NEWBIE: Database vs. Schema
I'm a student coming from a MS SQL environment. I couldn't figure out how to create a new database in XE. Is an Oracle schema the equivalent of a SQL database?
I was not able to locate any documentation discussing the differences. Any help or links would be greatly appreciated.
I never connected to ms sql environment, so I cannot tell for sure, but will try to describe how it works in Oracle.
In Oracle terminology a database is just a set of files (datafiles, redo logs, control files...). A database may be opened by one or more (->rac) instances (an instance is only some processes... PMON, SMON etc... plus some memory... SGA)
When the database is opened by an instance you can connect and create users, and assign them resources (disk space, via quotas on tablespaces). Users create objects in their space, and these objects constitute the schema.
Object in a schema may be (or not) granted permissions to other schemas (you can select on tables belonging to other schemas)
You do not need to create a new database (in fact XE is limited in this, you can only run one per time), but you can create as many users and schemas you like, providing in this way necessary isolation among applications.
Hope this helps,
Andrea
Similar Messages
-
I'm trying to create a new subscriptions on an existing report and get the following error.
An internal error occurred on the report server. See the error log for more details. (rsInternalError) Get Online Help
Get Online Help
EXECUTE permission denied on object 'xp_sqlagent_notify', database 'mssqlsystemresource', schema 'sys'.
I ran the following that was suggested in http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=17774&SiteID=1. But still I get the same error. Do I need a reboot or restart of the services?
The only log file information I can find contains the following.
System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: An internal error occurred on the report server. See the error log for more details. ---> Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details. ---> System.Data.SqlClient.SqlException: EXECUTE permission denied on object 'xp_sqlagent_notify', database 'mssqlsystemresource', schema 'sys'.
--- End of inner exception stack trace ---
at Microsoft.ReportingServices.WebServer.ReportingService2005.ListSchedules(Schedule[]& Schedules)
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.SqlServer.ReportingServices2005.ReportingService2005.ListSchedules()
at Microsoft.SqlServer.ReportingServices2005.RSConnection.ListSchedules()
at Microsoft.ReportingServices.UI.SharedScheduleDropDown.EnsureSchedulesAreLoaded()
at Microsoft.ReportingServices.UI.SharedScheduleDropDown.SharedScheduleDropDown_Load(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
aspnet_wp!ui!1!17/10/2006-08:44:26:: e ERROR: Exception in ShowErrorPage: System.Threading.ThreadAbortException: Thread was being aborted.
at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.End()
at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm)
at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg) at at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.End()
at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm)
at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)
aspnet_wp!extensionfactory!e!17/10/2006-09:35:13:: w WARN: The extension Report Server Email does not have a LocalizedNameAttribute.
aspnet_wp!extensionfactory!e!17/10/2006-09:35:13:: w WARN: The extension Report Server FileShare does not have a LocalizedNameAttribute.
aspnet_wp!ui!e!17/10/2006-09:35:13:: e ERROR: System.Web.Services.Protocols.SoapException: An internal error occurred on the report server. See the error log for more details. ---> Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details. ---> System.Data.SqlClient.SqlException: EXECUTE permission denied on object 'xp_sqlagent_notify', database 'mssqlsystemresource', schema 'sys'.
--- End of inner exception stack trace ---
at Microsoft.ReportingServices.WebServer.ReportingService2005.ListSchedules(Schedule[]& Schedules)
aspnet_wp!ui!e!17/10/2006-09:35:13:: e ERROR: HTTP status code --> 200
I cannot find any other error log.
Can anybody help?
Tuesday, October 17, 2006 8:49 AM
Reply
|
Quote
All replies
0
Sign in to vote
Sorry for the late reply. Try this: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=662319&SiteID=1
Thursday, November 16, 2006 2:51 AM
Reply
|
Quote
Answerer
0
Sign in to vote
GRANT EXECUTE ON master.dbo.xp_sqlagent_notify TO RSExecRole
GO
solved my problem.
Proposed as answer by
Christopher D. Stover
Monday, September 16, 2013 6:52 PM
Monday, September 16, 2013 6:51 PM
Reply
|
Quote
0
Sign in to vote
Tried that but no joy. Found this post on SQLServerCentral, solved our issue which mimic's the posters issue. Just adding here as this is the first result in our search.
