Minimum permission set to create users

I've created a user and also a group to create users using the plumtree server api and have assigned the group Create Users activity rights. Plumtree complains that the user doesn't have sufficient rights - what else is required? I'm trying to create the users in the Administrative Resources folder (200).

The logged in user needs to have at least Edit privileges on the folder in which you're trying to create the user.
Chris Bucchere | bdg | www.bdg-online.com | [email protected]

Similar Messages

What is the minimum permission level that allows users to view draft documents, other peoples' draft documents?

What is the minimum permission level that allows users to view draft documents, other peoples' draft documents?
Normally a person creates a draft document and when they are ready they publish it and the Approver approves it. However, what if a power user needs to be able to see all draft documents. Not just their own but other peoples'. What is the minimum permission
level that allows then to do this?
Cheers,
Mark
Learning SharePoint

Hi Mark,
Per my knowledge, there is no minimum permission level that allow users to view their own and other people’s draft documents.
This is based on the Draft Item Security setting you choose for your list in Versioning Settings:
You can follow the detailed steps in the link provided by Avni.
Best regards.
Thanks
Victoria Xia
TechNet Community Support

What is the minimum permission set required to query alert information using OpsMgr 2012 SDK?

Hi,
I am using the OpsMgr 2012 SDK to retrieve alert information from SCOM.
I tried configuring a read-only role for a user account (Group Scope: All, Dashboards & Views: All) but, as I call some of the APIs like Administration.GetAllManagementServers(), Administration.GetAllAgentManagedComputers() etc. I get a UnauthorizedAccessEnterpriseManagementException.
I need to know what are the minimum permissions required for a user to query alert information and to make calls I mentioned above using the OpsMgr 2012 SDK.
Warm Regards
Himanshu Agarwal

Thanks for the reply.
Just to give you a context, I am writing a client application where a user can fetch alert information from SCOM using OpsMgr 2012 SDK. There could be many users that would use this application, hence I need to know the minimum set of permissions I can grant
or add them to a group for easy maintenance.
I believed Read-Only admin role was intended for that purpose but some of the SDK APIs as I mentioned throw the said exception.
I would like to know, how can i create such role/group from SCOM 2012 console.
PS: SDK and Config account is used by SCOM to perform DB operations and I would not like to impersonate this account in my client application. Instead I want to make my clients as admins with just enough permissions to read information. I'll have a better
control this way.

When i start up imac it goes through set up creates a new user account then starts over againj, when i start up imac it goes through set up create user account then starts over again over and over

when i start imac it goes through set up gets to creating new user account then it re boots and does it all again and again and again

Apple may still supply the original restore CDs/DVDs for a nominal fee. Have a your serial number and model information available when you call them.
AppleCare Support Phone Number: 1-800-275-2273
open 6am to 6pm Pacific Time
Apple Phone Sales 1-800-692-7753
International Technical Support Numbers
http://www.apple.com/support/contact/phone_contacts.html
"You have to call Apple & likely ask for a Product Specialist to get it (Leopard), if they still have it... helps if you tell them you have a new iPhone (iPad) that needs it!"
BDAqua
Requirements for Mac OS X v10.5
http://support.apple.com/kb/HT3759
Query by serial number "A serial number is a unique, identifying number or group of numbers and letters assigned to an individual piece of hardware or software. It's used for various things depending on the product / brand but what is your Mac's serial number for and more importantly... what is it hiding and what can it do for you ?"
http://www.appleserialnumberinfo.com/Desktop/index.php or

Create Document Set with custom Create Only permission set

Here is the situation. We have a requirement where my customer wants to create document sets, however, document set/document level permissions are required.
Setup: We created a new permission level called "Create Only". We then give the user Read and Create only permissions. This allows the user to theoretically create the item. We then run a Workflow on create that Replaces the permissions so that
you are only allowed to view the ones you created along with other security groups based on their choices in the metadata fields.
This setup works PERFECTLY when using a List or Form Library.
However, for the life of me I cannot get it to work for Document Sets. If I have the same setup, I get an Access Denied message. However, it still creates the document set.
What is weird, I've been playing around with custom permission levels and it seems as though the user has to have EDIT permissions at a minimum in order to create the document set. This will not work for me since I dynamically assign permissions to each
document set based on what they select.
As a side note, the only tool I have at my disposal is SharePoint Designer 2010.
Does anyone know if there is an actual requirement to have EDIT permissions when creating a Document Set? Any input would be greatly appreciated.
Alternatively, is there a way to setup permissions on a library for all NT Authenticated users so that we can give them the necessary permissions to create the Document Set, but still prevent them from see the other items and then the Workflow would set
the permissions accordingly?
I believe the more granular the permissions it uses those permissions instead so would this work? I have not tested this theory yet.

Hi,
According to your description, my understanding is that you want to know if there is an actual requirement to have EDIT permissions when creating a Document Set and is there a way to setup permissions on a library for all NT Authenticated users and prevent
them from seeing items created by others.
For the first question, per my knowledge, if a user is given the Add Items permission, he/she can create a document set in SharePoint.
However, there is an error “access denied” after the document set is created. It is due to the user has no permission to access the page which SharePoint will redirect the user to after finishing creating the document set.
If the user is also given Edit Items permission, there will be no error when he/she create a document set.
For the second question, I recommend to follow the link below to
customize item permissions for each document submitted to a document library and remember to give the
NT Authenticated users contribute permission.
http://blogs.technet.com/b/spke/archive/2010/04/09/configure-item-level-permissions-for-document-libraries-sharepoint-2010-edition.aspx
To grant permission to NT Authenticated users, please refer to the link below:
http://office.microsoft.com/en-in/sharepoint-server-help/what-happened-to-add-all-authenticated-users-HA101805183.aspx
Best regards.
Thanks
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

