Permission denied on object 'PSOPRDEFN' database 'FSCM' schema 'dbo'
Hi,
I get the following error when i try to login in 2 tier thru App Designer.
SELECT permission denied on object 'PSOPRDEFN' database 'FSCM' schema 'dbo'...Just to give a little background...Since i was installing PS FSCM 9 on my new machiine, I did not create a new DB, as I had the mdf and ldf files from my earlier machine. All i did was to add the DB thru SQL Server management studio. I have executed the grant and connect.sql. Both have executed successfully. But I am still unable to login. I also tried altering the authorization on my DB, but that did not work either
Thank You
Hi Nicolas,
I was installing PS FSCM9 on my new personal machine. Since I had my "MDF" and "LDF" files for FSCM 9 DB (from my previous machine), I did not create a new DB for my new Install of PeopleTools. I simply copied the DB files to my new machine.
I can login into the DB using sa/sa1. But when I try logging in using App Designer in 2 Tier, it pops up the error mentioned. I ran the Grant/connect sql's again, but that did not help. i did run alter authorization script for the 3 tables PSACCESSPRFL, PSSTATUS and PSOPRDEFN, and granted them access to people, but that did not work out.
Thank you
Similar Messages
-
I'm trying to create a new subscriptions on an existing report and get the following error.
An internal error occurred on the report server. See the error log for more details. (rsInternalError) Get Online Help
Get Online Help
EXECUTE permission denied on object 'xp_sqlagent_notify', database 'mssqlsystemresource', schema 'sys'.
I ran the following that was suggested in http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=17774&SiteID=1. But still I get the same error. Do I need a reboot or restart of the services?
The only log file information I can find contains the following.
System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: An internal error occurred on the report server. See the error log for more details. ---> Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details. ---> System.Data.SqlClient.SqlException: EXECUTE permission denied on object 'xp_sqlagent_notify', database 'mssqlsystemresource', schema 'sys'.
--- End of inner exception stack trace ---
at Microsoft.ReportingServices.WebServer.ReportingService2005.ListSchedules(Schedule[]& Schedules)
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.SqlServer.ReportingServices2005.ReportingService2005.ListSchedules()
at Microsoft.SqlServer.ReportingServices2005.RSConnection.ListSchedules()
at Microsoft.ReportingServices.UI.SharedScheduleDropDown.EnsureSchedulesAreLoaded()
at Microsoft.ReportingServices.UI.SharedScheduleDropDown.SharedScheduleDropDown_Load(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
aspnet_wp!ui!1!17/10/2006-08:44:26:: e ERROR: Exception in ShowErrorPage: System.Threading.ThreadAbortException: Thread was being aborted.
at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.End()
at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm)
at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg) at at System.Threading.Thread.AbortInternal()
at System.Threading.Thread.Abort(Object stateInfo)
at System.Web.HttpResponse.End()
at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm)
at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)
aspnet_wp!extensionfactory!e!17/10/2006-09:35:13:: w WARN: The extension Report Server Email does not have a LocalizedNameAttribute.
aspnet_wp!extensionfactory!e!17/10/2006-09:35:13:: w WARN: The extension Report Server FileShare does not have a LocalizedNameAttribute.
aspnet_wp!ui!e!17/10/2006-09:35:13:: e ERROR: System.Web.Services.Protocols.SoapException: An internal error occurred on the report server. See the error log for more details. ---> Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details. ---> System.Data.SqlClient.SqlException: EXECUTE permission denied on object 'xp_sqlagent_notify', database 'mssqlsystemresource', schema 'sys'.
--- End of inner exception stack trace ---
at Microsoft.ReportingServices.WebServer.ReportingService2005.ListSchedules(Schedule[]& Schedules)
aspnet_wp!ui!e!17/10/2006-09:35:13:: e ERROR: HTTP status code --> 200
I cannot find any other error log.
Can anybody help?
Tuesday, October 17, 2006 8:49 AM
Reply
|
Quote
All replies
0
Sign in to vote
Sorry for the late reply. Try this: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=662319&SiteID=1
Thursday, November 16, 2006 2:51 AM
Reply
|
Quote
Answerer
0
Sign in to vote
GRANT EXECUTE ON master.dbo.xp_sqlagent_notify TO RSExecRole
GO
solved my problem.
Proposed as answer by
Christopher D. Stover
Monday, September 16, 2013 6:52 PM
Monday, September 16, 2013 6:51 PM
Reply
|
Quote
0
Sign in to vote
Tried that but no joy. Found this post on SQLServerCentral, solved our issue which mimic's the posters issue. Just adding here as this is the first result in our search.
Look for Topic452669-150-1
There are a number of places I found with the information in the following
link:
http://phew-meme.blogspot.com/2007/10/reporting-service-on-report.html
In
my specific case, the RsExecRole role in both the "master" and "msdb" databases
had had both the "NT Authority\Network Service" and "NTAuthority\System" logins
removed from its members (the RSExecRole had had all its members removed by
someone doing some maintenance). I compared another Reporting Services
installation on another server after reading information in the above
link.
