Logins and Database roles

It seems a simple topic but I just wanted to check so it doesn't confuse me anymore:
i) can more than one SQL Login be associated with one database user e.g. SQL login a and b associated with the login dbo
I have attempted to associate two logins with one database user but SQL doesn't allow me to do this.

One database user can only be mapped to one SQL Login.
Olaf Helper
[ Blog] [ Xing] [ MVP]

Similar Messages

BC4J Connection and database ROLE

Hi,
We have an application with several root Application Modules. We need to connect using a determined database user and role (with password). The problem is that the Connection Wizard does not support this feature.
I need to issue these commands after establishing connection:
SET ROLE my_role_name IDENTIFIED BY my_role_password
ALTER SESSION SET CURRENT_SCHEMA = my_schema
What is the best way to do that? I know I can issue those commands from each AM, but I'd like to do that in one place only (i.e. the connection or something like).
Thanks
Lapolla

You could derive from ApplicationModuleImpl and perform this operations in overwritten prepareSession() method.
Markus

Find out SQL Server Logins and associated Server Roles

We have SQL Server 2000, 2005, 2008 and R2 in our environment. We have several SQL Servers in our environment. I want to find out Server Logins and Server Roles Assigned in SQL Server. I want following information. Is there any way I can
find it? Any help would be highly appreciated.
SQL Server
Login
Role Assigned
Server1
Login1
bulkadmin
Server1
Login2
serveradmin
Server1
Login1
diskadmin
Server2
Login1
public

The query only returns those logins that are assigned to at least one server role.if they are not assigned it will not return that login.If you want to return all the login then use the query below.Note that query returns public for those login with no server
role assigned.
select @@SERVERNAME
,sl.name
,isnull(DB_Roles.Roles,'Public')
from syslogins sl
left join
select 'sysadmin' as Roles
union all
select 'securityadmin'
union all
select 'serveradmin'
union all
select 'setupadmin'
union all
select 'processadmin'
union all
select 'diskadmin'
union all
select 'dbcreator'
union all
select 'bulkadmin'
union all
select 'No serverRole'
union all
select 'public'
) DB_Roles
on
Case When sl.sysadmin=1 and DB_Roles.Roles='sysadmin' then 'sysadmin'
When sl.securityadmin=1 and DB_Roles.Roles='securityadmin' then 'securityadmin'
When sl.serveradmin=1 and DB_Roles.Roles='serveradmin' then 'serveradmin'
When sl.setupadmin=1 and DB_Roles.Roles='setupadmin' then 'setupadmin'
When sl.processadmin=1 and DB_Roles.Roles='processadmin' then 'processadmin'
When sl.diskadmin=1 and DB_Roles.Roles='diskadmin' then 'diskadmin'
When sl.dbcreator=1 and DB_Roles.Roles='dbcreator' then 'dbcreator'
When sl.bulkadmin=1 and DB_Roles.Roles='bulkadmin' then 'bulkadmin'
else null end=DB_Roles.Roles
order by 2
Vinay Valeti| If you think my suggestion is useful, please rate it as helpful. If it has helped you to resolve the problem, please Mark it as Answer
works like a charm, thank you!!!

Database roles and APEX

Can database roles be used with APEX to control table and other object access between schemas?
If so, please provide an example.
If not, please explain why the product would be limited in this way. One of the major short comings we see is the need to directly grant privileges to each schema, rather than having the power of roles to do this.

