Hello Everyone,
I have an Access database that i set up some time ago and that is still in
use by employees. The database was set up using user-level security. The
database is seperated, one- the "back end", named **be.mdb- housing the
tables and some queries. The other- **.mdb- has all the forms, modules and
other queries. The back end is on a shared file server, and each user has the
front end on thier local machine.
I use the Report Wizard to setup the data source connection, which is ODBC,
and permissions. I can preview it in Report Designer fine. Once the report is
published to the Report Manager however, I get an error telling me that no
connection to datasource can be established because either i have no
permissions, the workgroup information file can not be found or someone else
is using the file.
When I setup up the dsn, i made sure to include the WIF in the string- named
secure.mdw. However I'm stumped as to my failure to connect. Can anyone give
me some guidance on how to properly setup connection from SSRS to an Access
datbase that has user-level security?
Many thanks.I'd just move it to SQL Server.. Honestly; I've been through a ton of
migrations over the years-- moving to SQL Server _NOW_ instead of
later can save you a lot of headaches.
I mean.. the front end ; it should be easy to move to an Access Data
Project-- simplify the database side before worrying about the
reports.
-Aaron
On Mar 21, 1:49=A0pm, Damon Johnson
<DamonJohn...@.discussions.microsoft.com> wrote:
> Hello Everyone,
> I have an Access database that i set up some time ago and that is still in=
> use by employees. The database was set up using user-level security. The
> database is seperated, one- the "back end", named **be.mdb- housing the
> tables and some queries. The other- **.mdb- has all the forms, modules and=
> other queries. The back end is on a shared file server, and each user has =the
> front end on thier local machine.
> I use the Report Wizard to setup the data source connection, which is ODBC=,
> and permissions. I can preview it in Report Designer fine. Once the report= is
> published to the Report Manager however, I get an error telling me that no=
> connection to datasource can be established because either i have no
> permissions, the workgroup information file can not be found or someone el=se
> is using the file.
> When I setup up the dsn, i made sure to include the WIF in the string- nam=ed
> secure.mdw. However I'm stumped as to my failure to connect. Can anyone gi=ve
> me some guidance on how to properly setup connection from SSRS to an Acces=s
> datbase that has user-level security?
> Many thanks.
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Monday, 19 March 2012
Sunday, 11 March 2012
connect error with Windows Security
My Windows2000\SQL2000 server uses Windows Only security from a NT 4 domain.
My Win2000 client logs in to AD, not the NT4 domain. I am getting sql conne
ct errors 123 and 53 when I try to create a DSN and add my NT4 domain creden
tials. Does anyone know how
to create a DSN using credentials other than the one I am logged in as?
Thanks.Could you post the exact error messages you get?
If you are creating a DSN to use Windows authentication, you
don't specify a user name and password. You just select NT
authentication for the login info. The login must exist on
the server and if you selected a database for the DSN, the
user must exist in the database.
-Sue
On Mon, 24 May 2004 13:36:07 -0700, "Jon S"
<anonymous@.discussions.microsoft.com> wrote:
>My Windows2000\SQL2000 server uses Windows Only security from a NT 4 domain. My Win
2000 client logs in to AD, not the NT4 domain. I am getting sql connect errors 123 a
nd 53 when I try to create a DSN and add my NT4 domain credentials. Does anyone know
ho
w to create a DSN using credentials other than the one I am logged in as?
>Thanks.|||I am trying to create a user DSN and specify server name on the first screen
. On the security screen, it defaults to my AD login credentials, so I click
sql security, enter my NT4 domain credentials, then click Windows security.
The error I get is " SQLSt
ate 2800, error 18452, Login failed for user'(null)'.Reason:Not associated w
ith a trusted SQL Server connection"|||The error means you are attempting to login to SQL Server
using windows authentication and the login was not able to
be validated. On the SQL Server end, make sure that the
login exists on the server.If the login exists, try dropping
and recreating and see if that makes a difference for that
login. But if the login is fine then it's likely a Windows
authentication issue. You can check the event logs for
network related issues, problems contacting a domain
controller, that type of thing. You can also try to force
the client to connect through named pipes by creating a
named pipe alias using the Client Network Utility.
-Sue
On Tue, 25 May 2004 07:06:03 -0700, "Jon S"
<anonymous@.discussions.microsoft.com> wrote:
>I am trying to create a user DSN and specify server name on the first screen. On th
e security screen, it defaults to my AD login credentials, so I click sql security,
enter my NT4 domain credentials, then click Windows security. The error I get is " S
QLS
tate 2800, error 18452, Login failed for user'(null)'.Reason:Not associated with a trusted S
QL Server connection"
>
>
My Win2000 client logs in to AD, not the NT4 domain. I am getting sql conne
ct errors 123 and 53 when I try to create a DSN and add my NT4 domain creden
tials. Does anyone know how
to create a DSN using credentials other than the one I am logged in as?
Thanks.Could you post the exact error messages you get?
If you are creating a DSN to use Windows authentication, you
don't specify a user name and password. You just select NT
authentication for the login info. The login must exist on
the server and if you selected a database for the DSN, the
user must exist in the database.
-Sue
On Mon, 24 May 2004 13:36:07 -0700, "Jon S"
<anonymous@.discussions.microsoft.com> wrote:
>My Windows2000\SQL2000 server uses Windows Only security from a NT 4 domain. My Win
2000 client logs in to AD, not the NT4 domain. I am getting sql connect errors 123 a
nd 53 when I try to create a DSN and add my NT4 domain credentials. Does anyone know
ho
w to create a DSN using credentials other than the one I am logged in as?
>Thanks.|||I am trying to create a user DSN and specify server name on the first screen
. On the security screen, it defaults to my AD login credentials, so I click
sql security, enter my NT4 domain credentials, then click Windows security.
The error I get is " SQLSt
ate 2800, error 18452, Login failed for user'(null)'.Reason:Not associated w
ith a trusted SQL Server connection"|||The error means you are attempting to login to SQL Server
using windows authentication and the login was not able to
be validated. On the SQL Server end, make sure that the
login exists on the server.If the login exists, try dropping
and recreating and see if that makes a difference for that
login. But if the login is fine then it's likely a Windows
authentication issue. You can check the event logs for
network related issues, problems contacting a domain
controller, that type of thing. You can also try to force
the client to connect through named pipes by creating a
named pipe alias using the Client Network Utility.
