As per requirement i need to get the information whether an user is present in given database or not. Whether there is any stored procedure which i can use to get this information of user. I just want to check whether user is present in given database, and proceed further with my usage.
I am using MSSQL Server 2005.
Also i need another information, there is on method LastErrorMessage() to get the last error message in ADO. is there any method to get the error number.
Thanks,
Santhosha
SQL Server has logins (server level) and users (database level). Users are permissioned on databases/database objects and are mapped (well not neccessarily) to logins (roles are also at database level).
users are available from the sys.database_principals system view in each database
logins are available from the sys.server_principals
You need to be aware that you can only see objects/principals which the user you are using to connect to SQL server has permission to see. So a user might exist, even if you don't see it in the views.
Related
I have a sql server database that uses linked server concept to connect to DB2 database. The DB2 database has read access only. I need to check every day whether the Db2 user is locked or not (due to incorrect password entered more than three times) from SQL Server. Once this is checked I can probably send an email to set of users about the status of the DB2 user (locked or unlocked)
How I can implement this feature? I am aware about SQL Server "loginproperty" concept that checks whether the user (using SQL Server Authentication) is locked out or not.
Thanks,
DB2 does not do user authentication -- the task is delegated to the operating system (or LDAP, if so configured). Therefore you will need to get the locked account information from that external authority (OS or LDAP), not DB2.
Query the remote table. If you get an error SQL30082N, the account is locked.
I was just wondering if there are any access methods or rules to prevent people from accessing a database? I'm pretty new to sql so if so, how would you implement a method or rule to a database? Is it through properties of the database, or does it have to be written in SQL script somewhere?
I am using Microsoft SQL Server 2008.
Any help appreciated, thanks in advance.
At a high level:
To allow a user access you need to have a login present at server level (the level higher than your DB's). There will be a 'Security' node at the server level where you can 'add login'. Depending on whether you're using windows user accounts (integrated security) or sql server logins the precise format of the logins will vary, but the user added will want to match the format of the accounts you are using.
Once you have granted a user access to the server in terms of a server login, you can then grant permissions at a database level. There will also be a 'Security' node at database level where you can add a new login at database level.
The database level login needs to match or be mapped to a login at server level.
At database level you can grant/deny all kinds of permissions, but it would be common to grant roles to a user, SQL includes built in roles such as 'datareader'/'datawriter' which are often used for 'generic access'
The image Diego posted illustrates in the GUI where to find some of these options, but the permutations are lengthy and it would be hard to explain any more without knowing some specifics about what you are trying to do.
Read about Logins and Users.
Logins protect you at a server level and Users at a database level. A user usually inherits a login's information.
you can see them on SSMS:
there is no point on writing too much as you can simple google it and find tons of explanations
I want to get a list of the databases that are stored in a SQL server instance. I need to do so with minimal privilliges (i.e. I merely have permissions to read them). If necessary, I could accept getting back just the list of databases that the user has permission to view.
I am trying to avoid calls to the sp_databases stored procedure, as it doesn't return any values for users who are not admins.
Any ideas?
Thanks,
Assaf.
Even guests can read from sys.databases:
select name from sys.databases
Should give you a list of databases on the server that are visible to you.
You can make databases visible by creating a "user mapping" in the "Login Properties" dialog. Members of various server roles can see all databases, like "sysadmin" and "bulkadmin".
I have a Microsoft SQL server database and a set of users.
Now in my app I want to make some functionality only visible, if the user has entered username and password with certain rights (admin).
Since the databases and the usernames and their rights can change, how do i check what permissions/rights an Microsoft SQL server user has?
You can check current user's right on certain securables using [sys.fn_mypermissions][1] which returns all permission on the securable. You can also check a specific permission with HAS_PERMS_BY_NAME. Eg. you can check for CONTROL SERVER permission which implies an administrator is logged in:
SELECT HAS_PERMS_BY_NAME(null, null, 'CONTROL SERVER');
The simplest way to do this is using the IS_MEMBER('rolename') function, that checks whether the user is in the role/group 'db_owner'. The function will perform a check at database level, and returns 1 (Int32), if the user has the specified role.
If you need to check at server level, you can use the IS_SRVROLEMEMBER function. Both are available since SQL Server 2005.
I'm not entirely certain that I understand your problem definition however assuming I do.....
I would suggest that you create a SQL Server Database Role that you can add the relevant application users to, perhaps via some group membership maintained within the App (or a Windows Domain Group). You can use the group to Role mapping to independently manage user membership, from managing the relevant permissions to securables within the database via the Role.
This way, you just need to check that an application User is a member of the relevant application or windows group, without the need to query the security configuration of SQL Server.
I'm quite new to Microsoft SQL Server. I have some experience with MySQL, and there you have a user with privileges, if I understand things right; these privileges decide which databases you have access to on the MySQL server.
However now I am in the situation where I have to restore a database on my SQL Server 2005 Express, and this database has it's own users and user password. So if I want to make these users accessible from the outside (so that they can connect to my server), how would I go about that?
To illustrate clearer; say there are two login accounts on the database server "Mike" and "John", and on the database "Animals" there are two users; "Chris" and "Jeff".
I need Jeff to be able to sign in to get access to the database. Is there a good way to make this happen without creating new users/logins? And if not, what is the best/most common solution?
I would really appreciate any helpful input on this!
One server-level object (login) is mapped to multiple database-level objects (users).
A login cannot be mapped to more than one user within a database, but can be mapped to at most one user in each database.
Therefore, you need to create new logins for those users, but map them to existing users. This is done with ALTER USER command. Or, if you don't have any use for the Mike and John logins apart from mapping them to those existing users, you can do so, too.
Any user needing to access a database needs to either have their own login, or you can create a login for a Windows security group and grant access that way to a whole set of users. Then if you need to give access to more users in the future you can just add them to the windows security group.