I have a front end application needs access to 3 different SQL Server databases:
1st. database read/only
2nd. database read/write
3rd. database read/write
The user’s logins that will be using the database/application are using Windows authentication.
This application also calls a few SQL jobs that need to run.
What I would like to do is set up role to accomplish this and then easily map users to the role as needed.
Is there a way to do this in SQL Server 2008 R2?
Is there a better or easier approach?
I'm trying to avoid need to explicitly set up each user.
Thanks
Create an AD Group for your application. Get the DBA to hand out the appropriate permissions to the AD Group. Then have the Service-Desk add users to the AD Group as the business requires it.
Related
I have some Azure SQL Database environments where the Activity Directory admin is set to an AAD group.
I need to set up auditing on Azure SQL Database environments so that all activity from the members of that group users is captured. I've got the basic Azure SQL Auditing set up and working but it generates way too much logging.
I think I need to use the PowerShell command Set-AzSqlServerAudit to filter it with the PredicateExpression option, but I cannot find any query that will filter for members of that group. Any similar approach would be acceptable (e.g. checking for any elevated permissions, whether in that group or not) as long as it includes that group.
Is it possible?
I found that I can use the following PredicateExpression to audit any admin activity on the database:
-PredicateExpression "[database_principal_name]= 'dbo'
I used the audit log definition at https://learn.microsoft.com/en-us/azure/azure-sql/database/audit-log-format?view=azuresql to see the list of available fields.
I want my Microsoft SQL user (devuser) to be able to be able:
To create/delete/modify tables within a single database.
To do all of this via MS SQL Server Management Studio including Query Analyzer.
Where do I go and what are minimum level of permissions I need to set for this?
Thanks
I would like to create a user account in SQL Server 2012 with limited access, i.e., he should be only able to run queries and view data and nothing else. No backups, restores, user modifications should be allowed.
I tried looking at the built in server roles, but could not really understand it too well. The Server consists of some 7-8 different databases and we would like this user to have only querying access across all databases and nothing more. Would be great if somebody could guide me as to how to implement it.
Regards
Saurabh
Simple create role and grant access to needed objects with command GRANT. Example:
GRANT SELECT ON TABLE1 TO ROLE_ONLY_VIEW_FOR_EXAMPLE
Then you can assign this role to any user you want.
I have a group in AD that logins to windows and what I want to do is to grant the same AD group access to SQL Server using the AD credentials.
My SQL Server is setup to use mixed mode (windows and SQL Server logins).
So lets say my AD group name is : MyCompanyGroup
I want to grant access to that group to be able to connect to SQL Server.
Can anybody guide me how to do this?
Thanks.
If you have 100+ SQL Server instances, you have to run this script 100+ times.
Also: you will need to create specific users for that login in those databases that the login should have access to.
Basically use something like:
USE (database name)
CREATE USER (username) FOR LOGIN (loginname)
See the MSDN How-To: Create a Database User for detailed info.
But everything can be scripted. And with a decent tool like Red-Gate SQL MultiScript, you can even have it executed on all your 100+ instances automagically.
I'm quite new to Microsoft SQL Server. I have some experience with MySQL, and there you have a user with privileges, if I understand things right; these privileges decide which databases you have access to on the MySQL server.
However now I am in the situation where I have to restore a database on my SQL Server 2005 Express, and this database has it's own users and user password. So if I want to make these users accessible from the outside (so that they can connect to my server), how would I go about that?
To illustrate clearer; say there are two login accounts on the database server "Mike" and "John", and on the database "Animals" there are two users; "Chris" and "Jeff".
I need Jeff to be able to sign in to get access to the database. Is there a good way to make this happen without creating new users/logins? And if not, what is the best/most common solution?
I would really appreciate any helpful input on this!
One server-level object (login) is mapped to multiple database-level objects (users).
A login cannot be mapped to more than one user within a database, but can be mapped to at most one user in each database.
Therefore, you need to create new logins for those users, but map them to existing users. This is done with ALTER USER command. Or, if you don't have any use for the Mike and John logins apart from mapping them to those existing users, you can do so, too.
Any user needing to access a database needs to either have their own login, or you can create a login for a Windows security group and grant access that way to a whole set of users. Then if you need to give access to more users in the future you can just add them to the windows security group.