Steps:
1. In Mangement Studio connect to the SQL Server instance
on which Reporting Services runs.
2. Databases > system Databases
3.
master > Security > Roles > RSExecRole (then add whatever logins are
required... check in the ReportServer or ReportServerTempDB databases if you're
not sure)
4. msdb > Security > Roles > RSExecRole (add the same
logins you did to the master DB)
In the end you need the same logins in
RSExecRole role for the master, msdb, ReportServer, and ReportServerTempDB
databases. ("ReportServer" is the default Reporting Services database name, in
case that's not clear ;)
Monday, March 31, 2014 1:24 PM
Reply
|
Quote
if (!$.Microsoft) $.Microsoft = {};
if (!$.Microsoft.Mtps) $.Microsoft.Mtps = {};
if (!$.Microsoft.Mtps.NetReflectorInit)
$.Microsoft.Mtps.NetReflectorInit = {
surveyUrl: 'http://support.microsoft.com/common/survey.aspx?scid=sw%3ben%3b3763&altstyle=narrow&renderoption=overridedefault&theme=tech&url=http://social.technet.microsoft.com/Forums/en-US/3fcc7b54-ce84-48c2-9004-baaac07f2515/execute-permission-denied-on-object-xpsqlagentnotify-database-mssqlsystemresource-schema?forum=sqlreportingservices&P0=055ccfc1-78f5-46ff-8171-33f8ff760a7c',
throttleRate: "5.00",
privacyStatementText: "Privacy statement",
trackerWindowText: "Please do not close this window.Thank you! The survey will appear here when you've completed your visit, so please do not close this window.",
logoUrl: 'https://www.microsoft.com/library/svy/sto/technet_logo.gif',
closeButtonUrl: 'https://www.microsoft.com/library/svy/sto/technet-close.gif',
topBarUrl: 'https://www.microsoft.com/library/svy/sto/top-stripe.gif',
bottomBarUrl: 'https://www.microsoft.com/library/svy/sto/bottom-stripe.gif',
blankPage: 'https://social.technet.microsoft.com/forums/blank.htm',
showSurveyToComscoreUser: 'no'
setTimeout("Forums.loadScript('https://i1.social.s-msft.com/Forums/resources/NetReflector/NetReflector.js?cver=0%0d%0a')", 1000);
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.
Would you like to participate?
Privacy statement
© 2015 Microsoft. All rights reserved.
Newsletter|Contact Us|Privacy Statement|Terms of Use|Trademarks|Site Feedback
TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Internet Explorer
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Lync
See all products »
Resources
Curah! curation service
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Subscriptions
TechNet Video
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Microsoft Update
Trials
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Related Sites
Microsoft Download Center
TechNet Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
e-Learning overview
Certifications
Certification overview
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Other resources
TechNet Events
Second shot for certification
Born To Learn blog
Find technical communities in your area
Support options
For small and midsize businesses
For enterprises
For developers
For IT professionals
From partners
For technical support
Support offerings
For home users
More support
Microsoft Premier Online
Microsoft Fix It Center
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
var railItems = ["/Forums/en-US/rightrailannouncement/Technet/1794d07f-9d4e-4dc0-8c1c-8bfe9d5e0bce"];
var pageData = {"validUser":false,"autoSubscribe":false};
var userEmailConfigured = false;
$(document).ready(function () {
Forums.ThreadPage.wirePageElements('Search forum questions');Tried that but no joy. Found this post on SQLServerCentral, solved our issue which mimic's the posters issue. Just adding here as this is the first result in our search.
Look for Topic452669-150-1
There are a number of places I found with the information in the following
link:
http://phew-meme.blogspot.com/2007/10/reporting-service-on-report.html
In
my specific case, the RsExecRole role in both the "master" and "msdb" databases
had had both the "NT Authority\Network Service" and "NTAuthority\System" logins
removed from its members (the RSExecRole had had all its members removed by
someone doing some maintenance). I compared another Reporting Services
installation on another server after reading information in the above
link.
Steps:
1. In Mangement Studio connect to the SQL Server instance
on which Reporting Services runs.
2. Databases > system Databases
3.
master > Security > Roles > RSExecRole (then add whatever logins are
required... check in the ReportServer or ReportServerTempDB databases if you're
not sure)
4. msdb > Security > Roles > RSExecRole (add the same
logins you did to the master DB)
In the end you need the same logins in
RSExecRole role for the master, msdb, ReportServer, and ReportServerTempDB
databases. ("ReportServer" is the default Reporting Services database name, in
case that's not clear ;) -
I have created a PowerShell script that automates enabling users for Lync and setting policies based on group membership. I've successfully tested this script under my domain admin account and now I am working on getting it running as a scheduled task.
Since all the script really does related to Lync is run the commands Enable-CsUser, Set-CsUser, and Grant-Cs<policy name>Policy, I elected to create a service account that only has Lync user administration permissions. Initially, this user account
was just a member of CSUserAdministration but this was not working so I added the user to RTCUniversalUserAdmins based on some other information I found.
