User/schema Problem In SQL Server 2005!
Oct 13, 2006
do the following steps:
1:Use Manage Studio login the server with Integrated security.
2:Create a dabase named testdb;
3:Create a SQL Server login named amber ,and set it to be dbowner of
testdb;
4:Create a SQL Server login named guxiaobo ,set it's default databse to
be testbd,and in the testdb databse map login guxiaobo to user
guxiaobo;
5:Close Manage Studio and reopen it ,this time use login amber log to
the server.
6:In database testbd create a databse role role1 owned by dbo;
7:In database testdb create a schema schema1 owned by dbo;
8:Set user guxiaobo to be member of role1,and set guxiaobo's default
schema to be schema1;
9:In the schema properties-schema1 dialog choose permissions,in the
users or roles listview I add role1 to it.in the explicit permissions
for role1 listbox,I choose select /update/insert/delete/view definition
grant checkboxes.and apply the selects.
10:In the schema1 schema I create a table:create table a(a int ,b
varchar(10));
11:In the dabase role properties-role1 dialog choose securables panel
,int securable listview I add the schema1.a table( choose all the
columns of table a for all permissions),and in explicit permissions for
schema1.a I choose all for grant ,then apply the selects.
12:Now I use login guxiaobo to log into dabase and issue "select * from
a",but got a error msg saying guxiaobo has not enough permission to
select form table a.
Does anyone has found anything I missed?
View 6 Replies
ADVERTISEMENT
May 20, 2015
I created a new login and then created a new user [COM] in DB with default schema pointing to [COM]
I created then schema [COM] WITH AUTHORIZATION [COM]
I want this [COM] user to have all permissions it needs on [COM] schema only. How do I do that? When I try to create table [Com].Table it gives me permission denied.
What am I missing?
View 9 Replies
View Related
Jul 13, 2015
The requirements are:
1. the user has read-only permissions to dbo tales.
2. the user can do everything within the rpt schema, which contains all objects analyzing dbo tables.
3. the user does not have any permission outside rpt schema, except permissions in #1.
The current solutions are:
1. grant the user select only on dbo tables.
2. make the user the owner of rpt schema.
3. Grant the user database permission on create table/create procedure/create view/create function.
My question is - in step 3, should I just grant "Alter" database permission to the user? Granting Alter seems to be cleaner and simpler. According to MSDN,
"Alter" confers the ability to change the properties, except ownership, of a particular securable. When granted on a scope, ALTER also bestows the ability to alter, create, or drop any securable that is contained within that scope.
View 2 Replies
View Related
Sep 27, 2006
A database was created in SQL 2000. We are going to move to sql 2005. So I attached a database to SQL 2005 and now I have a problem with name resolution. When I worked with SQL 2000 I did not put my schema's name before table name (select * from table1). The schema's name is my user name (IQA) and by default the schema name is a name of user who loged in. (in 2000)
Here is a problem with SQL 2005. The schema's name is still IQA. But I need to do select * from IQA.table1.
I created IQA login and IQA user is an onwer my IQA schema but I still can not do a select without schema name. I need to resolve this because VB.Net code has all select statement without schema's name. Need help!!!
View 4 Replies
View Related
Nov 9, 2007
I am using sql server 2005 express. When I created a new database my schema name was dbo and my stored procedures looks like this:
dbo.sp_name
Now when I am creating new sp:s my schema name has change to DOMAINUsername:
DOMAINUsername.sp_name
My webb application cant find any sp:s with this schema name and I don't now how to change schema name back to dbo. What has happened, what is this schema name and why has my schema name been changed!? Please help me out!
View 1 Replies
View Related
Sep 6, 2007
Information Schema is the part of the SQL-92 standard which exposes the metadata of the database. I have written a small article that exposes the same. Let me know your comments on the same. http://aspalliance.com/1380_Information_Schema_and_SQL_Server_2005
Uday Denduluri
Software Engineer
Refer my articles at http://aspalliance.com/author.aspx?uId=62740
View 5 Replies
View Related
Nov 26, 2007
Hi Group,(I am just starting with SQL Server 2005.)On SQL Server 7 I used often the nice relation schema, where I used todraw out the whole database, especially the Foreign Keys constraints.I found these relational schemas very handy to study an old database Ibuild a few years earlier that needs some updating.I tried to find such an utility in SQL Server 2005, but cannot find it.I did found the FK-constraints, but it is just an popup where I candefine them.The overview such a visual schema gave was really great and I miss it.Question: Is it gone in SQL Sevrer 2005, or do I just not know where tolook? If the latter, please guide me. :)Thanks for your time.Regards,Erwin Moller
View 1 Replies
View Related
Jul 11, 2006
I wonder how can I track the changes in the columns whether added, deleted or their name is changed and how can I test that?
