I have to send emails from SQL Server 2005 or 2008. I have done this in the past with additional stored procedures (sp_send_html_mail) and complex configuration / activations. Is there standard build-in stored procedure which sends email via SMTP (not MAPI/CAPI/Outlook profiles)? I found sp_send_dbmail on this topic but not sure is it the only one and what security issues are possible (except spam)?
Yes, sp_send_dbmail is the one to use for both SQL Sever 2005 and 2008.
You will need to make sure it has been configured on your server. It's been a while since I did such a config, but if memory serves me correctly, it is off by default. Have a look at the MS docs for that process, Configure Database Mail. Setting an SMTP server is doable as well. There are lots of options in there so give it a thorough review.
If you are worried about unwanted use of that sp you can use roles and/or execute permission to limit access to it. From the MS docs on troubleshooting dbmail:
To send Database mail, users must be a user in the msdb database and a
member of the DatabaseMailUserRole database role in the msdb database.
To add msdb users or groups to this role use SQL Server Management
Studio or execute the following statement for the user or role that
needs to send Database Mail.
EXEC msdb.dbo.sp_addrolemember #rolename = 'DatabaseMailUserRole'
,#membername = '<user or role name>';
GO
Related
I have a contractor who I want to give access to a website that connects to a database. I need to create a SQL Server user that can connect and read and write to the database.
However, I don't want this user to be able to connect to the SQL Server via something like Management Studio. Are there permissions that need to be enabled or disabled to accomplish this in SQL Server Management Studio?
SQL Server Management Studio (SSMS) is basically a normal client that makes SQL statements in the background. If you create a login in the SSMS, then no magic happens, but a CREATE LOGIN. This can be recognized by the fact that there is (almost) always the possibility to generate the appropriate SQL statement via "Script as", which is normally done in SSMS via the graphical user interface.
If you would lock out SSMS, then other clients as well. And even if there were a setting, there are other possibilities via Powershell and the like. So this is not the way to go.
I suppose you don't want the contractor playing around on the SQL server just because he got access to a database? He is allowed in the house, but not in all rooms....
In other words, it can only be done via permissions, where there is a login to connect to the SQL Server on the one hand and a database user who gets access to the database on the other hand. Therefore there are authorizations on SQL server level (login) and database level (user).
CREATE LOGIN testlogin WITH PASSWORD = 'wowThisIsKewl';
GO
USE [YourDatabase]
GO
CREATE USER [dbuserlogin] FOR LOGIN [testlogin] WITH DEFAULT_SCHEMA=[db_owner]
GO
Each login belongs first to the SQL Server role "public", unless additional or different authorizations are granted. You can connect to this role, but e.g. you can not create databases, perform backups etc.... Just try it out.... =)
At the same time DB_OWNER at database level allows the login to read and write data, etc. and more.
I'm new to CDC so I started investigating the stored procedures that enable CDC in an SQL Server database. Examining sys.sp_cdc_enable_db and I get the message Could not find stored procedure sys.sp_cdc_enable_db_internal. I've looked all over my database and in the master and msdb databases. Please could anyone tell me why SSMS can't find this stored procedure?
The feature is available only in SQL Server Enterprise and Developer editions, starting with. It can be enabled only using system stored procedures. SQL Server Management Studio provides a wide range of code templates for various feature related actions
To open the templates:
In the SQL Server Management Studio menu, open View
Click Template
Open SQL Server Templates
Open the Change Data Capture sub-folder. The T-SQL templates for administration, configuration, enumeration and meta data querying are available
To set up the feature:
Make sure SQL Server Agent is running. If not, right-click it in Object Explorer and click Start
To enable the feature on the database, open the Enable Database for CDC template in the Configuration sub-folder, and replace the database name with the name of the database you want to track
USE AdventureWorks2012
GO
EXEC sys.sp_cdc_enable_db
GO
The login used must have SQL Server sysadmin privileges and must be a db_owner of the database. Otherwise, you’ll get the following error
sg 22830, Level 16, State 1, Procedure sp_cdc_enable_db_internal, Line
193 The failure occurred when executing the command
‘SetCDCTracked(Value = 1)’. The error returned was 15517: ‘Cannot
execute as the database principal because the principal “dbo” does not
exist, this type of principal cannot be impersonated, or you do not
have permission.’. Use the action and error to determine the cause of
the failure and resubmit the request.