How to set privillages for created user with iSQL *Plus

The hosting company has provided ISQL * Plus interface. I have created user by using the following command:
Create user test identified by test;
Grant connect, resource to test;
But I am unable to load or import data into db. How can I import/load data as its giving permission denied message.
I think there is a lack of imp/loading data grants. Who do I set?
Thanks & best regards
Message was edited by:
Raakh

1. which version of the database ?iSQL *Plus 10.2.0.1.0
2. how you are trying/want to import/load data ?from online control pannel I am selecting the Load Data option and processing 7 steps. message appears "Successfully Loaded" but when am seeing log file its given me
Step: Load
Page Refreshed Jun 7, 2007 6:38:47 AM
Status Succeeded
Targets orcl
Started Jun 7, 2007 6:38:11 AM GMT-04:00
Ended Jun 7, 2007 6:38:11 AM GMT-04:00
Elapsed Time 0 seconds
Output Log
Username:SQL*Loader-704: Internal error: ulconnect: OCIServerAttach [0]
ORA-12546: TNS:permission denied
SQL*Loader: Release 10.2.0.1.0 - Production on Thu Jun 7 06:38:11 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Message was edited by:
Raakh

Can I create material reservations on setting of particular user status?

I know that Reservation creation can be kept on hold by choosing Never/Create on release etc at operation level. My requirement is , At release of work order - reservation should not be created and on setting of certain user status reservation should be created!

I think, its not possible in Standard.
You can try with some development.
You can create 2 user statuses i.e., one is for normal & another one is for reservation creation. Give the authorization to change from 1st status to 2nd status only to some authorized people through Authorization group concept.
Keep "Never" as default option in PR / Reservation creation for your desired plant & order type combination.
Once you change the user status, while saving the order, check the current user status & change it to "From Release" at order level for all operations & materials.

Permission to view content of table of SYS schema to newly created user

Hi,
I am facing issue giving permission to view contents of table p_users of SYS schema to newly created user.
Regards,
Phani Ram

Hi Phani,
Could you please check if you have an a authorization to give a permission to other users for particular schema.
I mean check for privileges, user and roles.
Warm Regards,
Earesh kumar

Creating user account and setting password in Solaris9 through shell script

I need to create and set password of user through shell scripts.
User can be added successfully through "useradd" command but password cant be set through "passwd" command in script.
Is there any other alternative for the same.

Hi,
Did you get the answere for this ? I have the same problem as urs , like I want to creat the users by using useradd and want to hardcode there password in one script.
But I cant use expect utility which would have made my work easier

Creating User Accounts So I Can Set Parental Controls?

My nine year old son loves to use YouTube to watch video game videos and apparently there are NO parental controls or any kind of filters on YouTube. The majority of the ones he finds are ok but there's about 15% that are just plain shocking even to me. Its pretty sad the things that people put up there. I hate to have him never be able to get online again so I want to set some sort of filter where I can block content according to keyword but I just cant figure it out at all. So I tried to set controls over the whole MacBook but it tells me that as administrator I cannot. I cant figure out how to create non-admin users though. Searched all the forums and guides, etc. but no answer.
Thanks, so in summary, I just want to know how to create user accounts if thats the right term.
I am using a MacBook, running Mac OSX version 10.4.11.

Hi
Apple menu (top left hand corner) > System Preferences > Accounts. Click the lock to authenticate. Just above the lock are two icons; a 'plus' and 'minus'. Click the 'plus' icon. Enter the name of your son, tab down into the next field and that should autofill for you with the information you placed in the name field; tab down again and enter a password; tab again to key in the password again; don't tick the box that says "allow user to administer this computer"; click 'Create Account'. You should be prompted with a window asking if you want to leave automatic login on or if you want to turn it off - turn it off. You'll see why later on. What you should see after this has finished is in the left hand window at the top your account details with your name and underneath it should 'Admin' and below your account details will be your son's. Underneath his name it should say 'Standard'.
Click on his name to select it and now click on the Parental Controls tab on the right hand side of that window. You should now have the option to enable and configure control for the 5 applications listed there: Mail, Finder & System, iChat, Safari and Dictionary. Explore and configure to your hearts content from there. When you are happy quit out of System Preferences and select Log out from the Apple Menu. You should now be presented with the Login Window displaying not only your account but also the newly created one for your son. Log in s your son and test to see if what you've set as a control has worked. Keep going backwards and forwards between the two accounts until you are happy.
Bear in mind there is only so much you can do.
It's virtually impossible to block everything potentially morally harmful without basically stopping your son from having any access at all. You could look at supplementing Parental Controls with the built-in filters in your router - if you have one? If you don't then consider getting one. I'm struggling to think of a router for residential use that does not have some sort of built-in web filter?
The tab button is the key immediately to the left of the 'Q' key. It will have an arrow going from left to right printed on it.
Tony

CREATE USER, User does not have permission to perform this action.

-- first, connect to the master database
CREATE LOGIN login1 WITH password='Qwerty12345';
CREATE USER login1User FROM LOGIN login1;
EXEC sp_addrolemember 'dbmanager', 'login1User';
EXEC sp_addrolemember 'loginmanager', 'login1User';After, I connect to database 'master' with 'login1User' and execute:CREATE LOGIN login2 WITH password='Qwerty12345'; - okCREATE USER login2User FROM LOGIN login2; - User does not have permission to perform this action.

