I am using classic asp and trying to access to a remote sql server.
Even though I am specifing which database is default, connection is trying to access another database and yes, user does not have access to it.
I double check user properties where the default database is correctly set and mapped. Here is my connecting string..
Driver={SQL Server};Server=1.1.1.1\SQL2005;Initial Catalog=DEFAULTDB;UID=XXXX;PWD=XXXX
We sorted it out. DBA told me that while using X database, the trigger is using another database too. So we had to authorize for that database and problem was solved.
Thank you for your contribution.
Related
so, I have to make an Application Page with Oracle Apex. It is relatively simple, I only need one table. I tried to connect to it by SQL, but here comes the problem. There is no DB-Link existing.
How do I create a database link. I have Admin rights for Apex and have access to the admin account on the database server, from which I would need the data. Previously the data would be sended by E-Mail to us.
The sending Mailadress is adminname#servername.domain.net, that way I know on which server the database is located
I sadly do not know how the Mail Protocoll works, cause this was created before I started there.
I also do not know where on the server the database is located, all I know is that it is somewhere on the server.
Kind regards
Elias
I've been trying for a while to connect the database to visualstudio.net and it just doesn't work.
First I made the database and made everything I needed there and when I tried connecting it in visual.net through datagridview (trying to get it displayed there) it only gives me access to the "System databases" in which I can't make a database.
After that I decided to make the tables under the "master" database to see if that worked and yeah I can select the database and everything but it says it's empty when I know it's not. It says it has no tables when I've checked multiple times and saw the tables I've created there.
I would appreciate some help to either be able to get for visual to accept a database I make (to be able to automatically detect it once I enter the server name) or to see how can I use the master one properly.
You can add a data source to your project and it will be able to connect to the user databases. Also, it is highly inadvisable to create any user objects in the master database.
master database is a system database and you should not create user objects in the system database. In the connection string, provide the user database name explicitly. If you dont provide the database name, it defaults to master database.
Refer to connection strings for Sql Server for providing the right connection string for SQL Server in .net.
I've been searching everywhere but it seems as nobody has my problem. I recently created an Azure SQL Database and I have not had luck at all with figuring out what to do with the error 18456. I Many times I've seen the "Just right click the database and go to properties and security" but there is no security. In fact there seem to be a lot of things I don't have when I right click. I barely know anything about any of this though, so I've tried quite a few things. At one point I thought I needed to use the sample adventure works. but that wasn't it. So I'd be really grateful if anyone helped.
[SSMS Version: 16.4.1]
[Azure SQL Database: Server Version 12]
Picture of my properties menu in SSMS(SQL Server Management Studio)
]
Picture of my right click
]
Your error is common, but the way you solve it on-premise or using virtual machines (Infrastructure-as-a-Service, IaaS) is different than how you would solve it for Windows Azure SQL Database (WASD). WASD is a Platform-as-a-Service version of SQL Server. The SQL Instance is logical, so you have to change some of your thought processes. One of the chief ways you'll need to change your thought processes is in how you manage your SQL Databases.
When you're in WASD and you create a database, you're asked to create an administrative username and password. Using that account you can deploy the schema of your database as well as SQL Authenticated Users and permissions. You don't have permission to change the instance's authentication types, that's why you don't see an option for security when you right-click on the instance name and choose properties.
The following steps are how you would create a new LOGIN to allow this new user to authenticate to the virtual instance. After you've created a LOGIN, you then need to create a database USER for this LOGIN. With this USER, you can then assign permissions for what this USER can and cannot do.
Adding Logins for your Windows Azure SQL Database
A few notes before we get started. In the following code anything in angle brackets (< and >) mean this is a variable you can change. So would be the username you want to create for your Entity-Framework application. would be the password you want to use for your .
Use your administrative credentials to connect to your instance. This account has permissions to control everything about your database. When you connect, you should find that by default you've connected to the master database on that instance. If not, use the drop-down at the top of SSMS to change to master. "USE master" will not work.
From this connection, the following T-SQL will create your Entity-Framework's username and password.
CREATE LOGIN [<username>] WITH PASSWORD = '<password>';
At this point, if you were to try and connect to the virtual instance with this and , you could connect to your virtual instance, but not any database on this virtual instance. Your error message would say something like:
The server principal "" is not able to access the database
"" under the current security context....
