I am using SQL Server 2008 64-bit Enterprise on Windows Server 2008 Enterprise 64-bit. I find when I execute the following statement in SQL Server Management Studio, I need sysadmin permission. I am using the statement to import data from Excel to a database table. My question is, I am concerned that sysadmin permission is too high, any solutions to use lower privileged permission to implement the same function?
select * from OPENROWSET('MICROSOFT.ACE.OLEDB.12.0',
'Excel 12.0;HDR=YES;DATABASE=C:\mytest1.xlsx',sheet1$)
From books online OPENROWSET (Transact-SQL)
The user requires the ADMINISTER BULK OPERATIONS permission.
And here is the entry for GRANTing it. It is a server-level permission, so yes, it is quite high.
To try lower permissions, you could create a standard linked server connection and add a login using
EXEC sp_addlinkedsrvlogin 'LINKSERVERNAME', 'false',
'localuser', 'rmtuser', 'rmtpass'
There does not appear to be any specific permissions required to be granted, so if you set up a linked server, it is unwise to set it up with a generic linkedsrvlogin that maps to every local user. Set up specific local-remote mappings to control the access of a local user, through the linked-server, at the remote server (by the rmtuser login).
select * from OPENROWSET('MICROSOFT.ACE.OLEDB.12.0',
'Excel 12.0;HDR=YES;DATABASE=C:\mytest1.xlsx',sheet1$)
Please try with this one
Related
I have a contractor who I want to give access to a website that connects to a database. I need to create a SQL Server user that can connect and read and write to the database.
However, I don't want this user to be able to connect to the SQL Server via something like Management Studio. Are there permissions that need to be enabled or disabled to accomplish this in SQL Server Management Studio?
SQL Server Management Studio (SSMS) is basically a normal client that makes SQL statements in the background. If you create a login in the SSMS, then no magic happens, but a CREATE LOGIN. This can be recognized by the fact that there is (almost) always the possibility to generate the appropriate SQL statement via "Script as", which is normally done in SSMS via the graphical user interface.
If you would lock out SSMS, then other clients as well. And even if there were a setting, there are other possibilities via Powershell and the like. So this is not the way to go.
I suppose you don't want the contractor playing around on the SQL server just because he got access to a database? He is allowed in the house, but not in all rooms....
In other words, it can only be done via permissions, where there is a login to connect to the SQL Server on the one hand and a database user who gets access to the database on the other hand. Therefore there are authorizations on SQL server level (login) and database level (user).
CREATE LOGIN testlogin WITH PASSWORD = 'wowThisIsKewl';
GO
USE [YourDatabase]
GO
CREATE USER [dbuserlogin] FOR LOGIN [testlogin] WITH DEFAULT_SCHEMA=[db_owner]
GO
Each login belongs first to the SQL Server role "public", unless additional or different authorizations are granted. You can connect to this role, but e.g. you can not create databases, perform backups etc.... Just try it out.... =)
At the same time DB_OWNER at database level allows the login to read and write data, etc. and more.
We have dedicated cloud server hosting SQL Server 2014 and Microsoft Dynamics CRM 2016 which is working without issues.
I have got a query that gets data out of the FilteredOpportunities view that I can run in SQL Server Management Studio as a windows user but not a SQL User (displays only column names), when I try to run it in SQL Server Management Studio on my laptop using the sql user (can't use windows authentication as it is not on the same domain), it only returns the column names and nothing else.
The account has every permission that you could possibly think of granted to it to try and get the data out but it wont budge.
You cannot query CRM's filtered views with a SQL-user. For that you will need to use a windows user.
If you want to query directly with a SQL-user, you can use the underlying dbo.OpportunityBase-table. This will not apply the CRM security model.
Instead, you might want to consider using one of the CRM webservices for supported access to data with the security model enforced. If your purpose is to get data into Excel, it is directly supported to use the web services. See Export to an Excel dynamic worksheet.
