I have a (S:\) drive with permissions for only myself and the SYSTEM user.
I just downloaded SQL SERVER EXPRESS 2017, and when I go to create a new database, it cannot see that drive as a place to create the database.
I tried giving the Everyone group full permissions on the drive, and then it showed up as a place to make the new database.
I am wondering what user I need to actually give permissions too, as it is clearly not running under my user, since my user has full control on the drive, and it's not running as SYSTEM, since that user has full control of the drive. I don't want to give "Everyone" permissions to the drive.
Note: Doing a bit more experiments, after removing the Everyone permissions, I went looking through my users list (in the Security tab of the Drive properties), and the only user that looks to have anything to do with SQL is SQLServer2005SQLBrowserUser${myUserName}, but giving this user full control did not allow SSMS to see the drive again.
Run this query:
SELECT * FROM sys.dm_server_services
And you will see current available services on your SQL Server instance and the account mapped to each one. Add permissions to the one that's below the servicename: SQL Server (MSSQLSERVER), it will be most likely NT Service\MSSQLSERVER.
If you use Jobs on the Agent, you will need to give permissions to that account also.
Related
Our business has just changed Active Directories and the domain changed, from "YMS" to "YMSNET". So I used to be able to log in with "YMS\tkol" and I can now log in with "YMSNET\tkol" (these usernames and domains are faked for the purpose of example), but when I log in as that now, I can't actually expand any of the databases or look at any of the tables, I can just see a list of the database names. When I try to expand a database in the UI it says "This database is not accessible (Object Explorer)."
Now I have another user, called "sqluser", and I keep trying to use that user to log in as well by changing the Authentication Method to SQL Server Authentication rather than Windows Authentication. But I get Microsoft SQL Server, Error: 4064
Now I know this sqluser user exists and the password is correct, because I can authenticate to the server and successfully interact with the tables from an external process on a separate computer on the same network (node.js, package mssql). And I used the query on the accepted answer on this question, and found my sqluser is there, with roles db_accessadmin, db_ddladmin, db_owner. And yet it still won't let me log in with that user in the SQL Server Management Studio UI
How can I get this working again and log in with my sqluser account? Or add the appropriate permissions for my YMSNET\tkol account?
--- edit ---
My first idea is that, because I can log into the UI with YMSNET\tkol, but I can interact with the databases externally with sqluser, that there is some query or command I can run with sqluser that will add permissions for YMSNET\tkol so that that user can now look at all the databases and tables. I don't know which commands I'd run for that.
It can be because your account's default database is mapped to some another db which is not available for you, for instance, you have no permissions there, or that database not exists anymore etc.
Your organization DBA can fix it by:
ALTER LOGIN [sqluser] WITH DEFAULT_DATABASE = [rightDB]
Default db name can be checked by:
select default_database_name from sys.server_principals
where name = 'sqluser'
This property can be overridden by opening "Options" of SSMS connection window and specifying it explicitly:
I have followed "How to schedule and automate backups of SQL Server databases in SQL Server Express" article to create backup a SQL Server Express database. Basically this creates a stored procedure and it is called by a .BAT file periodically by Task Scheduler. If destination is set to a local folder for example D:\Data it works fine, however I need to create backups on the folder \\Server\Folder I get access denied error.
User domain\myuser is always logged in. This user has write permission into folder \\Server\Folder. I tried adding user as Login and then tried to call stored procedure EXECUTE AS domain\myuser but it did not help.
I cannot create a network map because of limitations. Is there a workaround for backup into a network folder?
When I run SSMS and call the SP I get the following error. I logged in as domain\myuser user and opened SSMS. If I browse folder \\Server\Folder in Windows Explorer I can create files, so user domain\myuser has write permissions on the folder.
I navigated to your link you shared and read the following:
In the Enter the user name field, type a user name, and then type a password in the Enter the password field.
Note This user should at least be assigned the BackupOperator role at
SQL Server level if you are using one of the batch files in example 1,
3, or 4.
Are you specifying the domain administrator credentials here? i.e. The credentials for the network share?
You need to make sure that the account that the SQL Server service is using has the appropriera permissions on the share.
I have an Advantage Database Server that works as expected when it is not a member of Active Directory Domain. However, once I join the domain, I can no longer connect to the database services. I checked to see if the database server service was still running and it was. I even checked the file permissions of the database files and added the appropriate user to the folder without any luck.
Does anybody know if there is anything that might be preventing connections to the database server from being established?
Even when you join the domain, you should still be able to log on as the original user, who should still have the same access rights to software applications and the DB.
Are you logging on as a domain user, or are you still logging on as the old local account? When you say "connect to the db services" do you mean launch a local app?
Is the service running as a specified user? Or is it local system etc? What is the desired goal in joining the domain?
More information needed... thanks!
How do I set up a database so that one does not have access to it? Even with installing SQL Server Management Studio on local machine.
In SQL Server with Windows user or sa can access all databases. How do you limit the access DB of the users?
For assuming that SQL Server is installed on the local machine, not on the server
You can try Single User Mode.
From the linked MSDN article:
Single-user mode specifies that only one user at a time can access the database and is generally used for maintenance actions.
Edit: You edited your question. Now it sounds more like you're asking about Security instead of how to limit the database to one user.
You can edit a user's security in SQL Server Management Studio by drilling down into Security > Logins. There you will see all logins to your instance. You can right click these entries and select Properties to made updates. The easiest way to completely bar a user from accessing any of the databases on the server is by selecting "Disabled" from the "Status" tab.
Well, if you really want to limit this to just one user, there is a simple way (but a bit risky).
Your Windows user is included in the group BuiltinAdministrators. If you really want to remove your Windows user, rerun the installation process and during the setup just change the users in those group.
But beware, you should provide another user, which has access to your database otherwise you end up with a database server without access to it.
Ater that, setup a database login and grant him access to the database you desire.
In the end, you can disable the sa login. This will prevent access with the sa account. But you should have a user which can manage logins and more. Otherwise you have no chance to recreate the password or any other administrative tasks.
how do I limit the user access to the database I installed to the management studio for only certain people(probably me alone) to access?
But I got a surprise when I saw the database I installed to my client pc was able to be opened using window authentication. I thought it is only able to be opened by the new user I created for that database.
so how do I remove the database from being viewed by those login using window authentication.
In the SQL management studio go to "Security". Its quite possible that you will find some Windows accounts in there. This is normal behavior and they are put there on installment of the SQL instance.
What you can do is delete the ones you don't want poking around in the DB. Make sure that you at least keep 1 db administrator.
You can also restrict their access to read_only. Read this article on creating/editing users. Goto the properties of the user you want to edit and goto "Manage Server Roles". Learn more about server roles here