Hi,
I have installed RS in a production environment successfully. I then added a
user into the windows registry. I can access all 'tool bar' options like
'Upload Report' as an administrator on the localhost, but when I access RS by
the new role I have created I only get the almost blank 'home' page. I have
given the new role user every permission in RS via site wide configuration
settings ect., but I still don't get the upload option and other two options
on the 'tool bar'. What do Ineed to do to give the new user adminstration
wide access in RS, but not an administrator in windows.
ThanksYou need to set item-level permissions for that user.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Quinton" <Quinton@.discussions.microsoft.com> wrote in message
news:3BCBB0BF-D591-4189-9FB1-877599C85422@.microsoft.com...
> Hi,
> I have installed RS in a production environment successfully. I then added
> a
> user into the windows registry. I can access all 'tool bar' options like
> 'Upload Report' as an administrator on the localhost, but when I access RS
> by
> the new role I have created I only get the almost blank 'home' page. I
> have
> given the new role user every permission in RS via site wide configuration
> settings ect., but I still don't get the upload option and other two
> options
> on the 'tool bar'. What do Ineed to do to give the new user adminstration
> wide access in RS, but not an administrator in windows.
> Thanks|||Hi,
Thanks - but I must be a thick head, as the new user does not have any items
to set permissions on. Do you mean that as administrator I create a directory
and then set item level permissions on that for the new user?
Thnks,
Quinton
"Lev Semenets [MSFT]" wrote:
> You need to set item-level permissions for that user.
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Quinton" <Quinton@.discussions.microsoft.com> wrote in message
> news:3BCBB0BF-D591-4189-9FB1-877599C85422@.microsoft.com...
> > Hi,
> > I have installed RS in a production environment successfully. I then added
> > a
> > user into the windows registry. I can access all 'tool bar' options like
> > 'Upload Report' as an administrator on the localhost, but when I access RS
> > by
> > the new role I have created I only get the almost blank 'home' page. I
> > have
> > given the new role user every permission in RS via site wide configuration
> > settings ect., but I still don't get the upload option and other two
> > options
> > on the 'tool bar'. What do Ineed to do to give the new user adminstration
> > wide access in RS, but not an administrator in windows.
> >
> > Thanks
>
>|||Yes.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Quinton" <Quinton@.discussions.microsoft.com> wrote in message
news:902431F4-EBAE-4F44-A22A-4D33A68F2893@.microsoft.com...
> Hi,
> Thanks - but I must be a thick head, as the new user does not have any
> items
> to set permissions on. Do you mean that as administrator I create a
> directory
> and then set item level permissions on that for the new user?
> Thnks,
> Quinton
> "Lev Semenets [MSFT]" wrote:
>> You need to set item-level permissions for that user.
>> --
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "Quinton" <Quinton@.discussions.microsoft.com> wrote in message
>> news:3BCBB0BF-D591-4189-9FB1-877599C85422@.microsoft.com...
>> > Hi,
>> > I have installed RS in a production environment successfully. I then
>> > added
>> > a
>> > user into the windows registry. I can access all 'tool bar' options
>> > like
>> > 'Upload Report' as an administrator on the localhost, but when I access
>> > RS
>> > by
>> > the new role I have created I only get the almost blank 'home' page. I
>> > have
>> > given the new role user every permission in RS via site wide
>> > configuration
>> > settings ect., but I still don't get the upload option and other two
>> > options
>> > on the 'tool bar'. What do Ineed to do to give the new user
>> > adminstration
>> > wide access in RS, but not an administrator in windows.
>> >
>> > Thanks
>>|||Thanks again Lev,
... but that didn't work, the new user that I added in the 'users' group in
windows still didn't get any tabs (content/properties) or any of the other
stuff needed to upload reports. I decided to cheat and just add my user into
the Administrators group. This worked, but, when I tried to add a data source
I get the error 'The underlying connection was closed: Could not establish
trust relationship with remote server.' I did try to create a connection with
every type of credentials.
This is my 4th installation of RS, the configurations of this installation
are:
Windows server 2003.
Reports/ReportServer are on a different drive to SQL instance.
SQL data on a different drive again.
Any ideas'
Quinton
"Lev Semenets [MSFT]" wrote:
> Yes.
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Quinton" <Quinton@.discussions.microsoft.com> wrote in message
> news:902431F4-EBAE-4F44-A22A-4D33A68F2893@.microsoft.com...
> > Hi,
> >
> > Thanks - but I must be a thick head, as the new user does not have any
> > items
> > to set permissions on. Do you mean that as administrator I create a
> > directory
> > and then set item level permissions on that for the new user?
