I have a Virtuoso server running on a remote machine and can access the conductor UI by logging in as dba user. I have created a graph using Linked Data -> Quad Store Upload on which I am able to run select SPARQL queries from Linked Data -> SPARQL. However, when I run INSERT DATA query I am facing the following error.
Virtuoso RDF02 Error SR619: SPARUL INSERT access denied: database user 108 (SPARQL) has no write permission on graph http://localhost:8890/dummy
I have checked on System Admin -> User Accounts that the users SPARQL/dba have SPARQL_UPDATE, SPARQL_SELECT role. I have checked Linked Data -> Graphs -> Roles Security and it seems fine. I have the same setup on my local machine on which I initially faced a similar permission issue but after granting roles SPARQL_UPDATE, SPARQL_SELECT role it was resolved.
Please suggest how can I avoid this error.
A workaround is proposed in virtuoso-opensource/issues/1094:
run the following in the ISQL console,
DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 7);
A second option it to change the Usert type of the SPARQL user from SQL/ODBC to SQL/ODBC and WebDAV (see here for the original quote).
Option 2 worked for me (virtuoso-opensource, version: 07.20.3235).
Related
I am trying add a photo in the SQL Management Studio 2018. But it tells to use bulk load statement. On the Stackoverflow I saw some steps that may help me. It was recommended to go to the login->security->properties and activate 'bulkadmin'. This operation failed saying that it is not enough permission.
If you are trying to grant the bulkadmin Server Role to a Login, the login you are using to make this change will need to either have CONTROL permissions on the Login, or the ALTER ANY LOGIN permission on the SQL Server itself.
The easiest solution if possible would be for your own Login to be granted the sysadmin Server Role by another Login with the necessary permissions to do this.
More information about Server-Level Roles from Microsoft here.
The Plan
Have HR personnel dump an Excel file of payroll Job Titles to a network share, add that file as a Linked Server in SSMS, use those titles in my ASP.Net web forms. Using a Linked Server instead of importing data to allow HR to update the Job Titles file at their discretion.
The Problem
I can create the Linked Server and query it without issue, so long as I'm in SSMS with Windows Authentication. But, if I try to access the linked server using a SQL account, I first get the error:
Access to the remote server is denied because no login-mapping exists (Error 7416)
The SQL account being used is the same account my web forms use for everything else. The fact that this SQL account doesn't have file permissions isn't surprising though, so an adjustment to the Linked Server's security should do the trick.
The Problem (part 2)
To reduce the number of variables, I moved the Excel file so it's on the same machine as my SQL Server. I'm logged into the machine and logged into SSMS with my domain admin account.
I access the Linked Server's security tab and, to try and cast the widest net possible, I leave the local login (top part) blank and head straight to "Be made with this security context:" and proceed to provide my domain admin credentials. I hit OK, and I get the following:
Not a valid account name or password (Error 7399)
I know the account name and password are good, so what gives?
Other Things
Folks who've ran into similar things have been instructed to change the logon account being used for the SQL Server service, which I've done using my domain admin account (for troubleshooting, atm). This did not fix the problem.
This is what the Linked Server code looks like, although I created it via the GUI (included for sake of completeness):
EXEC master.dbo.sp_addlinkedserver #server = N'ADP_TITLES', #srvproduct=N'', #provider=N'Microsoft.ACE.OLEDB.12.0', #datasrc=N'C:\JOB_TITLE_EXPORT.xlsx', #provstr=N'Excel 12.0 Xml'
EXEC master.dbo.sp_addlinkedsrvlogin #rmtsrvname=N'ADP_TITLES',#useself=N'False',#locallogin=NULL,#rmtuser=N'DOMAIN\username',#rmtpassword='########'
The solution appears to be entering "admin" for the remote login, and leave the password blank.
This only works, however, if the file is stored locally. If it's on the network, I still get a 7399 error, but instead of saying the issue is the account name/password, it now says the issue is unspecified.
I can make my project work with a local file though. Since I'll be moving forward with that, I have no need to solicit additional answers.
I am unable to grant access to a newly restored database using sp_grantdbaccess. I am trying to do this via dynamic sql like below.