Kannan,
With DATABASE ACCOUNT credentials set, we were able to authenticate users for each page, in accordance with their table privileges, as follows. Please join us in encouraging Oracle to build this logic into Application Express, as one of the authentication options. We consider this to be a major shortcoming of an otherwise great product.
For each page, create a PL/SQL anonymous block process "before header", to determine if the user has the necessary privileges. In this example, the user must have UPDATE privilege for one table, and SELECT privilege for the other table used by the page.
DECLARE
CURSOR c_get_role IS
SELECT DISTINCT drp.granted_role,dtp.privilege,dtp.table_name
FROM dba_tab_privs dtp, dba_role_privs drp
WHERE dtp.grantor = '<database name>'
AND dtp.grantee = drp.granted_role
AND drp.grantee = v('APP_USER')
AND dtp.table_name IN ('<updateable table name>','<readable table name>')
AND dtp.privilege IN ('UPDATE','SELECT');
BEGIN
:Pnn_USER_ROLE_MESSAGE := 'NO ROLE';
:Pnn_USER_ROLE_PROTOCOL := 'NO ROLE';
:Pnn_USER_HAS_PRIVS_FLAG := 0;
FOR rec IN c_get_role
LOOP
IF rec.table_name = '<updateable table name>' AND
(rec.privilege = 'UPDATE')
THEN
:Pnn_USER_ROLE_MESSAGE := rec.granted_role;
ELSIF rec.table_name = '<readable table name>' AND
(rec.privilege = 'SELECT' OR rec.privilege = 'UPDATE')
THEN
:Pnn_USER_ROLE_PROTOCOL := rec.granted_role;
END IF;
END LOOP;
IF (:Pnn_USER_ROLE_MESSAGE != 'NO ROLE') AND (:Pnn_USER_ROLE_PROTOCOL != 'NO ROLE')
THEN
:Pnn_USER_HAS_PRIVS_FLAG := 1;
END IF;
END;
Note that APEX_PUBLIC_USER must have read privilege for the dictionary tables.
Now you can use the flag variable and create an HTML region to source the error message to display if the user has insufficient privileges.
PL/SQL Function Body Returning a Boolean..
IF :Pnn_USER_HAS_PRIVS_FLAG = 0 THEN
RETURN TRUE;
ELSE
RETURN FALSE;
END IF;
Add a condition to the normal page regions to display themselves only if the user has privileges and appropriate role, based on the flag being TRUE (same as the IF block above, except FLAG = 1).

Database level users and their roles

Hi Team,
we are doing some auditing we need to check in database.
User name and his roles for this any script please kingly suggest me.
Use <<database name>>
UserName Role
subu

Refer the below link:
http://www.pythian.com/blog/httpconsultingblogs-emc-comjamiethomsonarchive20070209sql-server-2005_3a00_-view-all-permissions-_2800_2_2900_-aspx/

How to find the logins,program name and databases for a session id?

I used the following the following query.
select pr.spid ,pr.dbid,pr.program_name,pr.loginame,ss.session_id,ss.host_name,ss.login_time,db.name from master.dbo.sysprocesses pr,sys.dm_exec_sessions ss,sys.databases db
where pr.spid = ss.session_id and pr.dbid = db.database_id
order by ss.login_time desc
Is spid in master.dbo.sysprocesses the same as session_id in sys.dm_exec_sessions and dbid in master.dbo.sysprocesses the same as database_id in sys.databases?
My intention is to get the active sessions with the program name,login Name and database name corresponding to the session?

1)Why you included the clause session_id > 50?
Sessions with session_id <= 50 are system processes.
2)Is there any problem with the query I used?
You query was better than Latheesh's. To wit, his query will only show the database for sessions who are actually running something.
On SQL 2005 and SQL 2008, this is the best solution:
SELECT des.session_id, des.[status], des.login_name,
d.name AS database_name, des.program_name
FROM sys.dm_exec_sessions des
JOIN sys.sysprocesses p ON des.session_id = p.spid
LEFT JOIN sys.databases d ON p.dbid = d.database_id
WHERE   des.session_id > 50
AND   p.ecid =0
ORDER BY des.session_id;
The condition p.ecid = 0 is needed to weed out extra rows when there are parallism in force.
On SQL 2012, you don't need sysprocesses, but this works:
SELECT des.session_id, des.[status], des.login_name,
d.name AS database_name, des.program_name
FROM sys.dm_exec_sessions des
LEFT JOIN sys.databases d ON des.database_id = d.database_id
WHERE   des.session_id > 50
ORDER BY des.session_id;
Erland Sommarskog, SQL Server MVP, [email protected]

Questions about Database roles

Hi,
Need to setup a new (Windows) user which has varied access to tables, views and procedures in about 8 different schemas all in the same database.
I've created a instance level login and then gone to the database to set the more granular details.
First question. Does this user need to own the schemas they will access?
Secondly, I'm assumign the best bet would be to create a database role and then apply the privs against that?
I need to give access to all stored procedures (and future procedures) in a couple of these schemas and none in the others. Is it possible to grant execute on all procedures in a schema whist prohibiting others?
Then I would assign the database role to the new instance login?
Thanks