> >
> > Thnks,
> > Quinton
> >
> > "Lev Semenets [MSFT]" wrote:
> >
> >> You need to set item-level permissions for that user.
> >>
> >> --
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights.
> >>
> >>
> >> "Quinton" <Quinton@.discussions.microsoft.com> wrote in message
> >> news:3BCBB0BF-D591-4189-9FB1-877599C85422@.microsoft.com...
> >> > Hi,
> >> > I have installed RS in a production environment successfully. I then
> >> > added
> >> > a
> >> > user into the windows registry. I can access all 'tool bar' options
> >> > like
> >> > 'Upload Report' as an administrator on the localhost, but when I access
> >> > RS
> >> > by
> >> > the new role I have created I only get the almost blank 'home' page. I
> >> > have
> >> > given the new role user every permission in RS via site wide
> >> > configuration
> >> > settings ect., but I still don't get the upload option and other two
> >> > options
> >> > on the 'tool bar'. What do Ineed to do to give the new user
> >> > adminstration
> >> > wide access in RS, but not an administrator in windows.
> >> >
> >> > Thanks
> >>
> >>
> >>
>
>
Showing posts with label permissions. Show all posts
Showing posts with label permissions. Show all posts
Monday, March 19, 2012
Monday, March 12, 2012
new login, EXECUTE permissions
I'm a newbie to the admin side of SqlServer. I created a new login:
<code>
CREATE LOGIN pmd_app
WITH PASSWORD='********'
</code>
I then used the "Server Management Studio Express" to create a new user in
my DB with the same name, then give the logical permissions, at least
logical to me. I can read and write table data with this new user, but I'm
getting EXECUTE permission errors when calling sprocs. I know how to grant
permissions to a user on a per object basis, but what role memberships
should I be using to give them EXECUTE permissions to all new sprocs that I
create?
I'm looking over BOL to see if I can find the answer, but so far not coming
up with anything.
Also, if anyone knows a good place to find an article covering SQLServer
security, role, permission, schemas, etc that would be awesome ;)
Thanks for any help,
Steve> getting EXECUTE permission errors when calling sprocs. I know how to
> grant permissions to a user on a per object basis, but what role
> memberships
If the user is an owner of the object he/she has an EXECUTE permissions
automatically.
Who is the owner of the object?
"sklett" <sklett@.mddirect.com> wrote in message
news:ePmSgM1NGHA.3732@.TK2MSFTNGP10.phx.gbl...
> I'm a newbie to the admin side of SqlServer. I created a new login:
> <code>
> CREATE LOGIN pmd_app
> WITH PASSWORD='********'
> </code>
>
> I then used the "Server Management Studio Express" to create a new user in
> my DB with the same name, then give the logical permissions, at least
> logical to me. I can read and write table data with this new user, but
> I'm getting EXECUTE permission errors when calling sprocs. I know how to
> grant permissions to a user on a per object basis, but what role
> memberships should I be using to give them EXECUTE permissions to all new
> sprocs that I create?
> I'm looking over BOL to see if I can find the answer, but so far not
> coming up with anything.
> Also, if anyone knows a good place to find an article covering SQLServer
> security, role, permission, schemas, etc that would be awesome ;)
> Thanks for any help,
> Steve
>|||That's a 2000 way of thinking. The new way is to associate everything via
schemas.
Create a schema, grant your users execute permissions in the schema, create
all you new procs under that schema...easy!
"sklett" wrote:
> I'm a newbie to the admin side of SqlServer. I created a new login:
> <code>
> CREATE LOGIN pmd_app
> WITH PASSWORD='********'
> </code>
>
> I then used the "Server Management Studio Express" to create a new user in
> my DB with the same name, then give the logical permissions, at least
> logical to me. I can read and write table data with this new user, but I'm
> getting EXECUTE permission errors when calling sprocs. I know how to grant
> permissions to a user on a per object basis, but what role memberships
> should I be using to give them EXECUTE permissions to all new sprocs that I
> create?
> I'm looking over BOL to see if I can find the answer, but so far not coming
> up with anything.
> Also, if anyone knows a good place to find an article covering SQLServer
> security, role, permission, schemas, etc that would be awesome ;)
> Thanks for any help,
> Steve
>
>|||oooh, uncharted territory! - scary and exciting :)
So it sounds like I need to put my tools down and read the manual. I will
do some Schema research and figure just how they work and what they do.
Thanks for the tip!
"mulhall" <mulhall@.discussions.microsoft.com> wrote in message
news:C6F5B46D-52D0-4EC2-9782-A72A53774A26@.microsoft.com...
