hi again
i have an account with its password
with specific permissions,
i have to deny, then, the access
to the rest of the objects ?
i.e. systems stored proc, tables , etc ?
thanks
atte,
Hernn Castelo
SGA - UTN - FRBA
Depends what you want.
The user will only have access to those objects it is granted so there is no
need to deny.
But if the user is then added to a role which has other permissions (or they
are given to public) it will gain them.
If this is not what you want then you should deny permissions as well.
I usually only deny dbwriter to read only accounts and leave the rest to
gain from granted permissions
"Hernán Castelo" wrote:
> hi again
> i have an account with its password
> with specific permissions,
> i have to deny, then, the access
> to the rest of the objects ?
> i.e. systems stored proc, tables , etc ?
> thanks
>
> --
> atte,
> Hernán Castelo
> SGA - UTN - FRBA
>
>
|||i'm asking because
i entered with a restricted account
and was able to exec SP_HELPTEXT
and i don't wish that
denying dbwriter sounds good,
how can i disable these type of sp's ?
atte,
Hernn Castelo
SGA - UTN - FRBA
"Nigel Rivett" <sqlnr@.hotmail.com> escribi en el mensaje
news:FA87EBFA-AE01-4BDD-8869-E62687DB27FB@.microsoft.com...
> Depends what you want.
> The user will only have access to those objects it is granted so there is
no
> need to deny.
> But if the user is then added to a role which has other permissions (or
they[vbcol=seagreen]
> are given to public) it will gain them.
> If this is not what you want then you should deny permissions as well.
> I usually only deny dbwriter to read only accounts and leave the rest to
> gain from granted permissions
> "Hernn Castelo" wrote:
|||Everyone can see the source code, I'm afraid. Closest you can come is creating the procedures using
the WITH ENCRYPTION option (note however that there exists tools to decrypt...).
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Hernn Castelo" <bajopalabra@.hotmail.com> wrote in message
news:OO0nNnM0EHA.3416@.TK2MSFTNGP09.phx.gbl...
> i'm asking because
> i entered with a restricted account
> and was able to exec SP_HELPTEXT
> and i don't wish that
> denying dbwriter sounds good,
> how can i disable these type of sp's ?
>
> --
> atte,
> Hernn Castelo
> SGA - UTN - FRBA
> "Nigel Rivett" <sqlnr@.hotmail.com> escribi en el mensaje
> news:FA87EBFA-AE01-4BDD-8869-E62687DB27FB@.microsoft.com...
> no
> they
>
Showing posts with label permissions. Show all posts
Showing posts with label permissions. Show all posts
Sunday, March 25, 2012
do i need to deny everything i don't use ?
hi again
i have an account with its password
with specific permissions,
i have to deny, then, the access
to the rest of the objects ?
i.e. systems stored proc, tables , etc ?
thanks
atte,
Hernn Castelo
SGA - UTN - FRBADepends what you want.
The user will only have access to those objects it is granted so there is no
need to deny.
But if the user is then added to a role which has other permissions (or they
are given to public) it will gain them.
If this is not what you want then you should deny permissions as well.
I usually only deny dbwriter to read only accounts and leave the rest to
gain from granted permissions
"Hernán Castelo" wrote:
> hi again
> i have an account with its password
> with specific permissions,
> i have to deny, then, the access
> to the rest of the objects ?
> i.e. systems stored proc, tables , etc ?
> thanks
>
> --
> atte,
> Hernán Castelo
> SGA - UTN - FRBA
>
>|||i'm asking because
i entered with a restricted account
and was able to exec SP_HELPTEXT
and i don't wish that
denying dbwriter sounds good,
how can i disable these type of sp's ?
atte,
Hernn Castelo
SGA - UTN - FRBA
"Nigel Rivett" <sqlnr@.hotmail.com> escribi en el mensaje
news:FA87EBFA-AE01-4BDD-8869-E62687DB27FB@.microsoft.com...
> Depends what you want.
> The user will only have access to those objects it is granted so there is
no
> need to deny.
> But if the user is then added to a role which has other permissions (or
they[vbcol=seagreen]
> are given to public) it will gain them.
> If this is not what you want then you should deny permissions as well.
> I usually only deny dbwriter to read only accounts and leave the rest to
> gain from granted permissions
> "Hernn Castelo" wrote:
>|||Everyone can see the source code, I'm afraid. Closest you can come is creati
ng the procedures using
the WITH ENCRYPTION option (note however that there exists tools to decrypt.
.).
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Hernn Castelo" <bajopalabra@.hotmail.com> wrote in message
news:OO0nNnM0EHA.3416@.TK2MSFTNGP09.phx.gbl...
