Running on my dev machine, connected to the db on another machine with this connection string in Visual Studio:
Data Source=dev-db,1433;Initial Catalog=MyDb;Persist Security Info=True;Integrated Security=True;Encrypt=True;TrustServerCertificate=True"
I'm connected, life is good. Trying to run the EF Core command
Update-Database I get this error:
CREATE TABLE permission denied in database 'MyDb'
The question: what user is attempting to create the table and how do I figure that out? I know how to grant access on the db side, but knowing what user needs access is the mystery. I saw an answer here about a logon trigger, but that answer didn't seem to be a useful answer as it had no upvotes.
Integrated Security=True means to connect to SQL Server using Windows Integrated Auth using the identity of the user executing the program. So it's you.
Related
I have two databases on the same SQL server. One for an ERP database that I am able to read tables and one I created in MS Access. A store procedure on the MSAccess database is updating some tables from the ERP DB. The MS Access DB from here on is independently running.
When I installed on other computers, the Access Database is giving me a connection error when I am logged in as another user than myself.
- Are permissions from the ERP database affecting me in my Access Database? Should I worry about them?
- Is Windows Authentication enough to make the connection happen?
- Do I need to Map the users over from the ERP database?? if so, how do I do it?
- Can I grant every user on the Server permission to access my tables using Windows Authentication? do I need to go down this road? How do I do it?
I am just not too sure what to do from here on. Here is some more information about the issue.
-In my database I have a ODBC stringconnection that looks like this:
Driver={SQL Server Native Client 11.0};Server=SERVER;Database=DATABASENAME;Trusted_Connection=yes;
-I am packaging an exe file using SSESETUP which is awesome.
-I am installing on the new computer and able to launch when I am logged on as myself however, I am getting a connection error when I am logged in as another user on the same computer. (Note: I am not able to debug from here on and see the vba because I am running under Access runtime 2013 only.)
I would appreciate if someone can assist me in narrowing my search for a solution.
Bottom line, it sounds like you need to set up database permissions on your SQL Server for each Windows account that will be using your Access db.
Here are specific answers to your questions:
Are permissions from the ERP database affecting me in my Access
Database
Yes, of course they are. Regardless of how you connect to the database the permissions will always be in effect.
Should I worry about them?
Yes, of course you should. Otherwise you won't be able to work with the data.
Is Windows Authentication enough to make the connection happen?
To make the connection, yes. SQL Server supports Windows authentication in both security modes (Windows only and mixed mode). But, this is just the connection. You also need to take the database permissions into consideration. Your Windows login needs to be granted the appropriate permissions within the specific database in order to do anything.
Do I need to Map the users over from the ERP database?
Map to what? Access? Based on the connection string in your question you're using Windows authentication to connect Access to SQL Server, so Access will connect to SQL Server under the security context of whoever is running Access. So the SQL Server permissions will need to be configured for each user who will be running your Access db.
Can I grant every user on the Server permission to access my tables
using Windows Authentication?
Access to the SQL Server tables? Sure, you could. But you should limit it to only the necessary permissions. Granting access for everyone is likely overkill and not best practice.
I have a simple EF Code First project that has to create a database in my local SQL server if it doesn't exist. However, when I try to debug my application I get the error:
Cannot open database "<Database>" requested by the login. The login failed.
Login failed for user 'MicrosoftAccount\someone#me.com'.'
I somewhat understand that because I login to Windows with my Microsoft account.
So I changed my connection string from using integrated security to username and password.
I made sure the user is created on the SQL server (Login & sysadmin rights) but it still fails when I debug in Visual Studio.
So..... I build the project and ran the application directly via the exe file and everything works. But I want to understand why it doesn't work with the debugger.
Have I missed something obvious here?
So I found the problem.
My local Windows account was paired with my Microsoft account. For some reason Visual Studio sends my Microsoft account to the SQL server to authenticate even when run under specific local credentials.
My solution was to create anew local user on my workstation with NO assosiated MS account.
I made the account member of Administrators and gave it permission to the SQL server then everything was fine...
Please ensure the server and database name are specified correctly in connection string. I had a typo, and got the error.
I guess that the debugger runs with different credentials (or could be set to do so). Especially if your account is not admin.
Maybe this helps: https://blogs.msdn.microsoft.com/greggm/2008/05/15/visual-studio-remote-debugger-service-user-account-requirements/
I am using Access as a front end database to connect to SQL Server data. On my computer, it works just fine. On a user computer, it doesn't work. Has anyone successfully done this without creating a DSN on each computer?
Thanks,
Jeff
You will need to make sure what ever user is trying to connect to the DB has rights in SQL Server to view it. Access won't just remove the security needed to view it. You could create a DB role then put everyone needing to get into that DB into the role and grant that role access. You could also get an AD group created for anyone that needs to view the table and get people added to that group then grant that group access.
You can connect using an ODBC connection with saved credentials to trick the sql server into thinking the user is someone else. However, i would only do this and provide read only access. Then, you can revoke access to that username whenever and the whole system stops. Easy to do., just build an ODBC connection and save the username and password in it.
I am using Sql server 2008-r2 and connect it using windows authentication.
when i create database then i am getting error
Create database permission denied in database Master
What may be the reason of it and how can it be resolved?
I even forgot the sql server authentication password also to connect it.
Go into the master security settings and try to give your user SA permissions.
It may be that your Windows Authentication has security rights, but not create rights.
If that doesn't work, you might have to install a new instance of SSMS and create a linked server to the data that you need.
PS: This should be a comment, but I can't make comments for another 7 reputation.
In order to copy a table's data to a new table with additional fields the DB was attached in SQL Server Management Studio. Once the data was copied to the new table and the old table was dropped, the DB was detached. The DB was then opened in the development environment with Visual Studio and was accessible from the Server Explorer Data Connections. However, now the application cannot open the DB when running on the web server and gives an error saying: Cannot open user default database. Login failed. Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
The web.config application connection string is:
<add name="ApplicationServices" connectionString="Data Source=.\SQLEXPRESS; AttachDbFilename=|DataDirectory|\ASPNETDB.mdf; Integrated Security=True; Connect Timeout=30; User Instance=True;" providerName="System.Data.SqlClient"/>
I have read over 30 post on this type of error and everything I tried from the suggestion I found did not help. NT AUTHORITY\NETWORK SERVICE in in both the server's users and the DB's users with dbo.owner rights and the app pool for the web server is set to use NETWORK SERVICES.
I am guessing that maybe SQL Server Management Studio made some changes to the DB when it was attached that are effecting the security access rights for the web server application, but not for direct data connections but for the life of me, I can not find what that may be.
The application is being developed with Visual Studio 2013 for Web using a local IIS 7 server as localhost and SQLEXPRESS for the database server. The application development process has been going along fine up till now. However, at this point development has come to a halt and I am dead in my tracks until I can get this resolved. Any help would be appreciated!
Thanks in advance!
David
Are you sure there are no orphaned users?
http://technet.microsoft.com/en-us/library/ms174378.aspx
-- Detect any orphans
EXEC sp_change_users_login 'Report';
If you already created server login named 'Mary' on SQL Express, use the following command to remap.
-- Remap to same existing login
EXEC sp_change_users_login 'Auto_Fix', 'Mary';
You can use this optional syntax to create the login with a password.
-- Remap to new login
EXEC sp_change_users_login 'Auto_Fix', 'Mary', NULL, 'B3r12-3x$098f6';
GO
In a nutshell, you can use SSMS to manage that SQLEXPRESS server. Poke around and make sure the logins and users are mapped correctly. You can even test if you have the Trusted login credentials.
If this still does not work, please post back to me.