When I want to edit guest user right on SQL Server, in user column, for one database, dbo is written, and I could not change it to Guest user. SQL Server warns me you could not drop dbo.
How can I fix this?
Related
I installed Sql Server on a server in a company I used to work for.
I left the company - and rejoined a year later - and now I have a different domain login.
I've logged on to the server again, and in SSMS tried to create a new database - however I get the error:
create database permission denied in database 'master'
I have tried changing permission and adding DBCreator to BuiltInUsers and to SA - and also tried adding my new domain name to the security section - but when I try to add DBCreator to my user name, I get the error:
Cannot alter the server role 'dbcreator' because it does not exist or you do not have permission
Is there any way I can take control of the Sql Server instance again, to allow me to create new databases?
Thanks for any help,
Mark
I faced this problem when I made another SQL user which I login with, and I tried to give this user [dbcreator] grant.
I solved this via
runnig sql server as administrator
switching to my windows authentication.
going to folder Security -> Logins and double click on my new sql login user.
selecting Server roles and give grant to my user.
In SQL Server 2012, how can we give a permission to someone to have full control to SSRS and a permission to a specific Db so they can configure and run the SSRS reports and have a full control to backup/restore their Databases but do not have control to other databases on the same SQL Server machine?
Lets say you create a sql user login called sqllogin, Leave this user's Server roles as public.
Under Login Properties section for this user in User Mapping select the one database you want them against (in the list on rightside) and choose the following roles
db_backupoperator
db_datareader
db_datawriter
db_ddladmin
Note: not all options are ticked in image.
This allows user login only to tempdb (for this example) and not the others. They might be able to see other databases but cannot access them in anyway.
More info on roles here
As far as SSRS is concerned, create a datasource mapped to this database with this sqllogin.This is not the same as permission to SSRS but only to the database they get access to.
SSRS permissions are different, I'm pretty sure the sql login cannot be used. This might be of help Authentication SSRS.
But I hope this gets you started.
We are using SQL Server 2012.
I'm granting access to some one from out side my company.
I hide all Databases except his one.
Is there any possible way to hide all users and logins?
We want him to have information as few as possible about our server at SSMS.
How can we do this?
You could deny VIEW ANY DATABASE to the public role. However, after doing that, all logins without this permission will only see the databases that they own, along with master and tempdb.
Logins in only the public role can not view other logins, so as long as you leave them out of server roles, that issue shouldn't be an issue for you either. See sys.server_principals permissions for more details.
Any login can see their own login name, the system logins, and the fixed server roles. To see other logins, requires ALTER ANY LOGIN, or a permission on the login.
i connect the sql server windows authentication and create a simple database and table on it,and so define the new log in user and set to sql server authentication,every thing is fine,but i connect the database with windows authentication too,i want to delete the windows authentication,and i want just connect that database with only sql server authentication,this picture for that problem:
when i connect with sql server authentication,i define the rajabi user log in.
but i want just rajabi user can be connect to this database.how can i solve that?thanks.
What if any roles have you granted the new user? Granting the reader role to the new user should allow said user to connect.
Right click on your user -> Properties -> Membership -> Anything checked? I usually check the db_datareader just to allow a user to connect.
Please run on your database
DROP USER [UserAccount]
CREATE USER [UserAccount] FOR LOGIN [UserAccount]
EXEC sp_addrolemember N'db_owner', N'UserAccount'
Does anyone know the least windows account previlege to run under "credentials stored securely in the report server" option in the report manager?
I have tried to create a windows account with admin right and assign to "credentials stored securely in the report server" option but didn't work. However I enter administrator account, it works ok.. confusing.. can anyone please help?
When setting up the report Data Source in SSRS to use "credentials stored securely in the report server"; go back to SSMS, connect to the database instance, and set up a new Security login with the Windows account. Check the database and select the db_datareader and db_executor to provide read-only rights to report users.
#u07ch is probably spot on. the reason the admin account works and the other doesn't is probably because the admin is set up as an admin on the sql server, which by default grants it unlimited rights to the databases.
to fix your issue, you need to log into sql server, at the account you want to use for the report at the server level, assign it to the database/s the report access, and grant the account sufficient privileges on the database to exec and select.