I have a problem to manage security in OWB,
First:
It is possible to create another user repository (but not repository owner) that refering to specified repository for example:
I have repository called 'Project' and i have repository owner 'OWB_Owner' so it is possible to create another user that when it login into that 'Project'
Second:
I want the another user just can run the specific mapping in OWB (not all mapping), the repository owner give the priveleges for run mapping for this another user
Hope u can help me solve this problem, thank so much
Yes, it's possible and that's how it should be done. OWB is a multi-user development environment.
You create your repository with a "repository owner" and add other development users to the repository.
From the "Design Center";
go to "Globals Navigator" --> Security --> Users. You can see the existing users.
To add new users; right-click "Users" and select "New User".
You can add any existing DB users as OWB users or add an entirely new user. In the latter case, new DB user will be created.
To control permission on a mapping;
Select the mapping;
Select "View" from the menu.
Select "Security".
Related
Can I copy/clone the whole instance from one to different?
How can I do that? Is there any widget?
If anyone can help me, that would be great.
Yes you can, with a few caveats:
Only users with an Admin role can request a clone
by default the clone target instance must be non-prod (this can be changed in the system properties though)
personal developer instances cannot be a target instance
Instructions:
As an Admin (user with admin role), in the navigation menu of the
source instance, go to "clone targets" and click "new". It will ask
for the target URl, user name and password.
Now you have a clone target, in the navigation menu of the source
instance, go to "request clone". You need to select the newly
created target instance, a scheduled time for the clone (usually has
to be a few hours in the future), and fillout your email address so
you get updates on progress.
Once the clone is completed, you can log into the target instance which will be freshly cloned.
NOTE: I am note DB Admin and I am not that much in sql server security
I am using MS SQL SERVER 2008R2
What I want to do is to give a user a minimal permissions or just what he required
I have a local user in my windows and I add this user in the logins of the database after that I went to this user in my specific database and try to change his set of permissions but the section is coming empty
why it is coming empty?
and how to do this, I mean giving him the permissions that he just need nothing more?
Please I want to do this from the user interface without T-sql
EDIT
I Just want to give the user read, write, execute nothing more
and also I need to know more about how to control users permissions in more details
A. Set up Read/Write
Go to Security/Logins and find your login, double click it
Go to user mapping, and click on the database that you have access to
In the bottom pane under 'Database Role Membership', tick db_datareader and db_datawriter
This gives the user Login SELECT, INSERT, UPDATE, DELETE
B. Revoke DELETE and grant EXECUTE
Create a role that does this:
Go to your database / Security / Roles
Right click, New / Database Role
Give the role a name, I will use executor for this example and press OK
I don't know how to do the next steps in SSMS, You'll need to do it in T-SQL:
Start a new query in your database
Type this and press F5:
GRANT EXECUTE TO executor;
DENY DELETE TO executor;
Now repeat A3 but select your newly created role, 'executor'
Every new user (or group) that you create needs to be a member of these three roles. The best practice is to add a windows group to SQL Server once, and add users to that windows group.
Lastly test this - I don't know for sure that it works.
With regards to the database user securables:
You have to explicitly populate this list to see what it contains. It doesn't populate automatically. Press Search and search for some objects (i.e. all objects belonging to the schema dbo). Now you have a list of objects in the top. Click on an object and click the 'Effecttive' tab on the bottom. This is the users effective (final) permissions for this object. If you want to override this at the object level you can assign something on the explicit tab
Had similar problem after our MSSQL Server was restored on a new server and wanted to set explicit permissions for a user in a DB.
Not sure how to make it default (as it appears to have been previously), but basically just hit the search button in the Securables tab you show to search for "All objects of the types..." and choose the Databases object and click ok / search. You should now see securables for that specific database and can set explicit permissions as well as view existing "effective" permissions.
How i can generate a log file which contains which user edited and which file in a shared folder. multiple users is having rights to read/write/delete, No .exe execution is happening.
Please help how i can create that kind of log file.
Turn on Object Access auditing using Local Security Policy (under Local Policies/Audit Policy) or ask Active Directory administrator to configure this setting using a GPO.
Using Explorer, right click on the folder where you want auditing and select Security
Click Advanced button and then select Auditing Change Auditing tab
Click Add and add 'EveryOne' group
From the list of available entries, select Write/AppendData (and Delete, DeleteFolder)
I have one TeamCity project Dac.Test that contains 3 configurations: DEV, QA, PROD.
Also I have some users associated with their Roles. Is this possible to hide / show certains configurations for selected users or groups?
For example: Users associated with group: Testers can see QA configuration, but not PROD and DEV.
There is no way of managing user permissions per-build, this is available on a project level only. You could create a sub-project in the Dac.Test project to cater for this
If you're looking for a way of stopping people from mistakenly running this build, the following approach will work.
This method uses a prompt box that will pop up after you click the run button, it also needs input from the user confirming that they mean to run the build.
No one can run this build by accident
Go to your build configuration in the TeamCity UI
From here, go to Edit Configuration Settings --> Parameters --> Add new parameter
Enter something like 'Confirmation' as the parameter name
Then beside 'Spec:', click the 'Edit...' button
Set up the parameter as shown in the following screenshot:
You will now be prompted and asked for confirmation when you click the run button. The user will have to enter 'YES' in the prompt box that appears, any other value will stop the user from building:
This is best accomplished by using TeamCity's built-in role management. Roles allow you to set fine-grained permissions for users and groups. One potential issue, however, is that roles are scoped to projects (not build configurations). You'll need to create a separate Dac.Test QA project+configuration and provide your Testers the necessary privileges there. You'll also need to make sure that they are stripped of all privileges for the Dac.Test project.
We have a TeamCity instance with a variety of projects and build configurations on it, with no security set up at present. Although it's OK for most of the projects to be publicly visible, we'd like to set up a couple of projects that are only visible to certain users.
Because there are many public projects already set up on the server, across a variety of teams, we'd like to avoid setting up restrictions on everything - that is, we'd rather use "deny access to project Z" than "allow access to project A, allow access to project B, ..., allow access to project Y".
How can I restrict access to these projects without affecting the public projects?
In case anyone still needs an answer, this can be done by TeamCity itself.
Go to Administration -> Groups -> 'Create new group'. For example, public
Assign roles to this group. You can choose 'Grant role in selected projects' radio button and choose those public projects and click Assign button.
I wanted to Create 'Testers' group and give them permission to trigger deployments for 'Test Build Configuration' only. Here is what I did. (BTW, this is TC 9.1 )
Go and 'Enable Per Project Permissions'
Created a role 'Project Tester' under 'Roles' and assign permissions 'run build' to the role
Created a group 'Test Team' and assigned the role 'Project Tester' to it.
And obviously, add the users to the group. Hope that helps someone.