-Sue
On Tue, 25 May 2004 07:06:03 -0700, "Jon S"
<anonymous@.discussions.microsoft.com> wrote:
>I am trying to create a user DSN and specify server name on the first screen. On th
e security screen, it defaults to my AD login credentials, so I click sql security,
enter my NT4 domain credentials, then click Windows security. The error I get is " S
QLS
tate 2800, error 18452, Login failed for user'(null)'.Reason:Not associated with a trusted S
QL Server connection"
>
>
connect error with Windows Security
My Windows2000\SQL2000 server uses Windows Only security from a NT 4 domain. My Win2000 client logs in to AD, not the NT4 domain. I am getting sql connect errors 123 and 53 when I try to create a DSN and add my NT4 domain credentials. Does anyone know how
to create a DSN using credentials other than the one I am logged in as?
Thanks.
Could you post the exact error messages you get?
If you are creating a DSN to use Windows authentication, you
don't specify a user name and password. You just select NT
authentication for the login info. The login must exist on
the server and if you selected a database for the DSN, the
user must exist in the database.
-Sue
On Mon, 24 May 2004 13:36:07 -0700, "Jon S"
<anonymous@.discussions.microsoft.com> wrote:
>My Windows2000\SQL2000 server uses Windows Only security from a NT 4 domain. My Win2000 client logs in to AD, not the NT4 domain. I am getting sql connect errors 123 and 53 when I try to create a DSN and add my NT4 domain credentials. Does anyone know ho
w to create a DSN using credentials other than the one I am logged in as?
>Thanks.
|||I am trying to create a user DSN and specify server name on the first screen. On the security screen, it defaults to my AD login credentials, so I click sql security, enter my NT4 domain credentials, then click Windows security. The error I get is " SQLSt
ate 2800, error 18452, Login failed for user'(null)'.Reason:Not associated with a trusted SQL Server connection"
|||The error means you are attempting to login to SQL Server
using windows authentication and the login was not able to
be validated. On the SQL Server end, make sure that the
login exists on the server.If the login exists, try dropping
and recreating and see if that makes a difference for that
login. But if the login is fine then it's likely a Windows
authentication issue. You can check the event logs for
network related issues, problems contacting a domain
controller, that type of thing. You can also try to force
the client to connect through named pipes by creating a
named pipe alias using the Client Network Utility.
-Sue
On Tue, 25 May 2004 07:06:03 -0700, "Jon S"
<anonymous@.discussions.microsoft.com> wrote:
>I am trying to create a user DSN and specify server name on the first screen. On the security screen, it defaults to my AD login credentials, so I click sql security, enter my NT4 domain credentials, then click Windows security. The error I get is " SQLS
tate 2800, error 18452, Login failed for user'(null)'.Reason:Not associated with a trusted SQL Server connection"
>
>
to create a DSN using credentials other than the one I am logged in as?
Thanks.
Could you post the exact error messages you get?
If you are creating a DSN to use Windows authentication, you
don't specify a user name and password. You just select NT
authentication for the login info. The login must exist on
the server and if you selected a database for the DSN, the
user must exist in the database.
-Sue
On Mon, 24 May 2004 13:36:07 -0700, "Jon S"
<anonymous@.discussions.microsoft.com> wrote:
>My Windows2000\SQL2000 server uses Windows Only security from a NT 4 domain. My Win2000 client logs in to AD, not the NT4 domain. I am getting sql connect errors 123 and 53 when I try to create a DSN and add my NT4 domain credentials. Does anyone know ho
w to create a DSN using credentials other than the one I am logged in as?
>Thanks.
|||I am trying to create a user DSN and specify server name on the first screen. On the security screen, it defaults to my AD login credentials, so I click sql security, enter my NT4 domain credentials, then click Windows security. The error I get is " SQLSt
ate 2800, error 18452, Login failed for user'(null)'.Reason:Not associated with a trusted SQL Server connection"
|||The error means you are attempting to login to SQL Server
using windows authentication and the login was not able to
be validated. On the SQL Server end, make sure that the
login exists on the server.If the login exists, try dropping
and recreating and see if that makes a difference for that
login. But if the login is fine then it's likely a Windows
authentication issue. You can check the event logs for
network related issues, problems contacting a domain
controller, that type of thing. You can also try to force
the client to connect through named pipes by creating a
named pipe alias using the Client Network Utility.
-Sue
On Tue, 25 May 2004 07:06:03 -0700, "Jon S"
<anonymous@.discussions.microsoft.com> wrote:
>I am trying to create a user DSN and specify server name on the first screen. On the security screen, it defaults to my AD login credentials, so I click sql security, enter my NT4 domain credentials, then click Windows security. The error I get is " SQLS
tate 2800, error 18452, Login failed for user'(null)'.Reason:Not associated with a trusted SQL Server connection"
>
>
connect database user to security login user
After restore off a database the user under security logins was not created.
The user under Database and users was created, but that user MUST bee the
same user under security logins, if i try to make a new user with same name
under logins, thats ok, but i cant connect to the database becuse the user
allready exists, i cant delete the user under the database. What to do? Is
there som way to connect a database user to a security login user. Its SQL
security and login.
/Per W.sp_change_users_login.
Also, you can transport the logins with the correct sid, search KB for sp_he
lp_revlogin.
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
http://www.sqlug.se/
"Per W." <pwbuf@.tiscali.no> wrote in message news:GdMOd.98909$Vf.3877273@.news000.worldonlin
e.dk...
> After restore off a database the user under security logins was not create
d. The user under
> Database and users was created, but that user MUST bee the same user under
security logins, if i
> try to make a new user with same name under logins, thats ok, but i cant c
onnect to the database
> becuse the user allready exists, i cant delete the user under the database
. What to do? Is there
> som way to connect a database user to a security login user. Its SQL secur
ity and login.
>
> /Per W.
>|||The following will list all users whose SPID is not mapped to a valid login:
sp_change_users_login 'Report'
"Per W." <pwbuf@.tiscali.no> wrote in message
news:GdMOd.98909$Vf.3877273@.news000.worldonline.dk...
> After restore off a database the user under security logins was not
created.
> The user under Database and users was created, but that user MUST bee the
> same user under security logins, if i try to make a new user with same
name
> under logins, thats ok, but i cant connect to the database becuse the user
> allready exists, i cant delete the user under the database. What to do? Is
> there som way to connect a database user to a security login user. Its SQL
> security and login.
