I have a group called kwr-fs-dws-sqladm (Active Directory/Exchange) and there are two users in this group.
This group will go to all sql server and instances. I have access to windows server 2008 as admin.
How can I add that group in all 60 SQL Servers and 200 Instances?
i.e. kwr-fs-dws-sqladm - user as sysadmin -.
Use [Master]
CREATE LOGIN [DOMAIN\kwr-fs-fws-sqladm] FROM WINDOWS;
EXEC sp_addsrvrolemember 'DOMAIN\kwr-fs-fws-sqladm', 'sysadmin';
Execute on each server, you will want to check out the CREATE LOGIN syntax for extra options.
I've never managed that many SQL servers, i'd assume there is a way of executing on all. One way is to add each server to a server group in SSMS, then you can right click that group and create a new query which will execute on each server.
Related
It is possible to view and analyze queries in SQL Server before implement on database and log or drop it if necessary?
For example some application send an update query to SQL Server, can I first log it to a database, and then possibly reject it if the query is illegal based on my roles?
You can use SQL Profiler to monitor queries sent to server, but you can't do what you wnat to.
If you say it is illegal for smoe roles to execute some queries it should be specified in permissions - every role have assigned permissions.
One way to achieve what you want is to define user, which mentioned applciation would use (I would even create dedicated user). Then, if you want this user to execute SELECT, just execute such command
GRANT SELECT ON [table] TO [user]
Then the user won't be able to update table, just select rows from it.
I found solution to use SQL SERVER triggers so after insert or update I check my role so if there is any access problem I can rollback transaction and send error to user.
I would like to insert data from prod server to dev server for a particular table.
I am using insert into SQL query and fully qualified name. That is I am specifying server name, databsename, schema name and table name.
insert into ServerADev.[ING_DB].dbo.[Table1]
select *
from ServerAProd.[ING_DB].dbo.[Table1]
where ID = '08914'
ID is the column in Table1.
For above query I am getting an error:
Cannot find ServerAProd in sys.servers. Verify that the correct server name was specified. If necessary, execute the stored procedure sp_addlinkedserver to add the server to sys.servers.
When I EXEC sp_addlinkedserver #server='ServerAProd', I am getting:
User does not have permission to perform this action.
Do I need to make a request to DBA (database admin) to grant permission to perform this query?
You need to set up a linked server to query a foreign server.
So, either:
ServerAProd is not what you named the linked server
or
You didn't create a linked server yet. You can use the sp_addlinkedserver from the error message, or browse to "server objects" in the object explorer then right-click -> new on "Linked Servers". See the link above for more details.
For your edit... yes this requires permissions:
When using Transact-SQL statements, requires ALTER ANY LINKED SERVER permission on the server or membership in the setupadmin fixed server role. When using Management Studio requires CONTROL SERVER permission or membership in the sysadmin fixed server role.
1. create linked server for the dev server on production server,
2. use this openquery() to insert data, so that you can insert large data very quickly.
INSERT OPENQUERY (devservername, 'SELECT * FROM devservar_database..dev_server_table_name')
select * from production_table_database_name..production_table_table_name
If I open SQL Server 2014 Management Studio GUI and connect to my database, I can expand the database > Security > Logins to see the list of users that can login.
I'm trying to find out the SQL statement that I can use to remove one of those users (I need an automated solution).
I've tried
drop login 'BUILTIN\Users'
delete from master..syslogins where loginname = 'BUILTIN\Users'
drop user 'BUILTIN\Users'
from the drop commands, I get the error
Incorrect syntax near 'BUILTIN\Users'
and the delete throws
Ad hoc updates to system catalogs are not allowed
Don't use the quotes but brackets instead.
DROP LOGIN [BUILTIN\Users]
SQL Server Profiler shows NtUsername.
How do I see the NTusername in trigger?
I don't understand. SQL Server Profiler shows the Windows username. SUSER_NAME, SUSER_SNAME ORIGINAL_LOGIN, USER, USER_NAME shows the username of the SQL user account. I want what the Profiler is showing. There must be a way if the profiler can do it.
You use SUSER_SNAME(). Not SUSER_NAME(). Note the extra S
SUSER_SNAME returns the connection user (SQL Server 2000+)
SUSER_NAME gives the value of sys.server_principals.principal_id (SQL Server 2005+)
SUSER_NAME will give NULL for a Windows user who connects via a Windows Group, because only the Windows Group has an entry in sys.server_principals
Notes:
you have SUSER_ID and SUSER_SID at the SQL Server Instance level which are the opposite
at the database level, you have USER_NAME and DATABASE_PRINCIPAL_ID (USER_ID is deprecated)
A SQL login won't have an ntusername value in Profiler, because it isn't available
Since I could not find how to get the NTUsername, I used HOST_NAME() which gave me the user's machine name.
SUSER_NAME, SUSER_SNAME, ORIGINAL_LOGIN, USER, USER_NAME all gave me the SQL account username.
There is no correlation between the NTUserName unless the login is a Windows Authentication login. But because suser_name() is not returning what you want, I'm assuming that you are using SQL Server Authentication.
In which case, I don't believe you can do this.
It apears that the protocol used in your case was NamedPipes.
if NTUserName is not blank and in LoginName you have SQL Login – then it is SQL Authentication Over Named Pipes
-- see http://sqlbg.wordpress.com/2011/05/28/how-to-check-what-sql-server-network-protocol-is-used-by-connections/
I have many databases in one SQL Server instance. Also I have many individual domain users for logins and also domain groups as logins. These logins are attached to databases as database users. Now I would like to create a report (or a query) to find out when and where (which database) these logins take a connection. I tried to find this information from sys-schema, but I could not find this kind of information. Where SQL Server store this information and how to create this kind of report? I would also like to automate this using a stored procedure.
in the login stored procedure, along with the username, add a GetDate() and DB_NAME() to each record in a table called LoginData (or whatever you prefer)
You could set up a SQL trace logging all login events then just query that.