Quantcast
Channel: SQL Server Security forum
Viewing all 3042 articles
Browse latest View live

Error throw when taking Backup on Network Drive (Share folder with Full Permission to Everyone)

March 13, 2016, 12:36 am
$
0
0

Hello ,

I am using SQL Server 2012. I want to take Backup on Shared Folder Which has full permission to Everyone User. When i take backup by using following code 

backup database LZ725001 TO DISK='\\DEV3\ON\LZ725001.BAK' WITH FORMAT;

Error Throw : Msg 3201, Level 16, State 1, Line 1
Cannot open backup device '\\DEV3\ON\LZ725001.BAK'. Operating system error 5(Access is denied.).
Msg 3013, Level 16, State 1, Line 1
BACKUP DATABASE is terminating abnormally.

But in Same Folder I can Export My Report (Excel File, Word File , PDF File ) easily without any ERROR. 

Please suggest me what is the problem.

Thanks in Advance

Prem Shah

Prem Shah

Search

Same SQL Logins SID and name relationship on all SQL servers

March 15, 2016, 4:07 am
$
0
0

Hi,

we are looking at the possibility to equalize SQL Logins SIDs and names across all SQL servers I mean that some login name and SID for that particular login name would be sameacross all SQL servers. 

To work on this we plan take one SQL server as a template for logins' names and SIDs, and recreate logins on other servers with same names and SIDs relationship.

Any issues could be caused by this? Is this supported by Microsoft?

Thanks

What permissions required for SSMS Reports

April 10, 2008, 10:28 am
$
0
0

 

Good Afternoon All:

 

We have a SQL2K5 SP2 (x64) in active/passive cluster running an ERP application database.

I have users in remote office who are requesting the ability to run the "standard reports" from SSMS such as Disk Usage, Disk Usage by Table and so on.  The user in question has AD account within the instance with db_datareader role.

 

What other database or server defined role is required to allow this user to launch and view the standard reports from SSMS?

 

Thanks!

SQL 2014: login failed for user after upgrading to SQL Server 2014 and converting to VS2013

March 15, 2016, 2:31 pm
$
0
0

Hello Community

    I had a VS2008 app and converted the app to VS2013 that accessed a SQL Server 2008 database that is now a
SQL Server 2014 database.

    All the users are still the same and all old applications connections to the database are the same and still work.

    The problems is I had to modify an app to call a new app I created in the same project as well as add a couple of new
columns to the table that the app accesses, but now when I run the app that I modified that access the the other app
that I wrote which access the same table it use to access except I added 2 new columns to the table an error comes up stating:

       " Unhandled exception has occurred in your application. If youj click continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately. Login failed for user <DomainName\UserName>"

     My question is since all I did was modify the app and create a new app for it to call the same database it had been calling,
why am I getting this error since I am now running VS2013 and SQL Server 2014?

    Note: Am I supposed to recreate all users again and give all of them permissions all over again?

    Thank you
    Shabeaut

Login failed for user

March 16, 2016, 10:55 am
$
0
0

Hello Community

    I had a system composed of VS2008 an SQL Server 2008.

    Some time later I installed VS2013 and SQL2014.

   Since VS2008 existed first, all I did was open the SQL2008 database with
SQL2014 and have been using SQL2014 ever since and converted the VS2008 app to VS2014.

    One thing I forgot to mention which may or may not make a difference is that
I backed up the SQL2014 database and copied it to the test computer and restored the SQL database
to the test computer and  ran the apps and added the 2 columns to the tables on the
test computer.

   I also I forgot to mention in this question is that only when the users run
the app against the database does the Login failed for user <DomainName\UserName>
error appear.  But I have no problem running the same app that the users run
whether I run it from the test computer or production but the users get the
Login failed for user <DomainName\UserName> no matter where they try to run it from (
they used to be able to run the app that reads the table in production)!

    So the question is actually why do the users get the Login failed for user <DomainName\UserName>
no matter where they run it from but I don't get the error at all ?

Note: If I log onto the SQL Server as the user I can run a query from the database but when I run the
app as the user I get that Login failed for user <DomainName\UserName>

    Shabeaut

Microsoft SQL Server Error 18456 Severity 14 State 1

June 19, 2007, 9:22 am
$
0
0
I can't seem to connect to our local instance of Microsoft SQL Server. I obtained the followinf infrotmation from the error log and I can't find anything in regards to Severity 14 and state 1. If anyone has any information in regards to this it would be much appreciated. Thanks in advance!

===================================

Cannot connect to 10.1.0.191.

===================================

Login failed for user 'kbober'. (.Net SqlClient Data Provider)

------------------------------
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476

------------------------------
Server Name: 10.1.0.191
Error Number: 18456
Severity: 14
State: 1


------------------------------
Program Location:

   at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)
   at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)
   at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
   at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
   at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup)
   at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
   at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
   at System.Data.SqlClient.SqlConnection.Open()
   at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.ObjectExplorer.ValidateConnection(UIConnectionInfo ci, IServerType server)
   at Microsoft.SqlServer.Management.UI.ConnectionDlg.Connector.ConnectionThreadUser()

execute as user/login = 'domain\username' is not working in the stored procedure

March 17, 2016, 6:37 am
$
0
0

Hello :

We have to create a stored procedure which should execute a select statement on a table depending on the user rights given at column level.   

