SQL 2008 grant permissions for a specific user to query a specific DB DMV ?

Similar Messages

• Remote Desktop Service Manager - configure permissions for Remote Desktop Users to Send Message, Disconnect, Logoff

  Hello, dear colleagues.
  We are using Windows Server 2012 R2 as Remote Desktop Server. Also use Windows Server 2008 R2 with Remote Desktop Service Manager to control RDS user sessions (Send Message, Disconnect, Logoff, Query Info). 
  Send Message, Disconnect, Logoff options works only for users in Administrators group.
  I can't to configure permissions for Remote Desktop Users, specific user or AD group. 
  To set permissions I'm running RDS Host Configuration on Windows Server 2008 R2 and connect to Windows Server 2012 R2. Then double-click
  RDP-Tcp, Security tab, add specific user account , AD group or configure
  advanced permissions
  for Remote Desktop Users.  
  But, as I sad above, these options works only for users in Administrators group. How to make it work for Remote Desktop Users or specific user, AD group?
  Thanks.
  P.S. If move specific user from Remote Desktop Users group to Administrators group on
  Windows Server 2012 R2 - it works. 

  Hi,
  You can prevent administrators from changing the permissions for a connection by applying the
  Do not allow local administrators to customize permissions Group Policy setting. 
  This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
  Apart there is one command with which you can set the permission for that check the related
  article. Additionally checkthis
  thread for more detail.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Granting permissions for JAVA STORED PROCS

  If I imported a java class file as user test and created a stored proc, how can I grant permissions to all the users in the DB? Do I have to grant permissions on JAVA CLASS itself when I load it or Do I have to grant permissions on the Stored proc or Both?
  Any help will be greatly appreciated.
  null

  Note: I can manually add the file with the command -
  loadjava -v -user user/password@sid sqljdbc.jar (pg 261 in Oracle Database Programming using Java and Web Services by Kuassi Mensah)
  Which is what I have done to get this to work. But the question still stands - How do I get the sqljdbc.jar file to be loaded when deployed using the deployment descriptor?
  Thanks, Ken

• Grant read permissions for one new user in db2

  Hello,
  we wish to have one new user in database which only can read in all tables. For the moment i´ve no idea to create this. The command "grant select ...." is not possible for a single user and all tables.
  Regards
  Olaf

  we can   grant select permission for all table through below steps
  1. Run this command on command promt
  db2  "  select ' grant select on table ' ,  tabname, ' to user  username ' from syscat.tables" > filename
  2. Run the above file
  db2 " db2  -vtf filename"
  Thanks & Regards
  BALAJI
  tcs

• Folder permissions for sharing between users on the same machine

  Hello,
  I have several accounts on my MacBook and I want to keep some files private and some files shared with full permissions for everyone.
  OS X standard behavior for the default Users/Shared folder is that everyone has read/write access to the folder, but if you create a new file there, then only the creating user has write access to that file.
  I want to change that folder's behavior so that newly created files can be modified by everyone on default.
  How would I do that?
  Thanks.

  Thanks, your answer helped me a lot. I found an even simpler method which doesn't require any extra applications.
  Open console and navigate to the directory where your share directory is located, e.g. /Users/Share/
  create the desired folder:  mkdir public
  set acl permissions for each user with: chmod +a "username1 allow flag1,flag2, ....." public/
  check permissions with: ls -le
  Example:
  chmod +a "dev allow list, add_file, search, delete, add_subdirectory, delete_child, readattr, writeattr, readextattr, writeextattr, readsecurity, writesecurity, chown, file_inherit, directory_inherit" public/
  This will give the user dev full access to that folder. Any file or directory created inside that folder by the user dev will also inherit the permissions of that folder.
  Also, the advanced permissions override any other permissions. you can test that my making that folder inaccessible with chmod oga-rwx public/ and dev will still be able to access it because of the acl permissions.
  exactly how i wanted it.

• Problem in Granting permissions for Signed Applet

  Hi,
  I have signed my applet with my self generated certificate. The client browser has imported this certificate in his cacerts keystore as trustcacerts. When I grant permission for my client(manually,in the client machine), I have peculiar errors.
  Case 1 : grant codeBase "http://***.XXX.***.XX/-" { permission java.security.AllPermission; };
  This permission works fine. But the client is able to download all applets from the granted machine, including unsigned applets.
  Case 2: grant SignedBy "dcard" codeBase "http://***.XXX.***.XX/-" { permission java.security.AllPermission; };
  If I add the signedBy tag, this particular grant section is completely omitted by the system. That is, the browsers does not recognize the signedBy tag( & its entire grant block) and throws SecurityExceptions for accessing the local machine.
  Please help me to grant permission for the applet coming from a particular source AND signed by a particulr person.
  Thanks in advance,
  Rajesh
  Note : Plug-in is java1.3.0_02. The public certificate is imported as trustcacerts in all cacerts files in system.