Look for Topic452669-150-1
There are a number of places I found with the information in the following
link:
http://phew-meme.blogspot.com/2007/10/reporting-service-on-report.html
In
my specific case, the RsExecRole role in both the "master" and "msdb" databases
had had both the "NT Authority\Network Service" and "NTAuthority\System" logins
removed from its members (the RSExecRole had had all its members removed by
someone doing some maintenance). I compared another Reporting Services
installation on another server after reading information in the above
link.
Steps:
1. In Mangement Studio connect to the SQL Server instance
on which Reporting Services runs.
2. Databases > system Databases
3.
master > Security > Roles > RSExecRole (then add whatever logins are
required... check in the ReportServer or ReportServerTempDB databases if you're
not sure)
4. msdb > Security > Roles > RSExecRole (add the same
logins you did to the master DB)
In the end you need the same logins in
RSExecRole role for the master, msdb, ReportServer, and ReportServerTempDB
databases. ("ReportServer" is the default Reporting Services database name, in
case that's not clear ;)
Monday, March 31, 2014 1:24 PM
Reply
|
Quote
if (!$.Microsoft) $.Microsoft = {};
if (!$.Microsoft.Mtps) $.Microsoft.Mtps = {};
if (!$.Microsoft.Mtps.NetReflectorInit)
$.Microsoft.Mtps.NetReflectorInit = {
surveyUrl: 'http://support.microsoft.com/common/survey.aspx?scid=sw%3ben%3b3763&altstyle=narrow&renderoption=overridedefault&theme=tech&url=http://social.technet.microsoft.com/Forums/en-US/3fcc7b54-ce84-48c2-9004-baaac07f2515/execute-permission-denied-on-object-xpsqlagentnotify-database-mssqlsystemresource-schema?forum=sqlreportingservices&P0=055ccfc1-78f5-46ff-8171-33f8ff760a7c',
throttleRate: "5.00",
privacyStatementText: "Privacy statement",
trackerWindowText: "Please do not close this window.Thank you! The survey will appear here when you've completed your visit, so please do not close this window.",
logoUrl: 'https://www.microsoft.com/library/svy/sto/technet_logo.gif',
closeButtonUrl: 'https://www.microsoft.com/library/svy/sto/technet-close.gif',
topBarUrl: 'https://www.microsoft.com/library/svy/sto/top-stripe.gif',
bottomBarUrl: 'https://www.microsoft.com/library/svy/sto/bottom-stripe.gif',
blankPage: 'https://social.technet.microsoft.com/forums/blank.htm',
showSurveyToComscoreUser: 'no'
setTimeout("Forums.loadScript('https://i1.social.s-msft.com/Forums/resources/NetReflector/NetReflector.js?cver=0%0d%0a')", 1000);
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.
Would you like to participate?
Privacy statement
© 2015 Microsoft. All rights reserved.
Newsletter|Contact Us|Privacy Statement|Terms of Use|Trademarks|Site Feedback
TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Internet Explorer
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Lync
See all products »
Resources
Curah! curation service
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Subscriptions
TechNet Video
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Microsoft Update
Trials
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Related Sites
Microsoft Download Center
TechNet Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
e-Learning overview
Certifications
Certification overview
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Other resources
TechNet Events
Second shot for certification
Born To Learn blog
Find technical communities in your area
Support options
For small and midsize businesses
For enterprises
For developers
For IT professionals
From partners
For technical support
Support offerings
For home users
More support
Microsoft Premier Online
Microsoft Fix It Center
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
var railItems = ["/Forums/en-US/rightrailannouncement/Technet/1794d07f-9d4e-4dc0-8c1c-8bfe9d5e0bce"];
var pageData = {"validUser":false,"autoSubscribe":false};
var userEmailConfigured = false;
$(document).ready(function () {
Forums.ThreadPage.wirePageElements('Search forum questions');Tried that but no joy. Found this post on SQLServerCentral, solved our issue which mimic's the posters issue. Just adding here as this is the first result in our search.
Look for Topic452669-150-1
There are a number of places I found with the information in the following
link:
http://phew-meme.blogspot.com/2007/10/reporting-service-on-report.html
In
my specific case, the RsExecRole role in both the "master" and "msdb" databases
had had both the "NT Authority\Network Service" and "NTAuthority\System" logins
removed from its members (the RSExecRole had had all its members removed by
someone doing some maintenance). I compared another Reporting Services
installation on another server after reading information in the above
link.