I have found the answer. A bit clunky bit it works. I can conenct to the database with a SQL user (because i cant use windows authentication as I am on a different domain) then I can add code to the top of my exsisting code to impersonate a user with the rights to read the data. For those wondering the code is:
DECLARE #uid uniqueidentifier
SET #uid = convert(uniqueidentifier, '((UID of the user you want to impersonate))')
SET CONTEXT_INFO #uid
I have to send emails from SQL Server 2005 or 2008. I have done this in the past with additional stored procedures (sp_send_html_mail) and complex configuration / activations. Is there standard build-in stored procedure which sends email via SMTP (not MAPI/CAPI/Outlook profiles)? I found sp_send_dbmail on this topic but not sure is it the only one and what security issues are possible (except spam)?
Yes, sp_send_dbmail is the one to use for both SQL Sever 2005 and 2008.
You will need to make sure it has been configured on your server. It's been a while since I did such a config, but if memory serves me correctly, it is off by default. Have a look at the MS docs for that process, Configure Database Mail. Setting an SMTP server is doable as well. There are lots of options in there so give it a thorough review.
If you are worried about unwanted use of that sp you can use roles and/or execute permission to limit access to it. From the MS docs on troubleshooting dbmail:
To send Database mail, users must be a user in the msdb database and a
member of the DatabaseMailUserRole database role in the msdb database.
To add msdb users or groups to this role use SQL Server Management
Studio or execute the following statement for the user or role that
needs to send Database Mail.
EXEC msdb.dbo.sp_addrolemember #rolename = 'DatabaseMailUserRole'
,#membername = '<user or role name>';
GO
I have Windows server 2008 with MS SQL Server 2008 R2 standard edition.
On Windows server I created a local group and added domain users into it.
On SQL server I create a login mapped into the windows group.
For this login I created user mappings for several databases with public roles.
Each databases table has grant to select for public role.
The problem is the domain users can select data from all tables except one database.
I compared setting for all databases. They are the same.
Is it a way to check security setting like I can check a database consistency using DBCC CHECKDB or something?
After using "SELECT * FROM fn_my_permissions ('Accounts', 'OBJECT')
ORDER BY subentity_name, permission_name;" the problem disappeared. I used a lot of other functions to check the security settings (e.g. sp_helpuser, sp_helprolemember), so I am not sure which one really helped.
Anyway somehow the problem got fixed.
I have been assigned the task of converting an SQL Server Database to an SQL Azure Database. During the process I encountered these problems:
Cannot use the Object Browser in Management Studio 2008 v10. Is there a fix to this?
I cannot create new Users under the Security Section since I cant use the Object Browser.
Basically I want to create an Admin user and NonAdmin user each with their own privileges to UPDATE, DELETE, INSERT commands on different tables in the database.
Basically my web application has a sign up form how can I associate new registered user to the SQL Azure Roles during the sign up process to limit them from perfroming ertain commands on the database tables?
Just answer your questions.
1, No SSMS 2008 doesn't support Azure. You MUST use SSMS 08 R2.
2, If you are using SSMS 08 R2 the object explorer will be appeared. But the features when connecting to SQL Azure will be very limited. The designer and dialog are disabled which means all tasks should be done by using the SQL script.
3, Not pretty sure what you mean, but you can try what you are doing on SQL Server since SQL Azure is very very similar with SQL Server.
Data-tier Application and SQL Azure MW are good tool for migrating your existing database to SQL Azure. But you can still use the build-in feature in SSMS 08 R2 to migrate the database schema as well. Just use the Generate Script menu item from your local database, and make sure you selected SQL Azure in the "Script for the database engine type".
Check out the official page on how to move data etc..'Migrating Databases to SQL Azure'
http://msdn.microsoft.com/en-us/library/windowsazure/ee730904.aspx
Also check out the 'SQL Azure Migration Wizard v3.8.3'
http://sqlazuremw.codeplex.com/
Migrating Databases to SQL Azure by Using Data-tier Application Export and Import is probably your best option, the migration wizard is a great tool, I have used both.
re: 1 you need service packs, I'm not sure 2008 V10 is supported, get the latest version or upgrade to 2008R2 Mgmt Studio (latest)
2: use the tools above
3: not sure here what you are trying to do to correctly answer.
hope that helps...