Search account got - Insufficient sql database permissions for user. EXECUTE permission was denied on the object proc_Gettimerrunningjobs

Dear all,
I am troubleshooting a critical error showed up on Event log.  It said:
Insufficient sql database permissions for user 'Name:domain\wss_search ....... EXECUTE permission was denied on the object 'proc_GetTimerRunningJobs', database 'SharePoint_Config', schema 'dbo'
domain\wss_search is the default content access account. According to
http://technet.microsoft.com/en-us/library/cc678863.aspx I should not grant it the Farm Administrators permission.
In the Search Center I am able to search out documents as expected so I think the search service is fine.   However I have no clue why this account is trying to access 'proc_GetTimerRunningJobs'.
Mark

Hi Mark,
This issue was caused by the search account’s permission. For resolving your issue, please do as the followings:
Expand your SharePoint Configuration database 'SharePoint_Config' and navigate to ‘proc_GetTimerRunningJobs’ under Programmability ->Stored Procedures
Right-click proc_GetTimerRunningJobs and choose Properties
Click on Permission on the left launch
Select the Search button and browse for ‘WSS_Content_Application_Pools’
Provide ‘Execute’ permissions for ‘WSS_Content_Application_Pools’
Click OK
Here are some similar posts for you to take a look at:
http://adammcewen.wordpress.com/2013/03/01/execute-permission-denied-on-sharepoint-config-db/
http://technet.microsoft.com/en-us/library/ee513067(v=office.14).aspx
I hope this helps.
Thanks,
Wendy
Wendy Li
TechNet Community Support

Similar Messages

  • Insufficient SQL database permissions for user 'Name: NT AUTHORITY\IUSR SID: S-1-5-17...

    Hi,
    I have a customized SharePoint page that takes user input data, validate some of the data, then writes the data to a SharePoint list. If an exception occurs, it will write the error to the ULS.
    All was working well in the test environments.
    However, recently we noticed that in the QA environment, when it's trying to write to ULS, it causes another issue:
    Insufficient SQL database permissions for user 'Name: NT AUTHORITY\IUSR SID: S-1-5-17 ImpersonationLevel: Impersonation' in database 'SP_F1_Config' on SQL Server instance 'SQL01'. Additional error information from SQL Server is included below. The EXECUTE
    permission was denied on the object 'proc_putObjectTVP', database 'SP_F1_Config', schema 'dbo'.
    I've traced through the code and found that it fails on the line:
        SPDiagnosticsServiceBase.GetLocal<LoggerError>();
    where LoggerError is the logger class inheritng SPDiagnosticsServiceBase
    I have also googled around today, but the most positive solution provided
    on this page was to manually modify SQL object permission, which I believe we should not do, and would not be supported by Microsoft.
    So the questions are:
    Why is AUTHORITY\IUSER used for SPDiagnosticsServiceBase.GetLocal()? Should that account actually be allowed to access SharePoint databases? (This is an intranet environment and using claim based/Windows authentication, no no anonymous access would be allowed
    anyway).
    I've checked the Application Pool account permissions in SQL, comparing the environment that works and the one that doesn't work, and the permissions/roles/schemas look identical on server and database level. Where else can I check?
    On the environment that works, I logged on as SharePoint administrator, created a new SharePoint Visual Web Part solution in Visual Studio, just to test writing to ULS. Then I press F5 in Visual Studio to debug it. It also has the same problem.
    It just seems like somehow the user's identity (or whatever the identity SharePoint required) was not passed to SPDiagnosticsServiceBase.
    Any suggestions, or even better, solutions would be really really much appreciated!

    Hi,
    Thanks for your sharing, it will be userful to the people who stuck with the same issue.
    Best regards
    Patrick Liang
    TechNet Community Support

  • Get The EXECUTE permission was denied on the object 'sp_send_dbmail', database 'msdb', schema 'dbo', even when user has permissions

    I get the error message:  The EXECUTE permission was denied on the object 'sp_send_dbmail', database 'msdb', schema 'dbo'.  This happens when I run a job, even though the user has the correct permission on sp_send_dbmail and is a user in msdb.
    If I run the procedure through SSMS it runs just fine and sends the mail.
    I have run out of things to look for, any ideas on what else it could be?
    Thanks in advance,
    Nancy