Steps:
1. In Mangement Studio connect to the SQL Server instance
on which Reporting Services runs.
2. Databases > system Databases
3.
master > Security > Roles > RSExecRole (then add whatever logins are
required... check in the ReportServer or ReportServerTempDB databases if you're
not sure)
4. msdb > Security > Roles > RSExecRole (add the same
logins you did to the master DB)
In the end you need the same logins in
RSExecRole role for the master, msdb, ReportServer, and ReportServerTempDB
databases. ("ReportServer" is the default Reporting Services database name, in
case that's not clear ;) -
I have created a PowerShell script that automates enabling users for Lync and setting policies based on group membership. I've successfully tested this script under my domain admin account and now I am working on getting it running as a scheduled task.
Since all the script really does related to Lync is run the commands Enable-CsUser, Set-CsUser, and Grant-Cs<policy name>Policy, I elected to create a service account that only has Lync user administration permissions. Initially, this user account
was just a member of CSUserAdministration but this was not working so I added the user to RTCUniversalUserAdmins based on some other information I found.
This change got me by the various access denied errors I was getting in the script, but now I am getting the following error when I run the Enable-CsUser part:
Enable-CsUser : The EXECUTE permission was denied on the object 'XdsPublishItems', database 'xds', schema 'dbo'.
At line:1 char:1
+ Enable-CsUser -Identity <redacted> -RegistrarPool <redacted> - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Enable-CsUser], SqlException
+ FullyQualifiedErrorId : System.Data.SqlClient.SqlException,Microsoft.Rtc.Management.AD.Cmdlets.EnableOcsUserCmdl
et
This seems to be some sort of permission error related to the permissions on the SQL database "xds". I checked, and RTCUniversalUserAdmins is a member of both CsUserAdministration and RTCUniversalReadOnlyAdmins. This latter group does
have permissions on the xds database. It appears to be granted the "public" role on the database server. The User Mapping shows the following users mapped to the login:
cpsdyn: public,ReadOnlyRole
lis: public,ReadOnlyRole
rgsconfig: public,ReadOnlyRole
rgsdyn: public,ReadOnlyRole
rtcxds: public,ConsumerRole
xds: public,ConsumerRole
Even though I receive this error, the user is actually added to Lync. Follow-up Set-CsUser and Grant-Cs<policy name>Policy cmdlets succeed just fine.
What do I need to do to fix this error message?The issue is not related to UAC / Run As Administrator / Run With Highest Privileges. I have verified that accounts granted only the CS User Administrator role simply do not have access to the XdsPublishItems stored procedure in the Lync xds database,
even if they are members of RTCUniversalUserAdmins.
Also, it does not have anything to do with my script. Even if I grant my service account that local Administrator rights on the Lync front-end server, log into the server with that account, and run the Lync Server Management Shell as administrator
and then do just the Enable-CsUser cmdlet (not my whole script), I get the same error.
I ended up opening a Microsoft support case (#114040311332658) and it has been going on for weeks now. Eventually they just told me that I needed to either have my script establish a remote PowerShell session to Lync or install the Lync management
tools on another server and have the script call the Lync Server Management Shell from that server. They say this because the Planning for Role-Based Access Control documentation (http://technet.microsoft.com/en-us/library/gg425917.aspx)
has the following tip:
"RBAC restrictions work only on administrators working remotely, using either the Lync Server Control Panel or Lync Server Management Shell. A user sitting at a server running Lync Server is not restricted by RBAC. Therefore, physical security of your
Lync Server is important to preserve RBAC restrictions."
I did attempt to run a PowerShell instance on my workstation as the service account, establish a remote PowerShell session to the Lync front-end server, and then run Enable-CsUser and I can confirm that it does run successfully and I do not receive an error
of any kind.
I told the support personnel that the tip stating that RBAC doesn't actually restrict permissions if running PowerShell on the server itself doesn't mean that you simply cannot run PowerShell cmdlets and scripts on the server, it just means that the user
running the cmdlet or script won't have their accessible cmdlets limited to only those granted to the role assigned. I told them I want a description of what the XdsPublishItem stored procedure does at a high level so I can determine if the error can
just be simply ignored in this case. I'm still waiting for them to get back to me on that.
They did say they tested it on their end and confirm the same behavior in their test environment. They also said that it doesn't seem to have any sort of negative impact on the functionality of the enabled Lync user or the consistency of the SQL database.
