Is possible to have windows authentication with connect, read and write rights, but without possibility the user has rights to connect with SQL Management Studio? I want the user has rights to connect and execute queries with his own domain username from an application, but not to connect from SQL Management Studio.
The only solution which I have succeeded to find is this: Define login only with rights to execute stored procedures, then move all queries to SP. By this way you can connect with SQL Management Studio but cannot list any table or change anything or even see the table/sp names.
Related
Can I create a credential in SQL Server 2012 for a group? Not an individual user.
I am trying to give a group of users access to execute SSIS packages using the SQL Server Agent. which requires a proxy account on a credential.
Instead of creating a credential for every single user, I just want to create one credential. I do not know the password for the group, is there a password which exists that the DBAs might know of?
These are two different things.
On the SSIS side, your SSIS package has to run in a security context that gives it rights to do what it needs - connect to databases, open remote files etc. This has nothing to do with the user that starts the package.
On the user side, users need to have rights to execute the package. The user does not need the same file and database rights as the package. So hopefully you can understand these are two different security items.
Your SQL Agent proxy needs to be granted all rights required by the package. This is a single credential (windows account). It isn't a group. A group doesn't have a password, it just contains a bunch of logins
Your users on other hand can be belong to a windows group. Then you add that group to the SQL Server as a SQL Server login. Then you give that windows group access to the msdb or SSISCatalog database and add them to appropriate roles.
Here are the list of roles:
https://msdn.microsoft.com/en-us/library/ms141053.aspx
and here is a guide on granting access at the individual package level
https://blogs.msdn.microsoft.com/mattm/2012/03/19/ssis-catalog-access-control-tips/
I know that links for answers are frowned on but the main concept is that the package execution security and user rights to execute packages are two separate things
I have a SQL Azure database. I can successfully connect to the database via the Azure management portal. In addition, I can successfully connect to the database from my application using the Entity Framework. Unfortunately, I cannot connect to the database via SQL Server Management Studio.
My thought was that SQL Server Management Studio could not connect to the 'master' database. For that reason, it would fail. So, I tried adding the database name via the "Connect to Database" field on the "Connection Properties" tab. Yet, I get the same error. The error looks like the following:
TITLE: Connect to Server
------------------------------
Cannot connect to tcp:{serverName}.database.windows.net,1433.
------------------------------
ADDITIONAL INFORMATION:
Login failed for user '{username}'.
This session has been assigned a tracing ID of '{id}'. Provide this tracing ID to customer support when you need assistance. (Microsoft SQL Server, Error: 18456)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476
What am I doing incorrectly here? This "server" has 2 SQL Azure databases on it that I'd like to access via management studio. How do I add users so that i can login an manage those two databases? Is there a way to even manage users on a SQL Azure database? I can't seem to figure it out.
Thank you for your help.
What version of SQL Enterprise Management Studio are you using? You need at least SQL Enterprise Management Studio 2008 R2 or later. (Might as well get the latest: http://www.microsoft.com/en-us/download/details.aspx?id=29062)
Assuming you've got that, you'd enter it like so in the Connect to Server dialog:
Server type: Database Engine
Server name: tcp:servername.database.windows.net
Authentication: SQL Server
Login: username#servername
Password: password
That should do it -- the other thing to check are the firewall restrictions. You'd be seeing a different error ("client IP address is not allowed access") but it's good to verify that, anyway.
I am using Arvixe to host my sql server and websites, and would like to begin managing my database with a Visual Studio SQL Server database project so that I can get some source control going on the backend.
When I try to script my database's CREATE TO statement or use Visual Studio's import wizard, I get a permissions error:
Requires VIEW DEFINITION, ALTER ANY LOGIN, and SELECT ON sys.sql_expression_dependencies or be a member of db_owner role.
Has anyone had any luck managing an Arvixe sql server database with Visual Studio Database Projects, or have any tips for using the tools without those permissions? Their Tech support has been unable to help so far.
Edit: I am a member of db_owner, but i think Arvixe restricts permissions since its a shared server instance.
you don't have enough permission on database. you must to have db_owner permission.
how do i convert my sql server management studio express to server authentication mode.. please help regarding this..
I assume you mean SQL or Mixed-mode Authentication (the ability to login using your SA account). Follow the instructions in this link.
You should be able to connect to it as normal via whatever method you already have (this requires sufficient Admin permissions).
Then to enable access via SQL Logins you can
Right click on the instance name in Management Studio (mine is localhost\SQLEXPRESS (SQLServer 10.0.1600)).
Go to the Security tab.
Then you should be able to enable SQL Logins by clicking SQL Server and Windows Authentication Mode.
Click ok and you're done!
You can now add SQL Logins as connect via them as you would normally.
I am a developer-having-to-play-admin and wish to connect to a remote sql server from my development machine using a sql server user ("op_web").
When I try to connect from vs2008 Server Explorer, I can connect to the server, but no databases are listed. If I connect using the server admin user, all databases are listed as expected.
The server is a relatively fresh install made by me.
I have
allowed for remote connections in sql server.
created the login op_web at server level
created a user at database level and assigned to login with same name
assigned roles to the user to allow for reading and writing - I have assigned no schemas and default schema for the user is dbo.
If I log on (locally at server) using sqlserver management studio/sqlserver authentication and the created login, I can display and alter table data as I would expect.
Remote access gives me no choice of databases.
Any pointers to what I might have missed?
You have to give your users rights on the database.