> That's a 2000 way of thinking. The new way is to associate everything via
> schemas.
> Create a schema, grant your users execute permissions in the schema,
> create
> all you new procs under that schema...easy!
> "sklett" wrote:
>> I'm a newbie to the admin side of SqlServer. I created a new login:
>> <code>
>> CREATE LOGIN pmd_app
>> WITH PASSWORD='********'
>> </code>
>>
>> I then used the "Server Management Studio Express" to create a new user
>> in
>> my DB with the same name, then give the logical permissions, at least
>> logical to me. I can read and write table data with this new user, but
>> I'm
>> getting EXECUTE permission errors when calling sprocs. I know how to
>> grant
>> permissions to a user on a per object basis, but what role memberships
>> should I be using to give them EXECUTE permissions to all new sprocs that
>> I
>> create?
>> I'm looking over BOL to see if I can find the answer, but so far not
>> coming
>> up with anything.
>> Also, if anyone knows a good place to find an article covering SQLServer
>> security, role, permission, schemas, etc that would be awesome ;)
>> Thanks for any help,
>> Steve
>>|||"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:uBW9KT4NGHA.1460@.TK2MSFTNGP10.phx.gbl...
>> getting EXECUTE permission errors when calling sprocs. I know how to
>> grant permissions to a user on a per object basis, but what role
>> memberships
> If the user is an owner of the object he/she has an EXECUTE permissions
> automatically.
> Who is the owner of the object?
I don't know :)
if the full name of the object is any indicator ("dbo.usp_MySprocName") I
would have to guess 'dbo' - but I could be wrong. Schemas are brand new to
me, I don't know whay they are or how they work.
Looking at the already defined schemas in my DB, I don't see any obvious
ones that would indicate EXECUTE permissions, I may need to make my own?
Sounds like schemas are my solution, I need to learn about them. Thanks for
the post!
-Steve
>
> "sklett" <sklett@.mddirect.com> wrote in message
> news:ePmSgM1NGHA.3732@.TK2MSFTNGP10.phx.gbl...
>> I'm a newbie to the admin side of SqlServer. I created a new login:
>> <code>
>> CREATE LOGIN pmd_app
>> WITH PASSWORD='********'
>> </code>
>>
>> I then used the "Server Management Studio Express" to create a new user
>> in my DB with the same name, then give the logical permissions, at least
>> logical to me. I can read and write table data with this new user, but
>> I'm getting EXECUTE permission errors when calling sprocs. I know how to
>> grant permissions to a user on a per object basis, but what role
>> memberships should I be using to give them EXECUTE permissions to all new
>> sprocs that I create?
>> I'm looking over BOL to see if I can find the answer, but so far not
>> coming up with anything.
>> Also, if anyone knows a good place to find an article covering SQLServer
>> security, role, permission, schemas, etc that would be awesome ;)
>> Thanks for any help,
>> Steve
>
<code>
CREATE LOGIN pmd_app
WITH PASSWORD='********'
</code>
I then used the "Server Management Studio Express" to create a new user in
my DB with the same name, then give the logical permissions, at least
logical to me. I can read and write table data with this new user, but I'm
getting EXECUTE permission errors when calling sprocs. I know how to grant
permissions to a user on a per object basis, but what role memberships
should I be using to give them EXECUTE permissions to all new sprocs that I
create?
I'm looking over BOL to see if I can find the answer, but so far not coming
up with anything.
Also, if anyone knows a good place to find an article covering SQLServer
security, role, permission, schemas, etc that would be awesome ;)
Thanks for any help,
Steve> getting EXECUTE permission errors when calling sprocs. I know how to
> grant permissions to a user on a per object basis, but what role
> memberships
If the user is an owner of the object he/she has an EXECUTE permissions
automatically.
Who is the owner of the object?
"sklett" <sklett@.mddirect.com> wrote in message
news:ePmSgM1NGHA.3732@.TK2MSFTNGP10.phx.gbl...
> I'm a newbie to the admin side of SqlServer. I created a new login:
> <code>
> CREATE LOGIN pmd_app
> WITH PASSWORD='********'
> </code>
>
> I then used the "Server Management Studio Express" to create a new user in
> my DB with the same name, then give the logical permissions, at least
> logical to me. I can read and write table data with this new user, but
> I'm getting EXECUTE permission errors when calling sprocs. I know how to
> grant permissions to a user on a per object basis, but what role
> memberships should I be using to give them EXECUTE permissions to all new
> sprocs that I create?
> I'm looking over BOL to see if I can find the answer, but so far not
> coming up with anything.