That said, I don't want to just take their word for it without them knowing what XdsPublishItem does. -
I get the error message: The EXECUTE permission was denied on the object 'sp_send_dbmail', database 'msdb', schema 'dbo'. This happens when I run a job, even though the user has the correct permission on sp_send_dbmail and is a user in msdb.
If I run the procedure through SSMS it runs just fine and sends the mail.
I have run out of things to look for, any ideas on what else it could be?
Thanks in advance,
NancyTo send Database mail, users must be a user in the msdb database and a member of the
DatabaseMailUserRole database role in the msdb database. To add
msdb users or groups to this role use SQL Server Management Studio or execute the following statement for the user or role that needs to send Database Mail.
EXEC msdb.dbo.sp_addrolemember @rolename = 'DatabaseMailUserRole'
,@membername = '<user or role name>';
GO
http://technet.microsoft.com/en-us/library/ms188719(v=sql.105).aspx
Regards, RSingh -
I have a SQL Server connected intro a Windows Server 2003 Domain Active Directory, the server holds a default instance with a single Database, the SQL Server is 2005 Std Edition, and is using mix mode Authentification, then I able to create SQL Native Users
and Invoque Windows Domain Users also.
The Goal of this project is remove the sysadmin Server role for all the Windows Domain Users, to give then a more granular secure model but at the moment is this only way to connect at the Data Base Server.
I already create Native SQL Servers users without any problem!, they respect Securable Setting, Server Roles, User Mapping, everything...Just when I create a Login Profile form a Domain Users and apply the same setting, I get this error...
The SELECT permissions was denied on the object 'extended_properties', database 'mssqlsystemresource', schema 'sys'.(Microsoft SQL Server, Error:229)
But if the user have sysadmin Server Rol he can sing over the server without any issue, I review the .sys view extended_properties and "Public" is the only Database Role placed.
Any Idea if I need change any Setting in the Secure in SQL Master DataBase? or which is the issue witjh this matter?
Thank in advance for your help!Since there are so many possibilities for what might be wrong. Here's another possibility to look at. I ran into something where I had set up my own roles on a database. (For instance, "Administrator", "Manager", "DataEntry",
"Customer", each with their own kinds of limitations) The only ones who could use it were "Manager" role or above--because they were also set up as sysadmin because they were adding users to the database (and they were highly trusted).
Also, the users that were being added were Windows Domain users--using their domain credentials. (Everyone with access to the database had to be on our domain, but not everyone on the domain had access to the database--and only a few of them had access
to change it.)
Anyway, this working system suddenly stopped working and I was getting error messages similar to the above. What I ended up doing that solved it was to go through all the permissions for the "public" role in that database and add those permissions
to all of the roles that I had created. I know that everyone is supposed to be in the "public" role even though you can't add them (or rather, you can "add" them, but they won't "stay added").
So, in "SQL Server Management Studio", I went into my application's database, in other words (my localized names are obscured within <> brackets): "<Computername> (SQL Server <version> - sa)"\Databases\<MyAppDB>\Security\Roles\Database
Roles\public". Right-click on "public" and select "Properties". In the "Database Role Properties - public" dialog, select the "Securables" page. Go through the list and for each element in the
list, come up with an SQL "Grant" statement to grant exactly that permission to another role. So, for instance, there is a scalar function "[dbo].[fn_diagramobjects]" on which the "public" role has "Execute" privilege.
So, I added the following line:
EXEC ( 'GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @RoleName + '];' )
Once I had done this for all the elements in the "Securables" list, I wrapped that up in a while loop on a cursor selecting through all the roles in my roles table. This explicitly granted all the permissions of the "public" role to
my database roles. At that point, all my users were working again (even after I removed their "sysadmin" access--done as a temporary measure while I figured out what happened.)
I'm sure there's a better (more elegant) way to do this by doing some kind of a query on the database objects and selecting on the public role, but after about half and hour of investigating, I wasn't figuring it out, so I just did it the brute-force method.
In case it helps someone else, here's my code.
