Deny Alter permissions to a table

Hello,
I want to deny alter permissions and permissions to insert, update and delete to a specific table to the users in our team. All the users should have only the select permission. I am using the statement for denying the delete permissions as
DENY DELETE ON OBJECT::dbo.Table_To_Deny TO ABCD\UserName;
This is throwing an error as Incorrect syntax near '\'. I also tried just by putting username but no luck. I have no option to put the table in seperate readonly database.
Please help.
Thanks

Why DENY?  Users don't have permissions until you grant them.  Just don't grant these users permissions to do things they shouldn't do.
Your syntax is invalid because of the '\', exactly as the error states.  The deny would look something like
deny delete on [SchemaName].[TableName] to [userName]
David
David http://blogs.msdn.com/b/dbrowne/

Similar Messages

  • Need differentiated support for "deny" vs "permit" in NX-OS QoS ACLs

    Does anyone know if a later version of NX-OS will be able to differentiate between "deny" vs "permit" in NX-OS QoS ACLs? The NX-OS QoS  documentation states that the permit and deny keywords are ignored for the purposes of matching in QoS class-maps.
    Here is the recent Cisco references.
    http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/qos/configuration/guide/classification.html#wp1124010
    and
    http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/qos/513_n2_1/b_Cisco_Nexus_5000_QoS_Config_Guide_513_N2_1_chapter_010.html#task_1135158
    I tested the N7K, and it does indeed ignore the
    permit and deny keywords. (DIscussion here, if you are interested...Deny Equals Permit in NX-OS QoS ACLs
    The impact - for QoS class-maps, both the deny and permit statements in the example below are matched:
    ip access-list test
      permit any 10.0.1.0 0.0.0.255
      deny ip any any
    This behavior does not follow what happens on 6500s and other IOS devices.

    Jerry -
    Any idea why? This breaks the ability to use moderately complex ACLs. For example - how would you configure scavenger class traffic to ignore some traffic, and mark other?
    Carole

  • Altered Permissions in users home folder

    Help! I seem to have screwed up my friend's installation of 10.3.9 by messing up file/folder access privileges in her home folder. I was helping her to get some work done and now I have created a monster...
    Briefly
    Access permissions on her whole Home Folder (the Admin account) seem to all be set to another user's permissions (not Admin) and I haven't been able to reset them all recursively using Get Info. I have had partial success but some things refuse to run.
    Before I run BatchMod on her whole home folder, is there anything I should beware of? I have seen similar but not identical problems here. More details below:
    What Happened
    In order to run some Leopard-only Apps on her TiBook G4 I booted from my external drive running 10.4.9 and all went smoothly until I needed to access files on her user account's Desktop (located at MacHD/Users/Her_Username/desktop) but didn't have permission. So I altered permissions for the desktop folder (and applied to underlying folders) with Get Info as the Admin running 10.4 from the Firewire drive...
    So far, so good, but when it came to restoring her access permissions, I coudn't see her Account name on the dropdown menu as it is not a user on the system I was running via the Firewire drive. So I restarted from her hard drive and, so far as I am aware, restored the Ownership and Permissions for her desktop and all files on it back to her Username.
    However...
    After restarting, her whole Home folder (i.e. not just the desktop folder) seems to belong to the other user account on her Laptop even though it still sits in her User folder. Loads of Apps have problems or won't run at all because they cannot access caches, plists and other data in her Library.
    Spookily, the trash is empty and stays that way - anything I trash vanishes for ever after a warning dialogue. Also, many apps think they are running for the first time, even though I have restored permissions within preferences. And Firefox refuses to run because it says there is another copy already running on the machine - which there isn't.
    The good news is that the System folder and other users are unaffected, though it is a mystery how the permissions got changed in her whole home folder (right the way down) to the name of another user. I'm not normally that stupid - and if I can do it one way, why can't I redo it the other way? Could I have provoked the system into throwing a tantrum?
    I have manually restored lots of things but have now decided on Batch Mod to save time (and sanity). I presume there will be invisible files that need changing to allow access to the trash and various registration data etc - can I do this with BatchMod and can I safely apply BatchMod to the whole Home Folder?
    Help please!
    Gaberdine

    Thanks, Niel
    I shall do that as soon as I get the chance (after backing up what I can just to be safe).
    FWIW I no longer think I am the responsible for all the changed access permissions because preferences (eg Dock), favourites and cookies seem to have been copied from the other user account too! For instance, the BBC homepage thinks she lives in a different part of England (as per the other User Account)!
    This is weird; I suspect the software that apparently caused freezes and hangs - and some permissions error messages - under 10.3.9 (hence my booting from the firewire drive in 10.4) is actually responsible for messing things up.
    Makes me feel kinda better but it's still me thats gotta sort it out...