Hi Vit007,
Please check the two database role: 'dbmanager' and 'loginmanager'.
CREATE USER Requires ALTER ANY USER permission on the database.
Iric Wen
TechNet Community Support
select rm.*, dp2.name AS 'User', dp1.name AS 'Role' from sys.database_role_members rm LEFT JOIN sys.database_principals dp1 ON rm.role_principal_id = dp1.principal_id LEFT JOIN sys.database_principals dp2 ON rm.member_principal_id = dp2.principal_id
role_principal_id
member_principal_id
User Role
6 8
login1 dbmanager
7 8
login1 loginmanager

Error when Read only permission set when filtering data before loading with Excel 2013 Addin

Good afternoon :)
I have an MDS issue that is making me lose my mind.
I have some permission set to an Entity. It is a read only permission in the entity but I tried to put inside every field and same thing happen.
Every time an Entity has any kind of read only permission assigned to it or its fields, Excel Addin show an error when we try to load it. When Entity has more rows than the maximum rows in the Settings pane, it will show you an option to filter data. When
you try to use this filter, Excel show an error message but you can press OK and everything works fine.
There is the message:
The thing user, my user do not want it :( And I don't know how to get rid of it.
Do anyone have an ideia on how to fix it ?
In the debug set of the addin, there is this message:
2014-10-22T11:38:42.152        8440 EXCEL.EXE            EXCEL.EXE
Generic          EventType: Error, Message: Unobserved exception in TaskScheduler. Exception:'System.AggregateException: One or more errors occurred. ---> System.NullReferenceException: Object reference not set
to an instance of an object.
   at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate method, Object[] args, Boolean synchronous)
   at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)
   at System.Windows.Forms.WindowsFormsSynchronizationContext.Send(SendOrPostCallback d, Object state)
   at Microsoft.MasterDataServices.ExcelAddInCore.ExcelHelpers.ExecuteOnUIThread(SendOrPostCallback callback)
   at Microsoft.MasterDataServices.ExcelAddInCore.DataView.FinalizeUIOperation(Boolean mdsOperation)
   at Microsoft.MasterDataServices.ExcelAddInCore.DataView.<>c__DisplayClass53.<LoadData>b__51(IAsyncResult ar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
   --- End of inner exception stack trace ---
---> (Inner Exception #0) System.NullReferenceException: Object reference not set to an instance of an object.
   at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate method, Object[] args, Boolean synchronous)
   at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)
   at System.Windows.Forms.WindowsFormsSynchronizationContext.Send(SendOrPostCallback d, Object state)
   at Microsoft.MasterDataServices.ExcelAddInCore.ExcelHelpers.ExecuteOnUIThread(SendOrPostCallback callback)
   at Microsoft.MasterDataServices.ExcelAddInCore.DataView.FinalizeUIOperation(Boolean mdsOperation)
   at Microsoft.MasterDataServices.ExcelAddInCore.DataView.<>c__DisplayClass53.<LoadData>b__51(IAsyncResult ar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)<---

Rafael,
Is this still an issue?
Thanks!
Ed Price, Azure & Power BI Customer Program Manager (Blog,
Small Basic,
Wiki Ninjas,
Wiki)
Answer an interesting question?
Create a wiki article about it!

Bulk Create Users from CSV: Error: "Put": "There is no such object on the server."?

