Permission by instance (user) to a specific user ?

Similar Messages

• Can grant truncate table permission to a user?

  Whether can grant  truncate table permission to a user separately.
  I know that the role db_ddladmin can do,but the create,alter and drop permissions will be granted the same time(These permissions are not what we want to
  grant to user).
  Is there any solution?
  Best regards!!
  If you haven't all the things you want,be grateful for the things you don't have that you didn't want.

  You can't grant truncate because for whatever reason, that permission doesn't exist.  What you can do is use a stored procedure and use EXECUTE AS OWNER to get around it.
  create database foo
  go
  create login foobar with password = 'alkdsfji9eorngv';
  go
  use foo
  go
  create user foobar from login foobar;
  go
  create table test(rowid int identity)
  go
  insert into test default values;
  go
  select * from test
  go
  create procedure dbo.truncate_test
  with execute as owner
  as
  truncate table test
  go
  grant execute on dbo.truncate_test to foobar
  go
  execute as login='foobar'
  execute dbo.truncate_test
  revert
  go
  select * from test
  go
  use master
  go
  drop database foo
  drop login foobar
  This keeps your database safe and allows you to grant execute on the truncate procedure to allow them to truncate the table.Jonathan Kehayias
  http://sqlblog.com/blogs/jonathan_kehayias/
  http://www.twitter.com/SQLSarg
  http://www.sqlclr.net/
  Please click the Mark as Answer button if a post solves your problem!

• The permission granted to user "Domain\user" are insufficient for performing this operation(rsAccessDenied)

  Hello All, 
  I believe this is a very frequently-asked question in SSRS, maybe the more famous one. For many times, I solved it for others.
  But today, I spent one afternoon on this issue, unresolved. 
  My environment: SSRS 2008R2, DB in local default instance(SQL2008 R2)
  My windows account and one of my service accounts(launching my SSRS) are both in local admin group. 
  After configuring the  SSRS, in local server, open IE(run as administrator, using my domain service account) to access "http://localhost/reports". It pops this error: 
  The permissions granted to user 'Doamin\myServiceAccount' are insufficient for performing this operation. (rsAccessDenied)Get Online Help
  Going back to my desktop, Open IE using my windows account to access "http://servername/reports", seeing the the same error and saying my windows account doesn't have sufficient permission on that server
  On Server side, use SSMS to connect local report service, and try to check who is in "system administrator" in SSRS instance, it pops up the error as below, 
  The permissions granted to user '' are insufficient for performing this operation. (rsAccessDenied) (Reporting Services SOAP Proxy Source)
  If using IE to reach "http://localhost/reportserver"(Web Service page), both my windows account and service account work--it doesn't complain anything. 
  Checked all things I know, still seeing this error. Notice my windows account and my service account are both in local admin group.
  Anyone can share some thoughts on this?
  Derek

  Figured out finally.
  In rsreportserver, we put in our custom code of security control as below.
  <Security>
                  <Extension Name="Windows"Type="Microsoft.ReportingServices.Authorization.WindowsAuthorization,
  Microsoft.ReportingServices.Authorization"/>
                    <!--<Extension
  Name="Windows" Type="XXX.ReportingServices.Authorization.Authorization, XXX.ReportingServices.Authorization"/>-->
              </Security>
  When I flipped it back to native mode, it works. 
  Thanks all your replies.     
  Derek

• User authentication not done in OAM for 2nd instance users

  Hi,
  I have installed oracle access manager using sunone directory server. I have created one more instance of that directory server and added the directory profile in OAM for that instance... but the users in the 2nd instance are not able to login into the OAM console...pls.. help me in resolving this....

  Hi,
  The question needs a little more clarification. Specifically, is the OAM console (and are you talking about the access system or the identity system?) protected by an OAM webgate? Or are you using the default identity system authentication? If webgate is in the picture, I suspect something in the authentication schemes needs to be corrected (and you should find more clues by lowering the webgate diagnostic logging threshold). If not, there is an additional instance drop-down box which appears on the login page and you need to select the correct instance in that box before logging in.
  A couple of other questions -
  1) Are the users in the two instances mutually exclusive?
  2) Which components can use the new directory server instance?
  -Vinod