> Also, if anyone knows a good place to find an article covering SQLServer
> security, role, permission, schemas, etc that would be awesome ;)
> Thanks for any help,
> Steve
>|||That's a 2000 way of thinking. The new way is to associate everything via
schemas.
Create a schema, grant your users execute permissions in the schema, create
all you new procs under that schema...easy!
"sklett" wrote:
> I'm a newbie to the admin side of SqlServer. I created a new login:
> <code>
> CREATE LOGIN pmd_app
> WITH PASSWORD='********'
> </code>
>
> I then used the "Server Management Studio Express" to create a new user in
> my DB with the same name, then give the logical permissions, at least
> logical to me. I can read and write table data with this new user, but I'm
> getting EXECUTE permission errors when calling sprocs. I know how to grant
> permissions to a user on a per object basis, but what role memberships
> should I be using to give them EXECUTE permissions to all new sprocs that I
> create?
> I'm looking over BOL to see if I can find the answer, but so far not coming
> up with anything.
> Also, if anyone knows a good place to find an article covering SQLServer
> security, role, permission, schemas, etc that would be awesome ;)
> Thanks for any help,
> Steve
>
>|||oooh, uncharted territory! - scary and exciting :)
So it sounds like I need to put my tools down and read the manual. I will
do some Schema research and figure just how they work and what they do.
Thanks for the tip!
"mulhall" <mulhall@.discussions.microsoft.com> wrote in message
news:C6F5B46D-52D0-4EC2-9782-A72A53774A26@.microsoft.com...
> That's a 2000 way of thinking. The new way is to associate everything via
> schemas.
> Create a schema, grant your users execute permissions in the schema,
> create
> all you new procs under that schema...easy!
> "sklett" wrote:
>> I'm a newbie to the admin side of SqlServer. I created a new login:
>> <code>
>> CREATE LOGIN pmd_app
>> WITH PASSWORD='********'
>> </code>
>>
>> I then used the "Server Management Studio Express" to create a new user
>> in
>> my DB with the same name, then give the logical permissions, at least
>> logical to me. I can read and write table data with this new user, but
>> I'm
>> getting EXECUTE permission errors when calling sprocs. I know how to
>> grant
>> permissions to a user on a per object basis, but what role memberships
>> should I be using to give them EXECUTE permissions to all new sprocs that
>> I
>> create?
>> I'm looking over BOL to see if I can find the answer, but so far not
>> coming
>> up with anything.
>> Also, if anyone knows a good place to find an article covering SQLServer
>> security, role, permission, schemas, etc that would be awesome ;)
>> Thanks for any help,
>> Steve
>>|||"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:uBW9KT4NGHA.1460@.TK2MSFTNGP10.phx.gbl...
>> getting EXECUTE permission errors when calling sprocs. I know how to
>> grant permissions to a user on a per object basis, but what role
>> memberships
> If the user is an owner of the object he/she has an EXECUTE permissions
> automatically.
> Who is the owner of the object?
I don't know :)
if the full name of the object is any indicator ("dbo.usp_MySprocName") I
would have to guess 'dbo' - but I could be wrong. Schemas are brand new to
me, I don't know whay they are or how they work.
Looking at the already defined schemas in my DB, I don't see any obvious
ones that would indicate EXECUTE permissions, I may need to make my own?
Sounds like schemas are my solution, I need to learn about them. Thanks for
the post!
-Steve
>
> "sklett" <sklett@.mddirect.com> wrote in message
> news:ePmSgM1NGHA.3732@.TK2MSFTNGP10.phx.gbl...
>> I'm a newbie to the admin side of SqlServer. I created a new login:
>> <code>
>> CREATE LOGIN pmd_app
>> WITH PASSWORD='********'
>> </code>
>>
>> I then used the "Server Management Studio Express" to create a new user
>> in my DB with the same name, then give the logical permissions, at least
>> logical to me. I can read and write table data with this new user, but
>> I'm getting EXECUTE permission errors when calling sprocs. I know how to
>> grant permissions to a user on a per object basis, but what role
>> memberships should I be using to give them EXECUTE permissions to all new
>> sprocs that I create?
>> I'm looking over BOL to see if I can find the answer, but so far not
>> coming up with anything.