>
> /Per W.
>
The user under Database and users was created, but that user MUST bee the
same user under security logins, if i try to make a new user with same name
under logins, thats ok, but i cant connect to the database becuse the user
allready exists, i cant delete the user under the database. What to do? Is
there som way to connect a database user to a security login user. Its SQL
security and login.
/Per W.sp_change_users_login.
Also, you can transport the logins with the correct sid, search KB for sp_he
lp_revlogin.
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
http://www.sqlug.se/
"Per W." <pwbuf@.tiscali.no> wrote in message news:GdMOd.98909$Vf.3877273@.news000.worldonlin
e.dk...
> After restore off a database the user under security logins was not create
d. The user under
> Database and users was created, but that user MUST bee the same user under
security logins, if i
> try to make a new user with same name under logins, thats ok, but i cant c
onnect to the database
> becuse the user allready exists, i cant delete the user under the database
. What to do? Is there
> som way to connect a database user to a security login user. Its SQL secur
ity and login.
>
> /Per W.
>|||The following will list all users whose SPID is not mapped to a valid login:
sp_change_users_login 'Report'
"Per W." <pwbuf@.tiscali.no> wrote in message
news:GdMOd.98909$Vf.3877273@.news000.worldonline.dk...
> After restore off a database the user under security logins was not
created.
> The user under Database and users was created, but that user MUST bee the
> same user under security logins, if i try to make a new user with same
name
> under logins, thats ok, but i cant connect to the database becuse the user
> allready exists, i cant delete the user under the database. What to do? Is
> there som way to connect a database user to a security login user. Its SQL
> security and login.
>
> /Per W.
>
Wednesday, 7 March 2012
Confusion about dialog security steps.
Hi There
I have done the following.
2 Servers across the net work Server A and Server B.
I have created private keys at each and copied to public keys across.
I create an endpoint at each with validation by the certificates. I then create appropriate users and logins at each and import the public certificates with authorization to the users who have send permission on the endpoints.
That is transport security sorted and it works.
Now from what i have learnt from examples, to setup dialog security i do the following.
create a private key in each DB :
create certificate Store001DialogPri
with subject = 'Store001DialogPri',
start_date = '07/20/2006'
active for begin_dialog = on;
go
I then copy the public key to each server, create a user only in each DB and import the public keys with authorization on the user. And grant send to the appropriate servcies to the user.
I then create appropriate remote service bindings with this user.
Now this works for me. Everythign seems A OK.
However i am going thorugh the Service Broker "bible", and there are a ton of steps i am not doing but my setup works ?
Steps i am not doing for example is when i create the private keys in the DB i should authorize them to a user i create who is then gratnted CONTROL permission on the SERVICES.
Now i do not do this but everything seems to be working. I thought i finally understood dialogs security but now i am totally confused ?
Is what i am doing correct ? If so why are these all these additinal steps mentioned ? WHat am i missing ?
Thanx
The AUTHORIZATION and CONTROL steps in the samples are needed if you are performing these steps for somebody else. You test probably ended up with all the services being owned by [dbo], (you are sysadmin on the test machine, aren't you?), and the certificates with private keys also being owned by [dbo], so it just worked. But in real life, you might have to do this setup steps for a service owned by a different database user, so in that case is important to associate the private key with the service owner.
HTH,
~ Remus
Hi Remus
Yes everything should be owned by dbo, however i do not see any otehr users coming into the SB application, so therefore i shouldnot have to do these steps?
Thanx for the feedback
Confused with security
I thought I understood what was happening - obviously not.
Here is my problem:
Using windows integrated security.
No users should have access to the table directly.
I have a UDF that I have granted select, insert, update, and delete on to a
created roll that has windows users added to it.
The user can select through the function ok. but when they try to insert,
they get an error complaining of lack of rights to insert.
I had to add insert rights to the table for the user to insert through the
function.
Is it becuse the function is a select statement, and it dynamically creates
the update, insert methods directly against the table and by-passes the
function and that is my problem?
Thanks for any clarification.
On Tue, 31 Aug 2004 19:03:22 GMT, Howard Carr wrote:
>I thought I understood what was happening - obviously not.
>Here is my problem:
>Using windows integrated security.
>No users should have access to the table directly.
>I have a UDF that I have granted select, insert, update, and delete on to a
>created roll that has windows users added to it.
>The user can select through the function ok. but when they try to insert,
>they get an error complaining of lack of rights to insert.
>I had to add insert rights to the table for the user to insert through the
>function.
>Is it becuse the function is a select statement, and it dynamically creates
>the update, insert methods directly against the table and by-passes the
>function and that is my problem?
>Thanks for any clarification.
>
Hi Howard,
Your guess is correct - welcome to the pitfalls of dynamic SQL.
If a stored procedure references a table owned by the same userid that
owns the stored procedure, no additional check for access right to that
table is made. Each user that has rights to execute the procedure can
access that table through that procedure. Other means of access to the
table still need explicit permissions for that user on the table!
Dynamic SQL is executed in a seperate environment, just as if the user
exeecuted the SQL from Query Analyzer. During execution, SQL is not aware
that this is started from a stored procedure. Therefor, the ownership
chain from procedure to table breaks when dynamic SQL is executed.
Best, Hugo
(Remove _NO_ and _SPAM_ to get my e-mail address)
|||Thanks so much Hugo, I thought I was really lost!
"Hugo Kornelis" <hugo@.pe_NO_rFact.in_SPAM_fo> wrote in message
news:teo9j0l1fnknj0frfq3l0u6hgs2s5oh9bm@.4ax.com... [vbcol=seagreen]
> On Tue, 31 Aug 2004 19:03:22 GMT, Howard Carr wrote:
a[vbcol=seagreen]
the[vbcol=seagreen]
creates
> Hi Howard,
> Your guess is correct - welcome to the pitfalls of dynamic SQL.
> If a stored procedure references a table owned by the same userid that
> owns the stored procedure, no additional check for access right to that
> table is made. Each user that has rights to execute the procedure can
> access that table through that procedure. Other means of access to the
> table still need explicit permissions for that user on the table!
