I just restored a database on a new server with a backup(complete backup stored in backup device) from another database on another server using the "with move" option. In fact here was my process:
Alter database ngauge SET SINGLE_USER WITH ROLLBACK IMMEDIATE
restore database ngauge
from disk = 'C:Program FilesMicrosoft SQL ServerMSSQLBACKUP
gauge1.BAK'
with move 'NGAUGE' to 'C:Program FilesMicrosoft SQL ServerMSSQLData
gauge_Data.MDF',
move 'NGAUGE_Log' to 'C:Program FilesMicrosoft SQL ServerMSSQLData
gauge_Log.LDF'
Alter database ngauge SET READ_WRITE
it worked.
But it did not move the 98 or so users/logins...from the source database
what is going on??? what am I doing wrong??!!
I wanted to create two users in SQL Server to be used by my application. The first would have read only access to all the tables in the database, the second would have read and write access. I tried to use one login for both but when I tried to create the second user in my database I encountered the following error :
Error 15063 : The login already has an account under a different user name.
Do I need to create two separate logins in SQL Server to achieve this? If so, what if I want various users all with different access rights to different tables. Do I need a new login and a new user for each.
hi all , any decribtion about users and logins and differncs between them ?? and any example for real use in real life ?? i use logins user name and passwords in the connection string from c# but how users can make difference with that ??
Ok, let me preface my question with a little info about the application I am working on. I am in the middle of creating a project in VB.Net for my company. We have a data management system for handling sampling data. Now the database design is like so. The application is able to handle multiple "Sites". We create a new database for each site that is create dint eh application. These databases are identical in structure but the data is obviously different.
Now we don't actually delete any records in this application rather we mark items as deleted instead. This allows us to easily undo any changes that have been made to the data. When a change or delete are made, we record this change so that reports can be printed to show what changes were made and by who. This is all well and good, but my thoughts are this.
At the moment I am writing lots of VB code to handle adding these records of change and inserting them into the database... What I would like to be able to do is to just create Triggers on the tables to add them. This is something that I know how to do and i feel like it would be the better way to do it except for one thing... here comes the issue...
I have no way of knowing what user is logged in to my application from within the trigger because the application uses a single login for accessing the database. My thoughts are this... Would I be crazy to think that it would be a good idea to create SQL server logins for each user that is created in the application, giving these users access to only the database that they have been created in? This would allow me to determine who was logged in when the change was made and could then implement recording changes through triggers... I am not a very experienced dba programming is more my speciality. I know how to implement this idea, but I am just wondering if this sort of thing is considered bad practice or if it is something I should consider implementing...
Sorry for the novel there and thanks for any help or insight.
In sql2k you used to be able to have a same user in 2 databases under the same login. Just moved to 2005, using sql authentication, and have some users who need to access 2 databases using the same login credentials. But sql2005 will not let me create 2 users under the same login across databases. Any ideas?
I can't figure out what the purpose of having seperate users is as I can't actually login to the database using one.
Here is my scenario.
I have a single login called LoginA and I have a database which I want to carve up using schema's. At the database level I need to create a user, associate a login with this user and can set a default schema and specifiy what schemas this USER can access. The login created can access multiple schemas.
So..
I created a database login called loginA.
I created a user for the database called UserA set it's login name to LoginA and
I then created 3 schemas called SchemaA, SchemaB and SchemaC and set their schema owner name to UserA.
I went back to UserA and set their default Schema to SchemaA
How can I login using the new user created as it has no password associated with it. If I login using LoginA then I have no default Schema set becuase the schema is associated with a USER not a LOGIN.
I can understand why you can only have one login account assicated with one user account for each database but I can;t understand why you can specify a user name if you can't use it to login.
I'm using sql enterprise manager to access a database which has two users associated to it called 'dbo' and 'user'. I have a login that uses sql authentication also called 'user2' which has been tested and working fine. From within enterprise manager, when i look at the list of users for my database, 'dbo' is listed as using the 'user2' login to gain access, but the entry for 'user' has no login name listed and is blank, which should be 'user2'. How can I rectify this? Thanks
I do not understand the sequence in which to add logins/users. A coupleof things to note. I can not use vbscript - it has to be done using thesqldmo objects (or in a sql script).The sequence I use now is:1- create login, set default db2- add login to sql server3- set db owner4- create user5- add user to master db6- add user to tempdb - blows up hereError 'Microsoft SQL-DMO: [SQL-DMO]This object is already in acollection.'I need the user in 3 dbs. Any help greatly appreciated. Thinking aboutit...I bet by adding it to the master db that it is automatically addedto tempdb so I will try to add it to the 2rd db and see if that works.Thanks!-Will
Hello all,I am looking for the script, which I believe exists already.I need tobe able to populate the script for security of one database andapply it to another database, even if it is located on another server:1. All logins which not exist have to be created and which existsignored including the NT accounts2. Users same as the old database + the existing ones stay in database3. Passwords for the new logins.4. All permissions/grants on all objects for the users that exists(usually it's the case) and ignore those that don't.I have script which does some of it, but it's not perfect, so everytime there are some errors.Please let me know, if you need me to email script that I have. It'spretty long so I cannot just post it in here.Thank you in advance.