Hi,
I'm using the below PowerShell script, by @hicannl which I found on the MS site, for bulk creating users from a CSV file.
I've had to edit it a bit, adding some additional user fields, and removing others, and changing the sAMAccount name from first initial + lastname, to firstname.lastname. However now when I run it, I get an error saying:
"[ERROR] Oops, something went wrong: The following exception occurred while retrieving member "Put": "There is no such object on the server."
The account is created in the default OU, with the correct firstname.lastname format, but then it seems to error at setting the "Set an ExtensionAttribute" section. However I can't see why!
Any help would be appreciated!
# ERROR REPORTING ALL
Set-StrictMode -Version latest
# LOAD ASSEMBLIES AND MODULES
Try
Import-Module ActiveDirectory -ErrorAction Stop
Catch
Write-Host "[ERROR]`t ActiveDirectory Module couldn't be loaded. Script will stop!"
Exit 1
#STATIC VARIABLES
$path = Split-Path -parent $MyInvocation.MyCommand.Definition
$newpath = $path + "\import_create_ad_users_test.csv"
$log = $path + "\create_ad_users.log"
$date = Get-Date
$addn = (Get-ADDomain).DistinguishedName
$dnsroot = (Get-ADDomain).DNSRoot
$i = 1
$server = "localserver.ourdomain.net"
#START FUNCTIONS
Function Start-Commands
Create-Users
Function Create-Users
"Processing started (on " + $date + "): " | Out-File $log -append
"--------------------------------------------" | Out-File $log -append
Import-CSV $newpath | ForEach-Object {
If (($_.Implement.ToLower()) -eq "yes")
If (($_.GivenName -eq "") -Or ($_.LastName -eq ""))
Write-Host "[ERROR]`t Please provide valid GivenName, LastName. Processing skipped for line $($i)`r`n"
"[ERROR]`t Please provide valid GivenName, LastName. Processing skipped for line $($i)`r`n" | Out-File $log -append
Else
# Set the target OU
$location = $_.TargetOU + ",$($addn)"
# Set the Enabled and PasswordNeverExpires properties
If (($_.Enabled.ToLower()) -eq "true") { $enabled = $True } Else { $enabled = $False }
If (($_.PasswordNeverExpires.ToLower()) -eq "true") { $expires = $True } Else { $expires = $False }
If (($_.ChangePasswordAtLogon.ToLower()) -eq "true") { $changepassword = $True } Else { $changepassword = $False }
# A check for the country, because those were full names and need
# to be land codes in order for AD to accept them. I used Netherlands
# as example
If($_.Country -eq "Netherlands")
$_.Country = "NL"
ElseIf ($_.Country -eq "Austria")
$_.Country = "AT"
ElseIf ($_.Country -eq "Australia")
$_.Country = "AU"
ElseIf ($_.Country -eq "United States")
$_.Country = "US"
ElseIf ($_.Country -eq "Germany")
$_.Country = "DE"
ElseIf ($_.Country -eq "Italy")
$_.Country = "IT"
Else
$_.Country = ""
# Replace dots / points (.) in names, because AD will error when a
# name ends with a dot (and it looks cleaner as well)
$replace = $_.Lastname.Replace(".","")
$lastname = $replace
# Create sAMAccountName according to this 'naming convention':
# <FirstName>"."<LastName> for example
# joe.bloggs
$sam = $_.GivenName.ToLower() + "." + $lastname.ToLower()
Try { $exists = Get-ADUser -LDAPFilter "(sAMAccountName=$sam)" -Server $server }
Catch { }
If(!$exists)
# Set all variables according to the table names in the Excel
# sheet / import CSV. The names can differ in every project, but
# if the names change, make sure to change it below as well.
$setpass = ConvertTo-SecureString -AsPlainText $_.Password -force
Try
Write-Host "[INFO]`t Creating user : $($sam)"
"[INFO]`t Creating user : $($sam)" | Out-File $log -append
New-ADUser $sam -GivenName $_.GivenName `
-Surname $_.LastName -DisplayName ($_.LastName + ", " + $_.GivenName) `
-StreetAddress $_.StreetAddress -City $_.City `
-Country $_.Country -UserPrincipalName ($sam + "@" + $dnsroot) `
-Company $_.Company -Department $_.Department `
-Title $_.Title -AccountPassword $setpass `
-PasswordNeverExpires $expires -Enabled $enabled `
-ChangePasswordAtLogon $changepassword -server $server
Write-Host "[INFO]`t Created new user : $($sam)"
"[INFO]`t Created new user : $($sam)" | Out-File $log -append
$dn = (Get-ADUser $sam).DistinguishedName
# Set an ExtensionAttribute
If ($_.ExtensionAttribute1 -ne "" -And $_.ExtensionAttribute1 -ne $Null)
$ext = [ADSI]"LDAP://$dn"
$ext.Put("extensionAttribute1", $_.ExtensionAttribute1)
Try { $ext.SetInfo() }
Catch { Write-Host "[ERROR]`t Couldn't set the Extension Attribute : $($_.Exception.Message)" }
# Move the user to the OU ($location) you set above. If you don't
# want to move the user(s) and just create them in the global Users
# OU, comment the string below
If ([adsi]::Exists("LDAP://$($location)"))
Move-ADObject -Identity $dn -TargetPath $location
Write-Host "[INFO]`t User $sam moved to target OU : $($location)"
"[INFO]`t User $sam moved to target OU : $($location)" | Out-File $log -append
Else
Write-Host "[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!"
"[ERROR]`t Targeted OU couldn't be found. Newly created user wasn't moved!" | Out-File $log -append
# Rename the object to a good looking name (otherwise you see
# the 'ugly' shortened sAMAccountNames as a name in AD. This
# can't be set right away (as sAMAccountName) due to the 20
# character restriction
$newdn = (Get-ADUser $sam).DistinguishedName
Rename-ADObject -Identity $newdn -NewName ($_.LastName + ", " + $_.GivenName)
Write-Host "[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n"
"[INFO]`t Renamed $($sam) to $($_.GivenName) $($_.LastName)`r`n" | Out-File $log -append
Catch
Write-Host "[ERROR]`t Oops, something went wrong: $($_.Exception.Message)`r`n"
Else
Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!`r`n"
"[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) already exists or returned an error!" | Out-File $log -append
Else
Write-Host "[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) will be skipped for processing!`r`n"
"[SKIP]`t User $($sam) ($($_.GivenName) $($_.LastName)) will be skipped for processing!" | Out-File $log -append
$i++
"--------------------------------------------" + "`r`n" | Out-File $log -append
Write-Host "STARTED SCRIPT`r`n"
Start-Commands
Write-Host "STOPPED SCRIPT"

Here is one I have used. It can be easily updated to accommodate many needs.
function New-RandomPassword{
$pwdlength = 10
$bytes = [byte[]][byte]1
$pwd=[string]""
$rng=New-Object System.Security.Cryptography.RNGCryptoServiceProvider
while (!(($PWD -cmatch "[a-z]") -and ($PWD -cmatch "[A-Z]") -and ($PWD -match "[0-9]"))){
$pwd=""
for($i=1;$i -le $pwdlength;$i++){
$rng.getbytes($bytes)
$rnd = $bytes[0] -as [int]
$int = ($rnd % 74) + 48
$chr = $int -as [char]
$pwd = $pwd + $chr
$pwd
function AddUser{
Param(
[Parameter(Mandatory=$true)]
[object]$user
$pwd=New-RandomPassword
$random=Get-Random -minimum 100 -maximum 999
$surname="$($user.Lastname)$random"
$samaccountname="$($_.Firstname.Substring(0,1))$surname"
$userprops=@{
Name=$samaccountname
SamAccountName=$samaccountname
UserPrincipalName=“$[email protected]”)
GivenName=$user.Firstname
Surname=$surname
SamAccountName=$samaccountname
AccountPassword=ConvertTo-SecureString $pwd -AsPlainText -force
Path='OU=Test,DC=nagara,DC=ca'
New-AdUser @userprops -Enabled:$true -PassThru | |
Add-Member -MemberType NoteProperty -Name Password -Value $pwd -PassThru
Import-CSV -Path c:\users\administrator\desktop\users.csv |
ForEach-Object{
AddUser $_
} |
Select SamAccountName, Firstname, Lastname, Password |
Export-Csv \accountinformation.csv -NoTypeInformation
¯\_(ツ)_/¯

Modify Script to Create User Role on Single Database.