  This is the complete Error :
  WARNING: Attempting to use HTTP Firewall Proxy Server
  due to security restrictions: org.omg.CORBA.INTERNAL: Can not find GateKeeper: java.security.AccessControlException: access denied (java.net.SocketPermission localhost:15000 connect,resolve) minor code: 0 completed: No
  org.omg.CORBA.INTERNAL: Can not find GateKeeper: java.security.AccessControlException: access denied (java.net.SocketPermission localhost:15000 connect,resolve) minor code: 0 completed: No
       at com.visigenic.vbroker.gatekeeper.BridgeEx.login(BridgeEx.java:102)
       at com.visigenic.vbroker.gatekeeper.BridgeEx.loginHelper(BridgeEx.java:71)
       at com.visigenic.vbroker.gatekeeper.BridgeEx.bind(BridgeEx.java:200)
       at com.visigenic.vbroker.interceptor.ChainBindInterceptorImpl.bind(ChainBindInterceptorImpl.java:42)
       at com.visigenic.vbroker.orb.ORB.bind(ORB.java:1196)
       at com.visigenic.vbroker.orb.ORB.bind(ORB.java:1361)
       at com.visigenic.vbroker.orb.ORB.bind(ORB.java:1171)
       at com.platform7.persona.acceptor.GacHelper.bind(GacHelper.java:299)
       at com.platform7.persona.acceptor.GacHelper.bind(GacHelper.java:295)
       at GenericApplet.init(GenericApplet.java:40)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  org.omg.CORBA.INTERNAL: Can not find GateKeeper: java.security.AccessControlException: access denied (java.net.SocketPermission localhost:15000 connect,resolve) minor code: 0 completed: No

• Problem of granting permissions for a signed applet

  I'm writing an applet, which needs to
  1. write a file into client file system, then
  2. launch an application to edit this file, then
  3. read the edited content from the file
  Obviously, all the above 3 steps are restricted operations, they are not allowed for an applet by default. So I suppose that if the applet is signed, it will get the additional permissions. And because I want this applet work for both IE and NS browser, I choose to use Java Plug-in.
  But base on the Java 2 Security Tutorial, it seems I can't specify the permissions in the jar. I can only sign my applet, let the end user knows this applet comes from me. And it's the end user's job to run the policytool program, and give the "FilePermission" of "read, write, delete, execute" to the code signed by me(or download from a specific codebase, or both), if they decide to "trust" me.
  I can't imagine how to make the business user understand the Security concept of Java, and ask them to configure their system properly. It's just a mission impossible! So, did I miss some important part in the signning process? Is there such a way which keeps the policy setting for this applet in the signed jar, so the business user only need to click "Grant" to allow it running?
  Thank you very much.
  Kevin Zhang
  P.S. some interesting facts confuse me:
  1. I signed the jar (which I'm not sure if I signed it currectly, I will tell you why later), and converted the <applet> tag to <object> tag for IE. It works, which makes me confused :-) Because I didn't specify the permissions at all, neither in the code nor in the signning process. Should I consider that by default it gives all the permissions?
  2. Same jar file. I use the original <applet> tag on Netscape 6.2, which use java plug-in to handle <applet> tags. This time an AccessControlException is thrown. I can understand that's obviously because of no permission. But both this one and the above one are using same JRE 1.3.1_01 plug-in, why they behave differently?

  Hi Kevin
  I have the exactly the same requirement as yours....
  (1. write a file into client file system, then
  2. launch an application to edit this file, then
  3. read the edited content from the file).
  Plz go thru the following. I signed my applet as follows:-
  makecert -sk exec -n "CN=Hemanth" exec.cer
  cert2spc exec.cer exec.spc
  javac ExecNP.java (ExecNP.java is the applet code. I have given the code of the applet)
  cabarc -s 6144 n exec.cab ExecNP.class
  setreg 1 true
  signcode -j javasign.dll -jp exec.ini -spc exec.spc -k exec exec.cab
  chkjava exec.cab
  Code of ExecNP.java :-
  import com.ms.security.*;
  import com.ms.security.permissions.*;
  import java.lang.Runtime.*;
  public class ExecNP extends java.applet.Applet
  public void init()
       try {
            PolicyEngine.assertPermission(PermissionID.EXEC);
            Runtime.getRuntime().exec("c:\\windows\\notepad.exe");
       } catch(Exception e) {
  Here is the html code :-
  <applet code=ExecNP width=800 height=200> <PARAM NAME='cabbase' VALUE='exec.cab'> </applet>
  When I try to open this html file I get the following exception in the Java Console
  java.lang.UnsatisfiedLinkError: initPolicyEngine
  Please tell me whats wrong.
  Hemanth.