your help is appreciated
View 9 Replies
View Related
Aug 29, 2005
Hello Everyone,
View 12 Replies
View Related
Aug 7, 2006
Hi everyone,
I'm currently investigating the security improvements of SQL Server 2005. I've got some problems with the schemas introduced in SQL 2005 and security settings.
For my test I've created two schemas: UserManagement and Sales. A user "test" is attached to the UserManagement schema. There's a table Sales.Users containing a list of users (varchar) and a stored procedure named UserManagement.AddUser that can be executed by the UserManagement schema (GRANT EXECUTE, so "test" can execute the SP). UserManagement.AddUser simply inserts a new row into Sales.Users.
Because the Sales schema doesn't contain any user, nobody (except the sysadmin, of course) can do a INSERT/SELECT/DELETE in the Sales.Users table. As expected, the following SQL statement fails:
EXECUTE AS LOGIN='machine est';
INSERT INTO Sales.Users VALUES('Test User');
INSERT was not allowed: object 'Users', database 'test', schema 'Sales'.
The second way of inserting rows into Sales.Users is to execute the stored proc UserManagement.AddUser:
CREATE PROCEDURE [UserManagement].[AddUser]
WITH EXECUTE AS CALLER
AS
INSERT INTO Sales.Users VALUES('Test User');
The user "test" can execute this sproc without problems:
EXECUTE AS LOGIN='machine est';
EXECUTE UserManagement.AddUser;
(1 row(s) affected)To my astonishment the INSERT statement inside the stored proc does execute - although UserManagement.AddUser and Sales.Users are two different schemas. Why is that, is there a chaining happening? To my understanding SQL Server should test INSERT rights on Sales.Users for the UserManagement schema and deny the INSERT statement because UserManagement isn't allowed to INSERT in the Sales schema.
Any ideas? Help regarding the issue is greatly appreciated.
Best regards,
Alex
View 3 Replies
View Related
Apr 22, 2008
Hi,
While i trying to drop the user,i getting the following error:
(Microsoft SQL Server, Error: 15138)"
Now,i wanna change the owner of that schema,Which is associated with the schema,which i am trying to delete.
How to transfer the owner?
Plz help me.
View 1 Replies
View Related
May 23, 2008
Hi all. I'm mapping FKs in a DataWarehouse and I'm wondering if there is a way to change the schema of a database diagram from dbo.
Thanks,
Charlie
View 2 Replies
View Related
Aug 17, 2006
We have a commercial VB.NET winforms client/server application that utilizes SQL Server 2005 express edition. The schema and data that the application utilizes is proprietary and could be very damaging if it got into a competitors hands.
Is there any way to protect the data and schema of a sql server 2005 express edition database?
Will this functionality ever be added?
Thanks
View 1 Replies
View Related
Jun 25, 2007
How do you handle user level security with SQL Server 2005?
Say I have an HR database.
In Active Directory I have two groups: Managers, Employees.
Now in this HR Database I want to setup permissions in such a way that Managers can see all employees under them (but not other managers) and the employees can only see themselves.
(I'd have various levels of management defined in a table somewhere, so that each employee has a manager ID that links to another employee so that the CEO would be manager of everyone by working down the chain).
What I'm trying to understand is the best way to handle the permissions.
I'm not entirely clear on how to deal with that.
Would I use user chaining to do that, I wouldn't need impersonation (that's just for instances where you want dynamic SQL and it won't execute with user chaining, correct?)
Anyway, just looking for some general direction on this (obviously I need to get a good book it would seem).
Would I create a stored procedure that runs with EXECUTE AS permissions so that I'd have a non-interactive login it uses that has table access then all the other users have permission to execute the sproc?
So that sproc runs, pulls back a SELECT * FROM tbl_HRINFO and using a WHERE constraint limits who is returned WHERE SupervisorID = CurrentLoggedInEmployeeID ?