> Dynamic SQL is executed in a seperate environment, just as if the user
> exeecuted the SQL from Query Analyzer. During execution, SQL is not aware
> that this is started from a stored procedure. Therefor, the ownership
> chain from procedure to table breaks when dynamic SQL is executed.
> Best, Hugo
> --
> (Remove _NO_ and _SPAM_ to get my e-mail address)
Here is my problem:
Using windows integrated security.
No users should have access to the table directly.
I have a UDF that I have granted select, insert, update, and delete on to a
created roll that has windows users added to it.
The user can select through the function ok. but when they try to insert,
they get an error complaining of lack of rights to insert.
I had to add insert rights to the table for the user to insert through the
function.
Is it becuse the function is a select statement, and it dynamically creates
the update, insert methods directly against the table and by-passes the
function and that is my problem?
Thanks for any clarification.
On Tue, 31 Aug 2004 19:03:22 GMT, Howard Carr wrote:
>I thought I understood what was happening - obviously not.
>Here is my problem:
>Using windows integrated security.
>No users should have access to the table directly.
>I have a UDF that I have granted select, insert, update, and delete on to a
>created roll that has windows users added to it.
>The user can select through the function ok. but when they try to insert,
>they get an error complaining of lack of rights to insert.
>I had to add insert rights to the table for the user to insert through the
>function.
>Is it becuse the function is a select statement, and it dynamically creates
>the update, insert methods directly against the table and by-passes the
>function and that is my problem?
>Thanks for any clarification.
>
Hi Howard,
Your guess is correct - welcome to the pitfalls of dynamic SQL.
If a stored procedure references a table owned by the same userid that
owns the stored procedure, no additional check for access right to that
table is made. Each user that has rights to execute the procedure can
access that table through that procedure. Other means of access to the
table still need explicit permissions for that user on the table!
Dynamic SQL is executed in a seperate environment, just as if the user
exeecuted the SQL from Query Analyzer. During execution, SQL is not aware
that this is started from a stored procedure. Therefor, the ownership
chain from procedure to table breaks when dynamic SQL is executed.
Best, Hugo
(Remove _NO_ and _SPAM_ to get my e-mail address)
|||Thanks so much Hugo, I thought I was really lost!
"Hugo Kornelis" <hugo@.pe_NO_rFact.in_SPAM_fo> wrote in message
news:teo9j0l1fnknj0frfq3l0u6hgs2s5oh9bm@.4ax.com... [vbcol=seagreen]
> On Tue, 31 Aug 2004 19:03:22 GMT, Howard Carr wrote:
a[vbcol=seagreen]
the[vbcol=seagreen]
creates
> Hi Howard,
> Your guess is correct - welcome to the pitfalls of dynamic SQL.
> If a stored procedure references a table owned by the same userid that
> owns the stored procedure, no additional check for access right to that
> table is made. Each user that has rights to execute the procedure can
> access that table through that procedure. Other means of access to the
> table still need explicit permissions for that user on the table!
> Dynamic SQL is executed in a seperate environment, just as if the user
> exeecuted the SQL from Query Analyzer. During execution, SQL is not aware
> that this is started from a stored procedure. Therefor, the ownership
> chain from procedure to table breaks when dynamic SQL is executed.
> Best, Hugo
> --
> (Remove _NO_ and _SPAM_ to get my e-mail address)
Confused with security
I thought I understood what was happening - obviously not.
Here is my problem:
Using windows integrated security.
No users should have access to the table directly.
I have a UDF that I have granted select, insert, update, and delete on to a
created roll that has windows users added to it.
The user can select through the function ok. but when they try to insert,
they get an error complaining of lack of rights to insert.
I had to add insert rights to the table for the user to insert through the
function.
Is it becuse the function is a select statement, and it dynamically creates
the update, insert methods directly against the table and by-passes the
function and that is my problem?
Thanks for any clarification.Check who owns the objects. Ownership chain may be broken
(see BOL). In short a person who does not have ownership
of the underlying object cannot get rights through a
view/function etc that they own.
>--Original Message--
>I thought I understood what was happening - obviously not.
>Here is my problem:
>Using windows integrated security.
>No users should have access to the table directly.
>I have a UDF that I have granted select, insert, update,
and delete on to a
>created roll that has windows users added to it.
>The user can select through the function ok. but when
they try to insert,
>they get an error complaining of lack of rights to insert.
>I had to add insert rights to the table for the user to
insert through the
>function.
>Is it becuse the function is a select statement, and it
dynamically creates
>the update, insert methods directly against the table and
by-passes the
>function and that is my problem?
>Thanks for any clarification.
>
>.
>|||On Tue, 31 Aug 2004 19:03:22 GMT, Howard Carr wrote:
>I thought I understood what was happening - obviously not.
>Here is my problem:
>Using windows integrated security.
>No users should have access to the table directly.
>I have a UDF that I have granted select, insert, update, and delete on to a
>created roll that has windows users added to it.
>The user can select through the function ok. but when they try to insert,
>they get an error complaining of lack of rights to insert.
>I had to add insert rights to the table for the user to insert through the
>function.
>Is it becuse the function is a select statement, and it dynamically creates
>the update, insert methods directly against the table and by-passes the
>function and that is my problem?
>Thanks for any clarification.
>
Hi Howard,
Your guess is correct - welcome to the pitfalls of dynamic SQL.
If a stored procedure references a table owned by the same userid that
owns the stored procedure, no additional check for access right to that
table is made. Each user that has rights to execute the procedure can
access that table through that procedure. Other means of access to the
table still need explicit permissions for that user on the table!
Dynamic SQL is executed in a seperate environment, just as if the user
exeecuted the SQL from Query Analyzer. During execution, SQL is not aware
that this is started from a stored procedure. Therefor, the ownership
chain from procedure to table breaks when dynamic SQL is executed.
Best, Hugo
--
(Remove _NO_ and _SPAM_ to get my e-mail address)|||Thanks so much Hugo, I thought I was really lost!
"Hugo Kornelis" <hugo@.pe_NO_rFact.in_SPAM_fo> wrote in message
news:teo9j0l1fnknj0frfq3l0u6hgs2s5oh9bm@.4ax.com...
> On Tue, 31 Aug 2004 19:03:22 GMT, Howard Carr wrote:
> >I thought I understood what was happening - obviously not.
> >
> >Here is my problem:
> >
> >Using windows integrated security.
> >No users should have access to the table directly.