In the database he has access to a number of schemas but I wish to explicitly exclude him from all views in those schemas and in addition to this all the sys catalogs, e.g
Also have no idea how to restrict access to the user created views without doing them all manually, but then what happens in the future if new views are added? They are not going to be explicitly denied.
David nailed the problem.
There is no way to differentiate SELECT permission between Tables and Views. If they are all in the same schema and tables are allowed and views not.. out of luck and have to include the allowed object one by one (as opposed to denying the not allowed ones
with the risk of missing some in the future)
This is why database design should have security in mind from the very beginning and views, being a way to access (aka "access-schema") data in tables should ideally be placed in a separate schemas
Andreas Wolter (Blog |
Twitter)
MCM - Microsoft Certified Master SQL Server 2008
MCSM - Microsoft Certified Solutions Master Data Platform, SQL Server 2012
www.andreas-wolter.com |
www.SarpedonQualityLab.com

OPSS/JAAS and UCM roles

(I'm sorry, my question will be a bit long-winded, but it's necessary because I want to provide more background information)
I've been trying to get JAAS working for UCM. From what I understand from the documentation, in 11g this is handled in Weblogic.
I started by doing an experiment in Weblogic first - I wrote a simple web application with security constraint specified, and wrote a custom LoginModule (as specified in JAAS), a custom authentication provider and my custom group and principal classes. I generated the MBean and deployed it to Weblogic. I set my custom authentication provider behind Weblogic's default, and set both providers to "SUFFICIENT". My custom LoginModule pulls user data from properties files and my simple web application works correctly, limiting access as defined in the security constraints in web.xml.
Then I started to work on UCM (which is in the same domain as my experiment above). I found authentication working too, but once logged in to UCM, my users don't get any roles assigned - the UCM Home Page shows the menu item for guests only.
Looking at the security log of Weblogic, I found the default XACML Role Mapper didn't include the UCM roles. Then it came to me that my simple application had additional security roles defined in its web.xml while UCM didn't have an equivalent config.
So I implemented a custom RoleMapper and a custom SecurityRole class as well, again pulling data from properties files. I made my RoleMapper always return the same set of roles ("admin", "contributor", "Testing" and "Admin"), and they were seen in Weblogic security log:
####<Feb 7, 2011 3:43:29 PM CST> <Debug> <SecurityAtz> <HOSTNAME> <UCM_server1> <[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <11d1def534ea1be0:3c3ba107:12dfe46f824:-8000-0000000000000d31> <1297064609445> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Roles=[ "Anonymous" "admin" "contributor" "Testing" "Admin" ]>
However that didn't work in UCM, I still got only guest roles.
Finally I found out about Credential Map settings in UCM administration. I added these mappings:
admin, admin
contributor, contributor
The map was highlighted as current map.
It's only then I get "Content Management" menu when I login. Yet the "Administration" menu is still missing.
I have several questions:
1. Why is the Credential Map in UCM necessary? Since adding the mapping works (for contributor, anyway), UCM must already have the credentials added by my custom RoleMapper, and the mapping doesn't change anything.
2. Is there a way to skip/replace the Credential Map in UCM? Will implementing a Credential Mapping Provider in Weblogic do (and how to tell UCM to use it)?
3. How can I get the admin role working for my external users?
Edited by: user6476654 on Feb 7, 2011 12:05 AM
Edited by: user6476654 on Feb 7, 2011 12:10 AM