Hi All,
Below is the script to create user role on database. Here problem is when I execute this script, it creates user role for all database within an instance and I want it to create user role only on 2 database say TEST1 and TEST2
Can anyone help me to modify the script?
--===================================================================================
-- Description
-- Database Type: MSSQL
-- This script creates a role called 'gdmmonitor' for ALL databases.
-- It grants some system catalogs to this role to allow Classification and Assessment on the database.
-- It then adds a user called "sqlguard" to all databases and grants this user gdmmonitor role.
-- before runnign this script
-- you MUST CREATE A SQL LOGIN CALLED 'sqlguard'
-- This sqlguard login doesn't need to be added to any database or given
-- any privilege. The script will take care of that.
-- Note:
-- If you wish to use a different login name (instead of 'sqlguard') you need to change
-- the value of the variable '@Guardium_user' in the script below;
-- (Look for the string: "set @Guardium_user = 'sqlguard'" and replace the 'sqlguard')
-- after runnign this script
-- Nothing to do, the script already creates the db user
-- User/Password to use
-- User: sqlguard (or any other name, if changed)
-- Pass: user defined
-- Role: gdmmonitor
--===================================================================================
PRINT '>>>==================================================================>>>'
PRINT '>>> Creating role: "gdmmonitor" at the server level.'
PRINT '>>>==================================================================>>>'
-- Change to the master database
USE master
-- *** If a different login name is desired, define it here. ***
DECLARE @Guardium_user AS varchar(50)
set @Guardium_user = 'sqlguard'
DECLARE @dbName AS varchar(256)
DECLARE @memberName AS varchar(256)
DECLARE @dbVer AS nvarchar(128)
SET @dbVer = CAST(serverproperty('ProductVersion') AS nvarchar)
SET @dbVer = SUBSTRING(@dbVer, 1, CHARINDEX('.', @dbVer) - 1)
IF (@dbVer = '8') SET @dbVer = '2000'
ELSE IF (@dbVer = '9') SET @dbVer = '2005'
ELSE IF (@dbVer = '10') SET @dbVer = '2008'
ELSE IF (@dbVer = '11') SET @dbVer = '2012'
ELSE SET @dbVer = '''Unsupported Version'''
IF (@dbVer != '2000')
BEGIN
-- This privilege is required to peform a specific MSSQL test.
-- Test name: SQL OLEDB disabled (DisallowAdhocAccess registry key)
-- Procedure execute: EXEC master.dbo.sp_MSset_oledb_prop
-- Purpose: To display provider property, not changing anything.
PRINT '==> Granting MSSSQL 2005 and above setupadmin server role'
EXEC master..sp_addsrvrolemember @loginame = @Guardium_user, @rolename = N'setupadmin'
END
SELECT @dbName = DB_NAME()
PRINT '==> Starting MSSql ' + @dbVer + ' role creation on database: ' + @dbName
-- find any members of the role if they exist
CREATE TABLE #rolemember (membername VARCHAR(256) NOT NULL)
INSERT INTO #rolemember
SELECT DISTINCT usr.name FROM dbo.sysusers usr, .dbo.sysmembers mbr
WHERE usr.uid = mbr.memberuid
AND mbr.groupuid = (SELECT uid FROM .dbo.sysusers WHERE name = 'gdmmonitor')
-- Drop the Role Members If they exist
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Dropping the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Dropping member: ''' + @memberName + ''''
exec('EXEC sp_droprolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the role if it exists
IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = 'gdmmonitor')
BEGIN
PRINT '==> Dropping the role gdmmonitor on: ' + @dbName
exec sp_droprole 'gdmmonitor'
END
-- Create the role
PRINT '==> Creating the role gdmmonitor on: ' + @dbName
exec sp_addrole 'gdmmonitor'
-- Grant select privileges to the role for MSSql Common
PRINT '==> Granting common SELECT privileges on: ' + @dbName
GRANT SELECT ON dbo.spt_values TO gdmmonitor
GRANT SELECT ON dbo.sysmembers TO gdmmonitor
GRANT SELECT ON dbo.sysobjects TO gdmmonitor
GRANT SELECT ON dbo.sysprotects TO gdmmonitor
GRANT SELECT ON dbo.sysusers TO gdmmonitor
GRANT SELECT ON dbo.sysconfigures TO gdmmonitor
GRANT SELECT ON dbo.sysdatabases TO gdmmonitor
GRANT SELECT ON dbo.sysfiles TO gdmmonitor
GRANT SELECT ON dbo.syslogins TO gdmmonitor
GRANT SELECT ON dbo.syspermissions TO gdmmonitor
-- Grant execute privileges to the role for MSSql Common
PRINT '==> Granting common EXECUTE privileges on: ' + @dbName
GRANT EXECUTE ON sp_helpdbfixedrole TO gdmmonitor
GRANT EXECUTE ON sp_helprotect TO gdmmonitor
GRANT EXECUTE ON sp_helprolemember TO gdmmonitor
GRANT EXECUTE ON sp_helpsrvrolemember TO gdmmonitor
GRANT EXECUTE ON sp_tables TO gdmmonitor
GRANT EXECUTE ON sp_validatelogins TO gdmmonitor
GRANT EXECUTE ON sp_server_info TO gdmmonitor
-- Check if the version is 2005 or greater
IF (@dbVer != '2000')
BEGIN
-- Grant select privileges to the role for MSSql 2005 and above
PRINT '==> Granting MSSql 2005 and above SELECT privileges on: ' + @dbName
GRANT SELECT ON sys.all_objects TO gdmmonitor
GRANT SELECT ON sys.database_permissions TO gdmmonitor
GRANT SELECT ON sys.database_principals TO gdmmonitor
GRANT SELECT ON sys.sql_logins TO gdmmonitor
GRANT SELECT ON sys.sysfiles TO gdmmonitor
GRANT SELECT ON sys.database_role_members TO gdmmonitor
GRANT SELECT ON sys.server_role_members TO gdmmonitor
GRANT SELECT ON sys.configurations TO gdmmonitor
GRANT SELECT ON sys.master_key_passwords TO gdmmonitor
GRANT SELECT ON sys.server_principals TO gdmmonitor
GRANT SELECT ON sys.server_permissions TO gdmmonitor
GRANT SELECT ON sys.credentials
TO gdmmonitor
--This is called by master.dbo.sp_MSset_oledb_prop.
--By defautl it should have already been granted to public.
GRANT EXECUTE ON sys.xp_instance_regread TO GDMMONITOR
GRANT EXECUTE ON sys.sp_MSset_oledb_prop TO GDMMONITOR
END
-- Re-add the dropped members
IF EXISTS (SELECT 1 FROM #rolemember)
BEGIN
PRINT '==> Re-adding the role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Re-adding member: ''' + @memberName + ''''
exec('EXEC sp_addrolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- END of role creation on database
PRINT '==> END of role creation on: ' + @dbName
PRINT ''
