sql server 2008 enable sa account - database

I logged into SQL Server 2008 via SQL Server Management Studio using Windows admin account. When I run the command (ALTER LOGIN sa ENABLE) I get the following error.
Cannot alter the login 'sa', because it does not exist or you do not have permission.

You account doesn't have permissions. It isn't sysadmin.
CREATE DATABASE requires
Requires CREATE DATABASE, CREATE ANY DATABASE, or ALTER ANY DATABASE permission.
This is (legacy SQL Server 2000 lingo):
sysadmin
dbcreator
If the account is "end user" consider wrapping the call in a stored procedure to hide the permissiosn escalation
Edit, after question update
sa is always sa; you can't disable it as such
You need to grant some permissions to the Windows account using GRANT

Follow the advices in this article:
http://blogs.msdn.com/b/dparys/archive/2009/09/17/create-database-permission-denied-in-database-master-my-fix.aspx
EDIT: The whole question changed!

Related

How to create new SQL Server login and assign permission to access database to it?

I need to create an vb.net console application which will access our existing SQL Server database, but the problem is that the provider didn't give us login name and password to access the database.
So is there any way by which can I create a new login with password and assign them full permission or read permission to access the database ? I have full access to the system on which the SQL Server 2008 R2 is installed.
There are a few assumptions made to this:
1) The SQL Server is set up to allow mixed authentication
2) The SQL Server is allowed to use TCP/IP or Named Pipes for logins
3) The account you say has "full access" to the system ALSO has sysadmin (aka full access) on the SQL server instance or at least permissions to do user maintenance.
Assuming all those then login to the SQL server and run something like below
CREATE LOGIN [app_usr] WITH PASSWORD=N'password', DEFAULT_DATABASE=[databaseName], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
USE [databaseName]
GO
CREATE USER [app_usr] FOR LOGIN [app_usr]
GO
/**** You can choose to only run the following statements that you want***/
-- The following gives the user the ability to read all tables in the db
USE [master]
GO
EXEC sp_addrolemember N'db_datareader', N'app_usr'
GO
-- The following gives the user the ability to write to all tables in the db
USE [master]
GO
EXEC sp_addrolemember N'db_datawriter', N'app_usr'
GO
-- The following gives the user the ability to do anything in the db
USE [master]
GO
EXEC sp_addrolemember N'db_owner', N'app_usr'
GO
Additional default roles and a better description can be found here or make your own or whatever - at this point the user is created and you should be able to access it through your application
I have full access to the system on which the SQL Server 2008 R2 is
installed.
If you are local Windows admin, you can restart SQL Server in single user mode and you'll be sysadmin at that moment:
Start SQL Server in Single-User Mode
There is another solution for SQL Server 2008 R2.
As previuosly said, you should be Windows admin on this pc.
You can access SQL Server under LocalSystem account using this program: PsExec v2.2
Just run ir with -s i.e. Run the remote process in the System account.
This way you can connect to SQL Server without restarting it at all.

db_datareader User mapping is allowed to do Update, Create Queries

In a SQL Server 2008 R2 database, I created a user login with:
Server Role: Public
User Mapping: master, model, msdb
Database Role Membership db_datareader, public
When I use with new user login to connect it connects and I can run update, create commands. Which I don't want to run.
The same setting I tried in SQL Server 2012. It didn't allowed me to run update and create commands.
I get an error :
CREATE TABLE permission denied in database 'TEMP'.
In SQL Server 2012 I have a different database.
Please give solution
I have followed this https://www.itsupportguides.com/server-side-tips/sql-management-studio-how-to-create-read-only-users/
for this Login
mark SERVER Role for following Databases as db_DenyDataReader , and db_DenyDatawriter

What is the SQL Server least privilege for AppFabric installation?

We are trying to develop a repeatable process for installing AppFabric, using a SQL Server 2012 Standard Edition instance.
I granted the SQL Server login (using Windows Authentication) being used to install AppFabric the db_creator Server Role, since AppFabric clearly needs to create databases. During Installation of AppFabric, they receive the error:
"The EXECUTE permission was denied on the object 'sp_add_category',
database 'msdb', schema 'dbo'. Could not find stored procedure
'ASInternal_ThrowError'.
I can't very well grant EXECUTE to a stored procedure in a database that doesn't exist when I am granting Server Roles to the login. I have been unable to find any documentation regarding the minimum SQL Server permissions required for the AppFabric installation.
I suppose I could just grant the sysadmin Server Role to that user account, but I'd rather not.

How to get CREATE TABLE Permission for windows authentication users in SQL Server express 2005

I recently installed SQL Server 2005 Management Studio Express. When I login to the Database server machinename\SQLEXPRESS using Windows Authentication.
I am unable to create tables or create databases. How do I grant the permissions for the users logged in as Windows Authentication to be able to create tables / databases?
You can make your user part of the sysadmin role
exec sp_addsrvrolemember 'DomainOrComputerName\UserName','sysadmin'
That will solve your problem but it is overkill and grants the users complete access to your database including the ability to delete your databases and technically they can do anything on your computer they want unless you have limited your SQL Server Service accounts rights. To allow the ability to create tables use
Grant Create Table to [domainName\userName] That will give them the ability to create a table in the database where you run that statement.

BUILTIN\Administrators removed - how to undo it

SQL Server 2000 Standard, Windows 2003
My coworker removed 'BUILTIN\Administrators' group from SQL Server which results in 'SQL Server Agent' not working.
All my TSQLs to synchronize databases stopped working.
I have Administrator rights on the server and my database user is in sysadmin role.
Does any one have idea how to bring 'BUILTIN\Administrators' back without restoring master database from backup?
Edit: When I try to add Administrators or MACHINENAME\Administrators using Enterprise Manager I have this group on the list to choose, but when I accept my choice I have error:
Error 15041: Windows NT user or group 'MACHINENAME\Administrators' not found. Check the name again
of course instead of MACHINENAME I see my server name
Edit2: Found it
Login as sysadmin
Run following TSQL queries
EXEC sp_grantlogin 'BUILTIN\Administrators'
and
EXEC sp_addsrvrolemember 'BUILTIN\Administrators','sysadmin'
You don't want to re-add 'BUILTIN\Administrators' as it is a SQL Server 2000 security flaw. All domain administrators will have full sysadmin rights to your SQL Server to drop databases etc.
Find the account that is running SQL Agent (Right click SQL Server agent in enterprise manager and select properties). Then add this account as a SQL Server login using windows authentication and add it to the sysadmin fixed server role.
Another method is to connect to your SQL Server database with the "NT AUTHORITY\SYSTEM" account. This approach requires you to start SQL Server Management Studio as the system account. After connect, you can create a new login or reset sa password.
Using Enterprise Manager, can't you just go into Logins and add "Administrators" as a Windows Login to the server? Then add the login to the sysadmin role?
If you can't use "Administrators", try "MACHINENAME\Administrators" (obviously substituting MACHINENAME for the actual name).
Sorry I don't have a more definitive answer, I don't really want to try it :)

Resources