Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
how to do cleanup of a react js application running on ubuntu 18.0.4 setup. we want the application to run without any CLI issues.
Only BAMMON or the one who granted those privileges (a DBA?) knows why that user needs those privileges.
How to "fix" it?
revoke all those privileges
create a role with only one privilege, e.g. create session
grant it to bammon
when bammon says he can't do something, grant that privilege to role
bammon will be able to use it right away
loop through the last steps as many times as it turns out that bammon needs to do something, but can't
also, see whether lower level of privileges suits the needs, e.g. don't grant create any procedure but create procedure
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 days ago.
Improve this question
i would like some help, i've created this db's schema based on the client request,
the idea is, all users must belong to roles, each roles have its specific permisions on certain pages.
the permissions are given to the roles, not to the users directely.
so even if a user belong to a "role", he might also belong to "invalidate_rules_Roles" which will restict him from certain permissions without other users that belong to "role" to be impacted. meaning he will be an exception of the "role".
this is the schema enter image description here
what is left is to test the schema by sql scripts that help to validate and check if the schema answers to the client request.
i created the schema to ansewr to the client request
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 months ago.
Improve this question
I have an idea to create database user (account with username and password that can access MS SQL database with those credentials) in a SQL stored procedure, and use those credentials in my web application, when user logs in with that account, to connect and interact with database.
This way I will be able to set permissions for each account and then it won't matter if that user manages to somehow get in touch with my database without my web app, as he will not be able to make changes that he couldn't do through my web app.
In short -> security is directly in my database, not in my web app.
As you can probably tell, I'm not well versed in this type of stuff, I bet that this is already a standard way of doing security, or there's a better way.
My question is:
Can I create a DB user in MS SQL using one of it's stored procedures?
If possible, how would I go about for example changing it's password?
Or if I want to add some more information other than just username and password, I would create a table with those new colums (for example first and last name, nickname, phone number, etc), how would I go about connecting a DB user with my table?
(I imagine it would be something like 'usernames for DB users are unique, so just save the username').
As you can see I have a broad idea, and it's still a bit messy in my head, and was wondering if someone could point me in the right direction with my train of thought.
You can create a Login / User using
USE MyDatabase
CREATE LOGIN MyLogin WITH PASSWORD = 'MyStrongPassword'
CREATE USER MyUser FOR LOGIN MyLogin
To change a password
ALTER LOGIN MyLogin WITH PASSWORD = 'MyNewStrongerPassword'
To grant the user access to a table within the database:
GRANT SELECT ON MyTable TO MyUser
You can indeed do this directly within a stored procedure, though I'm not sure why you'd want to - surely this would be a one off operation by a database administrator, rather than something that would require the re-usability a stored procedure gives?
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
Books online states
Before you set the database to SINGLE_USER, verify the
AUTO_UPDATE_STATISTICS_ASYNC option is set to OFF. When set to ON, the
background thread used to update statistics takes a connection against
the database, and you will be unable to access the database in
single-user mode.
I got to know this only after the fact. What do I do now, when shutting down the entire instance is not an option as there are critical DB's on it as well?
I don't have the permission to kill the 'sa' login TASK MANAGER processes that the statistics update seems to use, and even having tried a brute-force trick where I'd just try to get into the DB some 3000 times in a row for a few times, doesn't help.
Even though I have the VIEW SERVER STATE permissions I can see no stats jobs by querying sys.dm_exec_background_job_queue so KILL STATS JOB doesn't appear to help.
Any advice is appreciated, thanks.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Please can anyone assist with hiding the available databases on sql server 2008R2 or newer versions.
I have a new login user that I mapped to a specific database.
When logging in with the specific login user I can see all the databases on the server, although I cannot access them except for the one I mapped to the login.
This is 100% but my problem is that I do not want the login to even see that those other databases are available.
How do I prevent those other databases that are not mapped to the login from displaying?
USE master;
GO
DENY VIEW ANY DATABASE TO [newlogin];
GO
USE yourDB;
GO
DROP USER newlogin;
GO
USE master;
GO
ALTER AUTHORIZATION ON DATABASE::yourDB TO [newlogin];
GO
Raj
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have SQL Server 2008 installed on Windows 2008 Server.
I've disabled built-in administrator password and created sa with sysadmin privileges.
Question is: Is there any way to access to database, or back it up. or methods to reset (and / or) get password for sa?
I want to secure my database.
Thanks.
I've disabled built-in administrator password...I want to secure my database.
If you think you can disable access to built-in administrators your are chasing a phantasm. Built-in administrators will always be able to access your database, the steps to gain access are clearly documented in Connect to SQL Server When System Administrators Are Locked Out. Your database must be deployed on a system on which you completely trust the system administrators, there is no work around for this basic requirement.
Most often this question is asked as some misguided attempt to protect the perceived IP in the database. The answer to that question is that what you want is called DRM and SQL Server does not offer DRM. If you are afraid of distributing the database to your users then use a service like SQL Azure.
Users who have to have access to the SQLCmd prompt would be be able to run perform such commands. You could access the database and reset passwords the console and do something like this:
ALTER LOGIN sa WITH PASSWORD = ‘newpassword’ UNLOCK