• Special permission on Db_datareader user for execute sp_helptext

  Hi friends
  I have a question.  Is there a method that allow a user db_datareader execute the procedure sp_helptext?. 
  I tried the following with bad results:
  1) I created a role in my database and i tried to assign the sys.sp_helptext procedure but appears the following message:
  "Permissions on server scoped catalog views or system stored procedures or extended stored procedures can be granted only when the current database is master (Microsoft SQL Server, Error:4629)"
  So, i created the role in the master and i assign the user. but it didn't work in the execution.
  2) in a blog i found that was possible using this script:
  grant VIEW DEFINITION on OBJECT::sys.sp_helptext to RL_Ejecutor
  The "RL_Ejecutor" is a role that i created but it didn't work.
  Please help me with this
  Greetings

  db_datareader is a fixeddatabase role. That means you cannot change the permissions db_datareader has.
  To allow a user to execute succesfully sp_help text over an object (a view, stored procedure or function) the user must have at least view definition permission on that object, not on sp_help_text stored procedure.
  The following statement grants view definition permission to TestUser (a user in the database)
  GRANT VIEW DEFINITION TO TestUser
  TestUser now can execute successfully sp_help on any object of the current database.
  If you want to allow TestUser to view the definition of an specific object you execute the following statement:
  GRANT VIEW DEFINITION ON dbo.YourStoredProcedure TO TestUser
  The same is valid for a user defined database role, just replace TestUser with the name of your database role.
  "No darás tropezón ni desatino que no te haga adelantar camino" Bernardo Balbuena

• Error while giving permission to the users

  hi..
  while giving the grants to the users I have created, it is showing "Account not found"..
  I have logged in through the credentials of Administrator and went to Administration--> manage interactive dashboards
  There when i am clicking on Show Users and Groups, then i can see all those.
  But when i am trying to give the users the necessary permissions, it is showing the above error.
  please help...

  Hi,
  I dnt understand ur 1st question.what u meant by uniq filed where u create user?
  and for ur second question, u can check all ur users from dba_users.for their privilages, to check on permission, it's dba_tab_privs. I dnt knw if this is what ur asking for but here is the script.
  SELECT t.grantee "User ID",t.privilege "Privilege",o.object_type, o.object_name, '' column_name
  FROM dba_tab_privs t, dba_objects o
  WHERE t.owner = o.owner
  AND t.table_name = o.object_name
  AND NOT o.owner IN ('SYS', 'SYSTEM')
  AND NOT t.grantor IN ('SYS', 'SYSTEM')
  AND t.grantee in (select username from dba_users
  where username not in ('SYS','SYSTEM','))
  AND NOT o.object_type IN ('QUEUE', 'TRIGGER', 'DIMENSION', 'CLUSTER',
  'INDEX', 'INDEX PARTITION', 'INDEX SUBPARTITION', 'TABLE PARTITION',
  'TABLE SUBPARTITION', 'JAVA CLASS')

• Provide truncate table permission for a user

  Please let me know the best possible way to provide truncate table permission to a SQL Server Database user (ddl_admin role cannot be granted to the user in my case)

  Grant CONTROL permissions on table, user will be able to truncate table.
  GRANT CONTROL ON user_table TO User
  http://www.sqlservercentral.com/blogs/steve_jones/2011/03/07/sql-server-truncate-table-permissions/
  Other ways check this:
  Grant Truncate Table Permissions in SQL Server without ALTER Table  
  http://www.mssqltips.com/sqlservertip/2583/grant-truncate-table-permissions-in-sql-server-without-alter-table/
  The ALTER permission provides the access required to alter the schema of a tables, this includes truncating the data in the table.
  http://www.jasonstrate.com/2013/05/security-questions-truncate-table-permissions/

• "Send As" permission fails with users in second domain on same server

  I have several users setup on an Exchange 2010 SP3 server with domain "domain1.com". "Send As" and full Permission access works fine and flawless between those users who need it. 
  Now I have added a second authorative Domain (domain2.com) on that server and set up a few users. Those domain2 users can send/receive email in domain2.com without problems.
  I wanted to give certain users in domain1 "Send As" and Full Access permissions on a domain2 user mailbox. Full Access works, but sending a message won't work. The error that comes back is the same as if "Send As" permissions was not
  assigned to that user. But I explicitly assign this permission. 
  Is this a known issue and there is a fix for it? Or is this simply not possible?
  Thanks
  Dan

  First, you should not use both Send As and
  “Send on behalf of” pick one or other. Another thing, if you are using
  Send As, find the user in
  Active Directory Users and
  Computers right click the user and select properties, Click
  Security
  Tab then presses the
  Advance button.
  In there you should see the User listed under there with Send As permissions. If you do not see this that’s the main reason why you cannot “Send As”. Send As is an AD
  ACL not Exchange. If you have set this in the EMC and it has not replicated or updated the ACL’s in Active Directory then you might have a delay/latency or a replication issue with Active Directory.   
  Hi Swetha,
  Thanks for your reply.
  I am only using "Send As" and not "Send on behalf". 
  The Send-as permissions are visible in the AD for that user.
  Dan

