Hi All,
Is there any limitation for setting password to an approle (like it should be 8 character long, should not start with numbers) ?
If so, what are those limitations ?
Does the same is applicable for sp_setapprole which uses the same password ?
please confirm, for both SQL Server 2000 and 2005 versions.
thanks in advance,
Regards,
Kailai
Ive been reading over the documentation and some stuff online, but I still dont really understand what the difference is and when you would use one vs the other. Can someone put it in simple terms for this dummy (me) ?
thanks
Hi all.
I have developed a VB6 program which will activate an Application Role to UPDATE and INSERT some tables in SQL Server 2005.
My program will login with a username, say USER and then run with the rights of the Application Role which will SELECT, UPDATE and INSERT the following tables:
1) Table A
2) Table B
3) Table C
The USER login is a restricted user which has only SELECT permission to Table A, B and C.
I encounter a problem in which my program can only UPDATE table B and table C but Table A. I have double checked the settings of Table A, Table B and Table C. Theirs are all same. Fyi, the column which can't be updated is of type "datetime".
Once i grant USER login UPDATE permission to Table A, my program works perfectly in which it can UPDATE all the tables including Table A.
I have tried for almost 2 days but am still clueless. Any ideas?
Thank you so much.
Hi every body
I'm developing a web application and i like to use the sql server 2005 role management features istead of developing a role management package in my program, I can do it on my tables and othe database items but I have no idea about using database access rights in my web pages to permit some one viewing or updating a web form... Is there any system table or system stored procedure showing access rights in my data base? or is there another idea to do this??
by Thanks
Javaneh
I am very frustrated. Everything works on the local host but when I upload to server I can login to the admin role I created, but when I try to access pages that have role priveleges I get the following error:
The SSE Provider did not find the database file specified in the connection string. At the configured trust level (below High trust level), the SSE provider can not automatically create the database file.
The ASPNETDB.MDF database was uploaded using the Database Publishing Wizard.
Please help!
Hello,
Can I confirm whether pooling=false in the connection string is still required for SQL Server 2005 (Express Edition)?
Various google searches say pooling has to be turned off for SQL Server 2000, but I was just wondering whether it is still a limitation for SQL Server 2005
Thanks
John
I am attempting to use dbmail from an application that logs in to my database using an application role. Since the application role does not exist outside the database, I created an spSendEmail in the database with "execute as login='mailagent'" in it: I set the database to trustworthy, created a 'mailagent' account and added it to the msdb database with the databasemailuser role rights.
Email works just fine on the server when I use the execute as login='mailagent' to fire off the msdb..sp_send_dbmail. But from the .NET application, I get the error: "Cannot execute as the server principal because the principal 'mailagent' does not exist, this type of principal cannot be impersonated, or you do not have permission." When I run my spSendEmail stored procedure from the calling database, I get the same error.
Does anyone know if this is a SQL Native Client bug? I've read a previous thread (posted back on Jan. 18th, 2007) about this error, but there are no replies. I am getting this error when I issue the sp_setapprole command using sqlexecdirect() ODBC api call. Is there any way to work around this? Or is there a fix to the SQL Native Client? The error 15002 message text states "The procedure sys.sp_setapprole cannot be executed within a transaction". This is on a new connection so there should be no transactions active at the time. Thanks in advance for any info anyone can provide on this.
View 5 Replies View RelatedI don't know why my application on the internet try to access the SQL Server 2005, when the host still having the 2000 edition. I put the following connection string:
Data Source=##DBSERVER##;Initial Catalog=##DBNAME##;User ID=##DBUSER##;Password=##DBPASSWORD##;
Isn’t everything fine with that? I created the table by host but dosen’t work. I’m wondering if can I conect straight with Data Base, without register in the server, like with mdb?
This is the error that I’m getting.
When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
Hello,
I have to do an impact analysis for migrating a .Net web based application. The current and desired scenarios are mentioned below.