> i'm asking because
> i entered with a restricted account
> and was able to exec SP_HELPTEXT
> and i don't wish that
> denying dbwriter sounds good,
> how can i disable these type of sp's ?
>
> --
> atte,
> Hernn Castelo
> SGA - UTN - FRBA
> "Nigel Rivett" <sqlnr@.hotmail.com> escribi en el mensaje
> news:FA87EBFA-AE01-4BDD-8869-E62687DB27FB@.microsoft.com...
> no
> they
>
i have an account with its password
with specific permissions,
i have to deny, then, the access
to the rest of the objects ?
i.e. systems stored proc, tables , etc ?
thanks
atte,
Hernn Castelo
SGA - UTN - FRBADepends what you want.
The user will only have access to those objects it is granted so there is no
need to deny.
But if the user is then added to a role which has other permissions (or they
are given to public) it will gain them.
If this is not what you want then you should deny permissions as well.
I usually only deny dbwriter to read only accounts and leave the rest to
gain from granted permissions
"Hernán Castelo" wrote:
> hi again
> i have an account with its password
> with specific permissions,
> i have to deny, then, the access
> to the rest of the objects ?
> i.e. systems stored proc, tables , etc ?
> thanks
>
> --
> atte,
> Hernán Castelo
> SGA - UTN - FRBA
>
>|||i'm asking because
i entered with a restricted account
and was able to exec SP_HELPTEXT
and i don't wish that
denying dbwriter sounds good,
how can i disable these type of sp's ?
atte,
Hernn Castelo
SGA - UTN - FRBA
"Nigel Rivett" <sqlnr@.hotmail.com> escribi en el mensaje
news:FA87EBFA-AE01-4BDD-8869-E62687DB27FB@.microsoft.com...
> Depends what you want.
> The user will only have access to those objects it is granted so there is
no
> need to deny.
> But if the user is then added to a role which has other permissions (or
they[vbcol=seagreen]
> are given to public) it will gain them.
> If this is not what you want then you should deny permissions as well.
> I usually only deny dbwriter to read only accounts and leave the rest to
> gain from granted permissions
> "Hernn Castelo" wrote:
>|||Everyone can see the source code, I'm afraid. Closest you can come is creati
ng the procedures using
the WITH ENCRYPTION option (note however that there exists tools to decrypt.
.).
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Hernn Castelo" <bajopalabra@.hotmail.com> wrote in message
news:OO0nNnM0EHA.3416@.TK2MSFTNGP09.phx.gbl...
> i'm asking because
> i entered with a restricted account
> and was able to exec SP_HELPTEXT
> and i don't wish that
> denying dbwriter sounds good,
> how can i disable these type of sp's ?
>
> --
> atte,
> Hernn Castelo
> SGA - UTN - FRBA
> "Nigel Rivett" <sqlnr@.hotmail.com> escribi en el mensaje
> news:FA87EBFA-AE01-4BDD-8869-E62687DB27FB@.microsoft.com...
> no
> they
>
do i need to deny everything i don't use ?
hi again
i have an account with its password
with specific permissions,
i have to deny, then, the access
to the rest of the objects ?
i.e. systems stored proc, tables , etc ?
thanks
--
atte,
Hernán Castelo
SGA - UTN - FRBADepends what you want.
The user will only have access to those objects it is granted so there is no
need to deny.
But if the user is then added to a role which has other permissions (or they
are given to public) it will gain them.
If this is not what you want then you should deny permissions as well.
I usually only deny dbwriter to read only accounts and leave the rest to
gain from granted permissions
"Hernán Castelo" wrote:
> hi again
> i have an account with its password
> with specific permissions,
> i have to deny, then, the access
> to the rest of the objects ?
> i.e. systems stored proc, tables , etc ?
> thanks
>
> --
> atte,
> Hernán Castelo
> SGA - UTN - FRBA
>
>|||i'm asking because
i entered with a restricted account
and was able to exec SP_HELPTEXT
and i don't wish that
denying dbwriter sounds good,
how can i disable these type of sp's ?
atte,
Hernán Castelo
SGA - UTN - FRBA
"Nigel Rivett" <sqlnr@.hotmail.com> escribió en el mensaje
news:FA87EBFA-AE01-4BDD-8869-E62687DB27FB@.microsoft.com...
> Depends what you want.
> The user will only have access to those objects it is granted so there is
no
> need to deny.
> But if the user is then added to a role which has other permissions (or
they
> are given to public) it will gain them.
> If this is not what you want then you should deny permissions as well.