> >
> >I have a UDF that I have granted select, insert, update, and delete on to
a
> >created roll that has windows users added to it.
> >The user can select through the function ok. but when they try to insert,
> >they get an error complaining of lack of rights to insert.
> >I had to add insert rights to the table for the user to insert through
the
> >function.
> >Is it becuse the function is a select statement, and it dynamically
creates
> >the update, insert methods directly against the table and by-passes the
> >function and that is my problem?
> >
> >Thanks for any clarification.
> >
> Hi Howard,
> Your guess is correct - welcome to the pitfalls of dynamic SQL.
> If a stored procedure references a table owned by the same userid that
> owns the stored procedure, no additional check for access right to that
> table is made. Each user that has rights to execute the procedure can
> access that table through that procedure. Other means of access to the
> table still need explicit permissions for that user on the table!
> Dynamic SQL is executed in a seperate environment, just as if the user
> exeecuted the SQL from Query Analyzer. During execution, SQL is not aware
> that this is started from a stored procedure. Therefor, the ownership
> chain from procedure to table breaks when dynamic SQL is executed.
> Best, Hugo
> --
> (Remove _NO_ and _SPAM_ to get my e-mail address)
Here is my problem:
Using windows integrated security.
No users should have access to the table directly.
I have a UDF that I have granted select, insert, update, and delete on to a
created roll that has windows users added to it.
The user can select through the function ok. but when they try to insert,
they get an error complaining of lack of rights to insert.
I had to add insert rights to the table for the user to insert through the
function.
Is it becuse the function is a select statement, and it dynamically creates
the update, insert methods directly against the table and by-passes the
function and that is my problem?
Thanks for any clarification.Check who owns the objects. Ownership chain may be broken
(see BOL). In short a person who does not have ownership
of the underlying object cannot get rights through a
view/function etc that they own.
>--Original Message--
>I thought I understood what was happening - obviously not.
>Here is my problem:
>Using windows integrated security.
>No users should have access to the table directly.
>I have a UDF that I have granted select, insert, update,
and delete on to a
>created roll that has windows users added to it.
>The user can select through the function ok. but when
they try to insert,
>they get an error complaining of lack of rights to insert.
>I had to add insert rights to the table for the user to
insert through the
>function.
>Is it becuse the function is a select statement, and it
dynamically creates
>the update, insert methods directly against the table and
by-passes the
>function and that is my problem?
>Thanks for any clarification.
>
>.
>|||On Tue, 31 Aug 2004 19:03:22 GMT, Howard Carr wrote:
>I thought I understood what was happening - obviously not.
>Here is my problem:
>Using windows integrated security.
>No users should have access to the table directly.
>I have a UDF that I have granted select, insert, update, and delete on to a
>created roll that has windows users added to it.
>The user can select through the function ok. but when they try to insert,
>they get an error complaining of lack of rights to insert.
>I had to add insert rights to the table for the user to insert through the
>function.
>Is it becuse the function is a select statement, and it dynamically creates
>the update, insert methods directly against the table and by-passes the
>function and that is my problem?
>Thanks for any clarification.
>
Hi Howard,
Your guess is correct - welcome to the pitfalls of dynamic SQL.
If a stored procedure references a table owned by the same userid that
owns the stored procedure, no additional check for access right to that
table is made. Each user that has rights to execute the procedure can
access that table through that procedure. Other means of access to the
table still need explicit permissions for that user on the table!
Dynamic SQL is executed in a seperate environment, just as if the user
exeecuted the SQL from Query Analyzer. During execution, SQL is not aware
that this is started from a stored procedure. Therefor, the ownership
chain from procedure to table breaks when dynamic SQL is executed.
Best, Hugo
--
(Remove _NO_ and _SPAM_ to get my e-mail address)|||Thanks so much Hugo, I thought I was really lost!
"Hugo Kornelis" <hugo@.pe_NO_rFact.in_SPAM_fo> wrote in message
news:teo9j0l1fnknj0frfq3l0u6hgs2s5oh9bm@.4ax.com...
> On Tue, 31 Aug 2004 19:03:22 GMT, Howard Carr wrote:
> >I thought I understood what was happening - obviously not.
> >
> >Here is my problem:
> >
> >Using windows integrated security.
> >No users should have access to the table directly.
> >
> >I have a UDF that I have granted select, insert, update, and delete on to
a
> >created roll that has windows users added to it.
> >The user can select through the function ok. but when they try to insert,
> >they get an error complaining of lack of rights to insert.
> >I had to add insert rights to the table for the user to insert through
the
> >function.
> >Is it becuse the function is a select statement, and it dynamically
creates
> >the update, insert methods directly against the table and by-passes the
> >function and that is my problem?
> >
> >Thanks for any clarification.
> >
> Hi Howard,
> Your guess is correct - welcome to the pitfalls of dynamic SQL.
> If a stored procedure references a table owned by the same userid that
> owns the stored procedure, no additional check for access right to that
> table is made. Each user that has rights to execute the procedure can
> access that table through that procedure. Other means of access to the
> table still need explicit permissions for that user on the table!
> Dynamic SQL is executed in a seperate environment, just as if the user
> exeecuted the SQL from Query Analyzer. During execution, SQL is not aware
> that this is started from a stored procedure. Therefor, the ownership
> chain from procedure to table breaks when dynamic SQL is executed.
> Best, Hugo
> --
> (Remove _NO_ and _SPAM_ to get my e-mail address)
Confused with security
I thought I understood what was happening - obviously not.
Here is my problem:
Using windows integrated security.
No users should have access to the table directly.
I have a UDF that I have granted select, insert, update, and delete on to a
created roll that has windows users added to it.
The user can select through the function ok. but when they try to insert,
they get an error complaining of lack of rights to insert.
I had to add insert rights to the table for the user to insert through the
function.
Is it becuse the function is a select statement, and it dynamically creates
the update, insert methods directly against the table and by-passes the
function and that is my problem?
Thanks for any clarification.On Tue, 31 Aug 2004 19:03:22 GMT, Howard Carr wrote:
>I thought I understood what was happening - obviously not.
>Here is my problem:
>Using windows integrated security.
>No users should have access to the table directly.
>I have a UDF that I have granted select, insert, update, and delete on to a
>created roll that has windows users added to it.
>The user can select through the function ok. but when they try to insert,
>they get an error complaining of lack of rights to insert.