-- Change to the msdb database
USE msdb
set @memberName = ''
SELECT @dbName = DB_NAME()
PRINT '==> Starting MSSql ' + @dbVer + ' role creation on database: ' + @dbName
-- find any members of the role if it exists
TRUNCATE TABLE #rolemember
INSERT INTO #rolemember
SELECT DISTINCT usr.name FROM .dbo.sysusers usr, .dbo.sysmembers mbr
WHERE usr.uid = mbr.memberuid
AND groupuid = (SELECT uid FROM .dbo.sysusers WHERE name = 'gdmmonitor')
-- Drop the Role Members If they exist
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Dropping the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Dropping member: ''' + @memberName + ''''
exec('EXEC sp_droprolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the role if it exists
IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = 'gdmmonitor')
BEGIN
PRINT '==> Dropping the gdmmonitor role on: ' + @dbName
exec sp_droprole 'gdmmonitor'
END
-- Create the role
PRINT '==> Creating the gdmmonitor role on: ' + @dbName
exec sp_addrole 'gdmmonitor'
-- Grant select privileges to the role for MSSql Common
PRINT '==> Granting common SELECT privileges on: ' + @dbName
GRANT SELECT ON dbo.sysobjects TO gdmmonitor
GRANT SELECT ON dbo.sysusers TO gdmmonitor
GRANT SELECT ON dbo.sysprotects TO gdmmonitor
GRANT SELECT ON dbo.sysmembers TO gdmmonitor
GRANT SELECT ON dbo.sysfiles TO gdmmonitor
GRANT SELECT ON dbo.syspermissions TO gdmmonitor
GRANT SELECT ON dbo.backupset TO gdmmonitor
-- Check if the version is 2005 or greater
IF (@dbVer != '2000')
BEGIN
-- Grant select privileges to the role for MSSql 2005 and above
PRINT '==> Granting MSSql 2005 and above SELECT privileges on: ' + @dbName
GRANT SELECT ON sys.all_objects TO gdmmonitor
GRANT SELECT ON sys.database_permissions TO gdmmonitor
GRANT SELECT ON sys.database_principals TO gdmmonitor
GRANT SELECT ON sys.sysfiles TO gdmmonitor
-- Grant execute privileges to the role for MSSql 2005 or above
PRINT '==> Granting MSSql 2005 and above EXECUTE privileges on: ' + @dbName
GRANT EXECUTE ON msdb.dbo.sp_enum_login_for_proxy TO gdmmonitor
GRANT SELECT ON sys.database_role_members TO gdmmonitor
END
IF (@dbVer > '2000' and @dbVer < '2012')
--This sp is not available in SQL 2012
BEGIN
GRANT EXECUTE ON sp_get_dtspackage TO gdmmonitor
END
-- Re-add the dropped members
IF EXISTS (SELECT count(*) FROM #rolemember)
BEGIN
PRINT '==> Re-adding the gdmmonitor role members on: ' + @dbName
DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember
OPEN DropCursor
FETCH DropCursor INTO @memberName
WHILE @@Fetch_Status = 0
BEGIN
PRINT '==> Re-adding member: ''' + @memberName + ''''
exec('EXEC sp_addrolemember ''gdmmonitor'', ''' + @memberName + ''' ;')
FETCH DropCursor INTO @memberName
END
CLOSE DropCursor
DEALLOCATE DropCursor
END
-- drop the temporary table
DROP TABLE #rolemember
-- END of role creation on database
PRINT '==> END of gdmmonitor role creation on: ' + @dbName
-- Role creation complete
PRINT '<<<==================================================================<<<'
PRINT '<<< END of creating role: "gdmmonitor" at the server level.'
PRINT '<<<==================================================================<<<'
PRINT ''
PRINT '>>>==================================================================>>>'
PRINT '>>> Starting application database role creation'
PRINT '>>>==================================================================>>>'
use master
DECLARE @databaseName AS varchar(80)
DECLARE @executeString AS varchar(7950)
DECLARE @dbcounter as int
set @dbcounter = 0
DECLARE DatabaseCursor CURSOR FOR SELECT name from sysdatabases where name not in ('master', 'msdb')
and not (status & 1024 > 1)
--read only
and not (status & 4096 > 1)
--single user
and not (status & 512 > 1)
--offline
and not (status & 32 > 1)
--loading
and not (status & 64 > 1)
--pre recovery
and not (status & 128 > 1)
--recovering
and not (status & 256 > 1)
--not recovered
and not (status & 32768 > 1)
--emergency mode
OPEN DatabaseCursor
FETCH DatabaseCursor INTO @databaseName
WHILE @@Fetch_Status = 0
BEGIN
set @dbcounter = @dbcounter + 1
set @databaseName = '"' + @databaseName + '"'
set @executeString = ''
set @executeString = 'use ' + @databaseName + ' ' +
'PRINT ''>>>==================================================================>>>'' ' +
'PRINT ''>>> Starting MSSql ' + @dbVer + ' role creation on database: ' + @databaseName + ''' ' +
'PRINT ''>>>==================================================================>>>'' ' +
'/* Variable @memberNameDBname must be declare within the string or else it will fail */ ' +
'DECLARE @memberName' + cast(@dbcounter as varchar(5)) + ' as varchar(50) ' +
'/*find any members of the role if it exists*/ ' +
'CREATE TABLE #rolemember (membername VARCHAR(256) NOT NULL) ' +
'INSERT INTO #rolemember ' +
'SELECT DISTINCT usr.name FROM dbo.sysusers usr, dbo.sysmembers mbr ' +
'WHERE usr.uid = mbr.memberuid ' +
'AND groupuid = (SELECT uid FROM dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'/*Drop the Role Members If they exist*/ ' +
'IF EXISTS (SELECT * FROM #rolemember) ' +
'BEGIN ' +
'PRINT ''==> Dropping the role members on: ' + @databaseName + ''' ' +
'DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember ' +
'OPEN DropCursor ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'WHILE @@Fetch_Status = 0 ' +
'BEGIN ' +
'PRINT ''==> Dropping member: '' + @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'exec(''EXEC sp_droprolemember ''''gdmmonitor'''', '''''' + @memberName' + cast(@dbcounter as varchar(5)) + ' + '''''';'') ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'END ' +
'CLOSE DropCursor ' +
'DEALLOCATE DropCursor ' +
'END ' +
'/*drop the role if it exists*/ ' +
'IF EXISTS (SELECT 1 FROM .dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'BEGIN ' +
'PRINT ''==> Dropping the gdmmonitor role on: ' + @databaseName + ''' ' +
'exec sp_droprole ''gdmmonitor'' ' +
'END ' +
'/* Create the role */ ' +
'PRINT ''==> Creating the gdmmonitor role on: ' + @databaseName + ''' ' +
'exec sp_addrole ''gdmmonitor'' ' +
'/* Grant select privileges to the role for MSSql Common */ ' +