>> Also, if anyone knows a good place to find an article covering SQLServer
>> security, role, permission, schemas, etc that would be awesome ;)
>> Thanks for any help,
>> Steve
>
Friday, March 9, 2012
new login, EXECUTE permissions
I'm a newbie to the admin side of SqlServer. I created a new login:
<code>
CREATE LOGIN pmd_app
WITH PASSWORD='********'
</code>
I then used the "Server Management Studio Express" to create a new user in
my DB with the same name, then give the logical permissions, at least
logical to me. I can read and write table data with this new user, but I'm
getting EXECUTE permission errors when calling sprocs. I know how to grant
permissions to a user on a per object basis, but what role memberships
should I be using to give them EXECUTE permissions to all new sprocs that I
create?
I'm looking over BOL to see if I can find the answer, but so far not coming
up with anything.
Also, if anyone knows a good place to find an article covering SQLServer
security, role, permission, schemas, etc that would be awesome ;)
Thanks for any help,
Steve
> getting EXECUTE permission errors when calling sprocs. I know how to
> grant permissions to a user on a per object basis, but what role
> memberships
If the user is an owner of the object he/she has an EXECUTE permissions
automatically.
Who is the owner of the object?
"sklett" <sklett@.mddirect.com> wrote in message
news:ePmSgM1NGHA.3732@.TK2MSFTNGP10.phx.gbl...
> I'm a newbie to the admin side of SqlServer. I created a new login:
> <code>
> CREATE LOGIN pmd_app
> WITH PASSWORD='********'
> </code>
>
> I then used the "Server Management Studio Express" to create a new user in
> my DB with the same name, then give the logical permissions, at least
> logical to me. I can read and write table data with this new user, but
> I'm getting EXECUTE permission errors when calling sprocs. I know how to
> grant permissions to a user on a per object basis, but what role
> memberships should I be using to give them EXECUTE permissions to all new
> sprocs that I create?
> I'm looking over BOL to see if I can find the answer, but so far not
> coming up with anything.
> Also, if anyone knows a good place to find an article covering SQLServer
> security, role, permission, schemas, etc that would be awesome ;)
> Thanks for any help,
> Steve
>
|||That's a 2000 way of thinking. The new way is to associate everything via
schemas.
Create a schema, grant your users execute permissions in the schema, create
all you new procs under that schema...easy!
"sklett" wrote:
> I'm a newbie to the admin side of SqlServer. I created a new login:
> <code>
> CREATE LOGIN pmd_app
> WITH PASSWORD='********'
> </code>
>
> I then used the "Server Management Studio Express" to create a new user in
> my DB with the same name, then give the logical permissions, at least
> logical to me. I can read and write table data with this new user, but I'm
> getting EXECUTE permission errors when calling sprocs. I know how to grant
> permissions to a user on a per object basis, but what role memberships
> should I be using to give them EXECUTE permissions to all new sprocs that I
> create?
> I'm looking over BOL to see if I can find the answer, but so far not coming
> up with anything.
> Also, if anyone knows a good place to find an article covering SQLServer
> security, role, permission, schemas, etc that would be awesome ;)
> Thanks for any help,
> Steve
>
>
|||oooh, uncharted territory! - scary and exciting
So it sounds like I need to put my tools down and read the manual. I will
do some Schema research and figure just how they work and what they do.
Thanks for the tip!
"mulhall" <mulhall@.discussions.microsoft.com> wrote in message
news:C6F5B46D-52D0-4EC2-9782-A72A53774A26@.microsoft.com...[vbcol=seagreen]
> That's a 2000 way of thinking. The new way is to associate everything via
> schemas.
> Create a schema, grant your users execute permissions in the schema,
> create
> all you new procs under that schema...easy!
> "sklett" wrote:
|||"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:uBW9KT4NGHA.1460@.TK2MSFTNGP10.phx.gbl...
> If the user is an owner of the object he/she has an EXECUTE permissions
> automatically.
> Who is the owner of the object?
I don't know
if the full name of the object is any indicator ("dbo.usp_MySprocName") I
would have to guess 'dbo' - but I could be wrong. Schemas are brand new to
me, I don't know whay they are or how they work.
Looking at the already defined schemas in my DB, I don't see any obvious
ones that would indicate EXECUTE permissions, I may need to make my own?
Sounds like schemas are my solution, I need to learn about them. Thanks for
the post!
-Steve
>
> "sklett" <sklett@.mddirect.com> wrote in message
> news:ePmSgM1NGHA.3732@.TK2MSFTNGP10.phx.gbl...
>
<code>
CREATE LOGIN pmd_app
WITH PASSWORD='********'
</code>
I then used the "Server Management Studio Express" to create a new user in
my DB with the same name, then give the logical permissions, at least
logical to me. I can read and write table data with this new user, but I'm
getting EXECUTE permission errors when calling sprocs. I know how to grant
permissions to a user on a per object basis, but what role memberships
should I be using to give them EXECUTE permissions to all new sprocs that I
create?