DECLARE #grant_access nvarchar(500)
SET #grant_access = 'EXEC ' + #new_db_name + '.dbo.sp_grantdbaccess ''IIS APPPOOL\myApp'''
EXEC sp_executesql #grant_access
I get the below error back trying to run this from a sproc. Any ideas on how I can grant permission for the app to call sp_grantdbaccess etc? I guess I am needing permission to give permission...
Error restore_backup restore_new_configDBThe server principal "IIS
APPPOOL\myApp" is not able to access the database "new_db_name" under
the current security context
Based on the error message it looks like you are trying to grant access to IIS APPPOOL\myApp using the security context IIS APPPOOL\myApp, but IIS APPPOOL\myApp doesn't have the access rights to the db to grant access rights to itself. I think this is akin to me trying to grant myself access to my neighbors house, but I don't have any authority to do so.
Depending on what type of security policies you are working under, I would either run the app pool under an account that has the greater privileges through integrated auth (but this might negate your need to grant privileges), or execute these SQL statements using a local SQL account with the necessary privileges to the database. In these cases, it would be like asking my neighbor (elevated access) to let me (IIS APPPOOL\myApp) in.
If you think it should work because IIS APPPOOL\myApp had access to the DB prior to being backed up, could this be a problem with IIS APPPOOL\myApp being an orphaned user? See http://msdn.microsoft.com/en-us/library/ms175475.aspx But with this case, you still might run into the above scenario trying to fix the orphaned user.
I am trying to query a database table in postgresql, but every time I run the below query it gives me the INSUFFICIENT PRIVILEGE error. What possibly could be the reason for such permission denied error. Also, I am using pgadmin tool in windows to connect the database which is in Linux environment. Below is the query I am running
> > SELECT appid,hash
> FROM app
> WHERE appid=1;
While running the same query I am getting the below Error
ERROR: permission denied for relation app
********** Error **********
ERROR: permission denied for relation app
SQL state: 42501
The user running the query will need permissions to that table. You can grant them to that user with the GRANT statement. The below is an example that grants to PUBLIC
GRANT SELECT ON tablename TO PUBLIC;
Also I have seen SELinux cause isses and places such as here mention it. I am not exactly sure of the command to turn SELinux off but you can see if it is running by using
selinuxenabled && echo enabled || echo disabled
It simply means that you have no permission to access app table. Request your root or database administrator to grant you the permission to access app table. if your are the root or have granting privilege you can use grant command to grant your self permission to use all sql statements on table or database
For Example:
grant all privileges on database money to cashier;
before that you have to login as root or user that have granting privileges
for more details on this command refer to
http://www.postgresql.org/docs/8.1/static/sql-grant.html
If it's DB2 then go to command console of DB2, select your respective Database and select Authorities option by right click on the Database then add your respective DB2 user and grant required access.
You need to make sure that the user with which you are connecting with also has the "USAGE" access on the schema you are trying to access with the user. I have recently faced an error where I got the dump restored into a database and then had some users to whom I was only supposed to provide the read-only access. I have followed the following steps -
CREATE ROLE myapp_readonly;
GRANT CONNECT ON DATABASE {database} TO myapp_readonly;
GRANT USAGE ON SCHEMA {schema} TO myapp_readonly;
GRANT SELECT ON TABLE {schema}.{table_name} TO myapp_readonly;
GRANT myapp_readonly TO {usre};
After performing these steps when I tried to access the table, had received the following error -
SQL Error [42501]: ERROR: permission denied for schema {schema}
In my case, my users were available already and the schemas and the database were restored recently. After I have provided the "USAGE" access to the schema to the user the error was resolved.
I am trying to set up reporting emailing SQL Server 2005 Reporting Services. When I click to save a subscription I recieve the following error:
An internal error occurred on the report server. See the error log for more details. (rsInternalError) Get Online Help The SELECT permission was denied on the object 'sysservers', database 'mssqlsystemresource', schema 'sys'.
I was under the impression Reporting Services uses the role RSExecRole which is created during installation. Isn't mssqlsystemresources something that is not supposed to, and not easily touched?
This is most because the user doesn't have permissions setup correctly. Can you check if RSEXECROLE doesn't have any DENY permissions and has correct permissions on the reportserver db.
http://www.sqlservercentral.com/blogs/brian_kelley/archive/2007/11/6/3195.aspx
Based on the code in the above url, RSEXECROLE should have 323 rows on SQL Server 2005 SP3. Yours should match that.
Let me know what you find.