    To send Database mail, users must be a user in the msdb database and a member of the
    DatabaseMailUserRole database role in the msdb database. To add
    msdb users or groups to this role use SQL Server Management Studio or execute the following statement for the user or role that needs to send Database Mail.
    EXEC msdb.dbo.sp_addrolemember @rolename = 'DatabaseMailUserRole'
    ,@membername = '<user or role name>';
    GO
    http://technet.microsoft.com/en-us/library/ms188719(v=sql.105).aspx
    Regards, RSingh

  • Enable-CsUser : The EXECUTE permission was denied on the object 'XdsPublishItems', database 'xds', schema 'dbo'

    I have created a PowerShell script that automates enabling users for Lync and setting policies based on group membership. I've successfully tested this script under my domain admin account and now I am working on getting it running as a scheduled task.
    Since all the script really does related to Lync is run the commands Enable-CsUser, Set-CsUser, and Grant-Cs<policy name>Policy, I elected to create a service account that only has Lync user administration permissions.  Initially, this user account
    was just a member of CSUserAdministration but this was not working so I added the user to RTCUniversalUserAdmins based on some other information I found.
    This change got me by the various access denied errors I was getting in the script, but now I am getting the following error when I run the Enable-CsUser part:
    Enable-CsUser : The EXECUTE permission was denied on the object 'XdsPublishItems', database 'xds', schema 'dbo'.
    At line:1 char:1
    + Enable-CsUser -Identity <redacted> -RegistrarPool <redacted> - ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Enable-CsUser], SqlException
    + FullyQualifiedErrorId : System.Data.SqlClient.SqlException,Microsoft.Rtc.Management.AD.Cmdlets.EnableOcsUserCmdl
    et
    This seems to be some sort of permission error related to the permissions on the SQL database "xds".  I checked, and RTCUniversalUserAdmins is a member of both CsUserAdministration and RTCUniversalReadOnlyAdmins.  This latter group does
    have permissions on the xds database.  It appears to be granted the "public" role on the database server.  The User Mapping shows the following users mapped to the login:
    cpsdyn: public,ReadOnlyRole
    lis: public,ReadOnlyRole
    rgsconfig: public,ReadOnlyRole
    rgsdyn: public,ReadOnlyRole
    rtcxds: public,ConsumerRole
    xds: public,ConsumerRole
    Even though I receive this error, the user is actually added to Lync. Follow-up Set-CsUser and Grant-Cs<policy name>Policy cmdlets succeed just fine.
    What do I need to do to fix this error message?

    The issue is not related to UAC / Run As Administrator / Run With Highest Privileges.  I have verified that accounts granted only the CS User Administrator role simply do not have access to the XdsPublishItems stored procedure in the Lync xds database,
    even if they are members of RTCUniversalUserAdmins.
    Also, it does not have anything to do with my script.  Even if I grant my service account that local Administrator rights on the Lync front-end server, log into the server with that account, and run the Lync Server Management Shell as administrator
    and then do just the Enable-CsUser cmdlet (not my whole script), I get the same error.
    I ended up opening a Microsoft support case (#114040311332658) and it has been going on for weeks now.  Eventually they just told me that I needed to either have my script establish a remote PowerShell session to Lync or install the Lync management
    tools on another server and have the script call the Lync Server Management Shell from that server.  They say this because the Planning for Role-Based Access Control documentation (http://technet.microsoft.com/en-us/library/gg425917.aspx)
    has the following tip:
    "RBAC restrictions work only on administrators working remotely, using either the Lync Server Control Panel or Lync Server Management Shell. A user sitting at a server running Lync Server is not restricted by RBAC. Therefore, physical security of your
    Lync Server is important to preserve RBAC restrictions."
    I did attempt to run a PowerShell instance on my workstation as the service account, establish a remote PowerShell session to the Lync front-end server, and then run Enable-CsUser and I can confirm that it does run successfully and I do not receive an error
    of any kind.
    I told the support personnel that the tip stating that RBAC doesn't actually restrict permissions if running PowerShell on the server itself doesn't mean that you simply cannot run PowerShell cmdlets and scripts on the server, it just means that the user
    running the cmdlet or script won't have their accessible cmdlets limited to only those granted to the role assigned.  I told them I want a description of what the XdsPublishItem stored procedure does at a high level so I can determine if the error can
    just be simply ignored in this case.  I'm still waiting for them to get back to me on that.
    They did say they tested it on their end and confirm the same behavior in their test environment.  They also said that it doesn't seem to have any sort of negative impact on the functionality of the enabled Lync user or the consistency of the SQL database. 
    That said, I don't want to just take their word for it without them knowing what XdsPublishItem does.