Sql 2005 I want to grate execute permissions on my stored procedures to a role. While creating the role, it asks for "schemas owned by this role". To me, the schema is merely a namespace that allows you to group objects, but arent schemas such as db_datawriter roles that are central to the db and only admin type users should have ownership of these, correct ?
In a nutshell, I want to: create a new role and assign a user to that role with a stored procedure, grant execute permissions to this role
I was confused by the sql 2005 dialog that asks me to take ownership of roles such as db_datawriter, db_datareader etc, wouldnt that mess up other things with the database ?
help ...
I think its time I review all of the above items role user login schema
Our company has 2 Database Roles (DBE and DBA). The DBE creates database schema, performs SQL Server Administration, and manages server security. The DBA writes data access, ETL, and manages database security. In 2005, we're struggling with how to allow the DBA to see all of the logins on the server in order to add them as users of their database. What permissions does the DBA need to select from any of the logins on the server to add them to their database?
A question on the permissions hierarchy: Since logins, database users, and database roles are both principals and securables - what does it mean to GRANT permission on a login/user/role to another principal? Does it mean that for a login - you can GRANT permission to EXECUTE AS that login or modify it, for example?
I also migrated the server level logins using SSIS transfer logins task, available on SSIS 'Transfer logins', I selected all the databases that I have migrated so that I have all database users account in server logins (to avoid orphaned users); but I don't have all the database users in server logins, also the sys.sysusers doesn't have the database users, that I have moved to SQL 2005. Can anybody help?
Also do I need to back up the SQL Server 2000 database and restore it on SQL 2005? What impact this operation can have?
I have read the previous threads on the bugs with this task mainly: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1438968&SiteID=1 . These are great posts that helpmed me avoid wasting time. I haven't seen one yet that addresses copying an entire database including the sql server logins.
I would like to import the ENTIRE database from one (2005) server to another(2005) using the SSIS Transfer SQL Object task (not just sprocs,tables,views and functions). I have figured out how to pull the tables,views,sprocs and functions ... by using an execute sql task to drop these objects. But I cannot get this to work for users since the user dbo cannot be dropped and guest can only be disabled. I am creating a new database (this is the database where the sql objects will be copied to) via management studio to test this. There has to ba a way to get this working ... Microsoft must have published some sort of KB article on this task or a Script Task using SMO object calls. If need be I can drop the entire database on the target machine and have SSIS recreate it.
The only reason I'm willing to take a risk with SSIS rather than backup and restore is because of time constraints (I assume the SSIS task is faster) and backup storage administration.
declare @name varchar(200) declare @object varchar(200) DECLARE object_cursor CURSOR READ_ONLY FORWARD_ONLY FOR select table_name,table_type from INFORMATION_SCHEMA.TABLES union Select name,'SPROC' table_type from sys.procedures Where [type] = 'P' and is_ms_shipped = 0 and [name] not like 'sp[_]%diagram%' union select name,'FN' from sys.objects where type_desc like '%FUNCTION' OPEN object_cursor FETCH NEXT FROM object_cursor INTO @name,@object IF @@FETCH_STATUS <> 0 PRINT ' <<None>>' WHILE @@FETCH_STATUS = 0 BEGIN if @object = 'BASE TABLE' begin exec ('drop table ' + @name) end else if @object = 'VIEW' begin exec ('drop view ' + @name) end else if @object = 'SPROC' begin exec ('drop procedure ' + @name) end else if @object = 'FN' begin exec ('drop function ' + @name) end FETCH NEXT FROM object_cursor INTO @name,@object END CLOSE object_cursor DEALLOCATE object_cursor
I am confused by something that happens to me on a restore to a different server. On server A I have my db with the proper groups and logins for the server and the db.
I create a 2nd SQL server and create the same db I use the SQL Security manager to import the logins from NT into SQL Server I restore the dump file from server A and restore the DB to the second server. My problem is that when I look at the db the proper groups and users are there, but when I look at their associated login ID it is incorrect. Do you need to transfer the logins to SQL server 2 and not use the Security manager?
