Permission to execute syslogins to non sysadmins, to list all the logins

Similar Messages

• Why do I get a non-responding script warning all the time.

  Well it happens about every 5 minutes and I don't know why.It causes foxfire to not respond and is making my computer useless.

  Start Firefox in [[Safe Mode]] to check if one of your add-ons is causing your problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
  See [[Troubleshooting extensions and themes]] and [[Troubleshooting plugins]]

• Free goods intercompany but appear under non billed shipments list

  Hi Expert,
  I've created an interco PO, GI and DO for a free good item. By right it shouldn't appear under non billed shipment list as it is FOC but it appears. When we try to create invoice, system doesn't allow says, it is not relevant for billing.
  i'm not sure why it appears under non billed shipments list in the first place. by right it should stop at DO. How to solve this?
  Thanks,

  Hi Expert,
  I've created an interco PO, GI and DO for a free good item. By right it shouldn't appear under non billed shipment list as it is FOC but it appears. When we try to create invoice, system doesn't allow says, it is not relevant for billing.
  i'm not sure why it appears under non billed shipments list in the first place. by right it should stop at DO. How to solve this?
  Thanks,

• Account is SysAdmin - but Non-SysAdmins have been denied permission to run DTS Execution job steps without a proxy account.

  Hi,
  I have a SQL Agent Job that executes an SSIS package.  However when I manually execute the SQL Agent job from SSMS I get the following seemingly common error:
  "Non-SysAdmins have been denied permission to run DTS Execution job steps without a proxy account."
  However, the job owner is a member of both the SQL SysAdmin role, and also a member of the operating system's Administrators group.
  The SQL Agent Service is running under Local Service (not something within my control unfortunately).
  I have found many posts suggesting setting up a proxy account etc, but that seems to be for the case where the job owner is not a sys admin.  To be clear, the job owner IS a sysadmin.
  This is occurring in the Production environment.  I have two other, seemingly identical environments that are working fine, so i am wondering if I have missed something obvious.
  Any idea what I've missed?
  details:
  Windows Server 2008 R2 Standard
  SQL Server 2008 R2 (SP2) - 10.50.4000.0 (X64)    Enterprise Edition
  Note - the jobs were migrated to the broken environment by scripting them from Env 1, with If exists, drop, create etc.
  Thanks
  Guy
  Guy

  Obviously, as soon as I post this I figure out the issue:
  In the script i had provided for migrating the job to the new environment (to which I have no access) the DBA replaced the @owner_login_name value with a different login.  The account he used does have SysAdmin privileges  but for some reason
  changing the account in the script did not correctly update in the job.
  On opening the job in SSMS it appeared to have the correct owner account, but using GUI to look up the specific account and adding it this way, while appearing to make no difference, has in fact solved the problem.
  My assumption therefore is that updating the @owner_login_name when scripting the job is not the same as actually editing the job owner itself.
  Guy
  Guy

• Why am I being told that a JPEG file that I made changes to in Photoshop 6 (CS6) can't be saved?  The message I get says that either the file is locked and I don't have permission to execute this or another program is using this file.

  i recently purchased a 21.5 iMac with Yosemite (10.10.1) and was disappointed to discover that my CS6 programs are not functioning correctly.  I am unable to use the "Save As" command  when making changes to a JPEG file in Photoshop.  The message I get says that either another program is using the file or it is locked and I don't have permission to execute that command.  I'm experiencing a similar problem in Bridge when trying to move an unwanted file to the Trash.  Again, I get a message telling me that i don't have permission to do this.  Lastly, I'm unable to open any Camera Raw files.  Any suggestions?  I had no problems with the Mavericks OS on my old iMac and although it's much slower, I'm tempted to go back to using my old iMac.  At this point, I feel as if I've just wasted $2300+ (tax included). 