  • Alter a BAPI Result Table, how to get into the display "loop" ?

    Hello all,
    i have a problem regarding the result rows of a RFC/BAPI Call.
    There are three views, let's say 1,2,3. In View 1, i call a BAPI, and display the results in a table in View 2. I added a button in each row, which calls View 3 and displays some details concerning the selected row.
    I now want to store a flag for each row, that has been displayed in this way.
    In View 3 i store the key value of the displayed row in an own value node in the context.
    When i go back from View 3 to View 2, i want to see that flag (in an extra column) in every row, that has been selected in this session.
    So i do not know, how to alter a single row in the BAPI result table, how to get into the "loop" that is used by WD to display the table.
    already tried a supply function, but i was not able to alter single rows.
    Any suggestions/tips or perhaps code fragments of working supply functions ?
    Thank you !

    Hello,
    I'm not sure whether I understood your problem correctly, but I will try to give an answer.
    The easiest way I see is to copy the RFC Results to a Component Controller Context structure with an additional Flag field. You can use WDCopyService for copying.
    Then on the event of selecting you set your flag as appropriate for you (e.g. if you want to use an image as flag you set the Image path) on the current element of your table. Then display View 3.
    On going back View 2 should show now the new flag values...
    The trick is to copy the values (as at Time structures can not be expandend with new fields) and set the Flag on the onSelect event.
    Hope this helps,
    Frank

  • Group Permissions using External Table

    I have a problem with using an external table for user group permissions.
    I am using OBI authentication but need to use an external table to manage the user’s group permissions. I created two RPD groups, GROUP1 and GROUP2. GROUP1 has access to TABLE1. GROUP2 has access to TABLE2. I created the initialization block with the following SQL:
    Select ‘GROUP’, groupname from groups_tab where username = ‘:USER’
    I also turned on row-wise initialization.
    I created a user, USER1, with access to both RPD groups. I also created corresponding Catalog Group (Settings  Administration  Manage Presentation Catalog Groups and Users  Create a new Catalog Group). I have two dashboard pages PAGE1 and PAGE2. GROUP1 has access to PAGE1 and GROUP2 has access to PAGE2. When I log in as USER1, I have a quick test on the My Dashboard page that displays the GROUP session variable (@{biServer.variables[‘NQ_SESSION.GROUP’]}). The variable displays that USER1 belongs to GROUP1; GROUP2. I still cannot see the dashboard pages PAGE1 and PAGE2. When I go to Answers I cannot see TABLE1 or TABLE2.
    Obviously, I must be missing a step somewhere. Any ideas?
    I have tried the Rittman Mead post (http://www.rittmanmead.com/2007/05/21/using-initialization-blocks-with-ldap-and-database-queries-to-control-authentication-and-authorization/) and I am still not getting the right results.
    Edited by: Canz on Feb 25, 2009 4:39 PM

    It's likely to be a permissioning setup issue rather than your Init Block setup which seems to be working. Start by granting your test user full permissions on the object you want and then start removing them gradually to see where you don't see the dashboard any more. I think you might be missing a Traverse privilege in your dashboard shared folders but I can't check all the possible conditions with seeing your web catalog. Also check the case of your Web Catalog groups and the ones you populate on the Init block.

  • Permissions disappearing from tables and views in SQL Management Studio

    As a CRM person, I sometimes have to update the database to cope with custom reports that I have written. Usually, I will
    Go into SQL Server Management Studio 2008
    Open the database
    Locate either the table or the view
    Right click on permissions
    Add in the role or user that's needed
    Grant them Select permissions
    This allows the report in CRM to access the database and this works.
    The problem I have is that after a certain amount of time, the user or role will disappear from the permissions meaning that the report will not run. Sometimes, this can be as soon as a couple of days or it can be months. It happens on views more than tables
    and, whilst it's not too difficult to put the permissions back, it is annoying for the users.
    I don't use SQL Server Management Studio very regularly, only to write a few queries and set up these permissions so I'm not sure if there's anything else in there that might be doing this. All suggestions would be very welcome.
    Thanks.

