3_2014LDLComplete] @QQ_YYYY char(7), @YYYYQQ char(8) AS begin SET NOCOUNT ON; select [provider group],provider, NPI, [01-Total Patients with DM], [02-Total DM Patients with LDL],
I've all procedures running over EXECUTE permission. They're running properly without the SELECT or DRY permissions on involved tables. But some procedures of above cited, in a particular tables or particular the procedure don't runs properly with out enabling SELECT permission on involved tables. The EXECUTE permision runs overs other permissions on tables if the're not implicit denied, it's the best segurity practice. Then what is happen?? why need extra SELECT permision on some tables ?. The usser, and function role are ok. You troube the same, some help please :)