I have a database that I need to connect to and select from. I have an SQL Login, let's call it myusername. When I use the following, no SELECT permission shows up:
SELECT * FROM fn_my_permissions ('dbo.mytable', 'OBJECT')
GO
Several times I tried things like:
USE mydatabase
GO
GRANT SELECT TO myusername
GO
GRANT SELECT ON DATABASE::mydatabase TO myusername
GO
GRANT SELECT ON mytable TO myusername
GO
It says the queries execute successfully, but there is never any difference in the first query. What simple thing am I missing to grant database level select permissions.
As a note, I made double sure it was the correct user, correct database, and I have already tried granting table level select permissions. So far I keep getting the error:
SELECT permission denied on object 'mytable', database 'mydatabase', schema 'dbo'.
Any ideas what I'm missing? Thanks in advance.
EDIT/UPDATE:
Upon right clicking the SQL User in SQL Server Management Studio 2008, I discovered every single Database role is checked, including db_denydatareader and db_datareader... might this be blocking my ability to grant permission at the database level? If this is so, what is the purpose of db_denydatareader? It seems silly to me to have a 'DENY' that can't be viewed when querying permissions.
SUMMARY:
Sure enough, that fixed it.
In SSMS - under Databases-->mydatabase-->Security-->Users-->myusername, right click the username, select properties. Under database role membership, make sure db_denydatareader is not checked as this will override whatever permissions you had granted.
Knew it was something simple. :)
Have you tried reconnecting with that SQL user account?
Related
I have SQL Server 2008 R2.
I have denied SELECT on all [sys] schema, and INFOMRATION_SCHEMA objects for a user.
But the user has to be able SELECT from INFOMRATION_SCHEMA.PARAMETERS,
but despite the REVOKE:
REVOKE SELECT ON OBJECT::[INFORMATION_SCHEMA].[PARAMETERS] to myUser;
the user still cannot select from that table/view.
I guess I have to REVOKE more, previously DENIED permissions on those system views/tables, but not sure which.
Any thought?
Have you tried:
REVOKE SELECT ON OBJECT::[INFORMATION_SCHEMA].[PARAMETERS] FROM myUser;
Note the change with keyword FROM. Examples are shown on Microsoft's website here.
Its not another [sys] table, but DENY VIEW DEFINITION permission which blocked me.
If I have two databases 'dbA' and 'dbB' using a normal account I know I can run a query such as
SELECT *
FROM dbA.dbo.TableA a
JOIN dbB.dbo.TableB b ON a.columnA=b.columnB
But I can not figure out how to grant permissions to a loginless account
USE dbA;
CREATE USER [test_user] WITHOUT LOGIN WITH DEFAULT_SCHEMA=[dbo]
GRANT SELECT ON DATABASE::dbA TO [test_user];
I receive an error when trying to give select permission to the loginless user 'test_user' on the other database.
GRANT SELECT ON DATABASE::dbB TO [test_user];
Is it possible to do a database join using loginless users? If so what should the grant statement look like for setting correct permissions?
A user without a login can only access other databases that have the guest user enabled. You might consider using a certificate-mapped user instead if you have a cross-database requirement. See http://www.sommarskog.se/grantperm.html for code.
Users exist at the database level. Only logins exist at the server level.
I believe you can create a view in dbA like so:
use dbA;
create view dbB_TableB as
select *
from dbB.dbo.TableB;
And you can then assign SELECT permissions for the user in dbA to the view.
I've got
url: jdbc:oracle:thin:#195.123.456.789:1521:someSID
User: artem
Password: unchangeableForAllUsers
I'm also got second DB, all the same, changing only the name
url: jdbc:oracle:thin:#195.123.456.789:1521:someSID
User: denis
Password: unchangeableForAllUsers
How can I make update query from one DB to other? Using pl/sql I've got next message from Web-browser, when I try to change artem.table to denis.table:
ORA-01031: insufficient privileges
SQL Statement ignored
When I try to save changes in artem pl/sql package(query to denis db, like that
update denis.table dt
set dt.someColumn=1
where dt.ID=3305;
), see next in my IDE:
PL/SQL ORA-00942: User table or view does not exist
While I'm in IDE, logged like artem, I can to change and commit other users db free, from IDE SQL console.. maybe couse they have the same url and password? How can I save my query
update denis.table dt
set dt.someColumn=1
where dt.ID=3305;
in artem package for get access(update cell) to nearby database from Web-site, when i logged there like artem.
Thanks
As described, this is not a jdbc or plsql issue but rather a permissions issue.
You are connecting to the same database, but as two different users. In Oracle, a user has their own schema (same name as the user). If you wish to access data in schema A from schema B, schema A must GRANT permissions to schema B.
For example, if you want the user "artem" to have permission to UPDATE table "mytable" in schema "denis", log into the account "denis" and GRANT UPDATE permission to "artem":
-- While logged in as "denis"
GRANT UPDATE ON mytable TO artem;
Now you can log in as "artem" and query "denis.mytable". Grants you may want to give: SELECT, INSERT, UPDATE, DELETE. This, of course, works both ways (if you want user "denis" to have access to "artem" objects, then "artem" must GRANT permission to "denis".
I'm getting the following error when trying to read a SQL Job.
The SELECT permission was denied on the object 'sysjobs', database 'msdb', schema 'dbo'
How can I fix this?
You need to GRANT the SELECT permission for the user of your job.
A simple GRANT.
USE pubs
GO
GRANT SELECT
ON authors
TO public
GO
Further information about GRANT
You use the "SQL Server Agent Fixed Database Roles" in msdb (MSDN link): don't assigned permission directly, it'll be a pain to manage
And a "how to" for SSMS: "How to: Configure a User to Create and Manage SQL Server Agent Jobs (SQL Server Management Studio)"
Note: you need a user (MSDN) in one of these roles: no need to GRANT any rights
Make sure you aren't overriding the default user, usually a SQL Agent Account, with a user who does not belong to the necessary role.
I am having trouble adding a user to a test database I set up on my local machine. I have added the user fine but the user does not have permission to SELECT (Or anything else for that matter) on the database. I have tried gone the the permission tab under the server, the database, and the table (there is only one it is a very simple database just for testing) and selected grant for every single option yet it still does not work. I have also tried doing a Transact-SQL command like:
use testing
GRANT SELECT, UPDATE, DELETE, INSERT TO User
and a couple of other combinations that return successfully but I still do not have permission to select data from the table. Any suggestions?
Add the user to the db_datareader role to give the user select access to all of the tables.
Add the user to the public database role and they should be able to SELECT against the database (unless you have changed the public role's permissions).