I am having trouble adding a user to a test database I set up on my local machine. I have added the user fine but the user does not have permission to SELECT (Or anything else for that matter) on the database. I have tried gone the the permission tab under the server, the database, and the table (there is only one it is a very simple database just for testing) and selected grant for every single option yet it still does not work. I have also tried doing a Transact-SQL command like:
use testing
GRANT SELECT, UPDATE, DELETE, INSERT TO User
and a couple of other combinations that return successfully but I still do not have permission to select data from the table. Any suggestions?
Add the user to the db_datareader role to give the user select access to all of the tables.
Add the user to the public database role and they should be able to SELECT against the database (unless you have changed the public role's permissions).
Related
I have Sql Server 2019
I want to create a user with limited privileges, that user have permission only to SELECT on one database tables, I will have 4 different users with same privileges on one(same) database
When I create everything, login, db user for this login, grant select to user,
and log in as that new user in SSMS, when I click on the database where there is no user for my login popup tells me that I have no privileges and I don't see any tables
If I click on the database I have select rights for, I see tables, I can select, but I can also alter, exec, update, insert, everything....
if I write query 'USE anotherDatabase', I can, and then I can select, insert, everything on those other database tables, although I am not a user on that other database
i can also exec
SELECT * FROM SYSOBJECTS WHERE xtype = 'U' GO
on any database
Do I have to setup the server differently so that I can create user that can only SELECT on one database
Any help
I tried creating roles, addrolemember, deny, revoke, everything i colud find as a solution
I do have admin permission for a certain Azure SQL Server. So using my admin login I created a database user against a specific Azure SQL database in the following manner:-
CREATE USER myuser WITH PASSWORD = '<pwd>'
ALTER ROLE [db_datareader] ADD MEMBER [myuser]
After this I successfully logged into the database using this new credential for myuser. I discovered that while I can query data from most of the tables , there are certain tables for which I can't select any data. I can see the table name in SSMS , also no error for SELECT queries against those tables I receive , the only issue is that SELECT doesn't return any data ( 0 rows ) for those tables. If I fire SELECT using my admin credentials , I can very much see the result.
I tried to reproduce the same issue using the same commands which you have shared.
FYI, as a part of repro, I created an Azure SQL Server and then SQL database in the same server. I added three sample tables to match the scenario as you mentioned. Then I created user and grant db_datareader role with the same commands as you mentioned. It worked fine for me. I’m able to read the data of all the table in that specific database.
I suggest you consider How to Create Login, User & Assign Permissions in SQL Server and Overview of db_datareader role.
Alternatively, you can grant select permission to those tables which you are unable to read using below command:
GRANT SELECT ON <tablename> TO <user>;
I've got
url: jdbc:oracle:thin:#195.123.456.789:1521:someSID
User: artem
Password: unchangeableForAllUsers
I'm also got second DB, all the same, changing only the name
url: jdbc:oracle:thin:#195.123.456.789:1521:someSID
User: denis
Password: unchangeableForAllUsers
How can I make update query from one DB to other? Using pl/sql I've got next message from Web-browser, when I try to change artem.table to denis.table:
ORA-01031: insufficient privileges
SQL Statement ignored
When I try to save changes in artem pl/sql package(query to denis db, like that
update denis.table dt
set dt.someColumn=1
where dt.ID=3305;
), see next in my IDE:
PL/SQL ORA-00942: User table or view does not exist
While I'm in IDE, logged like artem, I can to change and commit other users db free, from IDE SQL console.. maybe couse they have the same url and password? How can I save my query
update denis.table dt
set dt.someColumn=1
where dt.ID=3305;
in artem package for get access(update cell) to nearby database from Web-site, when i logged there like artem.
Thanks
As described, this is not a jdbc or plsql issue but rather a permissions issue.
You are connecting to the same database, but as two different users. In Oracle, a user has their own schema (same name as the user). If you wish to access data in schema A from schema B, schema A must GRANT permissions to schema B.
