This one is a real X FIle, just without Mulder, Scully or the Lone Gunmen!
I have a database, to which access must be restricted via a sole application. So, I have to use an application role. I go in the database and run these statements to add and activate the roles, respectively;
Exec sp_addapprole 'Sirius', 'password'
(The system confirms the role is created.)
Exec sp_setapprole 'Sirius', 'password' 'odbc'
(The system confirms the role is activated.)
Right, now I should not be able to connect using anything but this role, agreed? But here's where things go wrong. I can then successfully connect from another computer by using MS query from Excel, from a login that is not even a member of the Public Role!
I tried again, started and stopped the Server/DTS/Agent services and dropped the old role after each successful login before recreating it. I've checked my syntax exhaustively. I must be doing something wrong, or overlooking something, otherwise MS has a major security problem! (Just hope the Cancer Man doesn't find out!!)
Ive been reading over the documentation and some stuff online, but I still dont really understand what the difference is and when you would use one vs the other. Can someone put it in simple terms for this dummy (me) ?
Hi all, I am trying to connect to the database using application role. But gives an error An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified) for the given connection string Dim connstring As String = "Data Source=Northwind;Initial Catalog=OrderProcessing;Persist Security Info=True;UserID=application_login;Password=wewewe;"
I understand that this procedure connects to my sqlserver database as my application role
Ok, so far no problems in reading and manipulating data.
The problem comes with the reports in my application. For example: I have a reportviewer with a serverreport but when I try to show the report gives an error about permissions and grant access....
I think that is because the Server Report uses the user account (domain/user) to read the database. No user (besides admin) has access permissions in the database (only admin and application role).
So, my cuestion is: How can I tell Report Server to use the application role to display reports?
We have an application use Approle to read from database. If the client login to windows as administrator or a name that has the administrator rights, the application can get all data. If the client login to windows as a domain user that has limited rights, the application can't get all data. I run profiler and found that it seems, when application use approle to access a database, the login name is the domain user that log into windows. Is there anybody know what type of right the window login name should have in order to get all data from a database?
Second question, when I log in to window as domainusername( username is not administrator, but has administrator rights). In the profiler, I can see the application use this domainusername access database. However, under sql server login node, I didn't find domainusername. Is this because, the domainusername belongs to buildinadministrator?
I know how to create an Application role in SQL server 7. Now how do I connect to the database from VB using that Application Role? I can't find anything about this topic anywhere. Is this the purpose of an Application role or am I way off?
I'm testing the use of application roles for security. The customer I work for has still a lot of ASP intranet applications running. We're migrating the databases to a SQL Server 2005 server.
I've changed the connection string to a user without any permissions but to log on. After that I use an application role for permission to select different tables and to execute Stored Procedures.
The first queries do execute but after that I get "Permission denied", like I haven't got the application role anymore.
I want to add bulkadmin permission to my applicatio role. Is it aposible.My windows account havo only public permission on database.I'm using application roleEXEC sp_approlepassword 'MyRole', 'password';Therefore I want to BULK some data with BULK INSERT command.Error is:The current user is not the database or object owner of table'tablename'. Cannot perform SET operation.Thanks in advance.
In SQL Server 2005, you must have the VIEW SERVER STATE permission in order to access sys.syslockinfo (http://msdn2.microsoft.com/en-us/library/ms189497).
Can I confirm whether pooling=false in the connection string is still required for SQL Server 2005 (Express Edition)?
Various google searches say pooling has to be turned off for SQL Server 2000, but I was just wondering whether it is still a limitation for SQL Server 2005
The role I have added to the database is an Application Role. It has been added to the Database permissions with Grant checked for "Select" and "Authenticate".
If I test this with query analyzer, it returns expected results (if I remove Grant from 'Select', it fails)
sp_setapprole 'SearchAppRole', 'password'
select * from recipe
If I edit my connection string (for testing purposes) to use the sa account, the application can connect and run the Select statement:
However, I cannot get the application to successfully logon and run the select statement when using the user id and password of the Application Role. I get error:
System.Data.SqlClient.SqlException: Login failed for user 'SearchAppRole'. at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj
I can't find much information on Application Role...I just want one basic permission for the application as a whole. Any help is appreciated. Thanks.
I am attempting to use dbmail from an application that logs in to my database using an application role. Since the application role does not exist outside the database, I created an spSendEmail in the database with "execute as login='mailagent'" in it: I set the database to trustworthy, created a 'mailagent' account and added it to the msdb database with the databasemailuser role rights.