This change got me by the various access denied errors I was getting in the script, but now I am getting the following error when I run the Enable-CsUser part:
Enable-CsUser : The EXECUTE permission was denied on the object 'XdsPublishItems', database 'xds', schema 'dbo'.
At line:1 char:1
+ Enable-CsUser -Identity <redacted> -RegistrarPool <redacted> - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Enable-CsUser], SqlException
+ FullyQualifiedErrorId : System.Data.SqlClient.SqlException,Microsoft.Rtc.Management.AD.Cmdlets.EnableOcsUserCmdl
et
This seems to be some sort of permission error related to the permissions on the SQL database "xds". I checked, and RTCUniversalUserAdmins is a member of both CsUserAdministration and RTCUniversalReadOnlyAdmins. This latter group does
have permissions on the xds database. It appears to be granted the "public" role on the database server. The User Mapping shows the following users mapped to the login:
cpsdyn: public,ReadOnlyRole
lis: public,ReadOnlyRole
rgsconfig: public,ReadOnlyRole
rgsdyn: public,ReadOnlyRole
rtcxds: public,ConsumerRole
xds: public,ConsumerRole
Even though I receive this error, the user is actually added to Lync. Follow-up Set-CsUser and Grant-Cs<policy name>Policy cmdlets succeed just fine.
What do I need to do to fix this error message?The issue is not related to UAC / Run As Administrator / Run With Highest Privileges. I have verified that accounts granted only the CS User Administrator role simply do not have access to the XdsPublishItems stored procedure in the Lync xds database,
even if they are members of RTCUniversalUserAdmins.
Also, it does not have anything to do with my script. Even if I grant my service account that local Administrator rights on the Lync front-end server, log into the server with that account, and run the Lync Server Management Shell as administrator
and then do just the Enable-CsUser cmdlet (not my whole script), I get the same error.
I ended up opening a Microsoft support case (#114040311332658) and it has been going on for weeks now. Eventually they just told me that I needed to either have my script establish a remote PowerShell session to Lync or install the Lync management
tools on another server and have the script call the Lync Server Management Shell from that server. They say this because the Planning for Role-Based Access Control documentation (http://technet.microsoft.com/en-us/library/gg425917.aspx)
has the following tip:
"RBAC restrictions work only on administrators working remotely, using either the Lync Server Control Panel or Lync Server Management Shell. A user sitting at a server running Lync Server is not restricted by RBAC. Therefore, physical security of your
Lync Server is important to preserve RBAC restrictions."
I did attempt to run a PowerShell instance on my workstation as the service account, establish a remote PowerShell session to the Lync front-end server, and then run Enable-CsUser and I can confirm that it does run successfully and I do not receive an error
of any kind.
I told the support personnel that the tip stating that RBAC doesn't actually restrict permissions if running PowerShell on the server itself doesn't mean that you simply cannot run PowerShell cmdlets and scripts on the server, it just means that the user
running the cmdlet or script won't have their accessible cmdlets limited to only those granted to the role assigned. I told them I want a description of what the XdsPublishItem stored procedure does at a high level so I can determine if the error can
just be simply ignored in this case. I'm still waiting for them to get back to me on that.
They did say they tested it on their end and confirm the same behavior in their test environment. They also said that it doesn't seem to have any sort of negative impact on the functionality of the enabled Lync user or the consistency of the SQL database.
That said, I don't want to just take their word for it without them knowing what XdsPublishItem does. -
I get the error message: The EXECUTE permission was denied on the object 'sp_send_dbmail', database 'msdb', schema 'dbo'. This happens when I run a job, even though the user has the correct permission on sp_send_dbmail and is a user in msdb.
If I run the procedure through SSMS it runs just fine and sends the mail.
I have run out of things to look for, any ideas on what else it could be?
Thanks in advance,
NancyTo send Database mail, users must be a user in the msdb database and a member of the
DatabaseMailUserRole database role in the msdb database. To add
msdb users or groups to this role use SQL Server Management Studio or execute the following statement for the user or role that needs to send Database Mail.
EXEC msdb.dbo.sp_addrolemember @rolename = 'DatabaseMailUserRole'
,@membername = '<user or role name>';
GO
http://technet.microsoft.com/en-us/library/ms188719(v=sql.105).aspx
Regards, RSingh -
The SELECT permission was denied on the object 'syscategories', database 'msdb', schema 'dbo'.
Hi all,
I have a single select statement to monitor JOB status at database msdb, it works perfectly at versions 2000, 2005 and 2008 but in version 2012 got denied access to views syscategories, sysjobactivity, sysjobhistory, sysjobs and sysjobsteps even having applied
"grant select on" to user (principals) at database msdb.
Anyone have seen this and found an solution?