    Sounds like some process is removing/resetting permissions periodically
    if you are using enterprise edition you could try to catch this using auditing
    http://technet.microsoft.com/en-us/library/dd392015%28v=sql.100%29.aspx
    otherwise you would need some other custom tracing mechanism (SQL Trace, Extended Events, catching statements.. not fun)
    Andreas Wolter (Blog |
    Twitter)
    MCM - Microsoft Certified Master SQL Server 2008
    MCSM - Microsoft Certified Solutions Master Data Platform, SQL Server 2012
    www.andreas-wolter.com |
    www.SarpedonQualityLab.com

  • Should we use triggers to deny alter access to views?

    hello all - the requirement is let a group access all the views in the schema but not be able to alter, delete views or stored procedures or functions. what is the best way to do this? thanks in advance...

    It is three step process
    --Step 1 Create database role
    CREATE
    ROLE [view_access]
    GO
    --Step2 Write a store procedure to grant all the views to that role, in this example I gave for Stored Procedure
    --You can change appropriately
    USE
    [master]
    GO
    CREATE
    PROCEDURE [dbo].[sp_GrantAllviews]
    @user sysname,
    @DB varchar(30)
    AS
    SET
    NOCOUNT ON
    -- 1 - Variable declarations
    DECLARE
    @CMD1 varchar(8000)
    DECLARE
    @MAXOID int
    DECLARE
    @OwnerName varchar(128)
    DECLARE
    @ObjectName varchar(128)
    -- 2 - Create temporary table
    CREATE
    TABLE #StoredProcedures
    (OID
    int IDENTITY (1,1),
    StoredProcOwner
    varchar(128)
    NOT NULL,
    StoredProcName
    varchar(128)
    NOT NULL)
    SET
    @CMD1 =
    'SELECT ROUTINE_SCHEMA, ROUTINE_NAME FROM [' +
    @DB +
    '].INFORMATION_SCHEMA.ROUTINES WHERE NOT(ISNULL(ROUTINE_TYPE,'''') = ''FUNCTION'' AND ISNULL(DATA_TYPE,'''') = ''TABLE'') AND ROUTINE_NAME NOT LIKE ''dt_%'''
    INSERT
    INTO #StoredProcedures
    (StoredProcOwner,
    StoredProcName)
    EXEC(@CMD1)
    -- 4 - Capture the @MAXOID value
    SELECT
    @MAXOID =
    MAX(OID)
    FROM #StoredProcedures
    -- 5 - WHILE loop
    WHILE
    @MAXOID > 0
    BEGIN
    -- 6 - Initialize the variables
    SELECT
    @OwnerName =
    StoredProcOwner,
    @ObjectName
    = StoredProcName
    FROM
    #StoredProcedures
    WHERE
    OID =
    @MAXOID AND StoredProcName
    not like
    'sp_%' AND StoredProcName
    not like
    'xp_%'
    -- 7 - Build the string
    SELECT @CMD1
    = 'USE ['
    + @DB +
    '];GRANT EXEC ON ' +
    '[' +
    @OwnerName + ']'
    + '.'
    + '[' +
    @ObjectName +
    ']' +
    ' TO ' + @user
    SELECT @CMD1
    -- 8 - Execute the string
    SELECT @CMD1
    EXEC(@CMD1)
    -- 9 - Decrement @MAXOID
    SET
    @MAXOID =
    @MAXOID - 1
    END
    -- 10 - Drop the temporary table
    DROP
    TABLE #StoredProcedures
    SET
    NOCOUNT OFF
    GO
    --Step 3 Assign the user to this role.

  • Access denied when trying to show table in jsp fragment?

    I've had one page which has been groving obese over time.
    Now I've started to split out parts into jsp fragments using f:subview
                      <f:subview id="frontStoreSupport">
                        <jsp:include page="/frontStoreSupport.jsff"/>
                      </f:subview> The new jsp fragment (frontStoreSupport.jsff in this case) has it's own frontStoreSupportPageDef.xml which contains the binding entries I use in the page.
    My problem is that ADF Read Only table's on this page get an "Access denied." where the content is supposed to go, despite the fact that they worked fine
    in the original page.
    I've been into the Application > Security > Resource grants and added view to my application role, exactly like it was set up in the first page..
    Any hints here would be greatly apprichiated
    Regards
    Baue

    Ok, realized what the problem was - apparently, when using ADF components in a fragment, you need to add the datacontrol to the fragments page-definition file AND to the parent jsp:s page-definition file!

  • Clients can't save to the server, access denied no permissions, how to give permission?