The current environment:
OS - Windows 2000, SP4
Framework - .Net 1.1
SQL Server - MSSQL Server 2000
Desired Environment:
OS - Windows 2003, SP1 / Windows 2003 R2
Framework - .Net 1.1
SQL Server - MSSQL Server 2005
Please let me know
1. If any changes need to be done in the application when migrating the database from 2000 to 2005?
2. Any relevant document which will help me in the same.
Regards, Venkat
Hi,If an application written in ASP.Net that uses SQL Server 2000 can have certain features that will not work on SQL Server 2005?There is an application written in ASP.Net with SQL Server 2000 which I need to convert to SQL Server 2005 but the original developer says it uses certain SQL Server 2000 specific features and won't work directly on SQL Server 2005 without modifying code. Are there any such features? Thanks
View 4 Replies View RelatedHi there
I am new to SQL Server, but the current project that I am working on has the following requirement:-
1) Migrate the application (a servlet based web application on Apache Tomcat) from Solaris to Wintel
2) Migrate the supporting database from SQL Server 2000 to Sql Server 2005
3) Get IIS to communicate with Tomcat for serving servlet/jsp etc to the client
Though I successfully completed item 1 above, am stuck at item 2. Details are below
Actions taken for item 2
A. Installed MS 2005
B. Created new database in MS 2005 (logged in as user 'sa')
C. Generated SQL scripts (such as create table table_A etc) from existing MS 2000
D. Genearted SQL scripts (such as insert into table_A etc) from existing MS 2000
E. Created new schema in MS 2005
F. Ran scripts C & D in the new schema. All tables are records populated.
G. Obtained new JDBC driver and test run to see if connection is working fine, and it worked. Even ran an sql statment
Code Block[select count(*) from sa.table_A]
and got appropriate response.
H. When I made the application to talk to this new database (which is a copy of Production from step C, D above), it's behaving as though it cannot find the record.
I. When I further debugged, I realised that the web application is excuting queries without mentioning the schema. For eg.
Code Block[Select firstName, lastName from table_A]
Or rather it assumes that the user connecting to database is same as the schema name.
J. To further ascertain my point, I ran the query
Code Block[Select firstName, lastName from sa.table_A]
and it worked!
Now the real problem is that I cannot modify the existing code to append a schema name and this approach is rather not recommended best practise.
I tried to match the user name with the schema name, even made this schema as default to the user. But still not finding any luck.
I request all you experts out there to help me out with this problem.
Regards,
prad.nair
How do SQL 2000 service packs play a role in upgrading? That is, can SQL 2000 Standard with no Service Packs(SP) be upgraded to SQL 2005 Standard, or does SQL 2000 Standard have to have a certain service pack??
View 1 Replies View Related Hi all, I am trying to connect to the database using application role. But gives an error An error has occurred while establishing a connection to the
server. When connecting to SQL Server 2005, this failure may be caused by
the fact that under the default settings SQL Server does not allow remote
connections. (provider: SQL Network Interfaces, error: 26 - Error Locating
Server/Instance Specified)
for the given connection string Dim connstring
As String = "Data Source=Northwind;Initial
Catalog=OrderProcessing;Persist Security Info=True;UserID=application_login;Password=wewewe;"
Dim cmd
As SqlCommand
Dim
param As SqlParameter
Dim
cookie As Byte()
Dim cn As New
SqlConnection(connstring)
If
(cn.State = ConnectionState.Closed) Then
cn.Open()
End If Please help..
Thanking you, Nirmala
I am confused . What is considered an application and how SQL would know ?
If I have a web site accessing SQL VIA IIS will SQL Server treat it as an application ? How about MS Excel ?
Also , If I was to use the application of Power builder , using app role , how do control which user can use the app ?
Thanks
Hi all,
This one is a real X FIle, just without Mulder, Scully or the Lone Gunmen!
I have a database, to which access must be restricted via a sole application. So, I have to use an application role. I go in the database and run these statements to add and activate the roles, respectively;
Exec sp_addapprole 'Sirius', 'password'
(The system confirms the role is created.)
Exec sp_setapprole 'Sirius', 'password' 'odbc'
(The system confirms the role is activated.)
Right, now I should not be able to connect using anything but this role, agreed? But here's where things go wrong. I can then successfully connect from another computer by using MS query from Excel, from a login that is not even a member of the Public Role!
I tried again, started and stopped the Server/DTS/Agent services and dropped the old role after each successful login before recreating it. I've checked my syntax exhaustively. I must be doing something wrong, or overlooking something, otherwise MS has a major security problem! (Just hope the Cancer Man doesn't find out!!)
Thanks in advance everyone,
Jaishel.
Hi dear reader
I made an application that uses a Sql Server 2005 Express DataBase.
In the database I made a application role.