Also: How can I determine who is logged in and running the procedure, would the sproc use the SELECT USER_NAME command to see who was running it?
As you can see, I'm working from square one on all of this.
Not sure if my posting entirely made sense, but hopefully someone can get me pointed in the right direction, thanks!
View 3 Replies
View Related
Sep 19, 2007
what's the relationship of login,user and user in sql server 2005?
thanks
View 6 Replies
View Related
Jun 29, 2007
During web-site development, I am using VStudio 2005 with SQL-Express. I frequently publish changes to my web server that is running SQL- Server 2000 standard edition.
Is there a simple way to replicate changes in database tables design without copying the whole mdf-file and loosing the existing data in the target database?
thanks, Reinhard
View 3 Replies
View Related
Jun 28, 2015
In some our dotabases I can see Schemas created with the same name as Domain User name (domainusername). Schema owner for those schemas is not dbo but the same user as in schema name. How this happens? Is any way to prevent or prohibit this?
View 9 Replies
View Related
Aug 22, 2006
We are using SQL Server2005 on Windows XP.
My question is:
What is the difference b/w schema, owner and user in SQL Server 2005. The reason for asking is that when I login as a user say 'user1' and create objects under it.. they should show up in its own schema - right. Because this is how Oracle works. Now we are not seeing this behaviour in SQL Server2005. Instead, we see the object created with <dbo>.<object_name>.
Are we missing something? thanks.
View 4 Replies
View Related
May 18, 2007
Is it possible to set up the permissions to not allow a specific user to create schemas, but to allow that user to create tables and procedures and functions in one schema, and to create procedures and functions but not tables, in a different schema within the same database?
View 3 Replies
View Related
Sep 23, 2015
I have created a user Finance and I want to grant him access only to see views which are created under Schema called "FinanceQuery".
Note: View may use tables from multiple schemas example: dbo. Staging. ect
By doing this, I want to achieve that this user Finance can see only Views created under Schema FinanceQuery and should not see any other objects (tables, Stored Procedures, Functions etc.)
View 3 Replies
View Related
Aug 8, 2006
I have granted execute on the dbo schema to a sql user so that he can execute available procedures in the dbo schema. However when he executes a procedure ie..
exec dbo.myproc
The following error is returned:
Msg 229, Level 14, State 5, Line 2
SELECT permission denied on object 'MyType', database 'Mine', schema 'dbo'.
MyType is a table
How can I correct this behavior?
I don't want the user to be able to access the tables except via the procedure calls.
View 5 Replies
View Related
Oct 22, 2015
I need to provide a User with below permissions:
1. Ability to read and write records in tables in both the X schema and Y schema
2. Ability to read metadata about objects in the X and Y schema
3. Ability to execute stored procedures in the X and Y schema
4. Ability to create and update the necessary schema objects used by X, including but not limited to tables, views, and indexes
5. CREATE FUNCTION permission
6. ALTER and EXECUTE permissions on the X schema
7. VIEW DEFINITION permission on the X and Y schemas to enable view export.
For the point 1, I will assign db_datareader,db_datawriter database roles to the user
For the point 2, when I have searched web, I found out ReadDefinition permission should be granted. I could find only viewDefinition but not ReadDefinition.
For the point 3, 'USE DataBaseName GRANT EXECUTE TO User; Go' - does this sql suffice?
For the point 4, I am not sure what should be done.
For the point 5, 'USE DataBaseName GRANT CREATE FUNCTION TO User; Go' - I guess this will work
For the point 6, Can I use same SQL as point 3 including ALTER ?
For the point 7, 'USE DataBaseName GRANT VIEW DEFINITION TO User; Go'
View 5 Replies
View Related
Oct 1, 2007
Hi all,
I am trying to establish a "sandbox" database for a group of users/developers whereby each user has their own schema and complete control over their schema and only their schema.
I began by creating user logins (Windows Authentication), created schemas for each user where the corresponding login is the owner, and set the schema as default for the user.
At this point, the logins only had "public" and could not create tables. I then granted the Create Table privilege which allowed them to create a table in their schema. However, they could also create tables anywhere else in the database including another user's schema.
How can I set up an enironment where each user has control over just their schema? What permissions would I need to grant and at what level (database,schema, etc.). I also need them to be able to grant privileges on their own schema and/or schema objects.
