I have Windows server 2008 with MS SQL Server 2008 R2 standard edition.
On Windows server I created a local group and added domain users into it.
On SQL server I create a login mapped into the windows group.
For this login I created user mappings for several databases with public roles.
Each databases table has grant to select for public role.
The problem is the domain users can select data from all tables except one database.
I compared setting for all databases. They are the same.
Is it a way to check security setting like I can check a database consistency using DBCC CHECKDB or something?
After using "SELECT * FROM fn_my_permissions ('Accounts', 'OBJECT')
ORDER BY subentity_name, permission_name;" the problem disappeared. I used a lot of other functions to check the security settings (e.g. sp_helpuser, sp_helprolemember), so I am not sure which one really helped.
Anyway somehow the problem got fixed.
Related
I am a beginner with SQL so I struggle with the MSDN description for creating a linked server in Management Studio.
I whant to link a SQL Server into another to use everything from ServerB on ServerA to e.g. provide one location other systems can connect to.
Both servers are in the same domain and both server have several databases inside.
When I start creating a linked server on ServerA in the general tap I select a name for the linked server and select SQL Server as Server type.
But I struggle on the Security tap. I have on both servers sa privilege so what is to set here?
Or which role should I take/crate for this connection?
My plan is to create views in a certain DB on ServerA with has also content of ServerB inside.
This views will be conusumed from an certain AD service user.
I already added this service user to the security on ServerA where the views are stored.
Do I also have to add this user somewhere on the linked ServerB?
I would recommend that you use Windows Authentication. Activate Security Delegation.
In the Security tab, choose "Add". Select your Windows user and check "Impersonate".
As a quick and dirty solution, you can choose "Be made using this security context" from the options list and enter a SQL Login which is valid on the remote server. Since quick and dirty solutions tend to last, i would strongly recommend to spend some time on impersonation.
In Server Objects => right click New Linked Server
2. The “New Linked Server” Dialog appears. (see below).
3. For “Server Type” make sure “Other Data Source” is selected. (The
SQL Server option will force you to specify the literal SQL Server
Name)
Type in a friendly name that describes your linked server (without spaces). – Select “Microsoft OLE DB Provider for SQL Server”
Product Name – type: SQLSERVER (with no spaces)
Datasource – type the actual server name, and instance name using this convention: SERVERNAMEINSTANCENAME
ProviderString – Blank
Catalog – Optional (If entered use the default database you will be using)
Prior to exiting, continue to the next section (defining security)
Click OK, and the new linked server is created
The easiest way would be to specify to make the connection using the current context, i.e. the user loging on to ServerA:
EXEC master.dbo.sp_addlinkedserver #server = N'ServerB', #srvproduct=N'SQL Server'
EXEC master.dbo.sp_addlinkedsrvlogin #rmtsrvname=N'ServerB',#useself=N'True',#locallogin=NULL,#rmtuser=NULL,#rmtpassword=NULL
This however assumes that users accessing the linked server connection have the correct privileges on ServerB (part 2 of your question) - otherwise you'd need to use impersonation as described by Martin K.
I'm creating a trigger that should create or delete data on a table on another database than my own. If the database is running on a different server, I can add a linked server, and be able to access it that way.
But what if both databases are running on the same sql server, but with different usernames and passwords? How can I give Db1.user1 access to Db2? I guess one solution is to add user1 to Db2, but can I also "tell" sql server that when Db1.user1 is trying to access Db2, please use user2?
I am running Ms SqlServer 2008 r2
you can use linked server connection not only to connect to a remote server but also to link to another database on the same server ... and specify credentials if needed ...
I am a bit new to this VB.NET application stuff. I currently try to develop a application using Microsoft Visual Basic. Net with Remote SQL Server 2005.
In my application include user login using Username and Password. The application will use from many branches. Every branch have their own Username and Password. I create User Master table in SQL Server Database with SLN, User_name, Password, Branch, Note fields.
Now I want to design a VB.Net Form in my application where I can get all Username and Branch login status in a DataGridView like....
Header - *Branch Username Status*
Value - Kolkata U00001 Logged
How can I get this? If any senior vb.net developer or expert solve the same i will be very thanks full to him. Thanking you.
Here is some SQL to extract the current users:
select distinct DB_NAME(dbid),loginame, dbid
FROM sys.sysprocesses
where [dbid] not in(0,1,4) -- exclude list
Note there are two levels of security in SQL Server - SQL Security and "Integrated" security. The latter uses the windows login, SQL Security is managed by you within SQL Server. It looks like you intend to add an SQL user/login named for the branch with a defined password that everyone in the branch will use. Not a great idea IMO. You can use integrated security and add each windows user to SQL server and then add the SQL users to security groups to control access to the SQL objects. This would require each user to authenticate with your windows servers first locally before they can connect to the remote server.
I'd highly recommend you upgrade to at least SQL Server 2008 R2.
I am attempting to migrate from SQL Server 2005 to SQL Server 2008. Both of these database instances are hosted on 3rd party shared servers that I do not have full permissions to. They are using mixed mode authentication.
I am running into trouble setting up the new database the same way the old one was set up. Specifically, the new web-based control panel doesn't allow a dbo to be specified when creating a new database and then when using Red Gate SQL Compare to sync up the schemas I am having problems because some objects (that don't explicitly specify dbo in the script) are being created with the prefix of the user account rather dbo.
I have poured over the documentation trying to find a way to force my login "user1" as dbo to the "db1" database. I came to the conclusion that the script should look like this:
ALTER AUTHORIZATION ON DATABASE::db1 TO user1
Before running this script, the login "user1" already exists, but is not a user for database "db1". Note I had to submit this script to the support of my hosting company in order to run it. According to the hosting company the statement successfully executes, however when I compare the databases using SQL Compare the user "user1" has not been physically added to the database like it was under SQL Server 2005. When trying to add it using the script:
CREATE USER [user1] FOR LOGIN [user1] WITH DEFAULT_SCHEMA=[dbo]
I get the error message:
"The login already has an account under a different username"
I have tried dropping all of the other users from the database, but the error message still persists - which I find odd.
While I could just fix the scripts by explicitly specifying dbo, this would inevitably be a time bomb waiting to go off because if any new script were introduced that didn't explicitly specify dbo there would be a failure during synchronization. Since some of the scripts are from 3rd parties, this is not a good solution.
So my questions: Is there another statement that I need to run in order to add "user1" to the database as a user that is dbo? Is there anything that has changed in the implementation between SQL Server 2005 and SQL Server 2008 R2 that could cause these inconsistencies?
I am unfortunately not able to test to find an answer to the second one because I don't have another SQL Server 2008 database to test with and I don't have full access to do anything I want on this one.
The old database was created through a control panel which forced dbo to be specified and the new one doesn't allow dbo to be specified when creating a database.
From what i have gathered the following should suffice.
ALTER USER [user1] WITH DEFAULT_SCHEMA=[dbo]
The create wasnt working as it already existed.
I created a few databases within a large hosting provider network. When I use Microsoft SQL Server Management Studio 2008 R2 to connect to the SQL instance I see a list of every SQL database on the server. Is there a way I can tell Management Studio to only display the tables I have access to?
I found a few articles online that said to deny my user the permission to view the other databases. That wouldn't be an issue, except I don't think I can do that from my end. I'd like to solve my problem without having to call my hosting provider. Regards.
Unfortunately what you are asking is NOT possible at this time. I know this is NOT what you are looking for :-)