I have a MS Access front end with tables linked to SQL Server. I used a file DSN to link tables, and upon opening Access database the user has to enter SQL server userID and password.
Is there a way to extract that userID (not the password) from the established ODBC connection, for example to use it for display and audit purposes?
Yes, you can create a Pass-Through query in Access with just the statement...
SELECT CURRENT_USER
...then in the Property Sheet for that query click the ellipsis button beside ODBC Connect Str and select your File DSN. (When asked if you want to save the password in the connection string, say "No".)
Then save the Pass-Through query (I called mine "getCurrentSqlUser") and run it to get the name of the current user on the SQL server.
(Note: While testing this I logged in as sa and found that the query returned dbo. I think that's because I was logged in as a member of the sysadmin Server Role.)
Related
I'm trying to find a way to do the equivalent of an "execute as user" command from within a SQL connection string. I have a query coming from an external source that I can't modify and a database that already has security setup using execute as user. The only thing I can really modify is the connection string. I've been looking all over and am having trouble finding anything related in my searches.
Can something similar to "execute as user" be done within a connection string?
If yes, how?
Using SQL Server 2016 - SP1
Edit:
Users in a table have a number of roles associated with them. Each unique combination of roles has a user created (that can't login so you can't connect as that user and get access). That user has a schema that applies row level security so based on the user's role they can only see the data they are allowed. Using "execute as user = [auto generated user]" they impersonate the appropriate user with the unique permissions schema and thus only get back the data they are allowed to see. I will make a connection with a user and then need to do the equivalent of the execute as statement, but I can't modify the actual query so it needs to be done in the connection string.
You cannot do this via the connection string since you must already be connected in order to impersonate a user.
A connection string allows a user to connect (i.e., login) to a SQL Instance and therefore cannot be used by users that cannot login. Instead you'll have to connect as a user with login rights and then impersonate the user via EXECUTE AS USER.
I have a contained database with users authenticated in the database only (i.e. SQL user with password). What I am looking to do is the "uncontain" the database. Before I can change alter the database to containment 'NONE', I must remove all contained users. What I really want to do is create a SQL login for the user retaining the same password.
With a server login, I can use LOGINPROPERTY('myusername', 'PasswordHash') to get the password hash. For a SQL user with password (a contained user), this returns null. Where can I get the password hash for a contained user?
This article has the answer http://sqlblog.com/blogs/argenis_fernandez/archive/2014/07/28/scripting-out-contained-database-users.aspx
The article states that for contained database users, there is (currently) no method of obtaining SID or password hashes without connecting to the DAC (Dedicated Administrator Connection). Once you establish a DAC connection, the following query will give you the password hash:
SELECT password FROM sys.sysowners WHERE name = 'ContainedUser'
For information on how to connect get a DAC with SSMS, see https://technet.microsoft.com/en-us/library/ms178068(v=sql.105).aspx
Have you tried the sp_help_revlogin stored procedure?
While converting an Oracle code block I found this:
IF :NEW.username != USER THEN
Now, my question - what exactly is USER in Oracle? In SQL Server I have:
SELECT name FROM sys.server_principals
Is the 'name' here same as Oracle USER?
In SQL Server, the NAME in sys.database_principals is the USER. There was a similar question in dbastackexchange here https://dba.stackexchange.com/questions/22803/listing-the-existing-sql-server-logins-and-users
In Oracle, USER is an account through which you can log in to the database, and to establish the means by which Oracle Database permits access by the user.
For example, I connected to the sample schema "SCOTT", I connect like :
conn scott/tiger#database
So, here the user is "SCOTT". Let's see :
SQL> show user;
USER is "SCOTT"
It's a MS Access app with linked tables to SQL Server. I need to log this on the SQL Server as I cannot modify the MS Access app.
The app connects to the SQL Server through a default SQL username.
You will need a trigger for this, and a table to store the results. Very quick prototype:
CREATE TRIGGER dbo.trigger_name
ON dbo.table_name
FOR DELETE
AS
INSERT INTO dbo.LogTable(RowID, UserName)
SELECT PK_Column, SUSER_SNAME()
FROM deleted;
GO
Note that unless each Access user authenticates to SQL Server as themselves, you may need to use host name or some other property to identify them (if they all connect as the same SQL user, there is little SQL Server can do to determine who they really are).
I retrieve data from SQL Server database to excel file.
When I define connection properties, I choose that I want store password.
Meanwhile, I create a new login (and grant only access to read only data from specified database).
Unfortunately I am unable to find any option in Excel to remove this stored password.
In files which defining connections (.odc extension), I found information about login, but nothing about password.
How i can do it?
Maybe obvious, but did you try to unckeck the Save password checkbox in the connection properties window and reconnect to the database?
See http://office.microsoft.com/en-us/excel-help/connect-to-import-sql-server-data-HA010217956.aspx