Email works just fine on the server when I use the execute as login='mailagent' to fire off the msdb..sp_send_dbmail. But from the .NET application, I get the error: "Cannot execute as the server principal because the principal 'mailagent' does not exist, this type of principal cannot be impersonated, or you do not have permission." When I run my spSendEmail stored procedure from the calling database, I get the same error.
I have developed a VB6 program which will activate an Application Role to UPDATE and INSERT some tables in SQL Server 2005.
My program will login with a username, say USER and then run with the rights of the Application Role which will SELECT, UPDATE and INSERT the following tables: 1) Table A 2) Table B 3) Table C
The USER login is a restricted user which has only SELECT permission to Table A, B and C.
I encounter a problem in which my program can only UPDATE table B and table C but Table A. I have double checked the settings of Table A, Table B and Table C. Theirs are all same. Fyi, the column which can't be updated is of type "datetime".
Once i grant USER login UPDATE permission to Table A, my program works perfectly in which it can UPDATE all the tables including Table A.
I have tried for almost 2 days but am still clueless. Any ideas?
Running VB 2005 Express Edition and Sql Server 2005 Express Edition (SQLX).
Developing a desktop application which calls a local instance of ".sqlexpress".
This app needs to set data base options and add/del various table columns.
When activating the application role, I get the following message:
HariCari SQL Error/s 15422 - Application roles can only be activated at the ad hoc level.
Anyone know what this message means?
I have searched SQL Server Books On-Line and been unable to find a list of Sql err numbers. Either I have missed the obvious or Books On-Line has missed the obvious.
I'm developing a web application and i like to use the sql server 2005 role management features istead of developing a role management package in my program, I can do it on my tables and othe database items but I have no idea about using database access rights in my web pages to permit some one viewing or updating a web form... Is there any system table or system stored procedure showing access rights in my data base? or is there another idea to do this??
Hi everybody. I created an application role in a database (DB1) and gave it all the rights on a view in DB1 which refers to a table located in another db (DB2). I also gave the rights to the app role on a table of DB1 I tried to use this app. role through the sp_setapprole launched by a user (server principal?) which is SQL Server administrator (and local administrator (Win 2003 Server)). With the following query SELECT USER_NAME()
I see that the approle is being used. Than, if I query the table on DB1 everything works, but if I query the view, referring a table in db2 I get following error:
The server principal "NameOfServerPrincipal" is not able to access the database "DB2" under the current security context. What should I do to make it work?
The table in DB2 has the same schema of the view in DB1 which refers to it. I put the DB1 TrustWorthy and both the database have the db_chaining option activated.
Any idea on how to solve the problem would be widely appreciated. Thank you very much. Vania
I am very frustrated. Everything works on the local host but when I upload to server I can login to the admin role I created, but when I try to access pages that have role priveleges I get the following error: The SSE Provider did not find the database file specified in the connection string. At the configured trust level (below High trust level), the SSE provider can not automatically create the database file. The ASPNETDB.MDF database was uploaded using the Database Publishing Wizard. Please help!
I'd be grateful for a little advice. Running into some problems and not sure where to start. I've looked through some books and articles and Online Help but need some insight into the issue from a person.
I'm running a SQL2K server with about 30 databases, none of them over 20M in size. These db's are driving websites on servers in the same server room and also accessed remotely using Enterprise Manager. For 95% of the time these databases are performing well. Then connections on webpages start timing out. This is a problem that 'fixes' itself very quickly but I need to identify what's causing the problems. I have sa access to the server and am trying to find a way, via perfomance monitoring or enterprise manager, to work out which database, if any, is responsible for this behaviour. There are no blocks visible in Current Activity on Enterprise Manager, I'm getting average LockRequest/sec of about 2000 bit with peaks up to 31000. Processor time is averaging out at about 10%, not too scary.
I can find lots of information on optimising individual databases and queries within them but no too much on identifying processes or queries that might be hitting a whole server installation in this fashion.
Hello, I have tables/columns exist.How to encrypt database or mask columns if I have to send a copy of DB to microsoft to troubleshoot for a problem. Thanks.
I need help. I have a SSIS package that connects to a ODBC database, it then does ETL from that database into a SQL 2005 database. I run the package using a Sql Agent job each night. However the package fails randomly with no apparent reason. I have setup logging and after viewing the logs I am no closer to solving the problem. Any Ideas how I can track this down? Thanks.
Hello guys, i am new to sql so forgive me if dont see something in the code that i should. Anyway the code below comes from the sql script that belongs to "BPBlog asp blogging software" ...its not mine.
Whenever i run this code in query analyzer from sql server 2000 i get an error that says :
Server: Msg 170, Level 15, State 1, Line 16 Line 16: Incorrect syntax near '('.