  Back up all data before proceeding.
  This procedure will unlock all your user files (not system files) and reset their ownership, permissions, and access controls to the default. If you've intentionally set special values for those attributes on any of your files, they will be reverted. In that case, either stop here, or be prepared to recreate the settings if necessary. Do so only after verifying that those settings didn't cause the problem. If none of this is meaningful to you, you don't need to worry about it, but you do need to follow the instructions below.
  Step 1
  If you have more than one user, and the one in question is not an administrator, then go to Step 2.
  Triple-click anywhere in the following line on this page to select it:
  sudo find ~ $TMPDIR.. -exec chflags -h nouchg,nouappnd,noschg,nosappnd {} + -exec chown -h $UID {} + -exec chmod +rw {} + -exec chmod -h -N {} + -type d -exec chmod -h +x {} + 2>&-
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad and start typing the name.
  Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting.
  You'll be prompted for your login password, which won't be displayed when you type it. Type carefully and then press return. You may get a one-time warning to be careful. If you don’t have a login password, you’ll need to set one before you can run the command. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.
  The command may take several minutes to run, depending on how many files you have. Wait for a new line ending in a dollar sign ($) to appear, then quit Terminal.
  Step 2 (optional)
  Take this step only if you have trouble with Step 1, if you prefer not to take it, or if it doesn't solve the problem.
  Start up in Recovery mode. When the OS X Utilities screen appears, select
            Utilities ▹ Terminal
  from the menu bar. A Terminal window will open. In that window, type this:
  resetp
  Press the tab key. The partial command you typed will automatically be completed to this:
  resetpassword
  Press return. A Reset Password window will open. You’re not going to reset a password.
  Select your startup volume ("Macintosh HD," unless you gave it a different name) if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Under Reset Home Directory Permissions and ACLs, click the Reset button.
  Select
             ▹ Restart
  from the menu bar.

• Non sysadmin Users running a job

  According to BOL, only sysadmin users or owner of the job are allowed to run jobs.
  I'm not too concern with viewing the jobs becuase the job will executed from sp.
  How do I allow non sysadmin users to run just a certain job(s)? I cannot make all 5 users as the job owners.
  Thanks
  Edit: This is for SQL Server 2000. But I welcome any suggestions for SQL2008 as well.

  In SQL 2005+, a new right was added to allow users to run their own jobs. However, you still need to be a sysadmin to run jobs which are not owned by you.
  Tom this is not correct . A member of SQLAgentOperator role can execute local jobs even though it is not a owner of the job but this user can only create modify and delete jobs owned by him not by others.
  http://technet.microsoft.com/en-us/library/ms188283.aspx
  Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

• Remove all budget entry from non-sysadmin users

  Hi,
  is there any non-customisation way of removing all budget entry from standard users (non-sysadmin).
  I know it is simple enough to remove menus from standard menus, but is there anyway of preventing budgets being created via ADI also?
  We have moved to an external budgeting system and I need to ensure that the only budget entries loaded into E-Business are from this one source.
  thanks for any tips,
  Robert.

  In SQL 2005+, a new right was added to allow users to run their own jobs. However, you still need to be a sysadmin to run jobs which are not owned by you.
  Tom this is not correct . A member of SQLAgentOperator role can execute local jobs even though it is not a owner of the job but this user can only create modify and delete jobs owned by him not by others.
  http://technet.microsoft.com/en-us/library/ms188283.aspx
  Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

• How to find out which user has the permission to execute startsap ?

  Hi All
  How do I find out which user has the permission to execute the startsap and stopsap? Do I control the permission on those script using windows standard authorization? For example: only allow certain user have the read and write permission?
  Thank you.!
  Vincent Lo

  Well to me this is really weird question..
  <b>noone un-authorized should have access to OS on your system</b>
  If this is valid you do not need to solve problems who can and who cannot start/stop SAP, because if you want to prevent some users from shutting down the SAP you have really hard job to do - there are many ways how to kill the SAP (for example killing relevant process from task manager, killing of database, messing with services etc.) - yes, this is harmful way of stopping SAP, but we are talking about attack, right? I would contact some Windows specialist to help you disable all the ways how to harm the running SAP. But still after that - there are many files that can be modified/deleted so SAP will crash after restart - you need to protect them too, etc.
  In case you take the first assumption as granted (and you really limit access to this server) you do not need to worry who can stop or start SAP - at the other hand it may be handy to be able to start/stop SAP from other users - for this you can run the stop/start script "under different user".
  But to answer the question - to me this is question just of access control (but really never tried that myself):
  <a href="http://technet2.microsoft.com/WindowsServer/en/library/c6413717-511e-42bd-bd81-82431afe4b2a1033.mspx">Permit or restrict access to a snap-in for a domain</a> (or see other related links down there on this page)
  Please award points for useful answers.
  Thanks