When the user logs into my application I run this procedure:
If Not sqlConnectionCR Is Nothing Then
If Not sqlConnectionCR.State = ConnectionState.Open Then
sqlConnectionCR.Open()
SqlConnection.ClearAllPools()
ConsultasSqlCommand = New SqlCommand
ConsultasSqlCommand.CommandType = CommandType.Text
ConsultasSqlCommand.CommandText = "sp_setapprole 'appRole', 'drowssap"
ConsultasSqlCommand.Connection = sqlConnectionCR
ConsultasSqlCommand.ExecuteNonQuery()
End If
Else....
I understand that this procedure connects to my sqlserver database as my application role
Ok, so far no problems in reading and manipulating data.
The problem comes with the reports in my application. For example: I have a reportviewer with a serverreport but when I try to show the report gives an error about permissions and grant access....
I think that is because the Server Report uses the user account (domain/user) to read the database. No user (besides admin) has access permissions in the database (only admin and application role).
So, my cuestion is: How can I tell Report Server to use the application role to display reports?
Thank you for your time and help.
Giber
We have an application use Approle to read from database. If the client login to windows as administrator or a name that has the administrator rights, the application can get all data. If the client login to windows as a domain user that has limited rights, the application can't get all data.
I run profiler and found that it seems, when application use approle to access a database, the login name is the domain user that log into windows. Is there anybody know what type of right the window login name should have in order to get all data from a database?
Second question, when I log in to window as domainusername( username is not administrator, but has administrator rights). In the profiler, I can see the application use this domainusername access database. However, under sql server login node, I didn't find domainusername. Is this because, the domainusername belongs to buildinadministrator?
Thanks
I know how to create an Application role in SQL server 7. Now how do I connect to the database from VB using that Application Role? I can't find anything about this topic anywhere. Is this the purpose of an Application role or am I way off?
Thanks for the help
Steven Abt
StevenA@grsgroup.com
Hi,
I'm testing the use of application roles for security. The customer I work for has still a lot of ASP intranet applications running. We're migrating the databases to a SQL Server 2005 server.
I've changed the connection string to a user without any permissions but to log on. After that I use an application role for permission to select different tables and to execute Stored Procedures.
The first queries do execute but after that I get "Permission denied", like I haven't got the application role anymore.
Any ideas?
Adrian
I want to add bulkadmin permission to my applicatio role. Is it aposible.My windows account havo only public permission on database.I'm using application roleEXEC sp_approlepassword 'MyRole', 'password';Therefore I want to BULK some data with BULK INSERT command.Error is:The current user is not the database or object owner of table'tablename'. Cannot perform SET operation.Thanks in advance.
View 1 Replies View RelatedIn SQL Server 2005, you must have the VIEW SERVER STATE permission in order to access sys.syslockinfo (http://msdn2.microsoft.com/en-us/library/ms189497).
View 7 Replies View RelatedHi,
I want my application to create database and I do the following things:
1)Create application role
2)Grant create database to application role
3)Activate application role
4)Create database
and I get the answer:
CREATE DATABASE permission denied in database 'master'.
I had thought that I had posted this yesterday but since I cannot findit here we go again.I have searched the archives but either the code I want is not postedor I missed it.I have a user create role in a database that I need to reproduce inanother version of the database. Does anyone out there have the SQLor T-SQL necessary to generate all the grants to a role?-- Mark D Powell --
View 2 Replies View RelatedHi,
Recently our database has been migrated from SQL 2000 to SQL 2005 on a new server(machine) with windows 2003(previously windows 2000). If the database is retained on the same machine but with a named instance of 2005, the application(websphere 5.1) is behaving normal whereas if i configure the aplication to the new server it is running slow for some of the queries but not all.
This change will have to be implemented in production very soon. Any advise will be of great benefit
Thanks
Raam
I've created a database in SQL Express and I have a Windows form attempting to connect to it through SQL Authentication. Connection string:
private string connString = @"Data Source=.sqlexpress;Initial Catalog=SQLTestDatabase;User ID=SearchAppRole; Password=password;";
The role I have added to the database is an Application Role. It has been added to the Database permissions with Grant checked for "Select" and "Authenticate".
If I test this with query analyzer, it returns expected results (if I remove Grant from 'Select', it fails)
sp_setapprole 'SearchAppRole', 'password'
select * from recipe
If I edit my connection string (for testing purposes) to use the sa account, the application can connect and run the Select statement:
private string connString = @"Data Source=.sqlexpress;Initial Catalog=SQLTestDatabase;User ID=sa; Password=sa_password;";
However, I cannot get the application to successfully logon and run the select statement when using the user id and password of the Application Role. I get error:
System.Data.SqlClient.SqlException: Login failed for user 'SearchAppRole'. at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj
I can't find much information on Application Role...I just want one basic permission for the application as a whole. Any help is appreciated. Thanks.