I'm looking over BOL to see if I can find the answer, but so far not coming
up with anything.
Also, if anyone knows a good place to find an article covering SQLServer
security, role, permission, schemas, etc that would be awesome ;)
Thanks for any help,
Steve
> getting EXECUTE permission errors when calling sprocs. I know how to
> grant permissions to a user on a per object basis, but what role
> memberships
If the user is an owner of the object he/she has an EXECUTE permissions
automatically.
Who is the owner of the object?
"sklett" <sklett@.mddirect.com> wrote in message
news:ePmSgM1NGHA.3732@.TK2MSFTNGP10.phx.gbl...
> I'm a newbie to the admin side of SqlServer. I created a new login:
> <code>
> CREATE LOGIN pmd_app
> WITH PASSWORD='********'
> </code>
>
> I then used the "Server Management Studio Express" to create a new user in
> my DB with the same name, then give the logical permissions, at least
> logical to me. I can read and write table data with this new user, but
> I'm getting EXECUTE permission errors when calling sprocs. I know how to
> grant permissions to a user on a per object basis, but what role
> memberships should I be using to give them EXECUTE permissions to all new
> sprocs that I create?
> I'm looking over BOL to see if I can find the answer, but so far not
> coming up with anything.
> Also, if anyone knows a good place to find an article covering SQLServer
> security, role, permission, schemas, etc that would be awesome ;)
> Thanks for any help,
> Steve
>
|||That's a 2000 way of thinking. The new way is to associate everything via
schemas.
Create a schema, grant your users execute permissions in the schema, create
all you new procs under that schema...easy!
"sklett" wrote:
> I'm a newbie to the admin side of SqlServer. I created a new login:
> <code>
> CREATE LOGIN pmd_app
> WITH PASSWORD='********'
> </code>
>
> I then used the "Server Management Studio Express" to create a new user in
> my DB with the same name, then give the logical permissions, at least
> logical to me. I can read and write table data with this new user, but I'm
> getting EXECUTE permission errors when calling sprocs. I know how to grant
> permissions to a user on a per object basis, but what role memberships
> should I be using to give them EXECUTE permissions to all new sprocs that I
> create?
> I'm looking over BOL to see if I can find the answer, but so far not coming
> up with anything.
> Also, if anyone knows a good place to find an article covering SQLServer
> security, role, permission, schemas, etc that would be awesome ;)
> Thanks for any help,
> Steve
>
>
|||oooh, uncharted territory! - scary and exciting
So it sounds like I need to put my tools down and read the manual. I will
do some Schema research and figure just how they work and what they do.
Thanks for the tip!
"mulhall" <mulhall@.discussions.microsoft.com> wrote in message
news:C6F5B46D-52D0-4EC2-9782-A72A53774A26@.microsoft.com...[vbcol=seagreen]
> That's a 2000 way of thinking. The new way is to associate everything via
> schemas.
> Create a schema, grant your users execute permissions in the schema,
> create
> all you new procs under that schema...easy!
> "sklett" wrote:
|||"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:uBW9KT4NGHA.1460@.TK2MSFTNGP10.phx.gbl...
> If the user is an owner of the object he/she has an EXECUTE permissions
> automatically.
> Who is the owner of the object?
I don't know
if the full name of the object is any indicator ("dbo.usp_MySprocName") I
would have to guess 'dbo' - but I could be wrong. Schemas are brand new to
me, I don't know whay they are or how they work.
Looking at the already defined schemas in my DB, I don't see any obvious
ones that would indicate EXECUTE permissions, I may need to make my own?
Sounds like schemas are my solution, I need to learn about them. Thanks for
the post!
-Steve
>
> "sklett" <sklett@.mddirect.com> wrote in message
> news:ePmSgM1NGHA.3732@.TK2MSFTNGP10.phx.gbl...
>
new login, EXECUTE permissions
I'm a newbie to the admin side of SqlServer. I created a new login:
<code>
CREATE LOGIN pmd_app
WITH PASSWORD='********'
</code>
I then used the "Server Management Studio Express" to create a new user in
my DB with the same name, then give the logical permissions, at least
logical to me. I can read and write table data with this new user, but I'm
getting EXECUTE permission errors when calling sprocs. I know how to grant
permissions to a user on a per object basis, but what role memberships
should I be using to give them EXECUTE permissions to all new sprocs that I
create?
I'm looking over BOL to see if I can find the answer, but so far not coming
up with anything.