We have used execute as user/login clause in the stored procedure, but

executeasuser/login ='domain\username' is not working in the stored procedure.

 

Table name : data_011

 

ID

Name

Pwd

DummyName

DummyPwd

1

John

1234#

Emp_01

Pwd_01

2

Bill

Password$$

Emp_02

Pwd_02

3

Will

explain%

Emp_03

Pwd_23

4

Sarah

dataentry!

Emp_05

Pwd_034

5

Jane

livelife

Emp_06

Pwd_456

6

Mike

gudbye

Emp_09

Pwd_012

7

ABC

chcekout@

Emp_07

Pwd_23

8

ABCD

Helloworld

Emp_22

Pwd_23

 

CREATEPROCEDURE [dbo].[sp_decrypt_dataccess]

@usernamenvarchar(500)

AS

BEGIN

executeasuser = @username

             BEGINTRY

                    print @username

                    select* from Data_011

 

             ENDTRY

             BEGINCATCH

               if@@error<> 0

                      begin

                    print @username

                    select ID,DummyName,DummyPwdfrom data_011

 

                      end

             ENDCATCH

END;

  1. This table contains details of employees and their passwords.
  2. SP Mechanism :

One domain user i.e. domain\test1  is created with deny access to dummyname and dummypwd columns.

As the username is  passed to the stored procedure through the following command :

exec [sp_decrypt_dataccess] 'domain\test1'

It should go to the execute as line and run as per the permissions of  the test1 user.

When test1 user  tries to do “select*”  on this table the statement should fail and go to the catch block.

                i.e. output should be

ID

DummyName

DummyPwd

1

Emp_01

Pwd_01

2

Emp_02

Pwd_02

3

Emp_03

Pwd_23

4

Emp_05

Pwd_034

5

Emp_06

Pwd_456

6

Emp_09

Pwd_012

7

Emp_07

Pwd_23

8

Emp_22

Pwd_23

               

But it doesn’t go the catch block and allows the select * for the user test1 although the deny permissions are given on the dummyname and dummypwd columns.

Test1 user  is Member of

Server level role               :               public

Database level role         :               public, db_reader, column_level_perm (defined role for column level permissions )

 

But when I run the same code outside the stored procedure in debug mode with execute as user/login it works.

       BEGIN

executeasuser\login ='domain\test1'

 

                    BEGINTRY

                          select* from Data_011

 

                    ENDTRY

                    BEGINCATCH

                           if@@error<> 0

                           begin

                                 select ID,DummyName,DummyPwdfrom data_011

                            end

                    ENDCATCH

       END

 

Pl help in finding the solution.

The database AAAAA is not accessible. (ObjectExplorer)

March 17, 2016, 3:55 am
$
0
0
===================================

The database AAAAA is not accessible. (ObjectExplorer)

------------------------------
Program Location:

   at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.DatabaseNavigableItem.get_CanGetChildren()
   at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItem.RequestChildren(IGetChildrenRequest request)
   at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.ExplorerHierarchyNode.BuildChildren(WaitHandle quitEvent)
Search

Connecting to a SQL Server in a network via Command Line and Windows Authentication From RedHat Enterprise Linux Server 6.7

March 18, 2016, 7:22 am
$
0
0
sqlcmd -S "ServerName\\InstanceName,PortNumber" -d "DatabaseName" -E
qlcmd: Error: Microsoft ODBC Driver 11 for SQL Server : Cannot generate SSPI context.
Sqlcmd: Error: Microsoft ODBC Driver 11 for SQL  SSPI Provider Cannot contact any KDC for realm Cannot contact any KDC for realm 'XX.XXX.XXXX.COM'

Grant Security to everone

March 18, 2016, 7:40 am
$
0
0

I have sql server 2008. Data is protected by integrated security.

If an unauthorized person tries my application I would like to log that in the database.

I created a Schema 'All' and I tried

grant execute on schema::[ALL] to everyone

But that does not work?

What am I doing wrong?

Certified Geek

how to disable sql server clone instance?

March 17, 2016, 6:52 pm
$
0
0

Hi Team,

Please help me to  disable sql server clone instance on server.

Thanks,

Seetha Ram

Hide database names from unauthroized users in SSMS

September 26, 2006, 10:32 am
$
0
0

If a user is not authorized to see a database can I exclude that database from even appearing in Management Studio for that user

 

TIA,

 

Barkingdog

 

 

Masking and/or obfuscate data columns

March 21, 2016, 12:15 pm
$
0
0

We have a production database that contains sensitive data that we need to restrict access to. Twice monthly we take a copy of production and push it down to Testing and dev environments to be worked on.  For legal reasons we need to either mask sensitive data or encrypt it so the dev environment works for our developers yet hides the data.  I have looked at a couple of tools one from RedGate and one from a company called datamasking.com.  As I was searching I ran across DDM for SQL Server 2016 and was wondering if there was a way to do that in 2012 too?  

