I have created a login in SQL Server. The login has only read-only permissions. Database role membership for this user are db_backupoperator, db_datareader, db_denydatawriter and public. I gave him permissions to make backups, but when I try to access folder directory of the system it shows an error like in the picture below.
How can I share a specific folder to this Login in order to save backups to this folder?
Here is the error:
The user logs in to the SQL Server instance via a SQL Server logon, and asks for a backup to be made.
The SQL Server process, running under whatever Windows Identity it
is (LOCAL SYSTEM on my dev machine) makes the backup.
The user who asked for the backup in step 1 uses Windows Explorer to
check the backup folder. Note that Windows Explorer is using his
Windows Identity (NOT his SQL Logon) to check whether or not he has
access to that folder
Windows Explorer decides that this Windows user does not have access and
displays the message you show above.
To change the outcome, you need to give the Windows Logon that the user is using access to the backup folder. To do this, log on as an Admin, right click on the folder in explorer and select the Security tab. Add the Windows Logon that the backup person uses and give read access to the folder.
Just to clear, the backups are likely being done properly (absent any other data), but his WINDOWS logon is not allowed to see them.
Related
I'm working with ancient software using MS Access components on a Windows Server 2016 (configured as domain controller) Remote Desktop Terminal server (which I cannot circumvent or replace with local installations due to licensing hardware) that requires users to connect to a local SQL Server 2017 Express database.
Normal workflow is this:
User logs in to remote desktop with their own user/domain account
User starts software and uses it until end of workday, then closes software and remote desktop.
Situation now:
Being logged in as Administrator, I have access to the database and I can start the software and 'log in' on the software (using their software's dialog boxes) with the accounts specified in the database (table 'users'). But since we can't have everyone log in to the machine as Administrator (obviously) this is not a workable solution.
Back in the old days...
Back in 2009 when I did the installation of the old Windows 2008 R2 server in 2009 I remember installing SQL Server Express 2008 (?) and being able to run it as a sa user. This caused all connections to be run under this user as well, giving access to the database without problems by each and every (domain) user.
My problem now:
I can't seem to change the access to the database from user-based to a specific fixed user OR the administrator account for that matter. The access to the database is ALWAYS using the credentials of that of the USER.
I only see 2 ways out of this:
I set up some kind of sa-user replacement and run the database as that specific user account.
I give the domain group Personel access to the database in one way or the other.
My question for now:
Which option is best and/or where should I start looking for a solution?
In order to give every Remote Desktop User access to SQL Server via a database admin account, right click on the Server name and select properties. In the Select a page section of the Server properties dialog click Connections. Check the box next to "Allow remote connections to this server". Click OK to close the server properties dialog.
I'm getting the error below when I try and access SSRS on SQL Server 2008 R2
I'm not sure how many others have started using SQL 2008 R2 SSRS, but I am having an issue with getting the error below when I try and access the reports server url
User does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed
What I have tried:
I can access the url if I run IE as an administrator
Once you're able to log in to YourServer/Reports as an administrator, click Home in the top-right corner, then Folder Settings and New Role Assignment. Enter your user name and check a box for each role you want to grant yourself. Finally, click OK. You should now be able to browse folders without launching your browser with elevated privileges.
Don't forget to set the security at the site level **AND ** at the folder level. I hope that helps.
When attempting to create scheduled backups for TFS 2015, I received the following message: "TF401002: The SQL Server Database Engine failed to save the database backup to path \{share}\d$\TFSBackups. Please grant SQL service account read/write access to that folder."
I can't seem to find a solution that will work for me. The 'TFSBackups' folder is shared with full permissions for the NETWORK SERVICE and MSSQLSERVER.
What haven't I done?
Put the comment from Panagiotis Kanavos in the answer.
The error message is crystal clear and has nothing to do with TFS.
That account doesn't have permission to write to that folder.
The path is NOT a path to a valid share, it uses the administrative
endpoint d$ to directly access a physical drive. Only administrators
are allowed to use administrative endpoints.
Just share TFSBackups, set the proper permissions and use the share's
path, eg \\MyStorageMachine\TFSBackups
Normally SQL Service is running at user NT Authority/SQLAgent or similar(these users doesn't have authorization to tfs network folder). Go services and change owner of service to an account which has access to tfs folder.