--- SQL Server Version
Microsoft SQL Server 2012 (SP1) - 11.0.3000.0 (X64)
Oct 19 2012 13:38:57
Copyright (c) Microsoft Corporation
Enterprise Edition: Core-based Licensing (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1)
--- My Query
set nocount on
select x.job_name, x.job_status, x.monitor_status from (
select j.name job_name
, case
when datediff(minute,s.login_time,current_timestamp) >= 8
then 'In progress (more than 8h) '
when datediff(minute,s.login_time,current_timestamp) >= 24
then 'In progress (more than 24h) '
else 'In progress'
end job_status
, case
when datediff(minute,s.login_time,current_timestamp) >= 8
then 8 -- 'In progress (more than 8h) '
when datediff(minute,s.login_time,current_timestamp) >= 24
then 9 -- 'In progress (more than 24h) '
else 7 -- 'In progress'
end monitor_status
from sys.dm_exec_sessions s
join msdb.dbo.sysjobs j
on master.dbo.fn_varbintohexstr(convert(varbinary(16), j.job_id))COLLATE Latin1_General_CI_AI
= substring(replace(s.program_name, 'SQLAgent - TSQL JobStep (Job ', ''), 1, 34)
inner join msdb.dbo.syscategories c
on c.category_id = j.category_id
where s.program_name like '%SQLAGENT - TSQL JOBSTEP%'
and c.name like 'REPL-%'
union all
select j.name
, case
when datediff(minute,current_timestamp,ja.next_scheduled_run_date) <= -10
then 'Delayed'
else
case jh.run_status
when 0 then
case when lower(left(j.name,8)) = 'uoldiveo'
then 'Failed (admin)'
else 'Failed'
end
when 1 then 'Succeeded'
when 2 then 'Retry'
when 3 then
case when lower(left(j.name,8)) = 'uoldiveo'
then 'Cancelled (admin)'
else 'Cancelled'
end
when 4 then 'In progress'
end
end
, case
when datediff(minute,current_timestamp,ja.next_scheduled_run_date) <= -10
then 0 -- Delayed
else
case jh.run_status
when 0 then
case when lower(left(j.name,8)) = 'uoldiveo'
then 1 -- 'Failed (admin)'
else 2 -- 'Failed'
end
when 1 then 3 -- 'Succeeded'
when 2 then 4 -- 'Retry'
when 3 then
case when lower(left(j.name,8)) = 'uoldiveo'
then 5 -- 'Cancelled (admin)'
else 6 -- 'Cancelled'
end
when 4 then 7 -- 'In progress'
end
end
from (msdb.dbo.sysjobactivity ja left join msdb.dbo.sysjobhistory jh on ja.job_history_id = jh.instance_id)
join msdb.dbo.sysjobs j on ja.job_id = j.job_id
where ja.session_id=(select max(session_id) from msdb.dbo.sysjobactivity where job_id = ja.job_id)
and j.enabled = 1
and jh.run_status <= 3
) xI was able to run the below without problems on SQL 2012:
USE master
CREATE LOGIN ove WITH PASSWORD = 'ÖLKJLKJ?="#'
GRANT VIEW SERVER STATE TO ove
go
USE msdb
go
CREATE USER ove
GRANT SELECT ON syscategories TO ove
GRANT SELECT ON sysjobactivity TO ove
GRANT SELECT ON sysjobhistory TO ove
GRANT SELECT ON sysjobs TO ove
GRANT SELECT ON sysjobsteps TO ove
go
EXECUTE AS LOGIN = 'ove'
-- your query here
REVERT
go
DROP USER ove
go
USE tempdb
go
DROP LOGIN ove
Have you checked that there is no active DENY in force?
Rather than granting these permissions, you could package this in a stored procedure that you signed with a certificate and then grant a login and user create from the certificate the required permissions. I discuss this technique in detail in an article
on my web site:
http://www.sommarskog.se/grantperm.html
(But certs will not help you against DENY.)
Erland Sommarskog, SQL Server MVP, [email protected] -
hey all
i'm getting the above error when trying to run certain reports in scom 2012. i know there are similar issues and kevin holman has blogged about something similar. but i have permissioned the reader account appropriately and still no luck (have read http://skaraaslan.blogspot.be/2011/10/opsmgr-mp-update-new-base-os-mp-6069570.html).
reader account already has execute permissions on the relevant sp's.
i have reinstalled reporting services, as a test also given the reader account dbo access on the dw db, and ended up trying to give it admin access both at the sql and windows level - made no difference. some reports work fine, alot dont (eg all the w2k8
reports).
so i'm pulling whats left of my hair out with this one - anyone have any ideas?
thx.Hello!!!
I too am getting this error since I had upgraded to 2012 R2. It appears that when you select "Add Group" or "Add Object" you get this error.
What I have done:
Uninstalled Report Services SCOM Report and Web applications
Renamed the ReportServices folder so reinstalling a fresh Report Services DB
Checked to make sure the ReportServices service has the correct permissions on OperationsManagerDW, ReportServer and reportServerTempDB
Ran a SQL command to see if the service had the correct permissions. See below (And it does)
SQL_STORED_PROCEDURE
ManagedEntityGetWithRowId
EXECUTE
GRANT
OpsMgrReader
Error
Permissions:
What Else can it be to cause this issue?