>I had to add insert rights to the table for the user to insert through the
>function.
>Is it becuse the function is a select statement, and it dynamically creates
>the update, insert methods directly against the table and by-passes the
>function and that is my problem?
>Thanks for any clarification.
>
Hi Howard,
Your guess is correct - welcome to the pitfalls of dynamic SQL.
If a stored procedure references a table owned by the same userid that
owns the stored procedure, no additional check for access right to that
table is made. Each user that has rights to execute the procedure can
access that table through that procedure. Other means of access to the
table still need explicit permissions for that user on the table!
Dynamic SQL is executed in a seperate environment, just as if the user
exeecuted the SQL from Query Analyzer. During execution, SQL is not aware
that this is started from a stored procedure. Therefor, the ownership
chain from procedure to table breaks when dynamic SQL is executed.
Best, Hugo
--
(Remove _NO_ and _SPAM_ to get my e-mail address)|||Thanks so much Hugo, I thought I was really lost!
"Hugo Kornelis" <hugo@.pe_NO_rFact.in_SPAM_fo> wrote in message
news:teo9j0l1fnknj0frfq3l0u6hgs2s5oh9bm@.
4ax.com...
> On Tue, 31 Aug 2004 19:03:22 GMT, Howard Carr wrote:
>
a[vbcol=seagreen]
the[vbcol=seagreen]
creates[vbcol=seagreen]
> Hi Howard,
> Your guess is correct - welcome to the pitfalls of dynamic SQL.
> If a stored procedure references a table owned by the same userid that
> owns the stored procedure, no additional check for access right to that
> table is made. Each user that has rights to execute the procedure can
> access that table through that procedure. Other means of access to the
> table still need explicit permissions for that user on the table!
> Dynamic SQL is executed in a seperate environment, just as if the user
> exeecuted the SQL from Query Analyzer. During execution, SQL is not aware
> that this is started from a stored procedure. Therefor, the ownership
> chain from procedure to table breaks when dynamic SQL is executed.
> Best, Hugo
> --
> (Remove _NO_ and _SPAM_ to get my e-mail address)
Here is my problem:
Using windows integrated security.
No users should have access to the table directly.
I have a UDF that I have granted select, insert, update, and delete on to a
created roll that has windows users added to it.
The user can select through the function ok. but when they try to insert,
they get an error complaining of lack of rights to insert.
I had to add insert rights to the table for the user to insert through the
function.
Is it becuse the function is a select statement, and it dynamically creates
the update, insert methods directly against the table and by-passes the
function and that is my problem?
Thanks for any clarification.On Tue, 31 Aug 2004 19:03:22 GMT, Howard Carr wrote:
>I thought I understood what was happening - obviously not.
>Here is my problem:
>Using windows integrated security.
>No users should have access to the table directly.
>I have a UDF that I have granted select, insert, update, and delete on to a
>created roll that has windows users added to it.
>The user can select through the function ok. but when they try to insert,
>they get an error complaining of lack of rights to insert.
>I had to add insert rights to the table for the user to insert through the
>function.
>Is it becuse the function is a select statement, and it dynamically creates
>the update, insert methods directly against the table and by-passes the
>function and that is my problem?
>Thanks for any clarification.
>
Hi Howard,
Your guess is correct - welcome to the pitfalls of dynamic SQL.
If a stored procedure references a table owned by the same userid that
owns the stored procedure, no additional check for access right to that
table is made. Each user that has rights to execute the procedure can
access that table through that procedure. Other means of access to the
table still need explicit permissions for that user on the table!
Dynamic SQL is executed in a seperate environment, just as if the user
exeecuted the SQL from Query Analyzer. During execution, SQL is not aware
that this is started from a stored procedure. Therefor, the ownership
chain from procedure to table breaks when dynamic SQL is executed.
Best, Hugo
--
(Remove _NO_ and _SPAM_ to get my e-mail address)|||Thanks so much Hugo, I thought I was really lost!
"Hugo Kornelis" <hugo@.pe_NO_rFact.in_SPAM_fo> wrote in message
news:teo9j0l1fnknj0frfq3l0u6hgs2s5oh9bm@.
4ax.com...
> On Tue, 31 Aug 2004 19:03:22 GMT, Howard Carr wrote:
>
a[vbcol=seagreen]
the[vbcol=seagreen]
creates[vbcol=seagreen]
> Hi Howard,
> Your guess is correct - welcome to the pitfalls of dynamic SQL.
> If a stored procedure references a table owned by the same userid that
> owns the stored procedure, no additional check for access right to that
> table is made. Each user that has rights to execute the procedure can
> access that table through that procedure. Other means of access to the
> table still need explicit permissions for that user on the table!
> Dynamic SQL is executed in a seperate environment, just as if the user
> exeecuted the SQL from Query Analyzer. During execution, SQL is not aware
> that this is started from a stored procedure. Therefor, the ownership
> chain from procedure to table breaks when dynamic SQL is executed.
> Best, Hugo
> --
> (Remove _NO_ and _SPAM_ to get my e-mail address)
Friday, 24 February 2012
conflict Problem Help
Hello Everybody
I am having merge Replication using MSSQL 2000 sp3 latest security patch,
My replication is server1 Publisher, server2 subscriber, server3
subscriber,
Server4 subscriber, server5 subscriber. I am using schedule around 1:00
AM every day, In Server2 we insert 5 rows some value, and 5 rows sending to
Server3 using DTS with Insert statement, and server3 we update the 5Rows,
and sending to Server4 or server2, this all process everything done before
synchronize. I am using default conflict revolver, becoz some table dont
have date time field. When I run the merge agent, I got some conflict in
conflict tables. Automatically delete some row in subscriber.
How to resolve those problems. I need urgent help.
The same row was updated at 'THSWPSW002.GCP' and deleted at
'BKKNTS370.GCPTEST'.
The resolver chose the deletion as the winner.
3:3 conflict_type : reason_code
The same column(s) of the same row was updated at both 'SERVER1.APPTEST' and
' SERVER2.APPTEST '.
The resolver chose the update from ' SERVER1.APPTEST ' as the winner.
2:2
The row was inserted at ' SERVER5.APPTEST ' but could not be inserted at '
SERVER1.APPTEST '. Violation of PRIMARY KEY constraint
'PK__T_M_SUPPLIER__3607E224'. Cannot insert duplicate key in object
'T_M_SUPPLIER'.
