We are receiving lots of alerts/notification of error "SELECT permission was denied on the object 'xyz', database 'someDB', schema 'dbo' (so we know the object, database name & schema name)
There are hundreds of applications that connect to that database in question.
Question: we are unable to determine which Application is causing this. Not allowed to run "Trace" or "Extended Events" on the production database. Any ideas on how to find out the application name along with the user-name that is causing this (attempting to run the SELECT)?
TIA.
P.S.
We're using SQL Server 2019.
There is nothing in the SQL Error-logs for this error.
Once we have the Application-name/user-name we can
rectify the permission issue (we know how to resolve the permission
issue, online-searches only show how to resolve this permission
issue - which is not useful), it's the offending user/application
that we need to identify.
Thanks to all for commenting and suggesting to run XE/Trace (which I don't deny), however, we found a solution to find the relevant information without having to use/rely on the XE/trace.
Essentially, to find out the user-name & their other details (for whom permission denied error is being notified) RDP into the database server and look into the Windows' Event Logs -> expand the "Windows Logs" and look at the error or information (matching the time when alert/notification was sent), here you will see the user-name under "User" field.
Hope this helps others (in similar situation).
Related
I'm working on a project using SQL Server 2012 and I am running into an issue while attempting to update a login.
I was attempting to add DDL permissions to a login and when I went to hit OK and close the properties window, I received this error.
I closed the login properties window and reopened it to find that the login's database role changes had indeed been updated to reflect the changes I made.
It looked to me like my changes had been committed, and then this error popped up.
I went to connect over an ODBC connection I had made earlier for the same login, but discovered I no longer could, I was getting this error from the ODBC.
I know for a fact that this ODBC connection was working for this login at some point before my changes since I had a linked table that was using this same connection. It was able to both pull down updates from the SQL Server and push through changes back up to the server level.
Can anyone help shed some light onto what a solution to these errors may be? I assumed they were related since they both began occurring this morning, but I'm not positive of that fact. My database administrator is out of the office till tomorrow, so I'd really like to get this resolved before then.
This is what I get when I try to use that logon through SSMS
I'm putting this into an answer, since it solved OP's problem. I don't know what happened during/after the initial error (when granting DDL permission), nor exactly what the other errors were pointing to.
Because the user was unable to login through ODBC or SSMS, the first step would be to check the user and login properties in SSMS, to ensure that, for example, it is enabled, and that it was granted permission to the database.
In the comments, OP found that the user was not setup with GRANT.
Getting following error when trying to remove a user from SSAS Server Administrator.
The following system error occurred: No mapping between account names and security IDs was done. (Microsoft.AnalysisServices)
Any help is highly appreciated. Thanks!
The error means that some user or group who is currently a server admin has been deleted in Active Directory. Basically when it scripts out the change to the server admin members it lists all the members. When it tries to apply the members it does an Active Directory lookup and if that lookup fails it throws that error.
If the Server Admins list has any users which only show an identifier that looks like a GUID that may be your culprit. Otherwise research which users don't exist and remove those users as server admins while you remove the other user you are trying to remove.
I was able to fix this using the Set-AzureRmAnalysisServicesServer cmdlet.
You would need the AzureRM.AnalysisServices in Powershell.
Set-AzureRmAnalysisServicesServer -Name "aasserver" -ResourceGroupName "aasgroup" -Administrator "abc#xyz.com, def#xyz.com"
i tried everything possible to fix this but nothing worked for me ,pls help me to create a table on my database .
AS your question title says, the error is a clear problem with your user autentication. This problem may be due to a very large list of causes, but I will give you what in my humble opinion is a quick troubleshooting that may lead you to solve this problem:
First of all, check the permissions of your user on the specified database. Using SQL Server Management Studio, right click your user, properties, then user mapping. Right there you have to check for the correct database mapping and the desired role.
Check server authentication mode, to see if it is on mixed mode. In many cases, I´ve seen many installations where the authentication is set to windows only, and users keep getting this message having the correct permissions on user and correct mappings.
Recently I inherited a database from another programmer (created / stored with SQL Management Studio 2008), and I am having massive difficulties accessing, modifying, or even viewing the previously created databases.
Specifically, when I try to load one of the databases in SQL Management Studio I get the following error message:
"The database [database name] is not
accessible. (Object Explorer)"
I am connecting to the SQL server with windows authentication.
Anyway, is this a permissions issue left over from the last dev? (he's unavailable, unfortunately) And is there an easy work-around short of completely reinstalling SQL Management Studio?
Edit: Update:
Upon trying to access User Mapping, as suggested below, I got the following error message:
"One or more databases are inaccessible and will not be displayed in list."
Unfortunately, none of the databases I am trying to access appeared in the list, so I assume they are still inaccessible.
It could very well be a permissions problem. If you open Object Explorer in SQL Server Management Studio and expand the Security node (the one under the server instance, not the Security tab under the individual databases) and then expand the Logins node you'll see the list of logins that have been created on the server. Have a look at the properties of each of those and check out the User Mapping information. You'll be able to see which logins are mapped to which databases. It's possible the previous programmer only granted access to the database to certain logins. If you find a login that's mapped to the database you want, try changing the password of the login and then connecting to the database with that login and password. NOTE: be careful when changing the password as it may affect production applications that are using that login and password!
This message:
"One or more databases are inaccessible and will not be displayed in list."
Means that the user you are using right now cannot access to that db. If you can enter with a user that does have access and from that user change your actual user's rights through User Mapping, then you will see it.
You need a dba (or someone with dba equivalent access) to give you rights to the database.
Lately there has been a problem running some of our reports in access. Last week(the beginning of the week) we tried to run a reports lets call it A and it kept giving us the log in prompt. Even when the correct user-name and password were entered the log in box would just keep reappearing until cancel was pressed.
I clicked the debug and checked the query. I then logged into the database it is pulling the data from with the same user-name and password and received no trouble. Around Wednesday A was working again, even though nothing was changed. This week A is working but another report B is doing the same thing..
Anyone have any idea what this could be? I'm thinking maybe someone else has the report open? Any help is appreciated.
EDIT: I have narrowed down the error to one linked table that is causing the login prompt. It seems it has the DSN setup but no database specified. So i just need to relink the table..Is there anyway to do this at the GUI level? Also should I leave this question up for future users or just delete it?
Was the login prompt from Access or from Windows? If from Windows, then I'd say that there was some sort of file permission or network access issue at hand. If from Access, then I would say that something in the SYSTEM.MDW that you are using is corrupt or has been reconfigured.
If the login prompt is from ODBC it probably means that the credentials that are being used to access the backend database (per your comments you mentioned it was SQL Server) are either invalid or disabled. (Or it could be as simple as the backend database is/was temporarily unavailable).
If you are using linked tables in Access to a SQL Server it means that an ODBC connection was created and you might try verifying that the ODBC connection is working ( Control Panel, Administrative Tools, Data Sources(ODBC) ). In that dialog there is a place to test the connection.