I need to restore the logins from prod server "A" to a dev server. The dev server has many databases from different prod servers. If I restore the master from prod A to dev, i'll lose the logins on dev for the other dbs. How can I get the logins from prod A to dev without losing the other logins for the other dbs?
The event log is showing a ton of failed sa logins. The server is connectedto the net. I am assuming this is a dictionary attack to get the sapassword. I am trying to find out if this is an inside attempt or from theoutside. While the profiler will tell me which program or script is sendingit, how do I find out which ip address(s) from the net is doing this?--John Dalberg
SQL 7 profiler has an event in the Misc. category of Failed Login. It does not, or at least I cannot get it to, produce any output when a failed login occurs. Any hints?
I tried this because every week or so I get this in the error log: Login failed for user 'Admin'. It occurs several hundred times within a minute or so. It obviously has to be an automated process as you couldn't click a button or press a key 13 times a second.
The login does not exist as a SQL login so I can't tell which database it is trying to get at. Any suggestions gratefully received.
We're using a canned app that only uses SQL Server logins (it will NOT use Windows logins to access SQL Server)
SQL Server logins seem to lack even the most rudimentary security features such as expiring passwords and automatic disabling after a set number of failed logins. Bad. Bad Microsoft.
Has anyone figured out a way to graft this on after-the-fact?
I can do it in an awkward fashion by auditing failed logins and going back to read the error log, but this isn't real time by any stretch.
I need to be able to get info about failed login attempts which need to be running all the time and logging info such as hostname , application name, host machine, etc. The best way I can see to do this is by crerating a trace. Then loading the info from the trace into a table for later use by using fn_trace_gettable. But this requires that the trace be stopped and the definition removed for the trace file to be populated.
Is there a way to be able to log this info constantly into a table without having to stop and then recreate another trace. Also it requires that the table created by the function is dropped.
Hi I took a Full Backup on Production Server and Restored the Same Database on Testing Server, i am able to see all the Tables Stored Procedure and View except Logins, i am not able to see any logins, there are total 650 Logins under the Database how can i see the logins and how to restore the logins, while i am trying to create any logins it is saying Error Occured login is already existing in the Database..
I refresh QA environments with copies of our production database quite often. Many of the users also have read-only logins to production, but not all. I've noticed that in QA the users in the restored database are matched up with QA server logins that no longer have "DBO" as their default schema. We almost always use DBO, nothing else.
On the most recent restore, I didn't drop the target DB first, just restored with "replace." Does it matter whether I drop or replace in this instance?
The one user reporting issues could not open the database in management studio to view objects/tables etc. I noticed their default schema was their domain login, so fixed that and they now no longer have the issue.
We are running MSSQL 2000 on a reasonably powerful dedicated Win2k system Dual 2.4 Xeon Procs, 2 GB of RAM, Ultra 160 SCSI disks.. blah blah blah.
Our primary use this database server is for our Coldfusion Application servers. We host about 50 or so databases.
Of late, we have been experiencing random failed logins for certain databases. These failed logins are logged to the event log on the server. They randomly; queries executed against a datasource configured on our application servers trying to get data from the database fail with a login failure when other times they will succeed. I am confused about this issue. Could an issue where the SQL Server is overloaded cause a login failure for a database?
I just applied instcat.sql to my SQL Srvr 2k sp4. At first it broke my replication with some cursor errors. Applying the latest instcat.sql fixed the problem, however one of the distribution agents would not start (i'm not sure if instcat had anything to do with it) giving me a "Login failed for user 'NT AUTHORITYANONYMOUS LOGON'. The process could not connect to distributor 'DistributorName'. The step failed." error.
I have seen this before. A 2000 restore fails, leaving the database thinking it is being restored but the restore job failed and errors when it is restarted. EM is clueless. I believe there is a proc to reset some flag. Can you share it with me???
I was checking the logs because of some failing backups and found literally hundreds of enties for failed logins for user sa. This is does not seem to be related to the failed backups, because even after fixing the problem (disk space), the entries continue to pile up.
Needless to say, the information provided in the log is a bit sparse: date and time, source (Login), message (Login failed for user 'sa'.). If that is actually enough to go on, then there must be some way of cross-referencing this information with that found somewhere else. Is there a 'somewhere else' or are there other things I need to do in order to track this down?
I don't suspect any malicious intent, but I'm not ruling it out. My main concern at this point is twofold: to gain a better understanding of system management; to identify and correct the failed login.
Any recommendations, whether tools, documentation, or otherwise are very much appreciated.