Running VB 2005 Express Edition and Sql Server 2005 Express Edition (SQLX).
Developing a desktop application which calls a local instance of ".sqlexpress".
This app needs to set data base options and add/del various table columns.
When activating the application role, I get the following message:
HariCari SQL Error/s 15422 - Application roles can only be activated at the ad hoc level.
Anyone know what this message means?
I have searched SQL Server Books On-Line and been unable to find a list of Sql err numbers. Either I have missed the obvious or Books On-Line has missed the obvious.
Thanks
Gary
Hi everybody.
I created an application role in a database (DB1) and gave it all the rights on a view in DB1 which refers to a table located in another db (DB2). I also gave the rights to the app role on a table of DB1
I tried to use this app. role through the sp_setapprole launched by a user (server principal?) which is SQL Server administrator (and local administrator (Win 2003 Server)).
With the following query
SELECT USER_NAME()
I see that the approle is being used.
Than, if I query the table on DB1 everything works, but if I query the view, referring a table in db2 I get following error:
The server principal "NameOfServerPrincipal" is not able to access the database "DB2" under the current security context.
What should I do to make it work?
The table in DB2 has the same schema of the view in DB1 which refers to it.
I put the DB1 TrustWorthy and both the database have the db_chaining option activated.
Any idea on how to solve the problem would be widely appreciated.
Thank you very much.
Vania
Experiencing a little weirdness with SQL Server Management Studio...Have created a login, that has fixed server role "securityadmin".The login can create/drop logins, add/remove them as users indatabases, etc.The login can change another login's password, using SQLfrom a query window (e.g. alter login bob with password='abc')However, the login *cannot* change another login's password,using SSMS GUI (e.g. "Security", "Logins", double-click "Bob",change password, say "OK"). The error text is:Change password failed for Login 'Bob'. (Microsoft.SqlServer.Smo)Additional information:An exception occurred while executing a Transact-SQL statement orbatch.(Microsoft.SqlServer.ConnectionInfo)Cannot alter the login 'Bob', because it does not exist or you donot have permission.(Microsoft SQL Server, Error: 15151)Has anybody else experienced this?
View 3 Replies View RelatedHow can I implementing Membership and Role Management on SQL Server 2005 (not Express)? Anyone have any documentation? Are there any scripts to run that will basically set up the same Database schema on SQL Server 2005 that Express uses?
Thanks.
Good Day,
I am having a problem with creating databases in MS SQL 2005 Server. When I attempt to assign an User Mapping for my SQL user account to the newly created database, the "dbo" user and schema is already assigned. When I try to drop this user in favor of my own, I receive an error message: Cannot alter the user "dbo" (Microsoft SQL Server, Error: 15150). I am connected to my database engine through the "sa" account.
Regards,
Keith
In sql server 2000, I created some custom database roles called ProjectLeader and Developer. I would make these roles a member in the fixed database roles so that I would only have to add the user to the ProjectLeader or Developer role once and they would presto-magico have the security I wanted them to have with no unecessary mouse clicking. I'm not sure how to repeat this process in 2005? Management Studio doesn't seem to allow you to add a role as a member in another role. Is there a work around or solution for this?
View 1 Replies View RelatedHi!I am going to connect to "SQL Server 2000" through an "ASP.NET Web Application". My development environment is "Visual Studio .NET 2003". In my "Toolbox" -> "Data", I drag a "SqlConnection" and drop on the page. It would automatically be named "SqlConnection1". In its "Properties" -> "ConnectionString" -> "<New Connection...>", I would enter my Server Name (SAMIEI), select "Use Windows NT Integrated Security" and Select the Database on the Server (Northwind). Then such Connection String would automatically be generated:
"workstation id=SAMIEI;packet size=4096;integrated security=SSPI;data source=SAMIEI;persist security info=False;initial catalog=Northwind"
Now, I may see "SAMIEI.Northwind.dbo" in the "Data Connections" row of "Server Explorer" with its all "Database Diagrams", "Tables", "Views", "Stored Procedures" and "Functions".Please take a look at the following code:
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Try SqlConnection1.Open() Catch ex As SqlException Response.Write(ex.Message) End Try
End Sub
It would unexceptedly encounter such error:
"Login failed for user 'NT AUTHORITYNETWORK SERVICE'"
Please tell me the reason. I am much obliged to you for your attention.
Regards!M.Sadegh Samiei