Any help would be greatly appreciated.
View 4 Replies
View Related
Jun 15, 2007
Hi
For MSSQL 2005 server, when we create new user using stored procedure sp_grantdbaccess, it creates schema with name given to user.
While when we create new user with query " Create login identfied by'password'. It attach user to default schema at the server.
My question is can we have a default schema assigned to the user, while user is created with sp_grantdbaccess?
Is there any way to do so?
Please reply as early as possible.
View 3 Replies
View Related
Nov 22, 2006
Hi,
SQL Server Security is not my strong point so forgive me for asking stupid questions.
I have a bunch of tables and sprocs within a schema 'MySchema'. I have a user 'MyUser' defined in the database.
I would like to give MyUser permission to SELECT from tables and EXECUTE all sprocs in MySchema. What is the simplest way of doing that? Will the following:
GRANT EXECUTE ON SCHEMA::[MySchema] TO [MyUser] WITH GRANT OPTION AS [db_owner]
GRANT SELECT ON SCHEMA::[MySchema] TO [MyUser] WITH GRANT OPTION
accomplish that? (I can't test it out at the moment because our DBA isn't around and I don't have permission)
With best practices in mind - is what I am doing here considered "ok". Any suggestions/comments are welcome.
-Jamie
P.S. Can anyone recommend any documentation that talks about what best practices should be in the use of schemas. BOL is a bit sparse. Thanks.
View 5 Replies
View Related
Jul 8, 2015
I just recently updated to SSDT 12.0.50512.0 using Visual Studio 2013 Ultimate. I typically use SSDT Schema Compare to synchronize my schema across multiple databases and different environments. After updating i encountered a major bug while updating our production schema.Typically during schema compare, the compare will prompt me to drop users and user roles from the database as they are not present in the project. I will exclude these so they database users and their roles aren't affected. After the update to SSDT I noticed that schema compare was only prompting me to drop the User, but didn't show anything about the user's roles. Not thinking much of it I went through my usual task of updating all the production databases. I soon found out that this did in fact remove the user roles even though it showed NOTHING in the schema compare UI indicating it would do so.
GO
PRINT N'Dropping <unnamed>...';
GO
EXECUTE sp_droprolemember @rolename = N'db_datareader', @membername = N'dbuser';
GO
PRINT N'Dropping <unnamed>...';
GO
EXECUTE sp_droprolemember @rolename = N'db_datawriter', @membername = N'dbuser';
You could say this is partially my fault for not checking the generated script before running it, but after months of this routine task I've never had an issue until this update.i'm not seeing the changes that will happen to my user roles in the schema compare UI?
View 2 Replies
View Related
Apr 20, 2013
i have database and set default table schema to "ray" and me must input ruy.TABLE-NAME for retrive data !!! , i need set Default Schema to current user for call database as just database name(for my program) , how changed it ? (i change default schema for current user by alter command but not worked !)
View 1 Replies
View Related
May 6, 2008
Dear All,
I am using SQLServer 2005, I have setup a login user "User1" and next I setup database user using the same username and login name. After that I create a new schema "mySchema" and make "User1" as the owner of the schema. To "User1" I assigned the default schema to "mySchema", so far its working fine. But when I open the user's property window (dialogbox) the default schema always gets reset to "dbo".
What could be the problem here? Please help me if there is any solution to get the right schema which I assigned to the user.
Thanks and regards,
View 4 Replies
View Related
Nov 12, 2014
Query to find the date/time when a database schema was created and who created it.