You need to take at least one more step before this user can connect to your user database.
Now, from that same SSMS script window, change the database to the user database () you're granting access to. This will be the database you want your Entity-Framework application to use. Remember, use the drop-down at the top.
First we will create a database user for the login created in the previous step.
CREATE USER [<username>] FOR LOGIN <username>
Then, we will allow this to connect to your user database , the database you want the Entity-Framework application to use.
GRANT CONNECT TO [<username>]
At this point, your new username can log in to the virtual instance and connect to your user database.
Now, you will need to add any other permissions this user will need. For example, if your will only need read permissions, you could get away with adding the user to the db_datareader database role. Add those permissions now.
Special note about connection and connection strings
Your user is now setup to connect to your user database. That means in SSMS if you try and connect with your Entity-Framework user, there is an extra step to your connection dialog box. Before you click Connect, you have to hit the Options button.
Since your user cannot hit master, you have to tell SSMS you want to connect to the user database first and avoid hitting master. By default, SSMS will try to connect to your SQL instance's master database first.
You have to enter the name of the database in the "connect to database" entry. After you've entered the database, you can then hit connect.
I'll guess that in your application it already had the "Default Catalog=" value set to your user database, and you were able to connect. Setting this value in options is like setting that "Default Catalog=" value.
I hope this helps you in breaking into WASD a little more.
EDITS: attempting to add clarity to the differences between IaaS SQL Server instances and PaaS Windows Azure SQL Database. I previously missed the FOR LOGIN clause on the CREATE USER statement.
I have been asked to maintain a site created in ASP classic that uses a SQL Server database.
I was given the database in the form of a backup. I restored the database on my local computer and created a DSN connection to it. However when I attempt to load my site, the stored procedures the site relies on give an error that execute permission was denied.
The stored procedures in question have a user named UserSecure showing as the only person with EXECUTE permission, I have tried creating a user by that name but that does not work, even though I can manually login to SQL Server Management Studio using UserSecure trying to connect from the web page using those credentials gives a login failed error.
If I run sp_helplogins my Windows credentials are shown as being owner of the database, and I can in fact execute from within SSMS but not from an ADO connection.
On another note the connection in the webpage was coded like this, I am not familiar with the application part of the connection. Perhaps this is part of the problem? I have tried connecting with a DSN and DSN-less connection and can connect but not do anything with the database?
You should make sure the database server login is mapped to the appropriate database user (this problem crops up often when dealing with database backups). If it is not, then you need to fix the mapping. Fortunately, there is a command called sp_change_users_login that you can use to fix this problem.
First, check if your login is mapped to your database user. Using SQL Server Management Studio (assuming SQL Server 2008), look under Security/Logins for UserSecure. If you see it in the list, double click on it and select User Mapping. From there, locate the database you are trying to connect to, and see if UserSecure is mapped to that database. If it is not, you may be able to fix it using the following command (assuming UserSecure is the name of both the login and the user):
EXEC sp_change_users_login AUTO_FIX, UserSecure
See MSDN for more info on sp_change_users_login:
http://msdn.microsoft.com/en-us/library/ms174378.aspx
One issue that has bitten me a few times:
If your stored procedure (or view) requires permission from a user (let's say userA), and the stored procedure calls another database's table or view (say viewB), it is not sufficient to just make a login on viewB's database, you must also explicitly grant userA permission to select/execute/etc. on viewB (which in turn requires a user on viewB's database)
So in your case, you may need to explicitly grant UserSecure execute permission on a stored procedure on an existing database referenced by the one you restored.
This may not be the most elegent fix, but I quit focusing on the one procedure and instead granted execute permission to the guest user on the entire DB. Since this is only running on my personal machine security is not an issue and it seems to have fixed the problem.
Know the problem all too well,
The ID of the user(name) will be different from the backed up database to the restored one. MSSQL stores the ID of the user and not the username (text), so the ID will be different (99% of the time) per machine and backup. So when the ID does not match you don't have access.
All you need to do is delete the user and recreate it, make sure you do it in both places:
Delete the user from the database first:
DATABASE -> SECURITY -> USERS -> Right click (username) + delete
Then goto
SECURITY -> LOGINS -> Right click (username) + delete
Then recreate the user and give the account the correct permissions and you're all good.
So basically I'm building an app for my company and it NEEDS to be built using MS Access and it needs to be built on SQL Server.
