SQL Server >=2016
Do I need to set trustworthy on for database to run broker? Does it require this setting? Or it is possible somehow run Broker and do not set TRUSTWORTHY ON?
Related
I have a SQL Server service account: domain\sqlservice.
This account is running both SQL Server service and SQL Server Agent Service.
This account has read/write permission to a file share: \\fileserver\Path1, and from the SQL Server and SQL Server Agent jobs, we are able to write to this folder path using the service account (using master..xp_cmdshell. xp_cmdshell is enabled).
This permission got removed by mistake, now we have added it back.
I can use the service account domain\sqlservice to browse to \\fileserver\Path1 and create files and folders (using Windows Explorer), but SQL Server and SQL Server Agent jobs still could not.
I have restarted the SQL Server Agent service (I believe this is account used to access the file share when running the SQL Server Agent jobs).
But it still failed to access the path - I get an access denied error.
I think I will need to restart the SQL Server service to fix this issue (waiting for my maintenance window now).
I want to understand it better, can someone give me some hint on why SQL Server Agent job is related to the SQL Server services running account? And what is the relationship between SQL Server Agent job service account and SQL Server service account? Are we still utilize this account to access fileshare defined in the SQL Server Agent job?
Thank you all very much
It looks like it takes time for the service account to get updated.
So I rerun the task in 10 hours
and task runs fine.
So I guess you have two options.
wait for the token or something expire and renewed.
you can restart the service.
#Charlieface’s comment explains the reason:
Double check that SQL Server is definitely still running under that service account, as well as which account has now received permissions to the share. The permissions for xp_cmdshell depend on whether the session has sa rights, see learn.microsoft.com/en-us/sql/relational-databases/…. Quite why you are using xp_cmdshell is a different question: it has major security implications, and should probably be converted into a SQL Agent job written in Powershell.
I'm trying to publish my web application (ASP.NET MVC) to Azure.
When I developed the system locally I used SQL Server as the database server.
Here I'm trying to use Azure SQL.
I want to enable Service Broker on the Azure database but it won't let me do it. I got an error that.
The operation cannot be performed on database "dbrngls" because it is involved in a database mirroring session or an availability group. Some operations are not allowed on a database that is participating in a database mirroring session or in an availability group.
Is there any other way to do this in Azure SQL?
This is the code I tried to do to enable Broker
ALTER DATABASE [dbrngls] SET ENABLE_BROKER WITH ROLLBACK IMMEDIATE
Service broker is not available for Azure SQL Database, you'd need an Azure SQL Managed Instance.
I have started a new Azure SQL server instance with some firewall rules to limit the access. Everything seems fine at first. After setting the rules accordingly I can't connect to the server using SQL Server Management Studio, but when I run my application, that's executing stored procedures on the database, it does not block it even though I limited all access (removed all firewall rules).
How can this be? Why can my application access the db but not SSMS? What do I need to do to secure the db from IP's outside the firewall rules?
Thanks!
I am trying to set-up/test SQL Server row-level security for my database. I want to use row-level security for SSRS reports and Power BI. The database is set up on my test PC using SQL Server Express with SSMS.
On my test PC I have set up a separate account -- separate from the user under which I established the SQL Server and database. I believe I have set-up the SQL Server level permissions and database level permissions appropriately(?) for the separate user.
I go into the separate user account and continually get the
Server principal **** is not able to access under current permissions
message in SSMS and cannot access the data in the SSRS localhost website.
Is the separate user, established on the same PC, not considered to be in the same domain as the PC user who established the database? Is that what is causing the problem? If so, how can that be overcome? If not, any ideas what my problem might be? Is there some constraint in SQL Server Express that I need to establish the database using a SQL Server Developer edition?
I prefer not to wait until the database is established on the system test server to determine how this will work. Many thanks for any thoughts or suggestions.
I followed the instructions on AWS to set up an RDS instance with SQL server Express,
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_NET.quickstart.html
But I find that when I go to run the commane 'Update-Database' that I get:
CREATE TABLE permission denied in database 'master'.
Turns out I'm logged in as 'Guest'??? Despite setting up the db as per instructions.
So I'm expecting that I must have missed something simple, just looking for any hints as to how to get admin access to my own SQL Server hosted on RDS?
The master database is a System database internal to SQL Server. You never need to run CREATE TABLE inside that database. It sounds like you're not in the right database context: you're running commands against that database rather than your own database.