View 2 Replies
View Related
Jul 20, 2005
I have a client who wants to build a database with a user extensibleschema.The client wants to model an entity with about 100 numeric attributes.As time goes on, more numeric attributes will be added. The clientwants an admin function that will allow him to add these attributeswhen needed.My instinct is that this is wrong and that bad things will happen ifwe build this. However, when I went to write up the reasons, all Icould come up with was that* we would need to write dynamic SQL to handle the changing tablestructure,* that table locking would result from field additions* and that it was "non-standard"One alternative is to create a table containing field-name/valuepairs. This is ugly and breaks the ER modelling rules that tell me yoput attributes of an item into the same row. All the same, I wouldprefer this method to the first approach.This problem does not arise on database projects that follow thepattern of only allowing DDL commands to be issued during the initialdevelopment phase and during subsequent change requests.Have any of you been faced with a similar problem? What should I do?Karen
View 4 Replies
View Related
May 30, 2008
Just installed SQL Server 2005 and tested my old VS 2005 ASPnet websites, which were connected toSQL Server 2000 databases before. All my websites were created for local HTTP applications, coded with a connection string with User ID and Password. The SQL Server 2000 was configured as mixed authentication (i.e. with User ID and Password). These websites worked very well with SQL Server 2000 database server.Testing my old VS 2005 websites with SQL Server 2005 database, showed a 'Login failed for a User ''.' error msgalthough the 'Test Connection' on VS 2005 design showed a perfect query for e.g. a GridView control. I have assured that the UserID/Password were correct for Management Studio Security object'slogin and Database Security's user. The server instance was configured with mixed authentication mode. One thing I am not sure of is, when clicking the Management Studio icon, a Connection dialog showed up, asking for a Windows or MIxed authentication? I just stayed with the Windows authentication. What does the authenticationmode have anything to do with the VS 2005 website connection? Should I change to mixed authetnication mode?TIA,Jeffrey
View 3 Replies
View Related
Apr 25, 2007
Hi,
I created a database,login,user and schema like belows.
-- 2. create database
CREATE DATABASE MyTempDatabase;
-- 3. create login
CREATE LOGIN MyTempLogin WITH PASSWORD = '#mytemplogin$',
DEFAULT_DATABASE = MyTempDatabase,
CHECK_EXPIRATION = OFF,
CHECK_POLICY = OFF;
--
USE MyTempDatabase;
-- 4. create user
CREATE USER MyTempLogin FROM LOGIN MyTempLogin WITH DEFAULT_SCHEMA = MyTempSchema;
-- 5. create schema
CREATE SCHEMA MyTempSchema AUTHORIZATION MyTempLogin;
The created user,MyTempLogin, must have permissions that can create tables,drop tables,select,insert,delete,update and bulk insert.
How can I grant permissions to the user?(or schema?)
I failed to grant by T-SQL query.
Additionally, what is purppose of the ROLE? Should I create or use it?
I'm confusing in security concept(login,user,schema,role).
Thanks.
View 3 Replies
View Related
Aug 15, 2007
Running [dbo].[insertlogin] ( @log = hiten, @pas = hiten ).A .NET Framework error occurred during execution of user-defined routine or aggregate "insertlogin": System.Data.SqlClient.SqlException: Must declare the scalar variable "@Log".System.Data.SqlClient.SqlException: at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnectionSmi.EventSink.ProcessMessagesAndThrow(Boolean ignoreNonFatalMessages) at Microsoft.SqlServer.Server.SmiEventSink_Default.ProcessMessagesAndThrow(Boolean ignoreNonFatalMessages) at System.Data.SqlClient.SqlCommand.RunExecuteNonQuerySmi(Boolean sendToPipe) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at SqlServerProject1.StoredProcedures.insertlogin(SqlString log, SqlString pas).No rows affected.(0 row(s) returned)@RETURN_VALUE = Finished running [dbo].[insertlogin]. ***************************************************************all i am trying to do is : creating a SP in VS using managed code and then trying to execute it. But every time i get the above error. If you can tell me how to edit connection string in this that would be very helpful. At present i am using : Using conn As New SqlConnection("context connection=true") I tried to do "" ALTER ASSEMBLY SqlServerProject1 WITH PERMISSION_SET=EXTERNAL_ACCESS""but i get this error "" Msg 10327, Level 14, State 1, Line 1ALTER ASSEMBLY for assembly 'SqlServerProject1' failed because assembly 'SqlServerProject1' is not authorized for PERMISSION_SET = EXTERNAL_ACCESS. The assembly is authorized when either of the following is true: the database owner (DBO) has EXTERNAL ACCESS ASSEMBLY permission and the database has the TRUSTWORTHY database property on; or the assembly is signed with a certificate or an asymmetric key that has a corresponding login with EXTERNAL ACCESS ASSEMBLY permission. If you have restored or attached this database, make sure the database owner is mapped to the correct login on this server. If not, use sp_changedbowner to fix the problem.""" *********************************************************************Plz help
View 13 Replies
View Related