• SQ00: Variant-change permission missing,but user wants to use and not to ch

  Hi There,
  i've created a InfoSet and a Query and my users want to use the Query. The Query has a default Variant and the Default-Variant also has a Default Layout. When the user wants to run my query, he gets an error:
  "Variantenpflege-Berechtigung FP zur Variantenpflege erforderlich (Meldungsnummer DB626)
  Sie möchen eine Variante bearbeiten oder löschen. Es fehlt ihnen die hierzu erforderliche berechtigung. Es handelt sich um das Berechntigungsobjekt S_PROGRAM und das Feld P_ACTION = VARIANT. Der Inhalt dieses Feldes Berechtigungsgruppe in den Report-Attributen wird gegen die Werte in Ihrem Benutzerstammstatz im Feld P_GROUP geprüft."
  Short Version in English:
  There is a permission for a Variant-change necessary ....
  I do not know why he gets this message, because he does not want to change the Variant, he only wants to use the Variant. Or should i give him the permission? But i don't that he is able to change the variant i've created...
  Any ideas ?! Any help will be appreciated.
  Regards
  Sebastian

  Hi Sebastian,
  maybe you solved it inbetween. If not,  you might entered something in the authorization-group of the the infoset:
  Infoset --> GoTo --> Global Properties --> Authorization Group
  If there is something entered the user get the DB626 message while chosing a variant in SQ01 (if he does not have authorization for S_PROGRAM / P_ACTION = VARIANT / P_GROUP --> Authorization Group)
  Cheers
  Jan

• We can assign permission to the users in Secure Zone?

  Hi BC Partners
  I have a qestion about Secure Zone
  For Secure Zone users we can assign permission to them, such as assign them upload or edit content in Secure Zone?
  Regard
  TY

  Hey there,
  It does not work like that.
  A seurezone gains access to a zone area, and thus the landing page and content assigned to that zone. Nothing more nothing less. They can not upload or edit content to your site through the securezone. The only thing they can edit and update are their details or if they have submitted web app items and you have allowed them to edit these or submit them.

• Authentication prompt issue when opening an office file in a document library with read permission for domain users

  An user as part of the domain users tries to open an office file from a document library but he got an authentication prompt asking him to authenticate. Domain users has only access to this library and not to the whole site. This uses to work in SharePoint
  2007 without any problem but not in SharePoint 2013, we didn't have a workflow on SP2007.
  Domain users has read access to only this document library in the site, but he shouldn't get an authentication prompt since he is part of the domain users and he is not trying to modify the document, he can open the document but gets two prompts, he can't
  also see the list using explorer view since nothings appears using the explorer view.
  Now, when opening the file, we can see..Updating Workflow Status, but we don't have any workflow working on this site or library, event any feature related to workflow.
  If we go to the event viewer in the server, we find this information,
  I also checked this thread but I couldn't find this scenario.
  https://social.technet.microsoft.com/Forums/sharepoint/en-US/91bc770b-bb70-4885-a4ad-a243edb88753/event-id-8026-workflow-soap-getworkflowdataforitem-failed-doc-library-no-workflow?forum=sharepointgeneralprevious
  I also created another list with the same permissions and using other office files but got the same behavior.
  Now, we have migrated this site from SP2007 to SP2013.
  Any ideas?

  OK, I am going to throw out a lot of ideas here so hopefully they get you closer to a diagnosis. Hang on :)
  Does it happen to work for some users but not others? If so, try logging in on the "good" computer with the "bad" username. This will tell you if the problem is related to the end-user's system. Also, once the user downloads a document
  successfully can they open and work on it in Word? Also, does the document library have any custom content types associated with it or does it just use 'Document'?
  I notice that there are other folks on the web that have run into this same problem and the similarity seems to be that they are either on SharePoint 2007 or have upgraded from 2007. Did this doc library start out as a 2007 library?
  What you might want to do is this: Make a site collection from scratch in 2013 (or find one that you know was created in 2013). Choose team site (or whatever you want) for the root web and set up the security the same way you have it on the malfunctioning
  library. Now, use windows explorer to copy and paste some of the documents to the new location. Be sure you recreate any needed content types. Now test it from the troubled user's computer.
  I'm thinking there may be something that is different about the library since it was migrated through various versions and updates since 2007. I've sometimes found that there can be problems (especially with user profiles but that's a different story) with
  things that go through this evolution.