5:2627
The row was inserted at 'SERVER1.APPTEST' but could not be inserted at
'SERVER2.APPTEST'. Violation of PRIMARY KEY constraint
'PK__T_M_SUPPLIER__38CF4036'. Cannot insert duplicate key in object
'T_M_SUPPLIER'.
6:2627
The same row was updated at both 'SERVER1.APPTEST' and 'SERVER5.APPTEST'.
The resolver chose the update from 'BKKNTS370.GCPTEST' as the winner.
1:1
Thanks
Sam
Sam,
please take a look at this article and see if it applies:
http://support.microsoft.com/default...&Product=sql2k
Cheers,
Paul Ibison SQL Server MVP, www.replicationanswers.com
(recommended sql server 2000 replication book:
http://www.nwsu.com/0974973602p.html)
|||Thanks,
Still i have problem some conflict.
i change mergearticle error 'flase'
could you tell me how to handule ?
Sam
"Paul Ibison" <Paul.Ibison@.Pygmalion.Com> wrote in message
news:ui2754ILGHA.2276@.TK2MSFTNGP15.phx.gbl...
> Sam,
> please take a look at this article and see if it applies:
> http://support.microsoft.com/default...&Product=sql2k
> Cheers,
> Paul Ibison SQL Server MVP, www.replicationanswers.com
> (recommended sql server 2000 replication book:
> http://www.nwsu.com/0974973602p.html)
>
I am having merge Replication using MSSQL 2000 sp3 latest security patch,
My replication is server1 Publisher, server2 subscriber, server3
subscriber,
Server4 subscriber, server5 subscriber. I am using schedule around 1:00
AM every day, In Server2 we insert 5 rows some value, and 5 rows sending to
Server3 using DTS with Insert statement, and server3 we update the 5Rows,
and sending to Server4 or server2, this all process everything done before
synchronize. I am using default conflict revolver, becoz some table dont
have date time field. When I run the merge agent, I got some conflict in
conflict tables. Automatically delete some row in subscriber.
How to resolve those problems. I need urgent help.
The same row was updated at 'THSWPSW002.GCP' and deleted at
'BKKNTS370.GCPTEST'.
The resolver chose the deletion as the winner.
3:3 conflict_type : reason_code
The same column(s) of the same row was updated at both 'SERVER1.APPTEST' and
' SERVER2.APPTEST '.
The resolver chose the update from ' SERVER1.APPTEST ' as the winner.
2:2
The row was inserted at ' SERVER5.APPTEST ' but could not be inserted at '
SERVER1.APPTEST '. Violation of PRIMARY KEY constraint
'PK__T_M_SUPPLIER__3607E224'. Cannot insert duplicate key in object
'T_M_SUPPLIER'.
5:2627
The row was inserted at 'SERVER1.APPTEST' but could not be inserted at
'SERVER2.APPTEST'. Violation of PRIMARY KEY constraint
'PK__T_M_SUPPLIER__38CF4036'. Cannot insert duplicate key in object
'T_M_SUPPLIER'.
6:2627
The same row was updated at both 'SERVER1.APPTEST' and 'SERVER5.APPTEST'.
The resolver chose the update from 'BKKNTS370.GCPTEST' as the winner.
1:1
Thanks
Sam
Sam,
please take a look at this article and see if it applies:
http://support.microsoft.com/default...&Product=sql2k
Cheers,
Paul Ibison SQL Server MVP, www.replicationanswers.com
(recommended sql server 2000 replication book:
http://www.nwsu.com/0974973602p.html)
|||Thanks,
Still i have problem some conflict.
i change mergearticle error 'flase'
could you tell me how to handule ?
Sam
"Paul Ibison" <Paul.Ibison@.Pygmalion.Com> wrote in message
news:ui2754ILGHA.2276@.TK2MSFTNGP15.phx.gbl...
> Sam,
> please take a look at this article and see if it applies:
> http://support.microsoft.com/default...&Product=sql2k
> Cheers,
> Paul Ibison SQL Server MVP, www.replicationanswers.com
> (recommended sql server 2000 replication book:
> http://www.nwsu.com/0974973602p.html)
>
Sunday, 19 February 2012
configuring user security problem!
Hi,
I am new to sql reporting services. I have just installed sql
reporting service sp1. We have our own web app which uses forms
authentication. I have a page where i use reportviewer control (which
came along with samples)...to run a report...there is a separate
physical report server and on that server, for the Reports virtual
directory i have "anonymous access" set. Within this i have set domain
user and password! Now microsot recommends to use "integrated windows
authentication". But as soon as i set it, my web page gives me report
server error that access is denied. I understand that my web page is
impersonating as local\ASPNET user.
I am very confused! can you help me?
I will really appreciate it
Thanks,
SauminIf you use forms authentication you have to create an extension to implement
it. You need to read up on how to do so if you need this capability. It
requires some effort on your part and it requires enterprise edition. I
suggest that you remove anonymous access for now (so you can learn how to
write a report etc and then implement form based security later). For now,
use integrated security (anonymous access and integrated security is
mutually exclusive). To supplement the info on security in the bol I suggest
this link from Scott Allen:
http://odetocode.com/Articles/215.aspx
Bruce L-C
"Saumin" <saumin_patel@.hotmail.com> wrote in message
news:35be972d.0408171307.3e2d9cab@.posting.google.com...
> Hi,
> I am new to sql reporting services. I have just installed sql
> reporting service sp1. We have our own web app which uses forms
> authentication. I have a page where i use reportviewer control (which
> came along with samples)...to run a report...there is a separate
> physical report server and on that server, for the Reports virtual
> directory i have "anonymous access" set. Within this i have set domain
> user and password! Now microsot recommends to use "integrated windows
> authentication". But as soon as i set it, my web page gives me report
> server error that access is denied. I understand that my web page is
> impersonating as local\ASPNET user.
> I am very confused! can you help me?
> I will really appreciate it
> Thanks,
> Saumin
I am new to sql reporting services. I have just installed sql
reporting service sp1. We have our own web app which uses forms
authentication. I have a page where i use reportviewer control (which
came along with samples)...to run a report...there is a separate
physical report server and on that server, for the Reports virtual
directory i have "anonymous access" set. Within this i have set domain
user and password! Now microsot recommends to use "integrated windows
authentication". But as soon as i set it, my web page gives me report
server error that access is denied. I understand that my web page is
impersonating as local\ASPNET user.