CREATE PROCEDURE [dbo].[GrantAccess]
AS
DECLARE @AppRoleName AS sysname
DECLARE AppRoleCursor CURSOR LOCAL SCROLL_LOCKS FOR
SELECT AppRoleName FROM [dbo].[RoleList];
OPEN AppRoleCursor
FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
WHILE @@FETCH_STATUS = 0
BEGIN
EXEC ( 'GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_alterdiagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_creatediagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_dropdiagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_helpdiagramdefinition] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_helpdiagrams] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_renamediagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_objects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_sql_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_views] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[allocation_units] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assemblies] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_files] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_references] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[asymmetric_keys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[certificates] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[change_tracking_tables] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[check_constraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[column_type_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[column_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[computed_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[conversation_endpoints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[conversation_groups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[conversation_priorities] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[crypt_properties] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[data_spaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_audit_specification_details] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_audit_specifications] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_files] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_permissions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_principal_aliases] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_principals] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_role_members] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[default_constraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[destination_data_spaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[event_notifications] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[events] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[extended_procedures] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[extended_properties] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[filegroups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[foreign_key_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[foreign_keys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_catalogs] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_catalog_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_fragments] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_stoplists] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_stopwords] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[function_order_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[identity_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[index_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[internal_tables] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[key_constraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[key_encryptions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[message_type_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[module_assembly_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[numbered_procedure_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[numbered_procedures] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[objects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[parameter_type_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[parameter_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_functions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_range_values] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_schemes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partitions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[plan_guides] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[procedures] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[remote_service_bindings] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[routes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[schemas] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_contract_message_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_contract_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_contracts] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_message_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_queue_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_queues] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[services] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[spatial_index_tessellations] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[spatial_indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sql_dependencies] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sql_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[stats] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[stats_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[symmetric_keys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[synonyms] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[syscolumns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[syscomments] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysconstraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysdepends] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysfilegroups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysfiles] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysforeignkeys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysfulltextcatalogs] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysindexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysindexkeys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysmembers] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysobjects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[syspermissions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysprotects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysreferences] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_objects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_sql_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_views] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[systypes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysusers] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[table_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[tables] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[transmission_queue] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[trigger_events] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[triggers] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[type_assembly_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[views] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_attributes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_collections] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_component_placements] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_components] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_elements] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_facets] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_model_groups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_namespaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_wildcard_namespaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_wildcards] TO [' + @AppRoleName + '];' )
FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
END
CLOSE AppRoleCursor
RETURN 0
GO
Once that is in the system, I just needed to "Exec GrantAccess" to make it work. (Of course, I have a table [RoleList] which contains a "AppRoleName" field that contains the names of the database roles.)
So, the mystery remains: why did all my users lose their "public" role and why could I not give it back to them? Was this part of an update to SQL Server 2008 R2? Was it because I ran another script to delete each user and add them back
so to refresh their connection with the domain? Well, this solves the issue for now.
One last warning: you probably should check the "public" role on your system before running this to make sure there isn't something missing or wrong, here. It's always possible something is different about your system.
Hope this helps someone else. -
I have created a user and given him the owner rights for the database. Though I can LogIn as the user, I cannot access the databases. I am having the error mesage:
Failed to retrieve data for this request. (Microsoft.SqlServer.Management.Sdk.Sfc)
For help, click:
http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&LinkId=20476
ADDITIONAL INFORMATION:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
The SELECT permission was denied on the object 'extended_properties', database 'mssqlsystemresource', schema 'sys'. (Microsoft SQL Server, Error: 229)
For help, click:
http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=10.50.1600&EvtSrc=MSSQLServer&EvtID=229&LinkId=20476
Sha_woopSince there are so many possibilities for what might be wrong. Here's another possibility to look at. I ran into something where I had set up my own roles on a database. (For instance, "Administrator", "Manager", "DataEntry", "Customer",
each with their own kinds of limitations) The only ones who could use it were "Manager" role or above--because they were also set up as sysadmin because they were adding users to the database (and they were highly trusted). Also, the users that
were being added were Windows Domain users--using their domain credentials. (Everyone with access to the database had to be on our domain, but not everyone on the domain had access to the database--and only a few of them had access to change it.)
Anyway, this working system suddenly stopped working and I was getting error messages similar to the above. What I ended up doing that solved it was to go through all the permissions for the "public" role in that database and add those permissions to
all of the roles that I had created. I know that everyone is supposed to be in the "public" role even though you can't add them (or rather, you can "add" them, but they won't "stay added").