I've drawn up most of the plans but am having a hard time figuring out a way to handle the auditing system.
Since it is being used internally only and you won't even be able to touch the db from outside the building we are not using a login system as the program will only be used once a user has already logged in to our internal network via Active Directory. Knowing this, we're using a system to detect automatically the name of the Active Directory user and with their permissions in one of the DB tables, deciding what they can or cannot do.
So the actual audit table will have 3 columns (this design may change but for this question it doesn't matter); who (Active Directory User), when (time of addition/deletion/edit), what (what was changed)
My question is how should I be handling this. Ideally I know I should be using a trigger so that it is impossible for the database to be updated without an audit being logged, however I don't know how I could grab the Active Directory User that way. An alternate would be to code it directly into the Access source so that whenever something changes I run an INSERT statement. Obviously that is flawed because if something happens to Access or the database is touched by something else then it will not log the audit.
Any advice, examples or articles that may help me would be greatly appreciated!
Does this work for you?
select user_name(),suser_sname()
Doh! I forgot to escape my code.
Ok, it's working here. I'm seeing my windows credentials when I update my tables. So, I bet we missed a step. Let me put together a 1,2,3 sequence of what I did and maybe we can track down where this is breaking for you.
Create a new MSAccess database (empty)
Click on the tables section
Select external data
Pick ODBC database
Pick Link to the datasource by creating a linked table
Select Machine datasource
Pick New...
System Datasource
Pick SQL Server from the list and click Next, Finish.
Give the new datasource a name and description, and select (local) for the server. Click Next.
Pick "With Windows NT authentication using the network login ID". Click Next.
Check Change the default database to, and pick the DB. Click Next. Click Finish.
Test the datasource.
Pick the table that the Trigger is associated with and click OK.
Open the table in Access and modify one of the entries (the trigger doesn't fire on Insert, just Update)
Select * from your audit table
If you specify SSPI in your connection string to Sql, I think your Windows credentials are provided.
I tried playing with Access a bit to see if I could find a way for you. I think you can specify a new datasource to your SQL table, and select Windows NT Authentication as your connection type.
Sure :)
There should be a section in Access called "External Data" (I'm running a new version of Access, so the menu choice might be different).
Form this there should be an option to specify an ODBC connection.
I get an option to Link to the datasource by creating a linked table.
I then created a Machine datasource. I selected SqlServer from the drop down list. Then when I click Next, I'm prompted for how I want to authenticate.
CREATE TRIGGER testtrigger1
ON testdatatable
AFTER update
AS
BEGIN
INSERT INTO testtable (datecol,usercol1,usercol2) VALUES (getdate(),user_name(),suser_sname());
END
GO
We also have a database system that is used exclusively within the organisation and use Window NT logins. This function returns the current users login name:
CREATE FUNCTION dbo.UserName() RETURNS varchar(50)
AS
BEGIN
RETURN (SELECT nt_username FROM master.dbo.sysprocesses WHERE spid = ##SPID)
END
You can use this function in your triggers.
It should be
select user name(),suser sname()
replace spaces with underscores
you need to connect with integrated security aka trusted connection see (http://www.connectionstrings.com/?carrier=sqlserver)
How many users of the app will there be? Is there possibility of using windows integrated authentication for SQL authentication?
Updated: If you can give each user a SQL login (windows integrated) then you can pickup the logged on user using the SYSTEM_USER function.
My solution would be not to let Access modify the data with linked tables.
I would only create the UI in Access and create an ADO connection to the server using windows authenticated in the connection string. Compile you Access application as dbe to protect the VB code.
I would not issue SQL statement, but I would call stored procedures to perform the changes in the database, and create the audit log entry in an atomic transaction.
The UI (Access) does not need to know the inner works on the server. All it needs to do is request and update/insert/delete using the stored procedures you would create for this purpose. The server should handle the work.
Retrieve a record set with ADO using a view with the hint NOLOCK implemented in the server and cache this data in Access for local display. Or retrieve a single record and lock only that row for editing.
Using linked tables your users will be locking each other.
With ADO connections you will not have the trouble to set ODBCs on every single client.
Create a table to set the server status. You application will check it before any action. you can use it to close the server to the application in case that you need to perform changes or maintenance.
Access is a great tool. But it should only handle its local data and not be allowed to mess with the precious server.