For example, if you want the user "artem" to have permission to UPDATE table "mytable" in schema "denis", log into the account "denis" and GRANT UPDATE permission to "artem":
-- While logged in as "denis"
GRANT UPDATE ON mytable TO artem;
Now you can log in as "artem" and query "denis.mytable". Grants you may want to give: SELECT, INSERT, UPDATE, DELETE. This, of course, works both ways (if you want user "denis" to have access to "artem" objects, then "artem" must GRANT permission to "denis".
I have two databases.
Databases:
1. DB1
2. DB2
I have created two new logins.
Logins:
1. DB1_login
2. DB2_login
Next, I created user for each database mapped to the above logins.
create user DB1_login1_user1 for login DB1_login;
create user DB2_login2_user2 for login DB2_login;
So, DB1_login1_user1 user of DB1 database will be mapped to DB1_login1 login and DB2_login2_user2 user of DB2 database will be mapped to DB2_login2 login.
Granted database role permissions for both users is db_datareader and db_datawriter.
In DB2, I have a table named dbo.sample_table.
My requirement:
Let us consider that I have logged in as DB1_login1.
In this login, I have granted permissions for DB1_login1_user1 user to DB1 database.
Now from DB1, I have to select a table dbo.sample_table at DB2, which was mapped to another login DB2_login2.
Below is the query what am I trying to do is.
--CURRENTLY LOGGED IN AS DB1_LOGIN1
USE DB1;
EXECUTE as login='DB2_login2'
select * from DB2.dbo.sample_table
GO
I tried GRANT IMPERSONATE on LOGIN::DB2_login2 to DB1_login1, but it didn't work and also, I'm not aware about granting permissions across logins. I think granting permissions matters and I need help in doing that.
How can I execute the above query successfully?
Any help would be appreciable.
The users you created exist only in their respective databases, so what you're trying to do is not possible. Even if it were, or you allow acces (create users for login) in both databases and give then permissions and enable cross-database access, it would be too much of a security risk.
I'd suggest using stored procedures to acces data cross database. Stored procedure should be signed with a certificate, and the same certificate created in both databases. I've had it implemented on various occasions and it works flawlessly.
There is a great sample of this by Erland Sommarskog here.
I did granting permissions on login.
From administrator login "Sa", I executed the below query.
GRANT IMPERSONATE ON LOGIN::DB2_login to DB1_login;
And then from DB1_login, executed the below query for accessing DB across logins.
USE MASTER;
EXECUTE as login='DB2_login';
SELECT * FROM DB2.dbo.sample_table;
REVERT;
GO
Finally for my situation, I have solved the problem.
I have a database that I need to connect to and select from. I have an SQL Login, let's call it myusername. When I use the following, no SELECT permission shows up:
SELECT * FROM fn_my_permissions ('dbo.mytable', 'OBJECT')
GO
Several times I tried things like:
USE mydatabase
GO
GRANT SELECT TO myusername
GO
GRANT SELECT ON DATABASE::mydatabase TO myusername
GO
GRANT SELECT ON mytable TO myusername
GO
It says the queries execute successfully, but there is never any difference in the first query. What simple thing am I missing to grant database level select permissions.
As a note, I made double sure it was the correct user, correct database, and I have already tried granting table level select permissions. So far I keep getting the error:
SELECT permission denied on object 'mytable', database 'mydatabase', schema 'dbo'.
Any ideas what I'm missing? Thanks in advance.
EDIT/UPDATE:
Upon right clicking the SQL User in SQL Server Management Studio 2008, I discovered every single Database role is checked, including db_denydatareader and db_datareader... might this be blocking my ability to grant permission at the database level? If this is so, what is the purpose of db_denydatareader? It seems silly to me to have a 'DENY' that can't be viewed when querying permissions.
SUMMARY:
Sure enough, that fixed it.
In SSMS - under Databases-->mydatabase-->Security-->Users-->myusername, right click the username, select properties. Under database role membership, make sure db_denydatareader is not checked as this will override whatever permissions you had granted.
Knew it was something simple. :)
Have you tried reconnecting with that SQL user account?