So, in "SQL Server Management Studio", I went into my application's database, in other words (my localized names are obscured within <> brackets): "<Computername> (SQL Server <version> - sa)"\Databases\<MyAppDB>\Security\Roles\Database
Roles\public". Right-click on "public" and select "Properties". In the "Database Role Properties - public" dialog, select the "Securables" page. Go through the list and for each element in the list, come up with an SQL "Grant" statement to
grant exactly that permission to another role. So, for instance, there is a scalar function "[dbo].[fn_diagramobjects]" on which the "public" role has "Execute" privilege. So, I added the following line:
EXEC ( 'GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @RoleName + '];' )
Once I had done this for all the elements in the "Securables" list, I wrapped that up in a while loop on a cursor selecting through all the roles in my roles table. This explicitly granted all the permissions of the "public" role to my database roles.
At that point, all my users were working again (even after I removed their "sysadmin" access--done as a temporary measure while I figured out what happened.)
I'm sure there's a better (more elegant) way to do this by doing some kind of a query on the database objects and selecting on the public role, but after about half and hour of investigating, I wasn't figuring it out, so I just did it the brute-force method.
In case it helps someone else, here's my code.
CREATE PROCEDURE [dbo].[GrantAccess]
AS
DECLARE @AppRoleName AS sysname
DECLARE AppRoleCursor CURSOR LOCAL SCROLL_LOCKS FOR
SELECT AppRoleName FROM [dbo].[RoleList];
OPEN AppRoleCursor
FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
WHILE @@FETCH_STATUS = 0
BEGIN
EXEC ( 'GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_alterdiagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_creatediagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_dropdiagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_helpdiagramdefinition] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_helpdiagrams] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_renamediagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_objects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_sql_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_views] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[allocation_units] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assemblies] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_files] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_references] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[asymmetric_keys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[certificates] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[change_tracking_tables] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[check_constraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[column_type_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[column_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[computed_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[conversation_endpoints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[conversation_groups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[conversation_priorities] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[crypt_properties] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[data_spaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_audit_specification_details] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_audit_specifications] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_files] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_permissions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_principal_aliases] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_principals] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_role_members] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[default_constraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[destination_data_spaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[event_notifications] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[events] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[extended_procedures] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[extended_properties] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[filegroups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[foreign_key_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[foreign_keys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_catalogs] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_catalog_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_fragments] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_stoplists] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_stopwords] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[function_order_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[identity_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[index_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[internal_tables] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[key_constraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[key_encryptions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[message_type_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[module_assembly_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[numbered_procedure_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[numbered_procedures] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[objects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[parameter_type_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[parameter_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_functions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_range_values] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_schemes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partitions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[plan_guides] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[procedures] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[remote_service_bindings] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[routes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[schemas] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_contract_message_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_contract_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_contracts] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_message_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_queue_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_queues] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[services] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[spatial_index_tessellations] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[spatial_indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sql_dependencies] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sql_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[stats] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[stats_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[symmetric_keys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[synonyms] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[syscolumns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[syscomments] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysconstraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysdepends] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysfilegroups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysfiles] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysforeignkeys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysfulltextcatalogs] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysindexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysindexkeys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysmembers] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysobjects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[syspermissions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysprotects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysreferences] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_objects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_sql_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_views] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[systypes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysusers] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[table_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[tables] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[transmission_queue] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[trigger_events] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[triggers] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[type_assembly_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[views] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_attributes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_collections] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_component_placements] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_components] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_elements] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_facets] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_model_groups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_namespaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_wildcard_namespaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_wildcards] TO [' + @AppRoleName + '];' )
FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
END
CLOSE AppRoleCursor
RETURN 0
GO
Once that is in the system, I just needed to "Exec GrantAccess" to make it work. (Of course, I have a table [RoleList] which contains a "AppRoleName" field that contains the names of the database roles.)
So, the mystery remains: why did all my users lose their "public" role and why could I not give it back to them? Was this part of an update to SQL Server 2008 R2? Was it because I ran another script to delete each user and add them back so to refresh
their connection with the domain? Well, this solves the issue for now.
One last warning: you probably should check the "public" role on your system before running this to make sure there isn't something missing or wrong, here. It's always possible something is different about your system.
Hope this helps someone else. -
Permission denied on object 'PSOPRDEFN' database 'FSCM' schema 'dbo'
Hi,
I get the following error when i try to login in 2 tier thru App Designer.
