There are a large number of objects in SQL Server that are owned by people who have resigned.
We need a script to change the ownership of all of these objects to SA.
Can anyone help with this script?
Also how we can test it before we run it in production server?
Change the owner of SQl agent job
EXEC msdb.dbo.sp_manage_jobs_by_login
#action = N'REASSIGN',
#current_owner_login_name = N'currentowner',
#new_owner_login_name = N'sa';
Change the owner of SQl Database
use master
go
select 'use [' + db.name+']; exec sp_changedbowner [sa];' from
sys.databases db left join sys.server_principals sp
on db.owner_sid=sp.sid
where suser_sname(owner_sid)='current owner'
Related
I have an account with db_datareader database role set on my database test_db.
Using SSMS I log in using this account (with SQL Server Authentication) and I open a new query window in order to get the number of current connections to test_db database by performing below query:
select * FROM sys.databases sd LEFT JOIN sys.sysprocesses sp ON sd.database_id = sp.dbid
WHERE database_id = 6 AND LOGINAME IS NOT NULL
where database_id = 6 corresponds to test_db.
This query returns one single row instead of many rows.
However, from SSMS If I log in using another account (with Windows Authentication) that does not have db_datareader set, If I open a new query window from SSMS and type the same query above indicated I get all the current connections to test_db database (more than one row).
Why? I need to obtain all the current connections to test_db database, not only the single connection which current user is logged in (the read only account with db_datareader database role set)
Since the SQL user you wish to return the information won't have the appropriate permissions, you will need to create a stored procedure and use EXECUTE AS
CREATE PROCEDURE dbo.GetConnectedUsers
WITH EXECUTE AS 'sa'
AS
SELECT *
FROM sys.databases sd
LEFT JOIN sys.sysprocesses sp ON sd.database_id = sp.dbid
WHERE database_id = 6 AND LOGINAME IS NOT NULL
GO
Obviously you would also need to give the limited user account you are using execute permissions to the stored procedure also
Finally I have solved by granting VIEW SERVER STATE permission to read only user as explained here.
The problem that SQL Server were not returning all the rows is because the read only user was not seeing all executing sessions on the SQL Server instance. Read only user was only seeing the current session. So setting VIEW SERVER STATE for the read only user works.
I need to collect all databases from stored procedure.
When I execute this code in SSMS, I get all databases available:
SELECT * FROM sys.databases;
However if I wrap this into stored procedure, I get only master, tempdb and current database:
CREATE PROCEDURE dbo.ListDatabases
WITH EXECUTE AS OWNER
AS
SELECT * FROM sys.databases;
GO
EXEC dbo.ListDatabases;
GO
This started to happen since SQL 2017 but worked fine on previous versions of MS SQL Server.
I would expect to get the same result when the procedure is executed under the same user account as the single statement. The account executing both queries is member of sysadmin server role.
I created a new schema in SQL Server using
CREATE SCHEMA testschema
I checked database_principals table using
select * from mssql.sys.database_principals;
I did not find any entry for testschema.
Did I miss something?
I am able to access tables in the dbo schema. I want to create testschema with same privilege as dbo.
Connection String for JDBC :
jdbc:sqlserver://192.xxx.xxx.xxx:1433;databaseName=BCHN
IIRC up to SQL Server 2000 schemas and principals were not distinguished. If you work on 2005 or higher, the new schema should display with the statement
select * from sys.schemas
CREATE SCHEMA does not create database principal.
SELECT * FROM sys.schemas
WHERE
name = 'testschema'
As you can see: principal_id = 1 (dbo)
It must be possible to access objects in your schema with [schema_name].[object_name]
I have:
A single Microsoft SQL Server 2008 R2
Two databases with some tables: DB1 and DB2 (both with the same owner)
A view in DB1, DB1.dbo.View1, that SELECT * FROM DB2.dbo.Table1
A role, ViewRole, in DB1 granted SELECT permit to the view (no other permissions)
A Windows user, DOMAIN\user, with server role set to public, who belongs to DB1's ViewRole
When the user tries to SELECT from the view, I get the error:
The server principal "DOMAIN\user" is not able to access the database "DB2" under the current security context
I have tried (and hopefully succeeded) to activate Cross Database Ownership Chaining using both:
EXEC sp_configure 'Cross DB Ownership Chaining', '1';RECONFIGURE
and
EXEC sp_dboption DB1, 'db chaining', 'true'
EXEC sp_dboption DB2, 'db chaining', 'true'
To confirm that the setting is made, I run:
SELECT name, owner_sid, is_db_chaining_on FROM sys.databases
and the result is:
name owner_sid is_db_chaining_on
DB1 0x0105...DCB510000 1
DB2 0x0105...DCB510000 1
So, why won't the user be able to SELECT from the view? There will be no error if the view only selects from a table within DB1.
Anyone has any suggestion as to what I might have missed or misunderstood?
The windows user has to have access to both databases to be able to use cross database ownership chaining.
You should also disable the option on server level for security and only enable the option in the databases.
You can read more about it here
When I accidentally click on the Database Diagrams tab, I get one of the following errors:
Database diagram support objects
cannot be installed because this
database does not have a valid owner.
To continue, first use the Files page
of the Database Properties dialog box
or the ALTER AUTHORIZATION statement
to set the database owner to a valid
login, then add the database diagram
support objects.
--- or ---
The database does not have one or more
of the support objects required to use
database diagramming. Do you wish to
create them?
What's the syntax for changing the owner of this database to 'sa'?
To change database owner:
ALTER AUTHORIZATION ON DATABASE::YourDatabaseName TO sa
As of SQL Server 2014 you can still use sp_changedbowner as well, even though Microsoft promised to remove it in the "future" version after SQL Server 2012. They removed it from SQL Server 2014 BOL though.
to change the object owner try the following
EXEC sp_changedbowner 'sa'
that however is not your problem, to see diagrams the Da Vinci Tools objects have to be created (you will see tables and procs that start with dt_) after that
This is a prompt to create a bunch of object, such as sp_help_diagram (?), that do not exist.
This should have nothing to do with the owner of the db.
Here is a way to change the owner on ALL DBS (excluding System)
EXEC sp_msforeachdb'
USE [?]
IF ''?'' <> ''master'' AND ''?'' <> ''model'' AND ''?'' <> ''msdb'' AND ''?'' <> ''tempdb''
BEGIN
exec sp_changedbowner ''sa''
END
'