If this is not possible, then does anyone have any suggestions and/or tools they would suggest to use?  Ideally we need to run this download and masking operation in our batch file that is launched from our build server.  We can product a CSV or XML file that would give the table/column/type to do the masking. 

Any and all comments are welcome and I do appreciate your time.


Thanks

 

How to get alerts when new logins are added to sa role?

July 27, 2013, 6:24 pm
$
0
0

Hi ,

Can some one help me on the below requirement

I need to get notified with an alert when new login has been added to SA role.

I have some ideas to use sp_sendmail . Please assist me

regards,
team

-

SQL Server Error 258

March 22, 2016, 6:23 am
$
0
0

Hi Everyone,

Please check the below screenshot once, One of my client getting this error he was unable to connect to the server.

As I checked TCPIP protocol was enabled and i'm able to access the server as well but the guy getting below error message.

Please suggest me how to troubleshoot this issue..Thanks in advance!

Regards

V

DBA

Search

No proxies for T-SQL

July 20, 2015, 8:00 am
$
0
0

Hi, 

I want to run a SQL Agent step as a different user than the one used by the Agent service.  I thought that I would create a new credential and then have a proxy use it, however there are none for just plain old SQL.  This is a SQL 2014 Enterprise instance. 

The reason for this is that I the Windows login that is used by the Agent service is not defined as a login in the database, I don;t want to therefore add it in as a user with restrictive rights it case it impacts on other jobs.  

What is the easiest way of have a single job step run under a different Login? 

Query Active Directory from SQL Server

March 23, 2016, 9:51 am
$
0
0

Hello Forum

Is there a way to query Active Directory from SQL Server?  Essentially I'm trying to develop a process where once a month I compile a list of AD Logins/Database Users to a central point, and then scan AD to see if the Logins still exist.

Please click "Mark As Answer" if my post helped. Tony C.

login access

March 23, 2016, 3:15 pm
$
0
0

I have a user "xxx" that is the owner of my application schema. When I execute a select statement in the MS SQL Server Management Studio, I get all the existing records. However, when I start the application and login with the same user "xxx", upon query, I'm just getting 1 record.

Thanks in advance for help.

Best Regards,

Ahmad

SQL server 2012 Cumulative Update offers TWO

November 5, 2015, 9:17 am
$
0
0

SQL Server 2012 by default ONLY support TLS1.0 which is phased out by PCI standards.

KB 3052468 located at https://support.microsoft.com/en-us/kb/3052468 supposedly provides the hotfix for this.  However, if you request the hotfix, two different hotfixes are offered:

2012_SP2_SNAC_CU6_3052468_11_0_5592_x64/11.0.5592.0/free/484541_intl_x64_zip.exe

and / OR

SQLServer2012_SP2_CU6_3052468_11_0_5592_/11.0.5592.0/free/484539_intl_x64_zip.exe

Which is the right one?

Thank you in Advance.

Encryption options available and which one to choose

March 24, 2016, 9:04 am
$
0
0

Hi,

We will be creating a new database that stored data which has some sensitive data like SSNs. We need to encrypt data. We are not yet sure at rest OR on move. We are with SQL Server 2012.

I need to research and come up with options available and Pros and Cons of using each mechanism and availability of them in each version of 2012, 2014 and 2016. I have come up with table like this.

Mechanism

SQL Server 2012

SQL Server 2014

SQL Server 2016

Transact SQL Functions

ü

(standard, Enterprise, Development)

ü

(standard, Enterprise, Development)

Not sure

Certificates

ü

(standard, Enterprise, Development)

ü

(standard, Enterprise, Development)

ü

(standard, Enterprise, Development)

Symmetric Keys

ü

(standard, Enterprise, Development)

Not sure

Not sure

Asymmetric Keys

ü

(standard, Enterprise, Development)

Not sure

Not sure

Transparent Data Encryption (TDE)

ü (Enterprise,Development)

ü

( Enterprise, Development)

ü

(Enterprise, Development)

Column Level Encryption

ü

(standard, Enterprise, Development)

ü

(standard, Enterprise, Development)

ü

(standard, Enterprise, Development)

Encrypting File System

ü

(standard, Enterprise, Development)

Not sure

Not sure

Bit Locker

ü

(standard, Enterprise, Development)

Not sure

Not sure

Always On

NO

Not sure

ü (which edition)

  • I would like to know about 'Not Sure' features. Are they available in those versions.
  • Are there any other mechanisms. I am aware of connections between db and client need to be secured and if we use TDE, data will be in plain text in memory and need to be taken care of when sending to client.
  • What are the best industry standard options.

Thanks

Spunny

Viewing all 3042 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>