This is the log captured when I login with "user1":
userstorage/7     02.07 17:48:51.529     IdcServer-639     Start user storage query for user user1.
userstorage/6     02.07 17:48:51.529     IdcServer-639     Finished user name determination, user=user1, expired=true, isNewUser=false, hasAttributesLoaded=false, authtype=EXTERNAL
userstorage/6     02.07 17:48:51.574     IdcServer-639     Loaded record from database for user1
userstorage/6     02.07 17:48:51.575     IdcServer-639     Retrieving attributes (type=EXTERNAL) for user1
userstorage/6     02.07 17:48:51.575     IdcServer-639     User not found in default/preferred provider
userstorage/6     02.07 17:48:51.575     IdcServer-639     Adding JpsUserProvider
userstorage/6     02.07 17:48:51.575     IdcServer-639     Returning 1 results
userstorage/7     02.07 17:48:51.575     IdcServer-639     Checking UserProvider JpsUserProvider
jps/6     02.07 17:48:51.575     IdcServer-639     authenticateUser: false
jps/6     02.07 17:48:51.575     IdcServer-639     User is new to this provider.
jps/6     02.07 17:48:51.578     IdcServer-639     User user1 not found. Returning.
userstorage/6     02.07 17:48:51.578     IdcServer-639     User not found in UserProvider JpsUserProvider
userstorage/7     02.07 17:48:51.578     IdcServer-639     Checked credentials (isLoadAttributes=true) for user1
userstorage/7     02.07 17:48:51.578     IdcServer-639     Provider did not provide attributes.
userstorage/7     02.07 17:48:51.578     IdcServer-639     Load attributes from database for user1
userstorage/6     02.07 17:48:51.578     IdcServer-639     Database->Roles=guest Accounts=#0023none for user1
userstorage/7     02.07 17:48:51.578     IdcServer-639     Check state of attributes (isLoadAttributes=true)
userstorage/6     02.07 17:48:51.578     IdcServer-639     No attributes loaded for user1
userstorage/6     02.07 17:48:51.578     IdcServer-639     Updating shared cached copy for user user1
userstorage/6     02.07 17:48:51.580     IdcServer-639     UserTempCache updated with user data for user1
userstorage/6     02.07 17:48:51.581     IdcServer-639     Retrieved Roles=guest,authenticated Accounts=#0023none for user1
userstorage/7     02.07 17:48:51.581     IdcServer-639     Query of info, provider required 52 milliseconds.
userstorage/6     02.07 17:48:51.581     IdcServer-639     At exit, user storage access count is 0
userstorage/6     02.07 17:48:51.581     IdcServer-639     Caller assigned Roles=guest,authenticated Accounts=#0023none for user1
userstorage/7     02.07 17:48:51.581     IdcServer-639     stoareUserDatabaseProfileData copyAll=false, doAdminFields=false, alwaysSave=false, userDataFromDb=true
userstorage/6     02.07 17:48:51.623     IdcServer-640     At enter, user storage access count is 1
userstorage/6     02.07 17:48:51.623     IdcServer-640     Retrieving user data (isLoadAttributes=true, credentialData is not null) for user1
userstorage/6     02.07 17:48:51.623     IdcServer-640     Debug dump of current call stack intradoc.data.DataException: Exception manufactured to capture current stack trace.userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.server.UserStorageImplementor.retrieveUserDatabaseProfileDataImplement(UserStorageImplementor.java:101)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.server.UserStorage.retrieveUserDatabaseProfileDataEx(UserStorage.java:159)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.server.UserStorageUtils.loadUserData(UserStorageUtils.java:88)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.server.ServiceSecurityImplementor.loadUserData(ServiceSecurityImplementor.java:538)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.server.ServiceSecurityImplementor.globalSecurityCheck(ServiceSecurityImplementor.java:221)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.upload.UploadSecurityImplementor.globalSecurityCheck(UploadSecurityImplementor.java:57)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.server.Service.globalSecurityCheck(Service.java:2671)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.server.ServiceRequestImplementor.doRequest(ServiceRequestImplementor.java:678)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.server.Service.doRequest(Service.java:1890)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.server.ServiceManager.processCommand(ServiceManager.java:435)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.server.IdcServerThread.processRequest(IdcServerThread.java:265)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.idcwls.IdcServletRequestUtils.doRequest(IdcServletRequestUtils.java:1343)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.idcwls.IdcServletRequestUtils.processFilterEvent(IdcServletRequestUtils.java:1715)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at intradoc.idcwls.IdcIntegrateWrapper.processFilterEvent(IdcIntegrateWrapper.java:222)
userstorage/6     02.07 17:48:51.623     IdcServer-640     at sun.reflect.GeneratedMethodAccessor124.invoke(Unknown Source)
userstorage/6     02.07 17:48:51.623     IdcServer-640     ... 35 more
It seems JPS provider is unable to access the data I added in my custom authentication provider/role mapper? I can login web applications in Weblogic just fine though. If needed I can post the code of my custom providers.
Also I am unable to get the contributor role working even if I put the credential mapping back in UCM. Is this because of JPS running and taking things over?

