We have a times ten instance created by another user on a windows server 2008 r2 standard. I've created a dsn but when I try to connect it gives me a
7001:User authentication failed
On investigating some more, I understand that as the instance admin is different I don't have privs. But what do I need to do to get privs to connect and make changes?
Thanks!
The solution for me was to create a new internal user with admin rights to the cache db and it started working fine.
Related
so I have Windows Server 2012 which is running on my virtual machine. I want to have possibility to make anonymous query against LDAP. For example if I'm using software like Softerra LDAP Browser I need to run this program as domain user to be able browse AD groups/users etc. But my point is that I want to be able to do it also as non-domain user(anonymous), or at least using domain user credentials from machine that is not part of the domain.
I was looking for this option in user/group policies, I've grant my user with all privileges that I found - but always with the same result - I was unable to browse LDAP.
So my question is - what have to bet set/changed to be able make anonymous queries against Windows Server LDAP?
I don't know about anonymous queries, but you said that you would also be happy using a domain user from a non-domain machine.
That should work fine. Create a domain user with sufficient privileges to see what you want.
Install a certificate on your LDAP server (or use Kerberos, but that's more annoying on the non-domain machine).
Then do LDAP authentication using the username and password of that domain user.
It works well.
We have a windows application which allow users to connect to SQL using windows authentication.
The problem is the users of that application also have SSMS installed on their desktops so they can also connect to prod db using windows authentication.
Is there any way wherein we can restrict users from accessing prod db using windows authentication on SSMS but they should be able to access windows application from their local system using windows authentication?
If I understand your scenario correctly:
You have an internal local database on Server 'A'
You also have a production database on Server 'A'
Using your custom windows application, users can only see the local non-production databases
However, using SSMS users can see both production and local databases on Server 'A', and you would like only authorized users to be able to see production databases.
If this is the case, what you want to do in SSMS is revoke database view rights to all production databases unless the user is a sysadmin or owner of the database. Run the following on your server:
USE MASTER
GO
DENY VIEW ANY DATABASE TO PUBLIC
GO
After you run the above statement, you will not be able to see any databases in SSMS unless you are a sysadmin or your login is the owner of a database.
Source:https://www.mssqltips.com/sqlservertip/2995/how-to-hide-sql-server-user-databases-in-sql-server-management-studio/
Maybe you could restrict access to your database objects by using application roles ... Msdn: "You can use application roles to enable access to specific data to only those users who connect through a particular application."
I have installed DB2 Express-C in my office machine. This machine does not allow me to create new account, so I installed DB2 using my local login account. Database installed successfully.
But when I try to connect to the database, it always says "Username/Password is invalid".
My local user account has appended with the domain name, for example: "INDDEV/Raghav"
"INDDEV" is the domain name, "Raghav" is my username.
I have tried all the possible combination, but am unable to connect
Please help me.
Thanks
The problem comes from your domain user. DB2 does not recognize by default domain users, thus your user cannot be authenticated. You can create a local user for you, OR you can use the instance user OR change the instance configuration to recognize domain users.
I have shared computer, where admin install Oracle XE. But I cannot e.g. create new user, because I have not rights in OS, afaik.
In Oracle documentation written that DBA should be member of administrator group.
Does exists way that I can manage local instance XE without admin rights?
I need start/stop database, connect/disconnect, kill session etc. It is need for test my Java application.
Thanks.
You don't need an OS user with admin right (once Oracle is installed and running).
Just connect as SYSDBA then you can create new Oracle users and manage the complete database..
(I do that on XP as well - working with regular user, but connecting as SYSTEM or SYS with the SYSDBA role if I need to configure something in Oracle)
Does exists way that I can manage local instance XE without admin rights?
Probably not ... if that's what the Oracle documentation says.
A sensible strategy would be to discuss your problem with the admins. Point out that it makes it difficult for you to do your job if you don't have access rights. If they won't grant you system Admin rights, ask them to suggest alternatives that will allow you to do your job.
It may be simply that they need to grant you additional rights in Oracle.
How about getting admin rights in a Virtual Machine? See virtualbox.org.
From XE manual here :
" On each platform, if the OS authentication user group does not already exist, it is automatically created when you install Oracle Database XE. In addition, upon installation on the Linux platform, the user account oracle is automatically created and placed in the dba group. Upon installation on the Windows platform, the user performing the installation is automatically added to the ORA_DBA group. On both platforms, you can add other host users to the OS authentication user group to enable them to connect to the database with the SYSDBA privilege. "
Since installation on windows needs admin user which I assume you are not, so it renders the automatic addition of that admin user to ORA_DBA group useless for you.
So what your admin can do immediately after XE installation on this shared machine is just add your non-admin OS user (local or domain level, whatever) to the newly created OS local group "ORA_DBA". Once this is done, you can simply open the sqlplus prompt and connect with SYSDBA privilege using your own non-admin user in future:
connect / as sysdba
However, you will still not be able to restart the Oracle service or the TNS listener, even if you are in the ORA_DBA group.
I am unable to grant my primary work domain account the privileges to create database objects in DB2. Here is my current setup:
OS is Windows 7 enterprise 64-bit
DB2 version 9.7 Enterprise edition
DB2 extended security was enabled during installation
My domain account is member of the Administrators group as well as the DB2ADMNS and DB2USERS groups.
The DB2ADMNS group is granted all authority privileges.
DB2_GROUP_LOOKUP is set in the environment to LOCAL
DB2 sysadm_group is set to DB2ADMNS
The DB2 instance has been restarted but my domain user still cannot create database objects like bufferpools. I created a local administrator account and added it to the DB2ADMNS and it was able to create the bufferpool objects.
I tried using the db2admin user to give all authorization privileges to my domain account in the DB2 control center but my domain account is not showing up in the drop down containing the users.
I removed the DB2_GROUP_LOOKUP environment variables and restarted the DB2 instance then tried to give my domain account user enough authorization privileges and now my domain account in showing up in the drop down. Once the changes are applied, I restarted the database instance and tried the bufferpool creation and it still fails.
Am I missing a configuration step in giving my user enough privileges? I need to have this configured as the IBM product I am installing fails if this privilege is not working. Thanks.
In 9.7 DB2ADMNS is not supposed to be able to access any data. SYSADM level accounts are reserved for maintenance tasks and should not be used for data access. Remove your connecting user from any special groups, and grant after that the proper access rights.