• MacOSX AIR Permissions for non-administrator user folders

  We're making final changes to our installer for PowerPC Macs, which cannot get the fixes in Adobe AIR 2.7.
  What are the ownership AND permissions expected to be for normal Adobe AIR operation in the following user folders?
  ~/Library/Application Support/Adobe/AIR
  ~/Library/Preferences/Macromedia/Flash Player/www.macromedia.com/
  /Users/Shared/Library/Application Support/Adobe
  We would like to know if it is advisable to apply the permissions fixes to user folders other than those under the administrator user. Neither the AIR Install Repair.zip posted on the forums nor the MacOSX Adobe AIR 2.7 Installer logs show that any user folders other than those under the administrator user are modified.
  Thanks for your advice.

  Hi,
  I don't believe you'll need to make adjustments to these folders.  Here's what mine are set to:
  /Users/chris/Library/Application Support/Adobe/AIR
  755 / owner:chris group:chris
  /Users/chris/Library/Preferences/Macromedia/Flash Player/www.macromedia.com
  755 / owner:chris group:chris
  /Users/Shared/Library/Application Support/Adobe
  755 / owner:chris group:wheel
  Fwiw, the reason we had to fix up permissions was due to beta versions of past Creative Suite installers (the shipping installers were corrected.)  As far as I know, the only folders effected were the ones we corrected in the installer and I addressed in the script.
  Thanks,
  Chris

• Setting workgroup backup permissions for server admin user

  I apologize in advance for what is probably a trivial question. At school I have set up a Tiger server on a PPC desktop. Open directory is implemented and managed remotely on my personal desktop machine using Workgroup manager. The local server admin account is different from the remote workgroup manager account. I have been backing up using rsync from my machine by logging in with ssh and the Workgroup manager account. Now I want to use ChronoSync on the server machine to set up a simple incremental backup routine. The problem is that ChronoSync runs under the server admin account which does not have permissions to access the group accounts. What is the best way for me to give the server admin account "global" permissions so it can backup the files and directories that were set up using Workgroup manager?
  iMac Intel Mac OS X (10.4.9)
  iMac Intel   Mac OS X (10.4.9)  

  Hi,
  User Account Control treats members of the Administrators group as standard users.
  With UAC enabled, members of the local Administrators group run with the same access token as standard users. Only when a member of the local Administrators group gives approval can a process use the administrator’s full access token. This process is the
  basis of the principle of Admin Approval Mode.
  When an administrator logs on to Windows Vista or newer, the Local Security Authority (LSA) creates two access tokens. If LSA is notified that the user is a member of the Administrators group, LSA creates the second logon that has the administrator rights
  removed (filtered).
  To work around this issue, use the net use command together with a UNC name to access the network location.
  Programs may be unable to access some network locations after you turn on User Account Control in Windows Vista or newer operating systems
  http://support.microsoft.com/kb/937624
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Default acl permissions for root and user?

  after running permissions i keep getting acl permissions changed and will repair. Apparently it doesn't. Is their a manual way of resetting to defaults for both root and user.

  Turns out they didn't change themselves, but authentication got out of whack. This post fixed it for me, but I just jogged access on ical and blogs. Not sure which or both is needed, but after I toggled them over and back I was up and running again.
  <SNIP>
  Solution found athttp://michaeljin.wordpress.com/2010/01/05/locked-out-of-mac-os-x-server/
  It’s blog update time! Updates have been a little scarce lately, been super busy with getting trophies on PS3
  Anyway, recently encountered the following with a Mac mini server running Snow Leopard Server:
  Despite being able to ARD / Screenshare the Mac mini, I was unable to get any further than the login window. Authentication credentials are obviously valid. No weird access permissions have been set. However, the weird thing was, I can connect to the server via Server Admin tools (from another Mac) and all other services were running without a hitch.
  After much head scratching it turns out to be a sACL (Service Access Control List) issue.
  This thread solved the mystery!
  http://discussions.apple.com/thread.jspa?threadID=1654864
  To save you the trouble, I’ll lay it out here. I cannot take credit for this, but Randall can!
  Open Server Admin on a computer (any), and connect with the local admin to the machine.
  Select the server and authenticate.
  Select Settings, then go to Access. You’ll want to make sure that Login Window and SSH have the local admin account listed if you select the option to “Allow only these users”. For now, I would suggest making sure all services have “Allow all users and groups” selected.
  If (as in my case) it was set to Allow All in the first place, simply toggle the settings – back and forth.
  Save.
  Try logging in again… should be a good one!
  </SNIP>