Database owner and database user with db_owner permission

we deployed a java hibernate application which creates the database tables on deployment. A login is created and mapped for the database as the user. For that login the db_owner role is given. On the deployment we received an error mentioning execute permission
issue.
the same process is done and this time the login is created but not mapped as the user. the login is assigned as the database owner from the database property. this time the deployment worked fine.
what is the difference between setting the login as database owner and setting as a user with db_owner role.

The error i received was "the execute permission was denied on the object 'sp_tables'........".
I solved this issue by giving db_owner permission to master database for the relevant user.
In my local computer i didn't give permission to master database. I have only assign the user as the owner of the database and deployment was success.
But this error comes in another place where I implement the system.
if your application is not only a desktop application without anything critical on it, then I strongly advise to stay away from making anybody db_owner in the
master-database. That's THE system database. It's easy to take over that system for such an account then.
I am a bit surprised you are getting this error in that context. Originally the public role should have execute permission on it. So it seems someone has changed the defaults permissions (for hardening purposes?) Then reverting to original state is much
less harmful than the db_owner role.
Andreas Wolter (Blog |
Twitter)
MCSM: Microsoft Certified Solutions Master Data Platform, MCM, MVP
www.SarpedonQualityLab.com |
www.SQL-Server-Master-Class.com

Menu tabs disappear completely after login and appears if only i press on item node at hire level

I'm using a Menu Model to Create a Page Hierarchy in my adf application on Jdeveloper 11.1.2.3.0
it is in three levels level 1 have 2 item nods (home - Help) displayed as buttons
                            level 2   contains 5 item nods about the managements displayed as tabs
                            level 3   is about reports displayed as list
the point I have apply security in the application using Adf security wizard and i assign roles and users and grants
all works fine but level 2 tabs disappear completely after login and appears if only i press on Home item node at run time
I create 2 users (admin) has all roles and can view all tabs in level 2 of my navigation and another user (emp) which can view one Tab page in level 2
Point 1 --the item nod are rendered according the #{securityContext.regionViewable['oracle.view.pageDefs.RentManagPageDef']}     (EL ) expression language
and other item nod render property are set as the same but in the page name definition
it works fine
_ Point 2 in my page template I set #{menuInfo.rendered} for renderd property of the command navigation item
it works fine
- point 3 I add a go link in my template to explicit perform log in log out from the app and redirect the user to the required page
Destination is
#{securityContext.authenticated ? "/adfAuthentication?logout=true&end_url=/faces/wearhouse.jsf" : "/adfAuthentication?success_url=/faces/company.jsf"}
and its also works fine
the problem is in the level 2 navigation tabs which is diaper after explicit log in the app directs the user to the correct page successfully
But the tabs are not rendered till I press on home button on Level 1 navigation it appears and it appears correctly cording the logged in user validation
in another words i log in as user (admin) i get directed to the successful log in page in the link go but level 2 tabs are invisible or not rendered at all    I click on Home button in level1 navigation the tabs
become rendered or viewable and i navigate normally
I log out as admin the level 2 tabs becomes invisible again
then I log in as (emp) i get directed to the successful log in page and level 2 tabs are still invisible or not rendered
I click on Home button in level1 navigation the only one tab the user emp authorized to it gets rendered (appears)
and its semi correct behavior because this is what I want him to see only
my tries to find solution
I tride to use
#{securityContext.userInRole['division']}
on the menu node item   I found same behavior level 2 tabs gets hidden till i click on home link at run time
I tride to use #{securityContext.authenticated} to control item nods rending
all tabs remains visible and i dont want that ain adition if user clicks on a tab of page he has no authority on it i recive server error
I read 30.7 Creating a Login Page in the Fusion Developer's Guide for Oracle Application Development Framework to finde about redirecting user
and it is using the same as i did from adf tutorials
I tried to make new navigation app on fast
maybe i made incorrect change in any stage of my original app
but I found same behavior
I tried to set disabled property instead of rendered property the tabs are always rendered   but I got server error when I click on a tab which a user does not authorized
So I doubt maybe problem in the El or the way I use to control rendering item node
or there additional step to stop all the tabs disappear after login
I hope please some one Help or tell me what i have to read about in the developer guide or interface developer guide or article on the web
I'll be gratfule
I know maybe it is small issue but help me please