• Can individual Adobe Air apps be installed without local admin permission into a user-owned folder?

  Is this a supported scenario?
  Windows 7 PC.
  Adobe Air runtime (latest; 4.0) has been installed by an administrator using a local admin account and the eulaAccepted file is present under the "All Users" profile.
  User logs in using her own account which does not have local admin rights.
  User downloads an Air app and tries to install it to C:\Users\<username> where she has full write permissions to the disk.
  What I observe when acting as the User is that the Windows UAC (security escalation to local admin rights) dialog pops up. Can anyone clearly state what the Adobe Air installer is doing that requires the UAC escalation when installing an app to a user's folder? Thanks.

  Thanks for your reply, Chris. We're working around these problems by deploying the Air runtime + the application separately using an administration tool, which is fine for now.
  I logged the question because I don't see any registry edits or privileged folder access taking place. I suspect that the UAC escalation has something to do with the "eulaAccepted" file; checking that it exists. I doubt that escalated permissions are really required for this. In the long term, it'd be good if this "use case" could be added to the test cycle of Air; perhaps the UAC dialog could be avoided, improving the flexibility of deployment options.
  Ideally the test would start with an adminstrator-installed Air package *without* the EULA being accepted. The user should be able to install apps and approve the EULA without the UAC dialog popping up at all.

• SCSM 2012 SSP Permission for End users

  Hello Experts,
  I have an issues with SSP - SCSM 2012 SP1.
  As an admin user, I can see theOfferings, see the pending requests, can see the requests I have submitted, Approve them etc. But when I am an end user, browsing from my laptop, I see a blank Home page. I dont see the Service offerings in the
  homepage..even I dont see the Need Help? text. What is the issue? FYI : Silver light is already installed on my laptop.
  Interestingly, I see the Need Help? text with the same end user credential when I am opening the browser inside the server wher SSP is installed.
  But, in both the cases, whether I browse in the server or from my laptop, I dont see the service offerings anywhere when i am an end user. I followed the below article..but no success.. :(
  http://systemcentertech.com/2012/06/28/scsm-2012-portal-service-catalog-empty-for-end-users/
  Please help...
  Thanks!
  Thanks

  Hi,
  Did you add the Service Offerings and Request Offerings to the Catalog Group? Here is another good blog on this you can reference:
  http://www.concurrency.com/blog/scsmportalpermisions/
  My Blog | www.buchatech.com | www.systemcenterportal.com
  If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion
  in a test environment before implementing!

• Help in granting permission to an user.

  Hi Gurus,
  Could some one help in the procedure in granting all the objects privilage to an newely created user .
  for example scott has few DB objects and an new user tom has been created and i want all the objects of scott to be read by tom.
  any suggestion on this is highly apprciated.
  Thanks in advance

  One more suggestion,
  after granting select privilege
  create synonym to access other schema objects
  eg:
  SQL> grant select on test2.a to test1;
  Grant succeeded.
  SQL> conn test1/test1;
  Connected.
  SQL> select * from test2.a;
  ID
  123
  SQL> select * from a;
  select * from a
  ERROR at line 1:
  ORA-00942: table or view does not exist
  SQL> alter session set current_schema=test2
  2 ;
  Session altered.
  SQL> select * from a;
  ID
  123
  or
  SQL> conn sys/oracle as sysdba;
  Connected.
  SQL> create synonym test1.a for test2.a;
  Synonym created.
  SQL> conn test1/test1;
  Connected.
  SQL> select * from a;
  ID
  123

• How to prepare permission matrix of users/groups for SharePoint web Application ?

  Hello,
  I am using SP Groups/users to assign to sharepoint objects.
  few SP Groups having AD groups.
  Is there any possibility/way to see/prepare user visibility in SP Group when AD Group is associated with SP Group ?
  Thanks and Regards,
  Dipti Chhatrapati

  Hi Dipti,
  So you want to find members of AD group in SharePoint 2010. Here are the links for your reference:
  Display members of AD groups web part ---
  http://sp2010adgroupmembers.codeplex.com/
  Getting members of an AD domain group using Sharepoint API ---http://stackoverflow.com/questions/4314767/getting-members-of-an-ad-domain-group-using-sharepoint-api
  Get a list of all SharePoint group’s users including active directory group ---
  http://christopherclementen.wordpress.com/2012/07/16/get-a-list-of-all-sharepoint-groups-users-including-active-directory-group/
  Regards,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected] .
  Rebecca Tu
  TechNet Community Support