Also, if anyone knows a good place to find an article covering SQLServer
security, role, permission, schemas, etc that would be awesome ;)
Thanks for any help,
Steve> getting EXECUTE permission errors when calling sprocs. I know how to
> grant permissions to a user on a per object basis, but what role
> memberships
If the user is an owner of the object he/she has an EXECUTE permissions
automatically.
Who is the owner of the object?
"sklett" <sklett@.mddirect.com> wrote in message
news:ePmSgM1NGHA.3732@.TK2MSFTNGP10.phx.gbl...
> I'm a newbie to the admin side of SqlServer. I created a new login:
> <code>
> CREATE LOGIN pmd_app
> WITH PASSWORD='********'
> </code>
>
> I then used the "Server Management Studio Express" to create a new user in
> my DB with the same name, then give the logical permissions, at least
> logical to me. I can read and write table data with this new user, but
> I'm getting EXECUTE permission errors when calling sprocs. I know how to
> grant permissions to a user on a per object basis, but what role
> memberships should I be using to give them EXECUTE permissions to all new
> sprocs that I create?
> I'm looking over BOL to see if I can find the answer, but so far not
> coming up with anything.
> Also, if anyone knows a good place to find an article covering SQLServer
> security, role, permission, schemas, etc that would be awesome ;)
> Thanks for any help,
> Steve
>|||That's a 2000 way of thinking. The new way is to associate everything via
schemas.
Create a schema, grant your users execute permissions in the schema, create
all you new procs under that schema...easy!
"sklett" wrote:
> I'm a newbie to the admin side of SqlServer. I created a new login:
> <code>
> CREATE LOGIN pmd_app
> WITH PASSWORD='********'
> </code>
>
> I then used the "Server Management Studio Express" to create a new user in
> my DB with the same name, then give the logical permissions, at least
> logical to me. I can read and write table data with this new user, but I'
m
> getting EXECUTE permission errors when calling sprocs. I know how to gran
t
> permissions to a user on a per object basis, but what role memberships
> should I be using to give them EXECUTE permissions to all new sprocs that
I
> create?
> I'm looking over BOL to see if I can find the answer, but so far not comin
g
> up with anything.
> Also, if anyone knows a good place to find an article covering SQLServer
> security, role, permission, schemas, etc that would be awesome ;)
> Thanks for any help,
> Steve
>
>|||oooh, uncharted territory! - scary and exciting
So it sounds like I need to put my tools down and read the manual. I will
do some Schema research and figure just how they work and what they do.
Thanks for the tip!
"mulhall" <mulhall@.discussions.microsoft.com> wrote in message
news:C6F5B46D-52D0-4EC2-9782-A72A53774A26@.microsoft.com...[vbcol=seagreen]
> That's a 2000 way of thinking. The new way is to associate everything via
> schemas.
> Create a schema, grant your users execute permissions in the schema,
> create
> all you new procs under that schema...easy!
> "sklett" wrote:
>|||"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:uBW9KT4NGHA.1460@.TK2MSFTNGP10.phx.gbl...
> If the user is an owner of the object he/she has an EXECUTE permissions
> automatically.
> Who is the owner of the object?
I don't know
if the full name of the object is any indicator ("dbo.usp_MySprocName") I
would have to guess 'dbo' - but I could be wrong. Schemas are brand new to
me, I don't know whay they are or how they work.
Looking at the already defined schemas in my DB, I don't see any obvious
ones that would indicate EXECUTE permissions, I may need to make my own?
Sounds like schemas are my solution, I need to learn about them. Thanks for
the post!
-Steve
>
> "sklett" <sklett@.mddirect.com> wrote in message
> news:ePmSgM1NGHA.3732@.TK2MSFTNGP10.phx.gbl...
>
<code>
CREATE LOGIN pmd_app
WITH PASSWORD='********'
</code>
I then used the "Server Management Studio Express" to create a new user in
my DB with the same name, then give the logical permissions, at least
logical to me. I can read and write table data with this new user, but I'm
getting EXECUTE permission errors when calling sprocs. I know how to grant
permissions to a user on a per object basis, but what role memberships
should I be using to give them EXECUTE permissions to all new sprocs that I
create?
I'm looking over BOL to see if I can find the answer, but so far not coming
up with anything.
Also, if anyone knows a good place to find an article covering SQLServer
security, role, permission, schemas, etc that would be awesome ;)
Thanks for any help,
Steve> getting EXECUTE permission errors when calling sprocs. I know how to
> grant permissions to a user on a per object basis, but what role
> memberships
If the user is an owner of the object he/she has an EXECUTE permissions
automatically.
Who is the owner of the object?