Hi,
have a look at the sample that comes with this article: Oracle ADF: Security for Everyone It uses resource remissions to authorize panel tabs.
One test to run is to print the outcome of the security evaluation (e.g. output text) to see what it returns.
Frank

Trying to Understand Login and State Management

Hi,
I'm relatively new to Flex 3. I'm using the builder.
Here's my core problem. I'm coming from a ColdFusion background, where users run to the server for any type of authentication and sessions rule until they're timed out.
My goal is to understand how ColdFusion (with a SQL Server backend) and Flex work together to help a user login and helps that same user maintain it's state.
I understand so far that Flex can use a RemoteObject to go back and use ColdFusion services to authenticate a user. I'd like to go this route.
My problem is understanding how does Flex maintains information about the particular logged in user. Am I correct in thinking that once I return information from ColdFusion about the user, I create a global object in Flex that keeps the user's information that I can refer to as I transition between the View States (states) in my Flex application? And I can just refer to that local user object if I need to make sure I'm still dealing with the same user?
Is it really that simple? Also, I've had been trying to review COUNTLESS articles on the Login/Authentication process. One that I came across suggested placing a UUID on the server for a particular logged in user, and then I just return that back to Flex. Does anyone recommend that? I know that when I used sessions in ColdFusion, the server did this, so I'm not sure which routes to take.
By the way, I'm designing an Intranet that's only accessible from our internal network, but I want my colleagues to be able to login securely. And like I said before, I'm using ColdFusion (and CF services), SQL Server, and Flex 3.
I'm teaching myself Flex through the Video Training - Flex 3, but haven't seen much on this yet. If someone could provide a good outline of the Best Practices to Login, Authenticate, and Maintain Session State throughout a Flex Application (using a ColdFusion and SQL Server backend), I'd be highly appreciative.
Thanks!
mfho

Hi,
Thanks for responding.
Here's one solution I found located on http://www.blogna.org/blog/adobe-flash/flex-and-flash-rias-authentication-sessions-scalabi lity/#comment-843
A user submits their username and password inside a Flex form.
ColdFusion Server receives the username and password and verifies them against the users in a database.
If the user is valid, A KEY IS CREATED, stored in the database with a time stamp, then sent back to the user.
The key is stored in a local variable inside the Flex application.
Now, any time the application needs to retrieve data from a service that requires the user to be logged in, it will pass the key with the request. So, instead of a method like getUserInfo(), now it will look like getUserInfo(key).
The service will use the key to determine if the user is authenticated, and if they are, it will send back the appropriate data.
Here are my questions:
1. Do I have to have a key sent back to Flex? Can't I just pull all of the data for that particular user at the time and send it back to Flex?
I guess I'm not understanding first why I need a key or session id from ColdFusion, but if I do, I guess I could create it using the CreateUUID() in ColdFusion, send it back to Flex, store it in a local var and then reference that each time I needed to do something that's user sensitive.
Would that work?
I guess I'd prefer not to use a session ID if I don't have to.
Thanks!
mfho1

Change default language of login in database

Hi,
Working on SQL Azure. I'm running queries that are date dependent and so I need to set the default language of the user to be British (to get dd/mm/yyyy format). How can I do this in Azure. Create Login and Alter Login are restricted and when I query sys.sql_logins
in master database I can see that the users have default language if US English.
Thanks,
Tom

Hello,
Microsoft Azure SQL Database does not support using DEFAULT_LANGUAGE options with
ALTER LOGIN statement.
SQL Azure stores the data of Date/Time in UTC timezone and it does not support changing the timezone. You should convert date format and apply to the end user applications by yourself. Or you can try to store the date/time with datetimeoffset
data type which is support in SQL Azure.
Reference:http://bobthegoblin.wordpress.com/2011/09/13/sql-azure-and-the-datetime-now-issues/
http://blogs.msdn.com/b/cie/archive/2013/07/29/manage-timezone-for-applications-on-windows-azure.aspx
Regards,
Fanny Liu
If you have any feedback on our support, please click here.
Fanny Liu
TechNet Community Support