Thanks! -
EXECUTE permission denied on object 'xp_sqlagent_enum_jobs'
Hello. I am running SQL 2005 SP2 (9.0.3282) on a Windows 2003 SP2 Enterprise server. I have three users that I have assigned the three SQL Server Agent roles within the msdb system database so that they may manage jobs that they own. Recently they started seeing this error:
The EXECUTE permission was denied on the object 'xp_sqlagent_enum_jobs', dartabase 'mssqlsystemresource', schema 'sys'. (Microsoft SQL Server, Error: 229)
I have other servers that have SQL server configured the same where we are not seeing the errors.
Any assistance would be greatly appreciated.
Thanks.
Kris
After you move the msdb database, you may receive the following error message:
Error 229: EXECUTE permission denied on object 'ObjectName', database 'master', owner 'dbo'.
This problem occurs because the ownership chain has been broken. The database owners for the msdb database and for the master database are not the same. In this case, the ownership of the msdb database had been changed. To work around this problem, run the following Transact-SQL statements. You can do this by using the Osql.exe command-line utility (SQL Server 7.0 and SQL Server 2000) or the Sqlcmd.exe command-line utility (SQL Server 2005):
USE MSDB Go EXEC sp_changedbowner 'sa' Go
http://support.microsoft.com/kb/224071
INF: Object Ownership Chain Checking Across Databases Depends on the Login That Is Mapped to the Object Owners| Sankar Reddy | http://sankarreddy.spaces.live.com/ | -
I have created a user and given him the owner rights for the database. Though I can LogIn as the user, I cannot access the databases. I am having the error mesage:
Failed to retrieve data for this request. (Microsoft.SqlServer.Management.Sdk.Sfc)
For help, click:
http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&LinkId=20476
ADDITIONAL INFORMATION:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
The SELECT permission was denied on the object 'extended_properties', database 'mssqlsystemresource', schema 'sys'. (Microsoft SQL Server, Error: 229)
For help, click:
http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=10.50.1600&EvtSrc=MSSQLServer&EvtID=229&LinkId=20476
Sha_woopSince there are so many possibilities for what might be wrong. Here's another possibility to look at. I ran into something where I had set up my own roles on a database. (For instance, "Administrator", "Manager", "DataEntry", "Customer",
each with their own kinds of limitations) The only ones who could use it were "Manager" role or above--because they were also set up as sysadmin because they were adding users to the database (and they were highly trusted). Also, the users that
were being added were Windows Domain users--using their domain credentials. (Everyone with access to the database had to be on our domain, but not everyone on the domain had access to the database--and only a few of them had access to change it.)
Anyway, this working system suddenly stopped working and I was getting error messages similar to the above. What I ended up doing that solved it was to go through all the permissions for the "public" role in that database and add those permissions to
all of the roles that I had created. I know that everyone is supposed to be in the "public" role even though you can't add them (or rather, you can "add" them, but they won't "stay added").
So, in "SQL Server Management Studio", I went into my application's database, in other words (my localized names are obscured within <> brackets): "<Computername> (SQL Server <version> - sa)"\Databases\<MyAppDB>\Security\Roles\Database
Roles\public". Right-click on "public" and select "Properties". In the "Database Role Properties - public" dialog, select the "Securables" page. Go through the list and for each element in the list, come up with an SQL "Grant" statement to
grant exactly that permission to another role. So, for instance, there is a scalar function "[dbo].[fn_diagramobjects]" on which the "public" role has "Execute" privilege. So, I added the following line:
EXEC ( 'GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @RoleName + '];' )
Once I had done this for all the elements in the "Securables" list, I wrapped that up in a while loop on a cursor selecting through all the roles in my roles table. This explicitly granted all the permissions of the "public" role to my database roles.
At that point, all my users were working again (even after I removed their "sysadmin" access--done as a temporary measure while I figured out what happened.)
I'm sure there's a better (more elegant) way to do this by doing some kind of a query on the database objects and selecting on the public role, but after about half and hour of investigating, I wasn't figuring it out, so I just did it the brute-force method.
In case it helps someone else, here's my code.
