Using SQL server 2016
Is it possible to access a synonym from a linked server, when the actual target table of the synonym cannot be accessed by the source server?
There are two databases in one server
say on
server1
database1
database2
server2
database3
And there is a table "table1" on database1.
And a synonym for that has been created in database2
USE [database2]
GO
CREATE SYNONYM [dbo].[synonym1_for_table1] FOR [server1].[database1].[dbo].[table1]
GO
There is a linked server access for database2 from server2
When the following query is executed from the server2
SELECT *
FROM [server1].[database2].[dbo].[synonym1_for_table1]
Below error is encountered
Cannot process the object [database2].[dbo].[synonym1_for_table1]. The
OLE DB provider "SQLNCLI" for linked server "server1" indicates that
either the object has no columns or the current user does not have
permissions on that object.
In server2 under "linked servers", under the tree
I see tables and views of database2 but not synonyms.
Is there a way to see synonyms. That could be a solution to this issue.
Update:
If the synonym is made a view, the following error is observed
The server principal "xyz" is not able to access the database "database1" under the current security context.
"xyz" cannot be created/cannot be granted access to "database1".
You should create a view to read data from table present on the other server/database.
Also, create a separate user (service account or user account) that will have access only to read data from the source table and can execute the view(present on the different server).
Related
I would like to insert data from prod server to dev server for a particular table.
I am using insert into SQL query and fully qualified name. That is I am specifying server name, databsename, schema name and table name.
insert into ServerADev.[ING_DB].dbo.[Table1]
select *
from ServerAProd.[ING_DB].dbo.[Table1]
where ID = '08914'
ID is the column in Table1.
For above query I am getting an error:
Cannot find ServerAProd in sys.servers. Verify that the correct server name was specified. If necessary, execute the stored procedure sp_addlinkedserver to add the server to sys.servers.
When I EXEC sp_addlinkedserver #server='ServerAProd', I am getting:
User does not have permission to perform this action.
Do I need to make a request to DBA (database admin) to grant permission to perform this query?
You need to set up a linked server to query a foreign server.
So, either:
ServerAProd is not what you named the linked server
or
You didn't create a linked server yet. You can use the sp_addlinkedserver from the error message, or browse to "server objects" in the object explorer then right-click -> new on "Linked Servers". See the link above for more details.
For your edit... yes this requires permissions:
When using Transact-SQL statements, requires ALTER ANY LINKED SERVER permission on the server or membership in the setupadmin fixed server role. When using Management Studio requires CONTROL SERVER permission or membership in the sysadmin fixed server role.
1. create linked server for the dev server on production server,
2. use this openquery() to insert data, so that you can insert large data very quickly.
INSERT OPENQUERY (devservername, 'SELECT * FROM devservar_database..dev_server_table_name')
select * from production_table_database_name..production_table_table_name
This works fine:
GRANT SELECT ON SCHEMA DB1 TO USER1;
But when I try to connect in SQuirreL specifying the database:
I get the following error:
class com.sap.db.jdbc.exceptions.JDBCDriverException: SAP DBTech JDBC:
Cannot connect to jdbc:sap://10.194.19.20:39013/ [SAP DBTech JDBC:
[2]: general error: database 'DB1' does not exist].
If I try to connect without specifying the database, it works fine and I can run selects with no problems on DB1. But I need to connect to Hana specifying the database in the URL. What's the problem and how to fix it?
Database and Schema are two different objects on a instance or tenant.
In a Database, database users have their own objects which are contained in Schemas
So every database user can have a seperate schema.
Schema object is mainly used for security.
As in your sample code you are granting or allowing SELECT command on objects in DB1 schema to user USER1. (So USER1 can query objects of user DB1)
In database connection you shared with us, you need to provide the database name, not the schema user.
You can find the database name, on SAP GUI using System > Status menu options.
You will see Database Data section. Use the value in "Name" textbox.
In general, every connection user is mapped to a default database user (so to a default schema on a database)
Instead of databaseName, use currentSchema
"jdbc:sap://10.194.19.20:39013?currentSchema=DB1"
Is there a query in T-SQL that pulls out the location of all databases within a server in the network (not the local drive).
I had a look at this example SQL Server - get all databases with MDF and LDF File Location
.But, it didn't seem to work, I am guessing this is due to the location of this server which is not local.
The linked answer works but you must have enough permissions to view the results.
From sys.databases:
If the caller of sys.databases is not the owner of the database and the database is not master or tempdb, the minimum permissions required to see the corresponding row are ALTER ANY DATABASE or VIEW ANY DATABASE server-level permission, or CREATE DATABASE permission in the master database. The database to which the caller is connected can always be viewed in sys.databases.
From sys.master_files:
The minimum permissions that are required to see the corresponding row are CREATE DATABASE, ALTER ANY DATABASE, or VIEW ANY DEFINITION.
I have a scenario where I need to allow a user in one database access to objects in another database on the SAME SQL server.
SQL SERVER SETUP:
I have an SQL Server 2008 Express instance running.
Within that instance I have the following :
2 databases :
DATABASE1
DATABASE2
2 logins :
ADMIN1
ADMIN2
DATABASE1 has a user (USER1) created on ADMIN1 and has permissions on SELECT, UPDATE, DELETE, INSERT and GRANT EXECUTE on stored procedures in DATABASE1
DATABASE2 has a user (USER2) created on ADMIN2 and has permissions on SELECT, UPDATE, DELETE, INSERT and GRANT EXECUTE on stored procedures in DATABASE2
QUESTION :
What I require is to allow 'USER1' SELECT/EXECUTE permission to tables and stored procedures in DATABASE2
I have tried a few snippets of SQL from a few posts but I have no idea how to write the SQL.
