If I need to delete data from any of the table from my database,first I will create backup table and move data in my backup database by date and time and I will delete the data. all the above process i'm doing inside an procedure, my delete script I'm pass as an input parameter. If i run the procedure manually it is Woking and my data also creating in backup table.
But, if I keep this exce procedure inside a SQL server agent job Data is deleting but not able to create table in my backup database.
Can anybody pls give me a solution to why my table is not creating inside SQL job.
Based on your comment, you need to grant the service account that runs SQL Server Agent, ddladmin permissions
EXECUTE sp_addrolemember 'db_ddladmin', [serviceaccount]
or permissions to create tables:
GRANT CREATE TABLE to [serviceaccount];
Related
I would like to have one script to remove the specific user group to execute all stored procedures on the specific database in SQL Server 2014. I searched the web and found the example at Grant Revoke Permissions On Stored Procedures in SQL Server. It looks like I need create the script for all stored procedure.
Also I found another website REVOKE Object Permissions (Transact-SQL). However I have no clue how to write it as one script for all stored procedure.
Also I tried to use the below script in the database, but the Sales group still has permission on the stored procedure.
revoke execute to [Sales]
Would anyone tell me what should I do?
I have my sql auth user, which has Insert access to table A in database A.
I have my team’s sql user, which has read access to table B in database B.
I need to create a SP, that will select from table B in database B and insert it in table A in database A. (and should run daily …)
What’s the most professional approach? I don’t want to use EXECUTE AS…
I also don’t understand… if the SP by default gets executed with the caller’s permission, the caller would be sql agent, so in the SP I could be dropping all the databases?! (what am I missing?)
if it gets executed with the creator permissions, is it executed with the creators permission at the moment of creation or at the current moment of execution?!
I'll tell you how I do similar things currently. We will have a Active Directory service account set up with the needed access, be it DBO, sys admin or data Writer. Create a job to run the script in question and the Job will use the SQL Agent's user ID or whatever account you designate.
Our SQL agent account has the needed permissions to run any jobs that are needed on the server and works the easiest for us. You only have to set it up once and then use that account for all jobs.
I have a stored procedure that I can execute in SSMS with a non domain SQL Server user.
This stored procedure selects data from tables in one database (DB1) truncates and selects into a table in DB2.
The user has datareader,datawriter and dbowner for both databases.
Problem:
When I execute the stored procedure via SS Agent with execute as the user I get the following error
The server principal [user] is not able to access the database [DB1]
under the current security context.
Actions taken So far:
I have tried to resolve this so far by:
Turning on db chaining for both databases
Deleted the user from DB1 and added again
Checked using EXEC sp_change_users_login #Action=’Report’ to see if user orphaned. As this is a database that is a restore of a live one. However I added the user after the restore. The user was not listed as orphaned
A possible workaround if you don't want to have the owner be sa is to have the user be a member of msdb and grant the the SQLAgentOperatorRole in msdb. See if that works.
But to be honest, either use sa or a dedicated service account with enough permissions. It's better if the job runs under that context.
I have a script which generates a database for a given {databaseName}, and then creates a login for a given {loginName} for this database.
I then want restrict this user to only be able to view this database, and no others.
I have this working through the use of:
USE [{DatabaseName}]
GO
ALTER AUTHORIZATION ON DATABASE::[{DatabaseName}] to [{LoginName}]
GO
USE [master]
GO
DENY VIEW ANY DATABASE TO [{LoginName}]
GO
I have now put this into a stored procedure, but I cannot change to the [master] database to execute the last line:
DENY VIEW ANY DATABASE TO [{LoginName}]
Is there a way to restrict the user from seeing other database from within a stored procedure?
The stored procedure is currently on another database, but I am able to move it.
You can change the database context for a given SQL command by doing something like this:
master.dbo.sp_executesql N'print db_name()'
Although I suspect there might be a better way to do what you're trying to do
I would like to stop power users from deleting data using SQL Server Management Studio. I need to archive data and add some info to the audit trail when data gets deleted.
Is there a way to stop them when they attempt to delete the data from SSMS?
Is there a way to know which process caused the deletion? such as from SSMS, application, stored proc?
Is there a way to allow only deletes from Stored Procedure?
Thanks
Create a new login and database user for this login. Then grant delete permission to this user, and revoke it from all others. Write procedure[s] that removes data, add WITH EXECUTE AS [previously created user that can delete data]. Grant other users with execute permissions to the procedure[s].
Well they are power users aren't they. You could set deny Delete permissions for them.
DENY DELETE TO [Your_User]
GO
From your second sentence I get the impression that deleting is not the real issue but that you need to archive data and create an audit trail when data is deleted. Why not use a delete trigger?