*line 16 is the below line in the code.
i have been going through books online since last night to try to get an understanding of the syntax of all those keywords that sorround the error but still havent figured it out yet. any advise on the error would be sincerely appreciated.
Thanx,
USE [Blog] GO /****** Object: Table [dbo].[tblAuthor] Script Date: 11/07/2006 10:51:16 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO CREATE TABLE [dbo].[tblAuthor]( [fldAuthorID] [int] IDENTITY(1,1) NOT NULL, [fldAuthorUsername] [nvarchar](100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, [fldAuthorRealName] [nvarchar](100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, [fldAuthorEmail] [nvarchar](100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, [fldAuthorWebsite] [nvarchar](100) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, [fldAuthorBlurb] [ntext] COLLATE SQL_Latin1_General_CP1_CI_AS NULL, [fldAuthorPassword] [nvarchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, [Approved] [smallint] NULL DEFAULT ((0)), [fldAdmin] [smallint] NULL DEFAULT ((0)),
CONSTRAINT [aaaaatblAuthor_PK] PRIMARY KEY NONCLUSTERED ( [fldAuthorID] ASC ) WITH (IGNORE_DUP_KEY = OFF) ON [PRIMARY] ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
Does anyone have any good places where I can get some practice scenarios for DBA activity? Also any transact sql puzzles to solve for practice purposes. I want to get as much "real world" activity under my belt as possible in a quick time-frame.
Hi, we just started receiving the following error messages about 3weeks ago. We don't get them all the time, or even on the same pagesnecessarily, but we get them from time to time and our sql serverconnection is slower in the last three weeks also. Our database isremotely hosted, and the programmers are also offsite, so we are tryingto deal with this issue with our database server host, with noknowledge of sql server. They say nothing has changed on the server,but we haven't changed any of our front end files either, so we don'tknow what the problem is. Here's 3 of the most common errors:1. Microsoft Cursor Engine error '80004005'Data provider or other service returned an E_FAIL status..../subview.asp, line 1322. Microsoft OLE DB Provider for SQL Server error '80004005'TDS buffer length too large.../subview.asp, line 283. Microsoft OLE DB Provider for SQL Server error '80004005'Unknown token received from SQL Server.../members.asp, line 182We have *no idea* what the above error messages refer to, or whetherthis is something wrong with the server or the ASP pages mentioned. Anyhelp anyone could provide so we can understand the types of messages weare getting would be nice.Regards,Sage
Can anyone help me troubleshoot this failed job. The error message in eventviewer is:SQL Server Scheduled Job 'Job1' (0xB1D83B7357CF2B4C808AD1CFA34CE8F9) -Status: Failed - Invoked on: 2005-05-12 09:31:38 - Message: The job failed.The Job was invoked by User sa. The last step to run was step 1 (Job1).The job step is:EXEC proc1I can execute the procedure in QA.Proc1 does the following:INSERT values into a table in the database where the job is running fromSELECT records from a seperate database on seperate serverI'm using four part naming in the select against a linked server. I suspectthat the issue is the security between the different servers/databases but Idon't know where to get more information about the failed job or what to trynext.thanks
Hi,This is the first time I use SOAP. Dont really know the exact pictureyet. Hope you can shed some lights on me.May I know where should I start troubleshooting if I get the followinerror message when running SOAP on Windows 2003, SQL Server 2000 ?Error Code: 0 Error Source= Microsoft VBScript runtime error ErrorDescription: ActiveX component can't create object:'MSSOAP.SOAPClient' Error on Line 1. The step failed.Thanks.
We have some transactional replication jobs from oracle to mssql2005. I found an error in the replication monitor as below,
============================================
Incorrect syntax near 'index'. If this is intended as a part of a table hint, A WITH keyword and parenthesis are now required. See SQL Server Books Online for proper syntax. (Source: MSSQLServer, Error number: 1018) Get help: http://help/1018
I found the corresponding table from the command id. Since some of the tables in our env. are created with triggers which cause the replication error occasionally! How can I trace the information of the transaction/record which made the replication pending? Also, there may be 'invalid' input in oracle and replicate to mssql2005 which cause error in trigger and made the replication panding. Any way to solve this kind of problem? Thanks in advance
In sql server 2000, I created some custom database roles called ProjectLeader and Developer. I would make these roles a member in the fixed database roles so that I would only have to add the user to the ProjectLeader or Developer role once and they would presto-magico have the security I wanted them to have with no unecessary mouse clicking. I'm not sure how to repeat this process in 2005? Management Studio doesn't seem to allow you to add a role as a member in another role. Is there a work around or solution for this?