• Problem in Execute query on non-database block and database block together

  Hi All,
  In my form,i have
  1. First block is Non-database block with one non-database item.
  2. Second and third blocks are database blocks.
  Now the problem is that i want to perform execute-query for all the blocks.
  If the cursor is on the non-database item of 1st block and i clicks on the "Enter-query" then i am getting message " This function can not be performed here".
  If i click on the item of the database block and then clicks on the "Enter-query" and then "execute-query" it's working fine.
  But i don't want to do in this way.
  My cursor will be on the First block only and then it should perform execute-query.
  I am using this non-database item to copy value of this item to the item of the database block item.
  I think i make you understand about my problem.
  I am using forms 10g on Window xp.
  Please help me.

  Hi!
  Simply create a enter-query trigger on the non-database-block:
  begin
  go_block ( 'database_block' );
  enter_query;
  end;If your search criteria is in the non-database-item in the first block,
  you actually do not need the enter_query build-in.
  Just create a execute-query trigger on the first block like:
  begin
  go_block ( 'database_block' );
  execute_query;
  go_item ( :System.trigger_item );
  end;And in a pre-query trigger on the database-block copy the
  value of your seach item into the item you want to search for.
  Regards

• Execute query with non database block

  How to execute query with non database block when new form instance trigger.

  Hi Kame,
  Execute_Query not work with non database block. To do this Make a cursor and then assign values to non database block's items programmatically, see following example,
  DECLARE
  BEGIN
       FOR i IN (SELECT col1, col2 FROM Table) LOOP
              :block.item1 := i.col1;
              :block.item2 := i.col2;
              NEXT_RECORD;
       END LOOP;
  END;
  Please mark if it help you or correct
  Regards,
  Danish

• Non-SysAdmins get error 18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.

  I have a SQL 2008 R2 system (10.50.4000) where I'm having problems connecting any user that is not a SysAdmin.  Example: I setup a new SQL Login to use Windows Authentication and grant that user db_datareader on the target database.  The user attempts
  to connect using Excel client or Access or SQL Management Studio and receives Error 18456.  The SQL Server Logs shows Error 18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
  The strange part is that if I temporarily grant the user the sysadmin server role then the user can connect successfully and retrieve data.  But, if I take away that sysadmin server role then the user can no longer connect but again receives the Error
  18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
  We've turned off UAC on the client machine to see if that was the problem, but no change.
  I have dropped and re-added the user's SQL Login (and the related database user login info).  No success.
  The Ring Buffers output shows:
  The Calling API Name: LookupAccountSidInternal
  API Name: LookupAccountSid
  Error Code: 0x534
  Thanks for any help.
  -Walt

  Yes, you understand correctly.  The user is logging onto a workstation (not the server) with a Windows Authenticated id.  The user is using either Excel or Access or SSMS and connecting to the server using a Windows Authenticated SQL Login account.
   If the account has sysadmin role (which is only for testing) then the connection is successful.  If I take away sysadmin role from the account then the connection is unsuccessful and the SQL Server Log shows Error
  18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
  (SQL Authentication is not an option here.  I must use Windows Authentication).
  Any other troubleshooting assistance you can offer would be appreciated.  Thanks.
  -Walt 

• Find particular database role permission on all the databases of an instance

  Hi Team,
  I want to find particular database role permission on all the databases of a instance.
  Example: 50 databases are running on an instance. I want to find datareader permission of ABCDE account, on which of the databases it exist?
  Please provide me a customized script to find it.
  Thanks
  Kumar

