I need to completely remove a user from a server.
I can remove any entires for that user in specific tables (tied to an app), I know how to remove from individual dataabses and the server, but on several databases, the users shema owns a table (that is also owned by several other users) so I cannot drop that user.
I cannot drop the table, other users need it.
I cannot just change ownership of the table, as again, other users need it. Perhaps I'm misunderstanding how it works, alter schema CAN be used to transfer ownership from jsut one specific user, right?
ALTER SCHEMA dbo TRANSFER OtherUserSchema.TargetTable;
GO
Will this affect ONLY the other users schema on the TargetTable, and leave other schemas that own that table?
Naturally, dropping the user won't work since I get:
Cannot drop schema 'BDR\TPRGOMET' because it is being referenced by object 'xkartkont'.
Does a schema with domain name cause any issues?
Related
I create tables with user system than I create another user user1 , I give to him all privileges but when I connect with user1 I can't see or select the tables created by system
First of all, you should never ever create any objects in SYS or SYSTEM schema. Leave them alone, they own the database and - if you do something wrong, you might destroy the database.
As of your question: "all privileges" is quite broad term. What exactly did you grant to user1? You should've - as system
grant select on table_created_by_system;
and then, connected as user1,
select * from system.table_created_by_system;
In other words, you have to precede table name with its owner's name (system in this case). Other option is to create a synonym (public, perhaps?) and then you don't have to use owner's name.
I suggest you abandon it altogether. Drop tables from system schema and start over in user1's schema.
Background info:
I administrate a database in SSMS. I am the only administrator. I have users creating tables, and then they want to grant select permissions on those tables, to other users. But they are not allowed to do it because they are not administrators or have CONTROL permission on the schema.
Question:
How can I as an SSMS database administrator let users grant SELECT on tables they create to other users, without making them admins or giving them CONTROL permissions?
I would simply get users to create a table in their own schema along the lines of (SSMS syntax may be different, this is just meant to be illustrative):
create table select_access (
table_name varchar[50],
user_name varchar[50],
is_active varchar
)
Then have an admin job run periodically (every five or ten minutes, for example) and, for every applicable user, examine the entries in that table.
If there's an entry for a table not currently having the permission (with is_active set to Y), grant the permission. If there's an entry for a table currently having the permission (with is_active set to N), remove the permission.
That way, they have full control over select permissions on their tables without getting you involved.
To share a table, they just create it, add entries to select_access for each user they want to share it with, then wait for your job to run.
To disable, they just set the is_active field to N for the users they want to revoke access for and, again, wait for your job to run.
The use of is_active is just to make your life easier, as your only necessary source of information is just that table.
You could make it smarter by just letting them delete the row for the given user/table but then you'd have to process the table and all their tables that may have access granted but no longer have an entry in select_access.
Just make sure any table they grant permissions to is a table in their schema, not one of the system tables :-)
I have some users in my database who are no longer part of the domain and I would like to know how would I delete these users and their user defined schemas at once, rather than having to manually do each one? Thanks!
You can't. SQL Server requires that if a user still owns any object you cannot drop the user. So the typical order is: 1) Transfer ownership of all the user's objects to someone else (sometimes to the DBO) 2) drop the user from the database(s). 3) Drop the user from the instance. If you skip 2 and 3 you will have orphan users which leads to very interesting problems.
This should allow you to reassign the SCHEMA, DROP the SCHEMA then DROP the USER.
ALTER AUTHORIZATION ON SCHEMA::[schema name] TO dbo;
GO
DROP SCHEMA [schema name];
GO
DROP USER [user name];
GO
The script above is a modified version of a solution for a similar question How can I delete a user from sql server 2012 who owns a schema.
Hi Experts
How I can prevent database user deleting any data in tables using triggers?
I want just Admin delete Data from tables
Thanks
Umm take away that users permission? If you don't want them doing something, 'disallow' them that right... thats why we have permissions.
Here are details on how to revoke permissions:
http://msdn.microsoft.com/en-us/library/ms186308.aspx
Any particular reason you want to use triggers?
You could simply remove the DELETE permission from the users you want to restrict. Have a look at the "Permissions" section here: http://msdn.microsoft.com/en-us/library/ms189835.aspx
EDIT: Since you say you do want to use triggers (but I really think you should reconsider) you can create a table such as:
CREATE TABLE Restricted_Users
(
user_name VARCHAR(40) PRIMARY_KEY -- Use a size appropriate to your requirements
)
Create INSTEAD OF DELETE triggers on all your tables (that's going to be a chore) which checks for the USER_NAME() in the Restricted_Users table and if they EXIST you can call RAISERROR to cause the transaction to be rolled back and display a message to the user.
Remember you will have to maintain these triggers on all new tables added to the database as well as maintaining the list of users in the Restricted_Users table whenever you add/remove users from the database.
It would be a lot simpler to use the permission system available in SQL Server (it's what it's designed for) using roles with appropriate permissions set for the tables. Then, when adding new users you only have to assign them to the appropriate role and the delete permissions are handled for you.
It is my understanding that the default behavior when creating a table in SQL 2005 is that it will be created with dbo as the owner of the table. Is there a way to change this default behavior so that all tables get created as the user instead of as dbo?
I am working on moving an application from SQL 2000 to SQL 2005 and much of the logic within the application makes the assumption that the default behavior is to create a table with the user as the owner.
You can first create the schema (that you, or the target user, own), then create the table(s) under the schema, ala:
CREATE TABLE [yourSchema].[sales](...)
The schema / owner situation are different in sql2005.
Whats nice is that the schema name doesn't have to the same as the owner name. And if the current schema owner ever leaves you can reassign the schema ownership to someone else.