"sklett" <sklett@.mddirect.com> wrote in message
news:ePmSgM1NGHA.3732@.TK2MSFTNGP10.phx.gbl...
> I'm a newbie to the admin side of SqlServer. I created a new login:
> <code>
> CREATE LOGIN pmd_app
> WITH PASSWORD='********'
> </code>
>
> I then used the "Server Management Studio Express" to create a new user in
> my DB with the same name, then give the logical permissions, at least
> logical to me. I can read and write table data with this new user, but
> I'm getting EXECUTE permission errors when calling sprocs. I know how to
> grant permissions to a user on a per object basis, but what role
> memberships should I be using to give them EXECUTE permissions to all new
> sprocs that I create?
> I'm looking over BOL to see if I can find the answer, but so far not
> coming up with anything.
> Also, if anyone knows a good place to find an article covering SQLServer
> security, role, permission, schemas, etc that would be awesome ;)
> Thanks for any help,
> Steve
>|||That's a 2000 way of thinking. The new way is to associate everything via
schemas.
Create a schema, grant your users execute permissions in the schema, create
all you new procs under that schema...easy!
"sklett" wrote:
> I'm a newbie to the admin side of SqlServer. I created a new login:
> <code>
> CREATE LOGIN pmd_app
> WITH PASSWORD='********'
> </code>
>
> I then used the "Server Management Studio Express" to create a new user in
> my DB with the same name, then give the logical permissions, at least
> logical to me. I can read and write table data with this new user, but I'
m
> getting EXECUTE permission errors when calling sprocs. I know how to gran
t
> permissions to a user on a per object basis, but what role memberships
> should I be using to give them EXECUTE permissions to all new sprocs that
I
> create?
> I'm looking over BOL to see if I can find the answer, but so far not comin
g
> up with anything.
> Also, if anyone knows a good place to find an article covering SQLServer
> security, role, permission, schemas, etc that would be awesome ;)
> Thanks for any help,
> Steve
>
>|||oooh, uncharted territory! - scary and exciting
So it sounds like I need to put my tools down and read the manual. I will
do some Schema research and figure just how they work and what they do.
Thanks for the tip!
"mulhall" <mulhall@.discussions.microsoft.com> wrote in message
news:C6F5B46D-52D0-4EC2-9782-A72A53774A26@.microsoft.com...[vbcol=seagreen]
> That's a 2000 way of thinking. The new way is to associate everything via
> schemas.
> Create a schema, grant your users execute permissions in the schema,
> create
> all you new procs under that schema...easy!
> "sklett" wrote:
>|||"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:uBW9KT4NGHA.1460@.TK2MSFTNGP10.phx.gbl...
> If the user is an owner of the object he/she has an EXECUTE permissions
> automatically.
> Who is the owner of the object?
I don't know
if the full name of the object is any indicator ("dbo.usp_MySprocName") I
would have to guess 'dbo' - but I could be wrong. Schemas are brand new to
me, I don't know whay they are or how they work.
Looking at the already defined schemas in my DB, I don't see any obvious
ones that would indicate EXECUTE permissions, I may need to make my own?
Sounds like schemas are my solution, I need to learn about them. Thanks for
the post!
-Steve
>
> "sklett" <sklett@.mddirect.com> wrote in message
> news:ePmSgM1NGHA.3732@.TK2MSFTNGP10.phx.gbl...
>
New login permissions - too broad
Hi,
I created a new sql server login, but didn't assign it any permissions in any databases.
When I login with this new login, it logs into the master database, and is able to select tables from the system databases, such as master, msdb.
This seems very wrong to me. How can I turn these default permissions off for new logins? I thought it might have something to do with the guest account, but not sure how to best handle this.
Thanks
This is normal, default behavior, and it is considered a best practice to leave the behavior the way it is. If don't like it, you can always manually deny a specific user permissions to SELECT on specific tables in the master and msdb databases.
|||Ok.
Do you have any links where I can read up more on this? I'd like to find out exactly what permissions new logins have by default in these system databases.
I know that you can't disable the guest account in master or tempdb, as they are needed there.
Thanks
|||That is because, by default VIEW DEFINITION has been granted to public. If you want this and all subsequent logins to not be able to view metadata in the system databases, then execute the following:
REVOKE VIEW DEFINITION FROM public
GO
That will prevent them from seeing any metadata i.e. the databases will "appear" to be blank to them. They will still be able to do things like SELECT * FROM sys.databases. So, to prevent them from selecting from any of the DMVs, execute the following:
REVOKE SELECT ON DATABASE::master FROM public
Subscribe to:
Posts (Atom)