  Hi K735,
  According to your description, you want to find databases where a specific database role of a specific user exists. To do this, you could execute the stored procedure below by proving a value for each of the two parameters (@databaseRole, @user)  to
  specify the database role and the user as the following example: execute findDatabaseRole 'db_datareader', 'testUser'
  USE master
  GO
  CREATE PROCEDURE dbo.findDatabaseRole
  @databaseRole VARCHAR(200),
  @user VARCHAR(250)
  AS
  DECLARE @DBuser_sql VARCHAR(4000)
  DECLARE @DBuser_table TABLE
  AssociatedDatabaseRole VARCHAR(200),
  DBName VARCHAR(200),
  UserName VARCHAR(250),
  LoginType VARCHAR(500)
  INSERT @DBuser_table
  EXEC sp_MSforeachdb @command1='SELECT USER_NAME(b.role_principal_id) AS AssociatedDatabaseRole, "[?]" AS DBName, a.name AS Name,
  a.type_desc AS LoginType FROM [?].sys.database_principals a
  , [?].sys.database_role_members b where a.principal_id=b.member_principal_id and
  a.sid NOT IN (0x01,0x00) AND a.sid IS NOT NULL AND a.type NOT IN ("C")
  AND a.is_fixed_role <> 1 AND a.name NOT LIKE "##%" AND "?" NOT IN ("master","msdb","model","tempdb")
  ORDER BY Name'
  SELECT AssociatedDatabaseRole, DBName,UserName,LoginType
  FROM @DBuser_table WHERE UserName=@user and AssociatedDatabaseRole=@databaseRole
  group by AssociatedDatabaseRole, DBName,UserName,LoginType
  GO
  Regards,
  Michelle Li

• I recently downloaded lots of CD's to my itunes library. I have itunes match. None of the downloads are appearing on my ipad or iphone. All settings are correct. Anything I purchase on itunes shows up in the cloud on all the devices.

  I downloaded CD's to my itunes library. I have itunes match. All my itunes purchased music is on my ipad and iphone cloud. For some reason, while the cloud appears in my library, the CD's that I downloaded (popular ones that itunes recognize) are not showing up on my ipad2 and my iphone4s. When I purchase songs from itunes directly they show up on all i devices (with the cloud icon). In my itunes library all the new downloads from CD's have the icloud icon. However, none of these downloads are showing up on my ipad and iphone as stated above. All my settings are correct. I am sure I am missing something, but not sure what....if anyone can help, I'd really appreciate it. thanks.

  This might help: http://www.macworld.com/article/1146958/move_itunes_windows_mac.html.

• I've seen all the posts for fixing the wifi on the 4s, none of them work!  So, who can tell me why my iPhone 4S cannot find any wifi when it used to easily, and when it does it can never connect?

  I've seen all the posts for fixing the wifi on the 4s, none of them work!  So, who can tell me why my iPhone 4S cannot find any wifi when it used to find wifi, and when it does find a wifi network it can never connect?  You think apple would have a clue how to fix it!  Because turning the wifi on and off doesn't work, resorting network settings doesn't work, even restoring phone to factory default doesn't work...

  Did not work. I've selected iMessage to ON and left it. After a few hours I recieved a message "activation unsuccessful. Turn on iMessage to try again". This has been going on for the past 3 days.

• CST and VAT  amount (non deductible) is debiting in the purchase price

  Hi
            1)     We are maintaining standard price as price index
            2)     Pricing procedure as TAXINJ
            3)     While GR the CST and VAT  amount (non deductible) is debiting in the purchase price      
                   variance, and credit in the GR/IR
            4)     Which has to debit in the raw material account
            5)     Is there is any notes for the this
            6)     or any other solution plz send your reply

  HI..
  it is not done in OBq3
  See in OBQ3..you define Pricing procedure.against pricing Procudure you will give the account Key against the condition type in the Pricing Procedure.
  For this Account Key ..you Define it as Detuctable or not in OBCN.
  so it determines whether to add to raw material account or not..
  but see in early post which is also valid even if you have define the sdame in OBCN.
  Hope so it helps
  Regards
  Anjanna