NOTE: I am note DB Admin and I am not that much in sql server security
I am using MS SQL SERVER 2008R2
What I want to do is to give a user a minimal permissions or just what he required
I have a local user in my windows and I add this user in the logins of the database after that I went to this user in my specific database and try to change his set of permissions but the section is coming empty
why it is coming empty?
and how to do this, I mean giving him the permissions that he just need nothing more?
Please I want to do this from the user interface without T-sql
EDIT
I Just want to give the user read, write, execute nothing more
and also I need to know more about how to control users permissions in more details
A. Set up Read/Write
Go to Security/Logins and find your login, double click it
Go to user mapping, and click on the database that you have access to
In the bottom pane under 'Database Role Membership', tick db_datareader and db_datawriter
This gives the user Login SELECT, INSERT, UPDATE, DELETE
B. Revoke DELETE and grant EXECUTE
Create a role that does this:
Go to your database / Security / Roles
Right click, New / Database Role
Give the role a name, I will use executor for this example and press OK
I don't know how to do the next steps in SSMS, You'll need to do it in T-SQL:
Start a new query in your database
Type this and press F5:
GRANT EXECUTE TO executor;
DENY DELETE TO executor;
Now repeat A3 but select your newly created role, 'executor'
Every new user (or group) that you create needs to be a member of these three roles. The best practice is to add a windows group to SQL Server once, and add users to that windows group.
Lastly test this - I don't know for sure that it works.
With regards to the database user securables:
You have to explicitly populate this list to see what it contains. It doesn't populate automatically. Press Search and search for some objects (i.e. all objects belonging to the schema dbo). Now you have a list of objects in the top. Click on an object and click the 'Effecttive' tab on the bottom. This is the users effective (final) permissions for this object. If you want to override this at the object level you can assign something on the explicit tab
Had similar problem after our MSSQL Server was restored on a new server and wanted to set explicit permissions for a user in a DB.
Not sure how to make it default (as it appears to have been previously), but basically just hit the search button in the Securables tab you show to search for "All objects of the types..." and choose the Databases object and click ok / search. You should now see securables for that specific database and can set explicit permissions as well as view existing "effective" permissions.
Related
If I have already connected to database, and can not see the tablenames, functions, or procedures ...does it mean that I have been granted only Connect By session privilege?
When I use column names #database links it gives me an error that does not describe in details that do I have Select privilage or not. But when I write my function and want to compile it it gives you have not been granted a privilege to create a function.
I cannot see in navBar any buttons of related database that my user has been created in. I tried to do smth from Preferences, then relaunched SQL Developer although the result is the same. Just pure empty colons on the left side of my navbar
We have table Transfer Order:
This is the view from admin User.
This is the view of the user to whom I need to give read , write, create and delete access, but the two fields 'To Stockroom' and 'From Stockroom' are not visible to this user.
I have created ACLs like:
how I can make these two fields accessible to some user?
Please help me.
In order to find the specific ACL that is failing the user's request for access, you can simply enable the Debug Security module. Then impersonate the user, visit the record, and scroll down the page. You'll eventually come to a line like this:
This red X indicates that a condition of the ACL was not met. Clicking the ACL (In this case, record/alm_asset.model/write) will take you to the specific security rule. Hovering over the red X will tell you what portion of the ACL was not met; the condition, the script, or the role requirement. That is what you must remedy either in the ACL, or by granting the user the necessary permissions.
I suspect in your case, that the user is able to see the record they're viewing, but does not have access to view the record or table referenced in the reference field. However, only the ACL/security debugger can tell you for sure.
To stop debugging, just click the "stop debugging" module in the app navigator, or log out of ServiceNow.
How i can generate a log file which contains which user edited and which file in a shared folder. multiple users is having rights to read/write/delete, No .exe execution is happening.
Please help how i can create that kind of log file.
Turn on Object Access auditing using Local Security Policy (under Local Policies/Audit Policy) or ask Active Directory administrator to configure this setting using a GPO.
