I know that this question was asked a few times before, but none of the answers were helpful.
When I'm entering http://<localhost>/reports and enter credentials - there appears a message that this user doesn't have enough permission to enter.
I've made sure that user is an admin during installation of SQL Server 2008 R2, then I make it a dbowner in the report server database. In Windows, that user also has admin rights and I'm using IE as administrator.
What seems to be the problem? What should I do to deal with the problem?
First check the site security settings using the Site Settings link the upper right corner and then selecting Security on the left. Ensure that they are listed as a system user.
Check the security settings on the root folder of report manager by using the Folder settings link on the toolbar. You'll also need to check the permissions on any folders that have broken security inheritance.
Useful links:
Grant User Access to a Report Server (Report Manager)
Understanding SQL Server Reporting Services Authentication
-
Related
Is it possible to get SQL Server Management studio to use Azure Keyvault to get the connection parameters (server and credentials)?
I've created a key vault, added username and password secrets, now I'd like SSMS to go and get those values so the user never knows them.
I fear the short answer is no but there might be a better way of doing this than using a KeyVault.
I think the solution would be to add the user to the database as an Azure Active Directory user. There are instructions here Add Azure Active Directory User to Azure SQL Database
Go to the SQL server, select Active Directory Admin in the Settings
section
Click Set Admin and choose a user (I'm assuming you if you're setting
all of this up)
Click Save. I forgot this bit first time round.
Now you can sign in to the database with Azure Active Directory -
Password or Azure Active Directory - Universal with MFA
Right click on System Databases/master and create a new query
Run CREATE USER [a.name#example.com] FROM EXTERNAL PROVIDER;
And the user will be added to the database. I'm assuming that you'll still need to set permissions and the like but I think this would give you a simpler solution with more control over what people can do.
Your users might find Azure Data Studio even easier.
https://learn.microsoft.com/en-us/sql/azure-data-studio/download-azure-data-studio?view=sql-server-ver15
This has an Azure section where you can log in with your Azure credentials. Once signed in you can at least discover resources on your Azure subscription and if your account has been granted access as above it's then possible to run queries without any further authentication.
In SQL Server 2014, I have created a login with SQL Server Authentication with which I am trying to do BULK INSERT; however it is failing because Windows is not letting SQL Server access the folder where the insert file is. If I enable Full Control for Everyone the bulk insert works, but that is not an acceptable solution. Within SQL Server setup, I have tried adding a Credential (with windows authentication that has rights to the folder) to the login, but this didn't work. I have also tried adding Full Control for users my_server\SQLServer2005SQLBrowserUser$WIN-832289876 and my_server\SQLServerMSASUser$WIN-832289876$MSSQLSERVER but that didn't work either.
I always struggle with this. For me, allowing MSSQLSERVER full permission to the folder where the input file resides always seems to work.
Right-click the folder (as an admin on the box), go to properties, security, edit, add...
here is where I always get tripped up. For me, the server service account is "NT Service\MSSQLSERVER" and I can never search for that user. I have to type it in manually and check the name to make sure I typed it in correctly. For you, this may not be the service account used by your server. Check your services list from windows administrative tools to see what account is in "Log On As" for SQL Server (MSSQLSERVER).
I am attempting to set up an IIS 6.0 application running on Windows Server 2003 to use impersonation in order to avoid having to give users direct read/write access to the shared folders where the DB and web pages are stored. Can anyone provide me with details of how this can be set up to work in conjunction with Windows Integrated Authentication?
So far, I can tell that the web.config file (not sure whether it's the correct one) has the two lines mentioned on this thread (Impersonation in IIS 7.0) to allow impersonation and use the Windows logon method. However, users are still prompted for a logon and then told they are not authorized to view web pages. They can view pages if we turn anonymous logon "on", but then their user credentials aren't passed on to the site and therefore they can't access most of it.
I'm fairly inexperienced, so I'm a bit lost here. Thank you very much in advance for the help!
Thanks to intervention from Microsoft (definitely worth the flat fee they charge per incident), we were able to identify the problem. Instead of using the network path to identify the website location on the "Home Directory" tab of the IIS properties, we were using the local drive path. That was all that needed to be changed.
Once we switched to the network path and added a dedicated service account to "Connect As...", impersonation started working right away. Users pass their logged on credentials via integrated authentication (no logon required) and the service account takes care of executing their actions on the database file.
Access to the shared folder is limited to a brief list of administrators, and data access on the web application is limited based on user names.
If anyone is stuck with this and needs help, let me know!
I just installed ssms on my local computer.
When I try to create a database or a database table it gives me an error stating that I don't have the right permissions. I tried granting permissions for this user by going to Security->Logins->myUser. But again it told me I didn't have the right permissions. I then tried adding a new login/user which gave me the same error.
What can I do to give myself the correct permissions if I installed the ssms and there are no other users except sa, which has "login with this user" disabled by default. I can't login as another user and I can't change my current user permissions. VERY CONFUSED - someone please help!
During the installation you (or somebody else) had to add an user besides the SA to login with Windows authentication. Use this user.
Your user is a simple user that does not have enough permissions.
If you are not the guy who installed the server, ask whoever installed this to set the right permission for your user.
Also please check recover-sa-password and Disaster Recovery: What to do when the SA account password is lost in SQL Server 2005
You should check that you are placing the files in a folder where the SQL Server account (not the one you are logging on as, but the service account) has rights to write.
For starters, and not to be kept in a production environment, try to make sure that the default path for placing the database files has Read/Write set to Everyone.
My company has a MediaWiki setup which we are looking to make [partially] client accessible. Ideally each client would be able to see only their own page. Our wiki requires the user to be logged into view or edit, and we have the LDAP plugin (This one, specifically) so we can use our Active Directory credentials.
I see this question has come up before a few years ago, but I didn't see an question dealing with LDAP in particular. Can we manage a specific AD account if we give clients one on our domain for this purpose? Alternatively, is there a way to give clients a login directly into the wiki (sort of like logging locally into the computer, instead of the domain), that we could control the access rights of?
For reference: we are on MediaWiki version 1.19.1, PHP version 5.3.15, MySQL version 5.0.96-winx64, and the installation is running on Windows Server 2008 R2 x64 (IIS 7.5).
Thanks very much for the help!
You can use local accounts in addition to the LDAP accounts to log users in. You have to set $wgLDAPUseLocal to true in your LocalSettings.php. Basically, it adds another option to the domain drop down box on the login form that says "local". Users that want to log in with a local wiki account use that. I would also disable account creation on the wiki and create accounts manually for your clients.
Regardless of whether you use local accounts or AD accounts, for page-level access control, you would have to use one of these extensions. Extension:AccessControl seems to be a popular one.