I had the same problem with TFS, You must be setting up TFS Backups using TFS Admin console.
It is actually the SQL service which write and read backup files to the said location.
Just make sure you grant access to the SQL Service accounts.
If you're on Domain pay attention to Domain User Name.
In my case, SQL Server engine was executed by domain user User#Domain.com but my true permission was for Domain\User so fixing user Logon as in SQL engine saved my day.
Most of the time NT Authority doesn't have write permission on network path so, you need to change Azure or TFS owner user to valid network user.
I downloaded an ASP.NET MVC template onto my development machine a dropped it into the projects folder in my user profile (C:\Users\jdana\projects\gld_ember_mvcspa). An .MDF and .LDF file came along for the ride with the template. They're located here:
C:\Users\jdana\projects\gld_ember_mvcspa\App_Data
For the life of me, I can't get SQL Server Management Studio to read from or attach to any .MDF file in my user profile (I'm running SQL Server 2014 Standard on a Windows 7 box)
Here's what I've tried thus far.
The following Access is denied when attaching a database looked like a dead-match to my issue. I've given my local login account explicit full permissions to the projects folder and all child folders (making sure to logout/login afterwards).
I gave my local login account ownership of the projects folder and all child folders (making sure to logout/login afterwards).
I checked login associated with the MSSSQLSERVER Windows service, it's NT Service\MSSQLSERVER. I gave this login full permissions to the project folder (making sure to logout/login afterwards).
Finally, I launched SQL Server Management Studio with a right-click Run As Administrator.
None of this worked. My user profile folder remains inaccessible to SQL Server Management Studio.
I was faced with the same error when i changed the password to my SQL server account. The way out was to check if the files in the location you try to attach from are encrypted. Decrypt them(Right click on the mdf/ ldf file -> Decrypt). Then try attaching. This worked for me. Thanks to the helpdesk guy in my office:)
Run Sql Server Management studio as Administrator, and login to sql server with sa or admin credential. If mdf file is uncorrupt, then it will work.
I am having quite a problem with SQL Server.
When I installed it, my account was not an administrator, now it is. Apparently, since it was not an administrator of the machine, it is not an administrator of SQL Server, as a consequence I cannot create databases on my machine.
Now, I am on Windows 8, so it seems like SQL Server Configuration Manager is not as accesible as it was before, I managed to run it (I THINK!) from the MMC by running the following command: sqlservermanager10.msc.
Now, can anyone help me configure my current user as an SQL Server admin so I can create databases properly?
Thank you!
if I understand you correctly, you want your account to have sysadmin rights on SQL Server. You can either do this via SQL Server Management studio, or the SQLCMD command line utility. You don't use the SQL Server Configuration Manager.
You need to login as an existing SA (or whichever the identity has the sysadmin role).
Using TSQL via SQLCMD
Run the following command (replacing domain\user with your details)
USE [master]
GO
CREATE LOGIN [domain\user] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
GO
ALTER SERVER ROLE [sysadmin] ADD MEMBER [domain\user]
GO
Via the UI
In SQL Server Management Studio
Navigate to the Security node of the server, and R-Click & Select New Login
In the New Login dialog enter your domain user into the Window Authentication box
Then on the Right side select Server Roles and then make sure SysAdmin is selected
Then Ok that dialog and the windows account will have SA rights. This means then you can full administer the SQL Server.
It's not clear at all what's going on here, but it sounds to me like you haven't got any sysadmins if #Preet isn't correct.
The local Administrators group is not a member of the sysadmin role on recent versions of SQL Server (2005+, IIRC), and if I recall the installer complains if you try to configure it that way. Instead, when you install the instance you specify the users or groups who will be granted the sysadmin role on the instance.
If you did not do this (I think it adds the account doing the installation by default) or used an account or group which was later deleted, had the SID changed, or some similar event, then you have an instance with no sysadmin logins that can authenticate. You may be able to add one by switching the server to single user mode or minimal configuration mode (-f instead of -m).
If none of that works, then you'll have to save your database files, nuke the instance, install the instance again, re-attach your database files, and go from there.
The only other thing I can think that it might be is that the instance is somehow running as a user account that doesn't have permissions to create files in the default database or log directory, but that seems highly unlikely.