'PRINT ''==> Granting common SELECT privileges on: ' + @databaseName + ''' ' +
'GRANT SELECT ON dbo.sysmembers TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysobjects TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysprotects TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysusers TO gdmmonitor ' +
'GRANT SELECT ON dbo.sysfiles TO gdmmonitor ' +
'GRANT SELECT ON dbo.syspermissions TO gdmmonitor ' +
'/* Check if the version is 2005 or greater */ ' +
'IF (' + @dbVer + ' != ''2000'') ' +
'BEGIN ' +
'/* Grant select privileges to the role for MSSql 2005 and above */ ' +
'PRINT ''==> Granting MSSql 2005 and above SELECT privileges on: ' + @databaseName + ''' ' +
'GRANT SELECT ON sys.database_permissions TO gdmmonitor ' +
'GRANT SELECT ON sys.all_objects TO gdmmonitor ' +
'GRANT SELECT ON sys.database_principals TO gdmmonitor ' +
'GRANT SELECT ON sys.sysfiles TO gdmmonitor ' +
'GRANT SELECT ON sys.database_role_members TO gdmmonitor ' +
'END ' +
'/* Re-add the dropped members */ ' +
'IF EXISTS (SELECT 1 FROM #rolemember) ' +
'BEGIN ' +
'PRINT ''==> Re-adding the gdmmonitor role members on: ' + @databaseName + ''' ' +
'DECLARE DropCursor CURSOR FOR SELECT membername from #rolemember ' +
'OPEN DropCursor ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'WHILE @@Fetch_Status = 0 ' +
'BEGIN ' +
'PRINT ''==> Re-adding member: '' + @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'exec(''EXEC sp_addrolemember ''''gdmmonitor'''', '''''' + @memberName' + cast(@dbcounter as varchar(5)) + ' + '''''';'') ' +
'FETCH DropCursor INTO @memberName' + cast(@dbcounter as varchar(5)) + ' ' +
'END ' +
'CLOSE DropCursor ' +
'DEALLOCATE DropCursor ' +
'END ' +
'/* drop the temporary table */ ' +
'DROP TABLE #rolemember ' +
'PRINT ''<<<==================================================================<<<'' ' +
'PRINT ''<<< END of role creation on: ' + @databaseName + ''' ' +
'PRINT ''<<<==================================================================<<<'' ' +
'PRINT '' ''' +
'PRINT '' '''
execute (@executeString)
FETCH DatabaseCursor INTO @databaseName
END
CLOSE DatabaseCursor
DEALLOCATE DatabaseCursor
-- Adding user to all the databases
-- and grant gdmmonitor role, only if login exists.
PRINT '>>>==================================================================>>>'
PRINT '>>> Add and Grant gdmmonitor role to: ''' + @Guardium_user + ''''
PRINT '>>> on all databases.'
PRINT '>>>==================================================================>>>'
USE master
/* Check if @Guardium_user is a login exist, if not do nothing.*/
IF NOT EXISTS (select * from syslogins where name = @Guardium_user)
BEGIN
PRINT ''
PRINT '************************************************************************'
PRINT '*** ERROR: Could not find the login: ''' + @Guardium_user + ''''
PRINT '*** Please add the login and re-run this script.'
PRINT '************************************************************************'
PRINT ''
END
ELSE
BEGIN
DECLARE @counter AS smallint
set @counter = 0
-- This loop runs 4 time just to make sure that the @Guardium_user gets added to all db.
-- 99% of the time, this is totally unnecessary. But in some rare case on SQL 2005
-- the loop skips some databases when it tried to add the @Guardium_user.
-- After two to three executions, the user is added in all the dbs.
-- Might be a SQL Server bug.
WHILE @counter <= 3
BEGIN
set @counter = @counter + 1
set @databaseName = ''
set @executeString = ''
DECLARE DatabaseCursor CURSOR FOR SELECT name from sysdatabases
where not (status & 1024 > 1)
--read only
and not (status & 4096 > 1)
--single user
and not (status & 512 > 1)
--offline
and not (status & 32 > 1)
--loading
and not (status & 64 > 1)
--pre recovery
and not (status & 128 > 1)
--recovering
and not (status & 256 > 1)
--not recovered
and not (status & 32768 > 1)
--emergency mode
OPEN DatabaseCursor
FETCH DatabaseCursor INTO @databaseName
WHILE @@Fetch_Status = 0
BEGIN
set @databaseName = '"' + @databaseName + '"'
set @executeString = ''
set @executeString = 'use ' + @databaseName + ' ' +
'/*Check if the login already has access to this database */ ' +
'IF EXISTS (select * from sysusers where name = ''' + @Guardium_user + ''' and islogin = 1) ' +
'BEGIN ' +
'/*Check if login already have gdmmonitor role*/ ' +
'IF NOT EXISTS (SELECT usr.name FROM dbo.sysusers usr, dbo.sysmembers mbr WHERE usr.uid = mbr.memberuid ' +
'AND mbr.groupuid = (SELECT uid FROM dbo.sysusers WHERE name = ''gdmmonitor'') ' +
'AND usr.name = ''' + @Guardium_user + ''') ' +
'BEGIN ' +
'PRINT ''==> Granting gdmmonitor role to ' + @Guardium_user + ' on database ' + @databaseName + ''' ' +
'execute sp_addrolemember ''gdmmonitor''' + ', [' + @Guardium_user + '] ' +
'PRINT '' ''' +
'END ' +
'END ' +
'IF NOT EXISTS (select * from sysusers where name = ''' + @Guardium_user + ''' and islogin = 1) ' +
'BEGIN ' +
'PRINT ''==> Adding user [' + @Guardium_user + '] to database: ' + @databaseName + ''' ' +
'execute sp_adduser [' + @Guardium_user + '] ' +
'PRINT ''==> Granting gdmmonitor role to ' + @Guardium_user + ' on database ' + @databaseName + ''' ' +
'execute sp_addrolemember ''gdmmonitor''' + ', [' + @Guardium_user + '] ' +
'PRINT '' ''' +
'END '
execute (@executeString)
FETCH DatabaseCursor INTO @databaseName
END
CLOSE DatabaseCursor
DEALLOCATE DatabaseCursor
END -- end while
-- Required for Version 2005 or greater.
IF (@dbVer != '2000')
BEGIN
-- Grant system privileges to the @guardium_user. This is a requirement for >= SQL 2005
-- or else some system catalogs will filter our result from assessment test.
-- This will show up in sys.server_permissions view.
PRINT '==> Granting catalog privileges to: ''' + @Guardium_user + ''''
execute ('grant VIEW ANY DATABASE to [' + @Guardium_user + ']' )
execute ('grant VIEW ANY DEFINITION to [' + @Guardium_user + ']' )
END
PRINT '<<<==================================================================<<<'
PRINT '<<< Finished Adding and Granting gdmmonitor role to: ''' + @Guardium_user + ''''
PRINT '<<< on all databases.'
PRINT '<<<==================================================================<<<'
PRINT ''
END
GO