Login and site in general

I must admit that I am frustrated. This is day #2 trying to download Oracle Migration Workbench and the plug-ins for specific databases. user is tsduncan
Started when my login was rejected by OTN as "invalid login/password". tried to add it thinking that my metalink login did not map. rejected as duplicate. so i checked the "forgot my password" link and received mail at my email address with the username and password that I had tried. tried again - no luck. Said "the heck with it" and created another login to a useless email (since my real email is in use). Go thru the whole survey process (very unweildy) and when I finally get to the point where I think I can download, there is a web error. perfect! So I hit the "Contact us" button and it effectively tells me to open a tar with support. Support tells me to that they don't support this - they do technical work. They also tell me to create a bogus account - basically, they tell me to buzz off. I look at the "Contact us" again and see that you can communicate to OTN via a forum, but you must log in! funny, I can't. that's my problem! So I use this bogus account that I created and am communicating. I find that there are plenty of entries for people having login problems and problems with downloads of omwb. what they tend to get is "works for me". Well it doesn't work for me. Want to discuss it? call me. I'll be happy to walk you thru it - heck, you have MY password - you try it.
Like I said, I am frustrated. My user name is tsduncan. My email is [email protected] write, call, do something to help me get the "free" software that I am looking to get to progress Oracle in the shop. Anything!

i guess the OTN feedback section is a hobby and does not have assigned staff. it really is quite frustrating to try and resolve an issue like this and be pushed off and/or ignored. i am calling it like i am seeing it.
your system agreed that my login and password were/are correct and yet i cannot log in (along with a number of others). no mechanism to communicate would be easier to tolerate than having a mechanism and being ignored.

Creating a login and password in the forms

I have been trying to create a username and password to access the database that I have created using Form Builder. This is the code that I have created....the syntax is correct but its not performing the task i.e direct the user to a different form
DECLARE
LOGINNAME VARCHAR2(20);
PASWORD VARCHAR2(20);
BEGIN
IF LOGINNAME = 'CSR' AND PASWORD = 'CURRIE'
THEN
CALL_FORM ('C:\ClothingCloseout\Menu.fmx');
ELSIF
LOGINNAME = 'MGMT' AND PASWORD = 'SANDRA'
THEN
CALL_FORM ('C:\ClothingCloseout\Menu.fmx');
END IF;
END;
I also tried using the same login and password through which I get connected to teh database but that does not work either....Thanks for the help!!!

Hi Ashley,
The compilation is successful because there are no syntax errors. When the code is executed depends on where you have put this code (On-Logon trigger, etc).
In this situation, it looks like the 'code' has not been executed YET because the event has not been triggered OR it has successfully gone through ie - the IF test for loginname and pasword was not satisfied. Therefore, the call_form was never performed. (Your code does not prompt the user to input 'Loginname' and 'Pasword'). In this case, loginname and pasword are NULLs.
Regards,
John

How do I add a securable to a database role?

I have a database where the stored procedures used by SSRS reports have to be added as securables to the db_execproc database role.
Easy enough to do with SSMS but despite much searching, I can't see how to script that. With the Database Role Properties open, the securables page selected and one of the securable stored procedures select including the Explicit Execute Grant, I tried clicking
the Script button at the top of that dialogue. It tells me no action to script. What's the point of that button then, if it won't script that for me?
Yeah, bad practice to do it that way but I don't have the authority to change things so best thing in the circumstances is to code it.
Nick Ryan SQL Server Developer OnePath (NZ) Ltd

The script button will produce a script only if you made any changes - i.e., if you were to click the OK button on the Properties dialog that would have applied some changes to the existing properties.
In any case, if you want to grant execute privilege to a stored proc, the script would be
use [YourDBName]
GO
GRANT EXECUTE ON [dbo].[YourStoredProc] TO [YourRollName]
GO

Logins and Database roles

Similar Messages

Maybe you are looking for