> I usually only deny dbwriter to read only accounts and leave the rest to
> gain from granted permissions
> "Hernán Castelo" wrote:
> > hi again
> > i have an account with its password
> > with specific permissions,
> > i have to deny, then, the access
> > to the rest of the objects ?
> > i.e. systems stored proc, tables , etc ?
> >
> > thanks
> >
> >
> > --
> > atte,
> > Hernán Castelo
> > SGA - UTN - FRBA
> >
> >
> >|||Everyone can see the source code, I'm afraid. Closest you can come is creating the procedures using
the WITH ENCRYPTION option (note however that there exists tools to decrypt...).
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Hernán Castelo" <bajopalabra@.hotmail.com> wrote in message
news:OO0nNnM0EHA.3416@.TK2MSFTNGP09.phx.gbl...
> i'm asking because
> i entered with a restricted account
> and was able to exec SP_HELPTEXT
> and i don't wish that
> denying dbwriter sounds good,
> how can i disable these type of sp's ?
>
> --
> atte,
> Hernán Castelo
> SGA - UTN - FRBA
> "Nigel Rivett" <sqlnr@.hotmail.com> escribió en el mensaje
> news:FA87EBFA-AE01-4BDD-8869-E62687DB27FB@.microsoft.com...
> > Depends what you want.
> > The user will only have access to those objects it is granted so there is
> no
> > need to deny.
> > But if the user is then added to a role which has other permissions (or
> they
> > are given to public) it will gain them.
> > If this is not what you want then you should deny permissions as well.
> >
> > I usually only deny dbwriter to read only accounts and leave the rest to
> > gain from granted permissions
> >
> > "Hernán Castelo" wrote:
> >
> > > hi again
> > > i have an account with its password
> > > with specific permissions,
> > > i have to deny, then, the access
> > > to the rest of the objects ?
> > > i.e. systems stored proc, tables , etc ?
> > >
> > > thanks
> > >
> > >
> > > --
> > > atte,
> > > Hernán Castelo
> > > SGA - UTN - FRBA
> > >
> > >
> > >
>
i have an account with its password
with specific permissions,
i have to deny, then, the access
to the rest of the objects ?
i.e. systems stored proc, tables , etc ?
thanks
--
atte,
Hernán Castelo
SGA - UTN - FRBADepends what you want.
The user will only have access to those objects it is granted so there is no
need to deny.
But if the user is then added to a role which has other permissions (or they
are given to public) it will gain them.
If this is not what you want then you should deny permissions as well.
I usually only deny dbwriter to read only accounts and leave the rest to
gain from granted permissions
"Hernán Castelo" wrote:
> hi again
> i have an account with its password
> with specific permissions,
> i have to deny, then, the access
> to the rest of the objects ?
> i.e. systems stored proc, tables , etc ?
> thanks
>
> --
> atte,
> Hernán Castelo
> SGA - UTN - FRBA
>
>|||i'm asking because
i entered with a restricted account
and was able to exec SP_HELPTEXT
and i don't wish that
denying dbwriter sounds good,
how can i disable these type of sp's ?
atte,
Hernán Castelo
SGA - UTN - FRBA
"Nigel Rivett" <sqlnr@.hotmail.com> escribió en el mensaje
news:FA87EBFA-AE01-4BDD-8869-E62687DB27FB@.microsoft.com...
> Depends what you want.
> The user will only have access to those objects it is granted so there is
no
> need to deny.
> But if the user is then added to a role which has other permissions (or
they
> are given to public) it will gain them.
> If this is not what you want then you should deny permissions as well.
> I usually only deny dbwriter to read only accounts and leave the rest to
> gain from granted permissions
> "Hernán Castelo" wrote:
> > hi again
> > i have an account with its password
> > with specific permissions,
> > i have to deny, then, the access
> > to the rest of the objects ?
> > i.e. systems stored proc, tables , etc ?
> >
> > thanks
> >
> >
> > --
> > atte,
> > Hernán Castelo
> > SGA - UTN - FRBA
> >
> >
> >|||Everyone can see the source code, I'm afraid. Closest you can come is creating the procedures using
the WITH ENCRYPTION option (note however that there exists tools to decrypt...).
--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Hernán Castelo" <bajopalabra@.hotmail.com> wrote in message
news:OO0nNnM0EHA.3416@.TK2MSFTNGP09.phx.gbl...
> i'm asking because
> i entered with a restricted account
> and was able to exec SP_HELPTEXT
> and i don't wish that
> denying dbwriter sounds good,
> how can i disable these type of sp's ?