Thanks a lot Sir... it worked.
Can you also help me in troubleshooting below issue?
This script is working fine on all databases except one MS SQL 2005 database. build of this database is 9.00.3042.00
SA account with highest privileges is been used for script execution. errors received are as follow:
>>>==================================================================>>>
>>> Creating role: "gdmmonitor" at the server level.
>>>==================================================================>>>
==> Granting MSSSQL 2005 and above setupadmin server role
==> Starting MSSql 2005 role creation on database: master
(0 row(s) affected)
==> Dropping the gdmmonitor role members on: master
==> Creating the role gdmmonitor on: master
Msg 15002, Level 16, State 1, Procedure sp_addrole, Line 16
The procedure 'sys.sp_addrole' cannot be executed within a transaction.
==> Granting common SELECT privileges on: master
Msg 15151, Level 16, State 1, Line 117
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 118
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 119
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 120
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 121
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 122
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 123
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 124
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 125
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 126
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
==> Granting common EXECUTE privileges on: master
Msg 15151, Level 16, State 1, Line 130
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 131
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 132
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 133
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 134
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 135
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 136
Cannot find the user 'gdmmonitor', because it does not exist or you do not have permission.

Minimum privileges needed to create a new page at runtime

Some body know the minimum privileges needed by a user to create a new page at runtime (using PORTAL.WWSBR_API.add_folder). Actualy the user have MANAGE_CONTENT on the parent page where the page need to be create by we got an exception (If we had the MANAGE_CONTENT on the page group, we dont receive this exception)
thanks
J.
Message was edited by:
user510720

You'll need to set the "series" property of the chart. This will be an array of BarSeries objects.
You may also need to set the horizontalAxis and verticalAxis properties for the chart. (I forget if there are defaults for these.)

Minimum permission set to create users

Similar Messages

Maybe you are looking for