CREATE PROCEDURE [dbo].[GrantAccess]
AS
DECLARE @AppRoleName AS sysname
DECLARE AppRoleCursor CURSOR LOCAL SCROLL_LOCKS FOR
SELECT AppRoleName FROM [dbo].[RoleList];
OPEN AppRoleCursor
FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
WHILE @@FETCH_STATUS = 0
BEGIN
EXEC ( 'GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_alterdiagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_creatediagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_dropdiagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_helpdiagramdefinition] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_helpdiagrams] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_renamediagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_objects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_sql_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_views] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[allocation_units] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assemblies] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_files] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_references] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[asymmetric_keys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[certificates] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[change_tracking_tables] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[check_constraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[column_type_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[column_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[computed_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[conversation_endpoints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[conversation_groups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[conversation_priorities] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[crypt_properties] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[data_spaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_audit_specification_details] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_audit_specifications] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_files] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_permissions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_principal_aliases] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_principals] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_role_members] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[default_constraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[destination_data_spaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[event_notifications] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[events] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[extended_procedures] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[extended_properties] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[filegroups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[foreign_key_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[foreign_keys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_catalogs] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_catalog_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_fragments] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_stoplists] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_stopwords] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[function_order_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[identity_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[index_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[internal_tables] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[key_constraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[key_encryptions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[message_type_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[module_assembly_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[numbered_procedure_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[numbered_procedures] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[objects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[parameter_type_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[parameter_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_functions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_range_values] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_schemes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partitions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[plan_guides] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[procedures] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[remote_service_bindings] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[routes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[schemas] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_contract_message_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_contract_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_contracts] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_message_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_queue_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_queues] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[services] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[spatial_index_tessellations] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[spatial_indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sql_dependencies] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sql_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[stats] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[stats_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[symmetric_keys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[synonyms] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[syscolumns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[syscomments] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysconstraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysdepends] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysfilegroups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysfiles] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysforeignkeys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysfulltextcatalogs] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysindexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysindexkeys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysmembers] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysobjects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[syspermissions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysprotects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysreferences] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_objects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_sql_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_views] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[systypes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysusers] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[table_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[tables] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[transmission_queue] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[trigger_events] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[triggers] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[type_assembly_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[views] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_attributes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_collections] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_component_placements] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_components] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_elements] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_facets] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_model_groups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_namespaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_wildcard_namespaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_wildcards] TO [' + @AppRoleName + '];' )
FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
END
CLOSE AppRoleCursor
RETURN 0
GO
Once that is in the system, I just needed to "Exec GrantAccess" to make it work. (Of course, I have a table [RoleList] which contains a "AppRoleName" field that contains the names of the database roles.)
So, the mystery remains: why did all my users lose their "public" role and why could I not give it back to them? Was this part of an update to SQL Server 2008 R2? Was it because I ran another script to delete each user and add them back so to refresh
their connection with the domain? Well, this solves the issue for now.
One last warning: you probably should check the "public" role on your system before running this to make sure there isn't something missing or wrong, here. It's always possible something is different about your system.
Hope this helps someone else. -
I have a SQL Server connected intro a Windows Server 2003 Domain Active Directory, the server holds a default instance with a single Database, the SQL Server is 2005 Std Edition, and is using mix mode Authentification, then I able to create SQL Native Users
and Invoque Windows Domain Users also.
The Goal of this project is remove the sysadmin Server role for all the Windows Domain Users, to give then a more granular secure model but at the moment is this only way to connect at the Data Base Server.
I already create Native SQL Servers users without any problem!, they respect Securable Setting, Server Roles, User Mapping, everything...Just when I create a Login Profile form a Domain Users and apply the same setting, I get this error...
The SELECT permissions was denied on the object 'extended_properties', database 'mssqlsystemresource', schema 'sys'.(Microsoft SQL Server, Error:229)
But if the user have sysadmin Server Rol he can sing over the server without any issue, I review the .sys view extended_properties and "Public" is the only Database Role placed.
Any Idea if I need change any Setting in the Secure in SQL Master DataBase? or which is the issue witjh this matter?
Thank in advance for your help!Since there are so many possibilities for what might be wrong. Here's another possibility to look at. I ran into something where I had set up my own roles on a database. (For instance, "Administrator", "Manager", "DataEntry",
"Customer", each with their own kinds of limitations) The only ones who could use it were "Manager" role or above--because they were also set up as sysadmin because they were adding users to the database (and they were highly trusted).
Also, the users that were being added were Windows Domain users--using their domain credentials. (Everyone with access to the database had to be on our domain, but not everyone on the domain had access to the database--and only a few of them had access
to change it.)
Anyway, this working system suddenly stopped working and I was getting error messages similar to the above. What I ended up doing that solved it was to go through all the permissions for the "public" role in that database and add those permissions
to all of the roles that I had created. I know that everyone is supposed to be in the "public" role even though you can't add them (or rather, you can "add" them, but they won't "stay added").
So, in "SQL Server Management Studio", I went into my application's database, in other words (my localized names are obscured within <> brackets): "<Computername> (SQL Server <version> - sa)"\Databases\<MyAppDB>\Security\Roles\Database
Roles\public". Right-click on "public" and select "Properties". In the "Database Role Properties - public" dialog, select the "Securables" page. Go through the list and for each element in the
list, come up with an SQL "Grant" statement to grant exactly that permission to another role. So, for instance, there is a scalar function "[dbo].[fn_diagramobjects]" on which the "public" role has "Execute" privilege.
So, I added the following line:
EXEC ( 'GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @RoleName + '];' )
Once I had done this for all the elements in the "Securables" list, I wrapped that up in a while loop on a cursor selecting through all the roles in my roles table. This explicitly granted all the permissions of the "public" role to
my database roles. At that point, all my users were working again (even after I removed their "sysadmin" access--done as a temporary measure while I figured out what happened.)
I'm sure there's a better (more elegant) way to do this by doing some kind of a query on the database objects and selecting on the public role, but after about half and hour of investigating, I wasn't figuring it out, so I just did it the brute-force method.
In case it helps someone else, here's my code.