>
> --
> atte,
> Hernán Castelo
> SGA - UTN - FRBA
> "Nigel Rivett" <sqlnr@.hotmail.com> escribió en el mensaje
> news:FA87EBFA-AE01-4BDD-8869-E62687DB27FB@.microsoft.com...
> > Depends what you want.
> > The user will only have access to those objects it is granted so there is
> no
> > need to deny.
> > But if the user is then added to a role which has other permissions (or
> they
> > are given to public) it will gain them.
> > If this is not what you want then you should deny permissions as well.
> >
> > I usually only deny dbwriter to read only accounts and leave the rest to
> > gain from granted permissions
> >
> > "Hernán Castelo" wrote:
> >
> > > hi again
> > > i have an account with its password
> > > with specific permissions,
> > > i have to deny, then, the access
> > > to the rest of the objects ?
> > > i.e. systems stored proc, tables , etc ?
> > >
> > > thanks
> > >
> > >
> > > --
> > > atte,
> > > Hernán Castelo
> > > SGA - UTN - FRBA
> > >
> > >
> > >
>
Friday, February 24, 2012
Distribution agent insufficient permissions
Hi,
I am trying implement replication and having problem when creating push subscription to an existing transactional replication publication.
The distribution agent is failing to run its job with the error:
Agent message code 14260. You do not have sufficient permission to run this command. Contact your system administrator.
I followed the http://msdn2.microsoft.com/en-us/library/ms151868.aspx article instructions when I set the distribution agent properties
What did I miss?
The following is the step error message:
Date 1/12/2007 2:30:01 PM
Log Job History (105342-DB3\PROD-MOMA-ArchivedTransactions-105337-DEV2-15)
Step ID 2
Server 105342-DB3\PROD
Job Name 105342-DB3\PROD-MOMA-ArchivedTransactions-105337-DEV2-15
Step Name Run agent.
Duration 00:00:00
Sql Severity 0
Sql Message ID 0
Operator Emailed
Operator Net sent
Operator Paged
Retries Attempted 0
Message
2007-01-12 19:30:01.258 Microsoft SQL Server Replication Agent: distrib
2007-01-12 19:30:01.258
2007-01-12 19:30:01.258 The timestamps prepended to the output lines are expressed in terms of UTC time.
2007-01-12 19:30:01.258 User-specified agent parameter values:
-Subscriber 105337-DEV2
-SubscriberDB MOMA
-Publisher 105342-DB3\PROD
-Distributor 105342-DB3\PROD
-DistributorSecurityMode 1
-Publication ArchivedTransactions
-PublisherDB MOMA
-XJOBID 0x65C41EBC553D96439BAF69E4DC3CC823
-XJOBNAME 105342-DB3\PROD-MOMA-ArchivedTransactions-105337-DEV2-15
-XSTEPID 2
-XSUBSYSTEM Distribution
-XSERVER 105342-DB3\PROD
-XCMDLINE 0
-XCancelEventHandle 00000000000006E8
2007-01-12 19:30:01.258 Startup Delay: 214 (msecs)
2007-01-12 19:30:01.477 Connecting to Distributor '105342-DB3\PROD'
2007-01-12 19:30:01.618 Agent message code 14260. You do not have sufficient permission to run this command. Contact your system administrator.
Can you verify the following?
Distribution Agent for a push subscription
The Windows account under which the agent runs is used when it makes connections to the Distributor. This account must:
At minimum be a member of the db_owner fixed database role in the distribution database.
Be a member of the PAL.
Have read permissions on the snapshot share.
Have read permissions on the installation directory of the OLE DB provider for the Subscriber if the subscription is for a non-SQL Server Subscriber.
|||Hi Gray,
Thank you for interesting in my problem.
As I wrote is my first post, I set all required settings ti the distributor Windows account:
it is db_owner of the distribution database|||
Hi Igor,
This error message should not be related to running executables. It is more like SQL permission issue. I would try to turn on SQL profiler to trace the statement in replication SPs. Then we can find out where the 14260 error message is thrown.
Thanks,
Peng
|||Hi Peng,Thank you for interesting on my problem. It really was related to the SQL rights. Actually, whe I added the distributor user to the db_owner role on the distribution database, the subscription started working properly.
Thank you,
Igor
Friday, February 17, 2012
Distributed transaction error
Hi,
I have written a procedure as below. I'm connected to a remote server server1 with valid
login id and permissions. When I run the procedure, I get the following error.
Server: Msg 7391, Level 16, State 1, Procedure procAddMissingAssociates, Line 09
The operation could not be performed because the OLE DB provider 'SQLOLEDB' does not support
distributed transactions.