Vist For More Information
https://solutioncenter.apexsql.com/enable-use-sql-server-change-data-capture/
is it possible to send an email with SQL Server? I would like to be able to create a procedure for sending an email. It seems that I have to do some configuration according to this site but I don't have admin access on my machine. How can I achieve that ?
Thanks for your help !!
P.S : I am working on Windows
If you have limited privileges on the SQL Server why don't you write the query to obtain the users' names, email adresses and forgotten DVD titles and send the email from you application?
As long as you have access to an SMTP server you should be good to go.
Or you could always try the obvious:
USE YourDB;
GRANT CONTROL SERVER TO ME AS (JON_SKEET OR CHUCK_NORRIS);
GO
:-)
You could use a CLR Stored Procedure.
See this example for instance: Send Email from SQL Server Express Using a CLR Stored Procedure
Sending it via .NET would allow you to relay on a external SMTP and not having to configure Database Mail.
xp_sendmail is the command you want for older versions of SQL Server. Note that this is being removed from future versions, so for versions which support it use Database Mail.
EDIT Sorry - just read your full post. If you don't have the rights to enable mail sending, you'll need to speak to the admin who has. Server security is not designed to be "worked-around". Why does the mail have to be sent from SQL Server?
I am using SQL Server 2008 64-bit Enterprise on Windows Server 2008 Enterprise 64-bit. I find when I execute the following statement in SQL Server Management Studio, I need sysadmin permission. I am using the statement to import data from Excel to a database table. My question is, I am concerned that sysadmin permission is too high, any solutions to use lower privileged permission to implement the same function?
select * from OPENROWSET('MICROSOFT.ACE.OLEDB.12.0',
'Excel 12.0;HDR=YES;DATABASE=C:\mytest1.xlsx',sheet1$)
From books online OPENROWSET (Transact-SQL)
The user requires the ADMINISTER BULK OPERATIONS permission.
And here is the entry for GRANTing it. It is a server-level permission, so yes, it is quite high.
To try lower permissions, you could create a standard linked server connection and add a login using
EXEC sp_addlinkedsrvlogin 'LINKSERVERNAME', 'false',
'localuser', 'rmtuser', 'rmtpass'
There does not appear to be any specific permissions required to be granted, so if you set up a linked server, it is unwise to set it up with a generic linkedsrvlogin that maps to every local user. Set up specific local-remote mappings to control the access of a local user, through the linked-server, at the remote server (by the rmtuser login).
select * from OPENROWSET('MICROSOFT.ACE.OLEDB.12.0',
'Excel 12.0;HDR=YES;DATABASE=C:\mytest1.xlsx',sheet1$)
Please try with this one
I have backed up and restored a MS SQL Server 2005 database to a new server.
What is the best way of recreating the login, the users, and the user permissions?
On SQL Server 2000's Enterprise Manager I was able to script the logins, script the users and script the user permissions all seperately. I could then run one after the other and the only remaining manual step was to set the login password (which do not script for security reasons)
This does not seem possible in SQL Server 2005's Management Studio, making everything very fiddly and time consuming. (I end up having to script the whole database, delete all logins and users from the new database, run the script, and then trawl through a mixture of error message to see what worked and what didn't.)
Does anyone have any experience and recommendations on this?
The easiest way to do this is with Microsoft's sp_help_revlogin, a stored procedure that scripts all SQL Server logins, defaults and passwords, and keeps the same SIDs.
You can find it in this knowledge base article:
http://support.microsoft.com/kb/918992
Run this:
EXEC sp_change_users_login 'Report'
This will show a list of all Orphaned users, for example:
Now execute this script here for each user, for example
exec sp_change_users_login 'Update_One', 'UserNameExample', 'UserNameExample'
This fixed my problem.
I use the SQL Compare product from Red Gate (http://www.red-gate.com/products/SQL_Compare/index.htm). There are other similar products around but I've had no reason to look for one as SQL Compare has never let me down.
You'll find it is useful for a lot more than the your current requirement as it will help synchronize all types of database object, not just login and permissions.