I am very confused! can you help me?
I will really appreciate it
Thanks,
SauminIf you use forms authentication you have to create an extension to implement
it. You need to read up on how to do so if you need this capability. It
requires some effort on your part and it requires enterprise edition. I
suggest that you remove anonymous access for now (so you can learn how to
write a report etc and then implement form based security later). For now,
use integrated security (anonymous access and integrated security is
mutually exclusive). To supplement the info on security in the bol I suggest
this link from Scott Allen:
http://odetocode.com/Articles/215.aspx
Bruce L-C
"Saumin" <saumin_patel@.hotmail.com> wrote in message
news:35be972d.0408171307.3e2d9cab@.posting.google.com...
> Hi,
> I am new to sql reporting services. I have just installed sql
> reporting service sp1. We have our own web app which uses forms
> authentication. I have a page where i use reportviewer control (which
> came along with samples)...to run a report...there is a separate
> physical report server and on that server, for the Reports virtual
> directory i have "anonymous access" set. Within this i have set domain
> user and password! Now microsot recommends to use "integrated windows
> authentication". But as soon as i set it, my web page gives me report
> server error that access is denied. I understand that my web page is
> impersonating as local\ASPNET user.
> I am very confused! can you help me?
> I will really appreciate it
> Thanks,
> Saumin
Tuesday, 14 February 2012
Configuring SQL 2000 for use with ESRI ArcSDE
Rookie here....
I need help making some changes so that security is enabled on the ESRI
side. My problem is this. I have Two databases (SDE and Vector) 3 Roles
(Viewer, Editor 1 and Editor 2) and multiple users/logins. I can not find
any documentation which specifies how I assigne users to roles. In addition,
I can not find out which users in which databases should have Create Table,
Create Function Create SP, etc...
Any one have any good resources I can look at?
You can assign SQL Server users to database roles using sp_addrolemember:
USE SDE
EXEC sp_addrolemember 'Viewer', 'SomeUser'
GO
Permissions are entirely application specific. I assume these roles are
pre-defined by the app and appropriate object permissions assigned. Your
application documentation should specify if any additional permissions (e.g.
CREATE) are needed by application users. If the app doc doesn't contain
this information and you have security issues, I suggest to contact the
vendor for clarification of security requirements. You might get lucky with
a knowledgeable ESRI user in this forum but your vendor is the authoritative
source.
Hope this helps.
Dan Guzman
SQL Server MVP
"Joe16" <Joe16@.discussions.microsoft.com> wrote in message
news:D0F741EF-8DAA-4630-A6EA-49564330B345@.microsoft.com...
> Rookie here....
> I need help making some changes so that security is enabled on the ESRI
> side. My problem is this. I have Two databases (SDE and Vector) 3 Roles
> (Viewer, Editor 1 and Editor 2) and multiple users/logins. I can not find
> any documentation which specifies how I assigne users to roles. In
> addition,
> I can not find out which users in which databases should have Create
> Table,
> Create Function Create SP, etc...
> Any one have any good resources I can look at?
>
I need help making some changes so that security is enabled on the ESRI
side. My problem is this. I have Two databases (SDE and Vector) 3 Roles
(Viewer, Editor 1 and Editor 2) and multiple users/logins. I can not find
any documentation which specifies how I assigne users to roles. In addition,
I can not find out which users in which databases should have Create Table,
Create Function Create SP, etc...
Any one have any good resources I can look at?
You can assign SQL Server users to database roles using sp_addrolemember:
USE SDE
EXEC sp_addrolemember 'Viewer', 'SomeUser'
GO
Permissions are entirely application specific. I assume these roles are
pre-defined by the app and appropriate object permissions assigned. Your
application documentation should specify if any additional permissions (e.g.
CREATE) are needed by application users. If the app doc doesn't contain
this information and you have security issues, I suggest to contact the
vendor for clarification of security requirements. You might get lucky with
a knowledgeable ESRI user in this forum but your vendor is the authoritative
source.
Hope this helps.
Dan Guzman
SQL Server MVP
"Joe16" <Joe16@.discussions.microsoft.com> wrote in message
news:D0F741EF-8DAA-4630-A6EA-49564330B345@.microsoft.com...
> Rookie here....
> I need help making some changes so that security is enabled on the ESRI
> side. My problem is this. I have Two databases (SDE and Vector) 3 Roles
> (Viewer, Editor 1 and Editor 2) and multiple users/logins. I can not find
> any documentation which specifies how I assigne users to roles. In
> addition,
> I can not find out which users in which databases should have Create
> Table,
> Create Function Create SP, etc...
> Any one have any good resources I can look at?
>
Friday, 10 February 2012
Configure TCP/IP port during unattended instance installation
Due to security reason, I need to restrict the port number that SQL Express instances listen on. I know I can do it through the SQL Server Configuration Manger, but I like to do it programmatically. If there a way to specify the port number in conjunction with the
“SECURITYMODE=SQL” name-value pair during the instance installation with the “setup.exe”?
Thanks,
Peter
The folks in the Setup forum will have an answer for this one.
Mike
|||Yea I got the same problem. Im doin a silent SQL installation and i set DISABLENETWORKPROTOCOLS=2 so TCP\IP is enabled after installation.
When I open up the config managed TCP\IP is enabled but IP1 and IP2 are both disabled. I need a way to enable these and change the port numbers programatically so the user will not have to do this themselves.
Configure TCP/IP port during unattended instance installation
Due to security reason, I need to restrict the port number that SQL Express instances listen on. I know I can do it through the SQL Server Configuration Manger, but I like to do it programmatically. If there a way to specify the port number in conjunction with the
“SECURITYMODE=SQL” name-value pair during the instance installation with the “setup.exe”?
Thanks,
Peter
The folks in the Setup forum will have an answer for this one.
Mike
|||Yea I got the same problem. Im doin a silent SQL installation and i set DISABLENETWORKPROTOCOLS=2 so TCP\IP is enabled after installation.
When I open up the config managed TCP\IP is enabled but IP1 and IP2 are both disabled. I need a way to enable these and change the port numbers programatically so the user will not have to do this themselves.
Subscribe to:
Posts (Atom)