[OLE/DB provider returned message: Distributed transaction error]
MSDTC is enabled on both the server, the local as well as the remote ones.
In the example below ASSOCIATE_ID in table2 is a primary key.
Please help,
Thanks
P.C. Vaidyanathan
CREATE PROCEDURE procAddMissingAssociates
AS
DECLARE @.USERID INT
BEGIN
SET TRANSACTION ISOLATION LEVEL repeatable read
BEGIN DISTRIBUTED TRANSACTION
SET XACT_ABORT ON
DECLARE MISSING_CURSOR CURSOR FOR
SELECT USR_ID
FROM SERVER1.DB1.DBO.TABLE1
WHERE USR_ID NOT IN (SELECT COLUMN2
FROM TABLE2)
OPEN MISSING_CURSOR
FETCH FROM MISSING_CURSOR
INTO @.USERID
WHILE (@.@.FETCH_STATUS=0)
BEGIN
INSERT INTO TABLE2 (ASSOCIATE_ID,
REDEEM_POINTS,
UPDATED_DATE)
VALUES (@.USERID,
0,
GETDATE())
FETCH NEXT FROM MISSING_CURSOR
INTO @.USERID
END
CLOSE MISSING_CURSOR
DEALLOCATE MISSING_CURSOR
COMMIT TRANSACTION
END
GOif your servers connect to each other trough the Firewall, check that all necessary ports are open in both directions. As usually it is 1433 and 134|||SERVER1.DB1.DBO.TABLE1
are both sql servers on the same network and starting as the same user? how are you authenticating with server1? linked server?
the above post is right, if you are on seperate networks, you'll need to have access to the other machine thru the firewall.
if you cant/dont want to setup a linked server, you can also use OPENROWSET in an encrypted view.
if thats not the problem.. from another forum
"To work around this problem, set XACT_ABORT to ON before the transaction. This causes SQL Server to terminate the surrounding transaction when an error occurs while processing the data modification statement. If SET XACT_ABORT is ON, SQL Server does not require nested transaction support from the OLE DB Provider. "
Also, try the following:
http://dbforums.com/t361216.html
I have written a procedure as below. I'm connected to a remote server server1 with valid
login id and permissions. When I run the procedure, I get the following error.
Server: Msg 7391, Level 16, State 1, Procedure procAddMissingAssociates, Line 09
The operation could not be performed because the OLE DB provider 'SQLOLEDB' does not support
distributed transactions.
[OLE/DB provider returned message: Distributed transaction error]
MSDTC is enabled on both the server, the local as well as the remote ones.
In the example below ASSOCIATE_ID in table2 is a primary key.
Please help,
Thanks
P.C. Vaidyanathan
CREATE PROCEDURE procAddMissingAssociates
AS
DECLARE @.USERID INT
BEGIN
SET TRANSACTION ISOLATION LEVEL repeatable read
BEGIN DISTRIBUTED TRANSACTION
SET XACT_ABORT ON
DECLARE MISSING_CURSOR CURSOR FOR
SELECT USR_ID
FROM SERVER1.DB1.DBO.TABLE1
WHERE USR_ID NOT IN (SELECT COLUMN2
FROM TABLE2)
OPEN MISSING_CURSOR
FETCH FROM MISSING_CURSOR
INTO @.USERID
WHILE (@.@.FETCH_STATUS=0)
BEGIN
INSERT INTO TABLE2 (ASSOCIATE_ID,
REDEEM_POINTS,
UPDATED_DATE)
VALUES (@.USERID,
0,
GETDATE())
FETCH NEXT FROM MISSING_CURSOR
INTO @.USERID
END
CLOSE MISSING_CURSOR
DEALLOCATE MISSING_CURSOR
COMMIT TRANSACTION
END
GOif your servers connect to each other trough the Firewall, check that all necessary ports are open in both directions. As usually it is 1433 and 134|||SERVER1.DB1.DBO.TABLE1
are both sql servers on the same network and starting as the same user? how are you authenticating with server1? linked server?
the above post is right, if you are on seperate networks, you'll need to have access to the other machine thru the firewall.
if you cant/dont want to setup a linked server, you can also use OPENROWSET in an encrypted view.
if thats not the problem.. from another forum
"To work around this problem, set XACT_ABORT to ON before the transaction. This causes SQL Server to terminate the surrounding transaction when an error occurs while processing the data modification statement. If SET XACT_ABORT is ON, SQL Server does not require nested transaction support from the OLE DB Provider. "
Also, try the following:
http://dbforums.com/t361216.html
Subscribe to:
Posts (Atom)