CREATE PROCEDURE [dbo].[GrantAccess]
AS
DECLARE @AppRoleName AS sysname
DECLARE AppRoleCursor CURSOR LOCAL SCROLL_LOCKS FOR
SELECT AppRoleName FROM [dbo].[RoleList];
OPEN AppRoleCursor
FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
WHILE @@FETCH_STATUS = 0
BEGIN
EXEC ( 'GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_alterdiagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_creatediagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_dropdiagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_helpdiagramdefinition] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_helpdiagrams] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT EXECUTE ON [dbo].[sp_renamediagram] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_objects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_sql_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[all_views] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[allocation_units] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assemblies] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_files] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_references] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[assembly_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[asymmetric_keys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[certificates] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[change_tracking_tables] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[check_constraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[column_type_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[column_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[computed_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[conversation_endpoints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[conversation_groups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[conversation_priorities] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[crypt_properties] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[data_spaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_audit_specification_details] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_audit_specifications] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_files] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_permissions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_principal_aliases] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_principals] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[database_role_members] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[default_constraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[destination_data_spaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[event_notifications] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[events] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[extended_procedures] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[extended_properties] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[filegroups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[foreign_key_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[foreign_keys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_catalogs] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_catalog_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_fragments] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_stoplists] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[fulltext_stopwords] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[function_order_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[identity_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[index_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[internal_tables] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[key_constraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[key_encryptions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[message_type_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[module_assembly_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[numbered_procedure_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[numbered_procedures] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[objects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[parameter_type_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[parameter_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_functions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_range_values] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partition_schemes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[partitions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[plan_guides] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[procedures] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[remote_service_bindings] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[routes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[schemas] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_contract_message_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_contract_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_contracts] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_message_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_queue_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[service_queues] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[services] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[spatial_index_tessellations] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[spatial_indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sql_dependencies] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sql_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[stats] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[stats_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[symmetric_keys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[synonyms] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[syscolumns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[syscomments] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysconstraints] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysdepends] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysfilegroups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysfiles] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysforeignkeys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysfulltextcatalogs] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysindexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysindexkeys] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysmembers] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysobjects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[syspermissions] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysprotects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysreferences] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_columns] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_objects] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_parameters] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_sql_modules] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[system_views] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[systypes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[sysusers] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[table_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[tables] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[transmission_queue] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[trigger_events] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[triggers] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[type_assembly_usages] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[views] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_indexes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_attributes] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_collections] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_component_placements] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_components] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_elements] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_facets] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_model_groups] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_namespaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_types] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_wildcard_namespaces] TO [' + @AppRoleName + '];' )
EXEC ( 'GRANT SELECT ON [sys].[xml_schema_wildcards] TO [' + @AppRoleName + '];' )
FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
END
CLOSE AppRoleCursor
RETURN 0
GO
Once that is in the system, I just needed to "Exec GrantAccess" to make it work. (Of course, I have a table [RoleList] which contains a "AppRoleName" field that contains the names of the database roles.)
So, the mystery remains: why did all my users lose their "public" role and why could I not give it back to them? Was this part of an update to SQL Server 2008 R2? Was it because I ran another script to delete each user and add them back
so to refresh their connection with the domain? Well, this solves the issue for now.
One last warning: you probably should check the "public" role on your system before running this to make sure there isn't something missing or wrong, here. It's always possible something is different about your system.
Hope this helps someone else. -
SQL INSERT permission denied on object Error
Hi,
I am new to Sql server in fact i've only been using it for the last two hours , the create database and create table statements worked fine,
I am now trying to insert, delete, and update some records on SQLSERVER 2000, and i am getting this error for each insert , update or delete statement nowing that the syntax is ok.
It is a permission problem, I 've heard that there is a Grant method can anyone tell me how to use it
ps: i am unsing sqlserver 2000
===========
Thank you in advance, your help is much appreciatedgo to enterprise manager right clike on the table and change the permission in ALL TASKS
r change the database owner to the user id u r using
EXEC sp_changedbowner '<user>' -
Permission denied Create object orasession
I am using win2k with oracle 9i.
i am tring to use oo4o with asp and getting the following error
Microsoft VBscript runtime(0x800a0046)
Permision denied :'CreateObject'
line 19
and line 19 in asp is :
set Orasession = CreateObject ("OracleInProcServer.XOraSession")
I have got full access for internet user on oracle home direcorty !!
It is really urgent !!
Thanks for any help
Vikeshi have got it working.
it was just the permission on oracle home directory !!
Thanks anyways !!
Vikesh -
Why The SELECT permission was denied on the object 'Facts', database
What this error means?
I have configured Data Source to use a specific Windows user name and password. The SQL database have the windows user account with db_owner rights.
Error 11 OLE DB error: OLE DB or ODBC error: The SELECT permission was denied on the object 'Facts', database 'Customer_2011_CBA', schema 'dbo'.; 42000.
Error 12 Errors in the OLAP storage engine: An error occurred while processing the 'Facts' partition of the 'Facts' measure group for the 'Customer 2011 CBA Cube' cube from the Customer Analysis Services 1 database.