I also tried doing it manually in the way of ticking checkboxes for permissions by right clicking the user and logins in Management Studio but
I need SQL to execute in my scripts.
THE REASON FOR MY QUESTION
I have tables in DATABASE1 and DATABASE2 which are related but obviously we cant create Foreign Key constraints across different databases.
The best way we have thought to handle the relationship between the 2 tables is to create a stored procedure in DATABASE1 to query the
relevant table in DATABASE2 and return a result.
Apologies for not being able to post any examples as I cannot find any examples out there through my searches which match the scenario I have described above.
If I can give any further information please let me know.
Many thanks
Kev
As long as your user is defined at the instance level, you can grant them whatever rights they need in each database. Create your users under the master, and then add them as users of each database granting them whatever rights are needed per the specific DB.
EDITED with more detail (based on comments):
First, you need to create a Database Login. This is a login that can then be added as a user to one or more databases on your instance.
Details Here (including SQL syntax): http://technet.microsoft.com/en-us/library/ms189751.aspx
Second, you need to provision the user in the database (Database1, Database2, etc...). You will want to have these users added identically to each of these product databases that gets installed. As long as the user is there, you will be able to query across the various DBs on your instance.
Details Here (Including SQL): http://technet.microsoft.com/en-us/library/aa337545.aspx
Good Luck!
SQL Server is not my strong point and I start to get lost when going past the basic Create Table, Select from Table etc.
I am attempting to set up a database synchronisation scenario with an Microsoft SQLCompact 3.5 database being Synced through a Proxy to and SQL 2008 R2 database. It is being synced through the Microsoft Sync Framework 2.1.
I got everything set up and working fine through the proxy when the user account is the db_owner of the database.
Of course this now needs to be locked down - so I have been trying to restrict the permissions to the bare minimum required for Synchronisation.
According to the Microsoft articles, I need to do the following...
Use the principle of least permission. Do not grant more permissions than are required to perform a specific task. For example, do not grant INSERT permissions for server database tables that are involved in download-only synchronization. Synchronization operations require the following permissions:
EXECUTE permissions on all the stored procedures that Sync Framework uses to read and write to metadata tables and base tables.
SELECT, INSERT, UPDATE, and DELETE permissions for metadata tables and any base tables that will be updated during a synchronization session.
When you provision SQL Server databases that use SqlSyncProvider, be aware of the following permissions requirements for provisioning:
CREATE TABLE permissions to enable creation of the metadata tables: scope_info and scope_config, and the tracking tables that are created for each base table.
ALTER TABLE to add triggers to the base tables.
CREATE PROCEDURE permissions to create the procedures that Sync Framework requires.
SELECT and INSERT permissions for scope_info and scope_config tables.
SELECT permissions for base tables.
I allowed the wizards in Visual Studio 2010 to create the Sync database and proxy for me.
As such - I am unable to find the scope_info and scope_config tables in SQL Server databases, and I am also unable to find the metadata tables so cannot set permissions on these tables. Also - where would I find the stored procedures that the Synchronisation framework is trying to use - I have looked but cannto find them.
Where would I find these and how would I go about setting the appropriate permissions?
I have granted datareader and datawriter, Insert, Update, Delete and Select as well as Execute permissions on the SQL Server database but the sync fails. I have also granted Create Table, Create Procedure and ALTER permissions on the database for the user as well- but still it fails.
If i enable the db_owner role for the user - it works.
The error I receive is:
Unable to initialize the client database, because the schema for table 'tblApplications, tblApplicationConfiguration, tblApplicationInstallProperties, tblApplicationPreRequisites, tblApplicationTypes, tblComputerApps, tblComputers, tblComputerTypes, tblDriveHWSerials, tblDrives, tblDriveTypes, tblFunctions, tblLocationApps, tblLocationComputers, tblLocationIPAddress, tblLocations, tblLocationUsers, tblPermissions, tblRegionLocations, tblRegions, tblRegisteredModules, tblRequestFormats, tblRequestStatus, tblRequestTypes, tblRoles, tblRoleUsers, tblSecurity, tblUsers, tblVehicle, tblVehicleLocationMap, tblVehicleMake, tblRequestProcessingStatus, tblDriveStatus, tblVideoViewTypes' could not be retrieved by the GetSchema() method of DbServerSyncProvider.
Make sure that you can establish a connection to the client database and that either the SelectIncrementalInsertsCommand property or the SelectIncrementalUpdatesCommand property of the SyncAdapter is specified correctly.
I am not able to use the db_owner role when its released.
there are two types of database providers in Sync Framework, the offline provider (SqlCeClientSyncProvider/DbServerSyncProvider) which is used by the Local Database Cache project item and the collaboration/peer-to-peer provider (SqlSyncProvider/SqlCeSyncProvider).
the offline providers dont use the scope_xxx tables as such you wont find it.
assuming you used the default SQL Server Change Tracking when you configured the sync via the wizard, try granting VIEW CHANGE TRACKING permission to the account you're using to connect to the database.
I'm not sure if it will help, but I found this:
Try to set UploadOnly on the SyncTable object instead. When you set it on the SyncAdapterBuidler, the select incremental commands are not generated by the builder. These commands are used to get the table schema from the database. Since these are missing you are getting the schema error.
Also, maybe this blog entry will help.
As JuneT Mentioned, you should turn on Change Tracking
ALTER DATABASE YourDataBaseName
SET CHANGE_TRACKING = ON
(CHANGE_RETENTION = 2 DAYS, AUTO_CLEANUP = ON)