• SQL Server Agent Permissions for backing up on network share

  I'm new to managing SQL Server and I'm not too familiar on how to get this going. I'm trying to automate a T-SQL script that I got from here:(http://community.spiceworks.com/scripts/show/1511-back-up-all-databases-in-sql-instance-with-one-scr...).I have my SQL server agent enabled already but according to the notes in the script, I need to change my account that I have the SQL server agent to a network account. I'm not too sure how to do this. I'm running SQL Server 2012 (non express)My server is a standalone server and I need to backup the SQL database to a NAS on the network. I created a user account on the NAS already. I tried to run the Maintenance Wizard and do a backup that way but when I try to browse for the network share that's mounted, I don't see it. I know that the account that's running under the SQL server agent doesn't...
  This topic first appeared in the Spiceworks Community

  What you might have missed this past week from the Spiceworks Community, in brief.When JJoyner1985asked if he was"expecting too much from his help desk?" the Spiceworks Community got to talking over the finer points of what a help desk should do and how technically proficient and proactive help desk techs should be. The community then discussed some fresh security problems, the finer points (and rationale) behind free software, how to start an IT career after 30, Lockheed Martin's new open source security tool, Shadow IT, and how different organizations get their users to submit tickets.Am I expecting too much from my help desk?
  Careers– Following the motif ofdiscussions concerning what a sysadmin should know, I want to get some idea from the community regarding how much you would expect your help desk staff to know and do. My help desk...

• SQL 2008 - Create failed for Job 'MaintenancePlan.subplan_1'

  Hi,
  I'm having difficulty with a server set up by a third party. I am unable to save any Maintenance Plans on the server. When I do this I get the error message Create failed for Job 'MaintenancePlan.subplan_1'.
  The plan will run happily if I kick it off as a manual operation.
  I have tried this from priviledged accounts including (after all else failed) the sa account.
  Does anyone know the cause/solution to the bug?
  Pete

  Hi,
  Does the server have SSIS (SQL Server Integration Services) installed? Some versions of SQL require SSIS to be installed for the maintenance plans to work. What service pack and cumulative update do you have?
  Thanks to Tibor -
  http://sqlblog.com/blogs/tibor_karaszi/archive/2009/08/26/do-maintenance-plans-require-ssis.aspx
  Sean Massey | Consultant, iUNITE
  Feel free to contact me through
  My Blog or
  Twitter.
  Please click the Mark as Answer button if a post solves your problem!

• Pre-parsing user-entered query strings

  I'm looking for a robust PL/SQL (or other) script for pre-parsing user-entered query strings, so I can make intermedia work like familiar search engines. (Think Yahoo/Alta Vista.) It has to deal gracefully and intuitively with embedded special characters, boolean constructs, quoted literals, etc.
  Has Oracle released anything like this?

  There's example code in "The Button" download from http://technet.oracle.com/products/intermedia in the file "avquery.java".
  Putting the query directly into ABOUT() also works if you don't need to clean up end-user input.
  null

• SQL 2014 - Group Membership for sysadmin permissions not working

  I am using SQL 2014 on Windows Server 2012 R2 and am running into a permission issue. During the install I specified the local server's Administrators group as well as my specific domain account to have sysadmin privileges. 
  The issue is that accounts that are a member of the local server's administrators group can't even login to SQL Server Management Studio unless they are specifically granted permissions for their account (my domain account works fine as it has a specific
  credential in SQL).
  The log just gives the following error:
  Login failed for user 'domainname\username'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <local machine>]
  Error: 18456, Severity: 14, State: 11.
  I haven't had this issue in previous versions. Is there something that must be done differently in 2014 to grant permissions to groups?

  Hi, something like
  this?
  Bye
  Questo post è fornito "così com'è". Non conferisce garanzie o diritti di alcun tipo. Ricorda di usare la funzione "segna come risposta" per i post che ti hanno aiutato a risolvere il problema e "deseleziona come risposta"
  quando le risposte segnate non sono effettivamente utili. Questo è particolarmente utile per altri utenti che leggono il thread, alla ricerca di soluzioni a problemi similari. ENG: This posting is provided "AS IS" with no warranties, and confers
  no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Can't retrieve folder privileges for a specific user

  I am trying to get the granted privilege for a specified user for a certain folder. I am using the wwsec_api.get_granted_user_privilege function. When I run my code, nothing is ever returned. Here is my code:
  l_priv_varchar := wwsec_api.get_granted_user_privilege(
  p_user_id => 0,
  p_object_type_name => 'FOLDER',
  p_name => '2889');
  p_user_id is from wwsec_person.id$
  p_object_type_name is my object type
  p_name is from wwv_corners.id
  I have looked at the properties of this folder and this user, 0, is set up as the owner. So I am expecting to see 'OWN' returned. I have another user set up to only VIEW the folder and when I put that user's id into the p_user_id parameter I still do not get any return. I can run this same code (with different parameter values) and get the privileges for a 'PAGE', but never for a FOLDER.
  Does anyone have this problem or can tell what I am missing?
  Thanks.
  null

  p_name for a folder is "sitename/parentfolder/foldername". You can see that in the syspriv_name field on the WWV_CORNERS table.