SELECT permission denied on object 'PSOPRDEFN' database 'FSCM' schema 'dbo'...Just to give a little background...Since i was installing PS FSCM 9 on my new machiine, I did not create a new DB, as I had the mdf and ldf files from my earlier machine. All i did was to add the DB thru SQL Server management studio. I have executed the grant and connect.sql. Both have executed successfully. But I am still unable to login. I also tried altering the authorization on my DB, but that did not work either
Thank YouHi Nicolas,
I was installing PS FSCM9 on my new personal machine. Since I had my "MDF" and "LDF" files for FSCM 9 DB (from my previous machine), I did not create a new DB for my new Install of PeopleTools. I simply copied the DB files to my new machine.
I can login into the DB using sa/sa1. But when I try logging in using App Designer in 2 Tier, it pops up the error mentioned. I ran the Grant/connect sql's again, but that did not help. i did run alter authorization script for the 3 tables PSACCESSPRFL, PSSTATUS and PSOPRDEFN, and granted them access to people, but that did not work out.
Thank you -
Why does "SELECT * FROM [database].[schema].[table]" not work in Azure ?
Hi all
In Microsoft Azure I have 2 databases.
I work since more than 10 years with T-SQL and I always use
fully qualified object names, means "[database].[schema].[table]".
When I now make a connection to my database "A" in Azure and
write a Query against database "B" ("SELECT * FROM [B].[schema].[table]")
I get an exception. Of course when I connect to database "B" it works
but again not to database "A". When I use "SELECT * FROM [schema].[table]"
with the right database connected, it also works in Azure.
Hope you understand what I mean :-)
In MS-SQL, this of course works fine.
Well my question is: What sense does this make ??
Do I now have to re-write everything just for azure or will this behavior changed sometimes ?
I know MS-SQL is not the same like Azure-SQL, but hey; does Microsoft think all projects have only one database ?? :-)
Thanks for any answer
FrankHi Frank,
According to your description, you want to retrieval data cross database in SQL Azure, right?
As June said, Currently cross database joins are not supported in SQL Azure. Also you cannot change database mid query so you cannot, for example, put a USE [MyDB] in your query either. Please refer to the link below to see the details.
http://www.britishdeveloper.co.uk/2011/11/cross-database-joins-in-sql-azure.html
If you have any concern about this behavior, you can submit a feedback at
http://connect.microsoft.com/SQLServer/Feedback and hope it is resolved in the next release of service pack or product. Your feedback enables Microsoft to make software and services the best that they can be, Microsoft might consider to add this feature
in the following release after official confirmation.
Regards,
Charlie Liao
TechNet Community Support -
Oracle Headstart Designer 2.1.2 Utilities - Database Auth Scheme DB.030
I'm trying to use the Database Auth Scheme DB.030, but without
much success.
I've created roles and users, granted system priviliges and run
the .sql file. I added a role to a module under its Security
tab, open Headstart Utilities and select my database, new role
and correct schema in DB.030. When I hit Run, I get the
following information: -
Information
Message
Deleted old group object privileges created by this utility.
Created privilege for group 'CC_OP' and
table 'OSS_ANONYMOUS_REQ_DEFS'.
Created privilege for group 'CC_OP' and table 'OSS_DOCUMENTS'.
Modified privilige for group 'CC_OP' and table 'OSS_DOCUMENTS'.
I was expecting to see extra entries in role_tab_privs, but
nothing extra gets added.
Has anyone got a guide to using DB.030, or can tell me what I'm
doing wrong. There isn't any information about DB.030 in my
Utilities manual.
Thanks.I'm not aware of any bugs related to this code.
In you utility preferences window, set the debug level to 'Debug
Detailed'. This will cause your log file to give you much more
information. You can examine the utility code to try to
determine where it might be going wrong. You can find the name
of the utility package in the online help for the utility. You
can then use something like PL/SQL Developer to examine the code.
Regards,
Lauri -
How many domains can share a single set of database repository schemas?
How many domains can share a single set of database repository schemas (created by the RCU)?
What is the best practice in an environment with many domains/WLS servers/applications and a desire to manage minimum database MW repository schemas?Hi,
You can't share the same repository for multiple domains.
http://docs.oracle.com/cd/E23943_01/web.1111/e13716/understand_domains.htm#i1102627
(Please mark question as answered or helpful)
Arik -
Help with database autentication schemes
Hi
I am new to apex, especialy with database autentication schemes, and I need some help with creating login credentials for 3 types of users from a table in my database.
Any help and guidance would be apriciated.