    I set up my school lab with an xserv 10.6.8. Everything was fine in terms of the users logging in to their respective groups. However, they weren't able to save anything to the server , they had access denied errors or you don't have permissions, even the keychain app was giving the users an error that said it couldn't save  to reset to default values. Anyhow, I tried using the Server Admin application to propagate permissions, selected the hard drives and propagated permissions by clicking all the selections in the dialog. Now, the server wont start and only shows the grey Apple and the spinning gear, please help, I am so frustrated, I was so close to have this server running. All I want is to be able to have the students in my school log in to the server from the computer lab and save their work on the server. Simple service, I have running AFP, OD, DNS and SMB. I don't knowe if SMB is neccesary either.

    Yes, I created the users using WGM home tab and then clicking on the create home now and then save. No, I didn't use terminal with the command, maybe that's one of the things I needed to do so that the problems with permissions wouldn't show. I used the secondary HD to create the sharepoint folder "Users" and that's the folder I used when creating the home directory for that specific part of the setup. My setup is pretty simple, I just want a Groups folder(sharepoint) where I can store the diffrent grades or classes that come to my lab and I have a "Users" folder(sharepoint) where the kids can use to login and save their work. Later, I may add another folder to place videos so that the folder can mount when they log in and all they have to do is go to the folder and double click on the video. Can you ellaborate more on how to use the command with terminal? Would the "a" be the name of the sharepoint? I created the folders using Server Admin, I believe that clicking on the sharepoint button, there is another button that says "new", would that be the correct way to do it? When I get back to school tomorrw I will post more specifics on the way that I setup the server and maybe it will give you a better picture of how I did it.
    I really appreciate your assistance, I am trying to use the limited knowledge I have to setup this lab which will enable me to do a lot of things with the kids and make their lives easier, so they don't have to bring flash drives to save their work. Thanks again for your time!

  • Safari access to webmail denied by permissions ?

    Since upgrading my IOS, I cannot access my webmail in Safari.  My webmail server says 'access denied as I do not have the right permissions' ?

    Hi Alfred, sorry, I replied to my message.  I am not sure exactly what you mean ?  The kids iPad Minis and my laptop (Win7) all work ok off the same hub.  When I try to logon to my web mail through Safari... I access the webmail login screen, put in my User Id, PW and press login, the message returned is... "you do not have the permissions required to access this website.  Please contact the website administrator"
    It used to work fine until I updated the IOS, then it worked a couple of times after I cleared the cookies, but now it does not access the webmail at all.
    hope this helps.

  • Hello! Want to programatically alter the Report.Database.Tables info

    Post Author: RobotSlave
    CA Forum: .NET
    Crystal Reports 2008    CFK0Y-KVURM2M-00UFAFF-N43MCrystal Reports 2008 for Visual StudioMicrosoft Visual Studio 2005Version 8.0.50727.762  (SP.050727-7600)Microsoft .NET FrameworkVersion 2.0.50727
    Installed Edition: Enterprise
    Microsoft Visual C# 2005   77718-007-4000003-41954Microsoft Visual C# 2005
    why? to save time thats why, I have a zillion reports that I have to point at a new database periodically, (and I have some time on my hands here at the ranch) so I decided to automate the process. I made a windows application with Visual Studio that opens the rpt files as objects using the crystaldicisions object object model thingy, pulls out the table logoninfo.connectioninfo stuff and sets it to a new location THEN when I try to set the report.database.tables back to my new modified version it says that the tables property is a readonly thingy. I can open and save, but I cant modify the part I want to... how can I alter the serverName and databaseName properties such that I can save the result?
    thank you!
    much love.

    Post Author: RobotSlave
    CA Forum: .NET
    I was making a new copy of the database.tables and then editing it then trying to set the whole reportdocument.database.tables = to my modified version, it was readonly so it didnt work. when I just iterate through the tables and set the properties on each one, it works just fine.

  • Sending Ciscowrks device credential Verification Job alters the device ARP table.