Kenny_II'm beginning point:
Error 11 OLE DB error: OLE DB or ODBC error: The SELECT permission was denied on the object 'Facts', database 'Customer_2011_CBA', schema 'dbo'.; 42000.
Error 12 Errors in the OLAP storage engine: An error occurred while processing the 'Facts' partition of the 'Facts' measure group for the 'Customer 2011 CBA Cube' cube from the Customer Analysis Services 1 database.
The Windows account do have right in the SQL Server->Object Explorer->Databases->'Customer_2011_CBA'->Security->The user->Properties->All server roles
Kenny_I
can you try your SQL account?
If you think my suggestion is useful, please rate it as helpful.
If it has helped you to resolve the problem, please Mark it as Answer.
Sevengiants.com -
SELECT permission denied with ownership chaining on
I have a database ('Datamart') that contains views on the tables another database ('Rawdb') on the same server. All tables and views are in 'dbo' in each database. I turned cross-database ownership chaining on. I created the roles RawdbReadRole
to set up the select permissions in the tables and DatamartReadRole for the views. I my users logins on each database, and made them members of the DatamartReadRole.
The permissions are working on my PROD server, but have stopped working in TEST: I get "SELECT permission was denied on the object 'tbl1', database 'Rawdb', schema 'dbo' when I test the views using EXECUTE AS LOGIN = N'domain\loginname' (for a
user that is still okay in PROD). I have spent days comparing the security settings by eye and cannot see any differences. I even dropped the TEST databases and rebuilt the security principals and permissions. I cannot see a link (in PROD)
between RawdbReadaRole and DatamartReadRole and I don't remember if there is supposed to be a dependence there.
I don't know what else I can do now besides changing careers. Are there some system views/queries that would help to identify ownership chain breaks or compare the security settings between the two servers?
- Desperate AlHi,
I got the same error message if I disable the cross-database ownership chaining.
“The SELECT permission was denied on the object 'tablename', database 'dbname', schema 'dbo'.”
Make sure that cross-database ownership chaining was enabled on database ('Datamart') and
database ('Datamart') in your test environment.
The following sample turns on cross-database ownership chaining for specific databases:
ALTER DATABASE Database1 SET DB_CHAINING ON;
ALTER DATABASE Database2 SET DB_CHAINING ON;
Hope it helps.
Tracy Cai
TechNet Community Support
Thanks, Tracy,
I knew about that one, but I re-ran that part of the script just to be safe. (It wasn't the problem in this case.) -
SCOM reports not working, with execute permission denied error.
Operations manager 2012 R2,
some reports stopped working. Then i open report and click "add object" or "add group" i get error:
Note: The following information was gathered when the operation was attempted. The
information may appear cryptic but provides context for the error. The application will continue to run.
The EXECUTE permission was denied on the object 'ManagedEntityTypeGetBySystemName', database
'OperationsManagerDW', schema 'dbo'.
In SQL there is EXECUTE permission on object 'ManagedEntityTypeGetBySystemName'
Reports which not required to specify object or groups are working as expected.
what esle can be wrong ?Hi,
Please refer to the blog below. It tell us how to grant permission to objects.
http://www.ndoubleor.com/the-execute-permission-was-denied-on-the-object-database-schema-dbo/11/2009/
Important Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Juke Chou
TechNet Community Support -
All reports not working, with execute permission denied error.
Operations manager 2012 R2,
all reports stopped working. Then i open report and click "add object" or "add group" i get error:
Note: The following information was gathered when the operation was attempted. The information may appear cryptic but provides context for the error. The application will continue to run.
The EXECUTE permission was denied on the object 'ManagedEntityTypeGetBySystemName', database 'OperationsManagerDW', schema 'dbo'.
In SQL there is EXECUTE permission on object 'ManagedEntityTypeGetBySystemName'
what esle can be wrong ?Take a look at
this.
Jonathan Almquist | SCOMskills, LLC (http://scomskills.com)
Maybe you are looking for
-
Posting Incoming payment through EDI 820
Hello, I am trying to set up EDI 820. I want to post incoming payments through EDI 820. IDOC Information IDOC type: PEXR2002 Message type: REMADV Function Module: IDOC_INPUT_REMADV Process code: REMC I have been testing using test tool all my idocs a
-
Hi, We are planning to implement Electronic Funds Transfer (EFT) and send the payment advices to suppliers via E-mail or FAX. Is there any one who have implemented that and can shed some light to me. Is the solution possible with in Oracle Financials
-
Where are my bookmarks in Apple maps after the iOS 8 update?
What happened to my bookmarks in Apple maps now that I have upgraded to iOS 8?
-
Find Employee Worked 7 Consecutive days
Hello All, I have a view with following columns (EMP #, Dept #, Total hours worked, Date of the total hours, Current Pay period st date, Current Pay period end date, Previous pay period start date, Previous pay period start date, Next pay period st d
-
Which control file does RMAN use?
On March 1, full backup along with control file was taken On March 3, full backup along with control file was taken On March 5, there is a media failure (some datafile is corrupt, but control file is intact). So, RMAN restores March 3 full back up, a