Thanks in advance,
VoislavWhat Oracle Version you are using?
-
Want to use Oracle DB as the database for virtue hosting for mutiple web applications.
Option One: Create one database (or Instance) with multiple shema(s), with each Schema for a web application to access.
Option Two: Each web application has its own database (or Instance)
The Database will be located in the same machine. In general which option is more feasible in terms of maintenance and speed?
Thanks.
Scott
It appears to me the second option is better, but the memory may become an issue, for so many database instances will be loaded to the RAM. The[b] first option may save some memory. But each shema will be hit by many users (such as hundreds). I wonder if use of the schema is feasible.Whether you have 1 database on the server or multiple, each user session will be consuming memory, making requests for disk i/o, etc. However, each instance will introduce overhead into the memory and cpu and each database will introduce overhead into the i/o subsystem. Assuming there are not technical or political reasons for segregating the applications into their own database, 1 database with multiple schemas will probably run faster and be easier to maintain than multiple databases.
You must also consider other factors. What if these applications need to have different versions/patches of Oracle? VendorA only supports 8.1.7 and VendorB only supports 9.2.0.4. This requires separate databases. Applications might have different uptime and recoverability requirements. Politics or security concerns may dictate that ApplicationA and ApplicationB be totally separate.
In short, there is not 1 option that is always preferrable to another. Take time to think through possible scenarios and worst cases. Put together a cost-benefit analysis and risk assessment and present it to management. -
Database Project Schema Compare Source Control to target database Not working
I am trying to use the schema compare feature of database project / TFS. I don't understand why it is trying to DELETE a stored procedure that exists in TFS.
The Degenerate DimensionHi MM,
Thanks for your post.
If you open this solution from a local folder(not stored in TFS), and try to compare that same file, what’s the result? We need confirm this issue relate to VS Schema Compare tool or relate to TFS Source Control first.
http://blogs.msdn.com/b/ssdt/archive/2012/03/23/schema-compare-improvements.aspx
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
11gR2 Error when installing a database and schema
I have install 11gR2 on my laptop with window 7 4gb ram 500gb hard drive
I getting this error
ORA-01503: CREATE Controlfile / Failed
and
ORA-01158: Database already mounted
i need to set up a database a 3 different schema
because i am doing a install of Hyperion Share service, Essbase and Planning
Please advisePl do not post duplicate threads - 11gR2 Error when installing a database essbase on install of 11.1.2.1
Your original thread was moved to the Essbase forums since this is Essbase related
Srini -
Database table schema with ColdFusion?
Hello all!
Is there a way to use ColdFusion to display the schema of a
table from a database done in Sybase? I tried doing an sp_help
<table name> but it only gives me the table name, object
type, and owner. I need to be able to see the different element
names and types. I am displaying my output using cfdump.
Thanks in advance for any assistance provided!IIRC the system tables used to be called sysobjects,
syscolumns, ... . Early ms sql had the same structure. But ms sql
has since added metadata "views" (called INFORMATION_SCHEMA.*)
which are now recommended over using the system tables. Sybase may
have something similar. So check the Sybase documentation to see
what objects you should be using.
Maybe you are looking for
-
[Urgent]Session terminates during DS enhancement due to big data
Hi experts, I have 0FI_GL_4 for DS enhancement. The business requirement is complicated but we have already fully optimized that ABAP code. Now our R3 side has 2.5 million records in BSEG and if we start BW initial extraction , the session will us
-
How do I add my own artwork to itunes 11?
I do the stuff on the track info 'artwork' window click add, I open the jpg I want and then move to next track but it won't save. so on the summary page it says no artwork available.Any tips? Thanks
-
Duplicate check works in GUI, but not in WEB UI
hi, I have used TREX search engine and BAS address service for BP duplicate check. this works fine on the GUI, diplaying the duplicates found. However, on the web UI, it does not show any duplicates. What seems to be the problem? PS. I have created i
-
External monitor stopped working after 10.6.7 update
I have a MacBook Pro, model identifier MacBookPro6,2 with an NVIDIA GeForce GT 330M. When I updated last night from 10.6.6 to 10.6.7 I stopped being able to use my Dell S2409W external monitor. I have tried resetting the pram, resetting the SMC, boot
-
Hello Gurus. I want to use a text element in my wad, but I want to display only the data status and the variables of input of query. But the text element is bringing me all of the information, so how can I do to bring only the data status and the var