    Hi:
    I send a Device credential verification Job to two different devices  , a Cisco 3750 and a blade switch WS-CBS3120. I  configured SNMP write access to the switches. The SNMP write access in either SNMP v1 or SNMP V3 , tried both.
    The job is send from the Ciscoworks server.
    Once the job has completed, I do a show ip arp on the device and find a new entry with the IP address of the Ciscoworks  Server and the mac-address of the L2 next hop.
    We would not have  noticed this behavior had it not been that in the case that the  switch  next hop is an HSRP vlan on a nexus , the ARP entry entered into the switch is incorrect, and from then on the switch loses connection to Ciscoworks.
    The Mac-address that is entered by Ciscoworks , in the case of nexus is a statice mac defined on the Nexus for the Vlan in question , but it is NOT the HSRP default gateway MAC address. Therefore we lose connection between the switch and Ciscoworks. One has to manually clear the ARP table inorder to again reach the Ciscoworks.
    Questions:
    1. Why does Ciscoworks  insist on changing the ARP table?
    2. Is this ARP entry aged out or is it permeant as would an ARP entry which is entered through CLI  be  permeant ?   
    3. In the case of the Nexus connection, this ARP entry does not allow Ciscoworks and the device to communicate. This is not productive!
    Has any one come across this situation ? Any known fixes, workarround? I was not able to find a word about this on Cisco's site.
    Our Ciscoworks is at the following levels:
    CW Common services    3.3.0
    LMS portal                    1.2.0
    CW Assistent                1.2.0
    RME                             4.3.1
    Device fault manager      3.2.0
    IPM                              4.2.1
    Cisco View                    6.1.9
    campus Manager            5.2.1
    thanks   for any help
    Mickey

    CiscoWorks does not change the ARP table, at least not overtly.  A credential verification job will do the following things depending on what protocols are selected to test:
    SNMP RO : Fetches sysLocation.0
    SNMP RW : Sets sysLocation.0 to the value currently stored in sysLocation.0
    Telnet : Logs in using DCR username and password
    SSH : Logs in using DCR username and password
    Enable : Enters enable mode and verifies privilege level 15
    If one of these things are causing the ARP table to change, then there is something fishy in the device or network configuration.  I've never heard of such behavior relating to CiscoWorks before.

  • Permissions on a table to public

    hi all,
    i have one doubt on tables permissions please clear me.
    1) if we consider gmail, user has to provide required data to get gmail account. so obviously all this table is going to store in a particular table.
    so with out having any user account in database how user's can access that table.
    2) how a table can be accessed by multiple users.
    thank a lot in advance.

    GMail in particular probably isn't using a relational database on the back end. They're probably using a a custom data storage engine.
    If we imagine that someone developed a webmail application similar to GMail that used an Oracle database on the back end, the standard architectural approach would be to have one schema that owned all the objects (i.e. WEBMAIL_OWNER). There would be a second schema that the middle tier application servers would use to connect to the database (i.e. WEBMAIL_APP). WEBMAIL_APP would be granted access to whatever objects in WEBMAIL_OWNER that the application needed. Ideally, that would be SELECT access on some tables and views and EXECUTE access on some stored procedures. When an end user logs in to the application via their browser, the middle tier application would either restrict what data that user would see or, preferrably, the database would be using VPD (virtual private database) to restrict what data the user can see and the middle tier would set the context appropriately so that the database knew what end user had logged in.
    Justin

  • ACL deny but permit rule exists!

    I'm trying to get my VMware vCenter server to add a host on another network. I have applied a rule on my ASA with all the known TCP/UDP ports that vCenter uses.
    vCenter lets me add the host but it disconnects almost immediately, and at that moment I see an ACL deny on my firewall as follows:
    access-list outside-in denied tcp outside/10.72.210.118(5989) -> inside/10.167.253.21(60656)
    ..yet, I have the following rule on my ASA:
    access-list outside-in line 59 extended permit tcp 10.72.210.0 255.255.255.0 host 10.167.253.21 eq 5989
    This makes absolutely no sense to me and I'm stumped :(

    Handsy,
    These are the ports we allow through to add and manage a VMware host on a different network.
    {VCenter IP} -> {VMware Host IP} {tcp/902, tcp/5989, tcp/443, tcp/27010, tcp/27000}
    {VMware Host IP} -> {VCenter IP} {tcp/udp 902, tcp/udp 514, tcp 9084}

  • WCCP Deny and permit ACL on 3750

    Hi everyone,
    I have configured 3750 switch as WCCP.
    I am redirecting only inside traffic.
    Switch has direct connection to Mcafee Gateway.
    Our internal LAN subnets are 172.16.x.x and 192.168.0.0.
    Need to confirm if i want internal users to access the internet then under permit ACL i can say
    permit 172.16.0.0 to any?
    If i want some users traffic should not be redirected to Mcafee gateway then i can say
    deny 172.16.10.10 any?
    Regards
    MAhesh

    Hi Reuben,
    Yes IOS version is higher than 12.2(58)SE.
    Thanks for reply.
    Regards
    MAhesh

Maybe you are looking for