Using Explorer, right click on the folder where you want auditing and select Security
Click Advanced button and then select Auditing Change Auditing tab
Click Add and add 'EveryOne' group
From the list of available entries, select Write/AppendData (and Delete, DeleteFolder)
I have an issue and I cannot find out what the problem is. In visual studio 2010 I'm trying to add a new ADO.NET entity data model through the wizard (I'm using Entity Framework 4.1). After the second wizard step (that says "Choose your Data Connection") I press next and the wizard is closed right away, and there are no following steps at all. Here is my entity connection string:
metadata=res://*/DAL.Model1.csdl|res://*/DAL.Model1.ssdl|res://*/DAL.Model1.msl;provider=System.Data.SqlClient;provider connection string="Data Source=DMITRIY-TOSH\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True"
Is there anything wrong with that connection string? What should I change in it and how? Or what else can be the cause of the problem? Help me with this, please. I don't even know how to make it work to see the next wizard step where I can choose tables.
Found the solution. The folder "App_Data" (with the database inside) wasn't included into the project. Only because of that the wizard did not work.
I had this problem too, all the above didn't work for me. What helped for me was the following.
When you try to connect with a database that database can have different users with different credentials it can accept. Let's say user A till D.
If you try to connect with a user make sure that user has the right credentials enabled, in this case, read and write options enabled.
To do this start MS SQL Server Managment Studio, connected with your SQL server and select the database you try to make a connection with in visual studio. Under 'your_dbname' --> Security --> Users you find a list of users. Rightclick the username you try to login with and select properties. A window opens. Select the 'General' (selected by default) page and under tab 'Database role membership' make sure 'db_datareader' and 'db_datawrite' are selected.
Note: When you log in too MS SQL Server Managment Studio make sure you log in with a user which can enable/disable these options...
I created an empty model, then selected it in 'Model browser', right clicked on it and selected 'Update model from database'. Then I was able to add a table to it...
I am trying to integrate the SSRS report to my web page.
The code is as follows:
ReportViewer1.ProcessingMode = rocessingMode.Remote;
ReportViewer1.ServerReport.ReportServerUrl = new Uri("http://localhost/reportserver");
ReportViewer1.ServerReport.ReportPath = "/Report Project1/Reconciliation";
List<ReportParameter> paramList = new List<ReportParameter>();
paramList.Add(new ReportParameter("StartDate", startdate.ToString(), false));
paramList.Add(new ReportParameter("EndDate", enddate.ToString(), false));
this.ReportViewer1.ServerReport.SetParameters(paramList);
ReportViewer1.Visible = true;
I get this error when I try to run this report:
The permissions granted to user 'COMPUTERNAME\\ASPNET' are insufficient for performing this operation. (rsAccessDenied)"}
System.Exception {Microsoft.Reporting.WebForms.ReportServerException}
Can anyone tell me what I am doing wrong?
To clarify Erikk's answer a little bit.
The particular set of security permissions you want to set to fix this error (there are at least another two types of security settings in Reports Manager) are available in the "security" menu option of the "Properties" tab of the reports folder you are looking at.
Obiously it goes without saying you should not give full permission to the "Everyone" group for the Home folder as this is inherited to all other items and subfolders and open a huge security hole.
You need to give your web app access to your reports. Go to your report manager (http://servername/reports/). I usually just give the whole web server "Browser" rights to the reports.
The account name of your server is usually Domain\servername$. So if you server name is "webserver01" and your domain is Acme, you would give the account Acme\servername$ Browser rights.
I think you could also fix it by disabling anonymous access (in IIS) on the web application you are running the report from, that way reporting services would authenticate using the users credentials instead of the ASPNET account. But that may not be a viable solution for you.
The problem is that your ASP.NET worker process does not have the permissions to do what you want.
Edit this user on the server (MACHINENAME\ASPNET), and give it more permissions (It may need write permissions etc).
You also will need to add MACHINENAME\ASPNET as a user to the SQL database SSRS is working with.