  • PowerPivot 2012 Error: BaseWorkbook.CacheStream: Failed to read from stream. Error was: System.Data.SqlClient.SqlException: The EXECUTE permission was denied on the object 'proc_FetchChunkFromDocStreams', database 'SharePoint_AdminContent'

    Hi, I have setup PowerPivot 2012 for SharePoint, but when I access'PowerPivot Management Dashboard' in Central Admin I get error message 'An error has occured'
    Below is the error in the ULS,
    Background file fill operation caught exception: System.Data.SqlClient.SqlException: The EXECUTE permission was denied on the object 'proc_FetchChunkFromDocStreams', database 'SharePoint_AdminContent_ca021d58-ef1f-4f30-9aeb-6f24db24862b', schema 'dbo'.  
     at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)    
     at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)    
     at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)    
     at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()    
     at System.Data.SqlClient.SqlDataReader.get_MetaData()    
     at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)    
     at System.Data.SqlClient.SqlCommand.CompleteAsyncExecuteReader()    
     at System.Data.SqlClient.SqlCommand.InternalEndExecuteReader(IAsyncResult asyncResult, String endMethod)    
     at System.Data.SqlClient.SqlCommand.EndExecuteReader(IAsyncResult asyncResult)    
     at Microsoft.SharePoint.CoordinatedStreamBuffer.AsyncSqlSession.EndExecuteReader(IAsyncResult ar)    
     at Microsoft.SharePoint.CoordinatedStreamBuffer.SPBackgroundSqlFileFiller.OnReadComplete(IAsyncResult result)
    BaseWorkbook.CacheStream: Failed to read from stream. Error was: System.Data.SqlClient.SqlException: The EXECUTE permission was denied on the object 'proc_FetchChunkFromDocStreams', database 'SharePoint_AdminContent_ca021d58-ef1f-4f30-9aeb-6f24db24862b',
    schema 'dbo'.    
     at Microsoft.SharePoint.CoordinatedStreamBuffer.SPBackgroundFileFiller.Fill()    
     at Microsoft.SharePoint.CoordinatedStreamBuffer.SPCoordinatedStreamBuffer.WaitForIntervalFill(SPInterval i)    
     at Microsoft.SharePoint.CoordinatedStreamBuffer.SPCoordinatedMemoryStream.Read(Byte[] array, Int32 offset, Int32 count)    
     at Microsoft.SharePoint.SPFileStream.Read(Byte[] buffer, Int32 offset, Int32 count)    
     at Microsoft.Office.Excel.Server.CalculationServer.BaseWorkbookManager.CacheStream(CachedFile cachedFile, FileLoader loader)
    Regards,
    Ayaz
    SharePoint Architect

    Hey Ayaz,
    I do had the same error message when I click on "PowerPivot Management Dashboard". After few research I resolved this issue.
    You need to provide the dbReader and dbWriter permission to powerpivot app pool account at "SharePoint_AdminContent_ca021d58-ef1f-4f30-9aeb-6f24db24862b"
    Have a great day :-)
    Santosh sethi

  • The EXECUTE permission was denied on the object 'ManagedEntityTypeGetBySystemName', database 'OperationsManagerDW', schema 'dbo

    hey all
    i'm getting the above error when trying to run certain reports in scom 2012. i know there are similar issues and kevin holman has blogged about something similar. but i have permissioned the reader account appropriately and still no luck (have read http://skaraaslan.blogspot.be/2011/10/opsmgr-mp-update-new-base-os-mp-6069570.html).
    reader account already has execute permissions on the relevant sp's.
    i have reinstalled reporting services, as a test also given the reader account dbo access on the dw db, and ended up trying to give it admin access both at the sql and windows level - made no difference. some reports work fine, alot dont (eg all the w2k8
    reports).
    so i'm pulling whats left of my hair out with this one - anyone have any ideas?
    thx.

    Hello!!!
    I too am getting this error since I had upgraded to 2012 R2.  It appears that when you select "Add Group" or "Add Object" you get this error.
    What I have done:
    Uninstalled Report Services SCOM Report and Web applications
    Renamed the ReportServices folder so reinstalling a fresh Report Services DB
    Checked to make sure the ReportServices service has the correct permissions on OperationsManagerDW, ReportServer and reportServerTempDB
    Ran a SQL command to see if the service had the correct permissions.  See below (And it does)
    SQL_STORED_PROCEDURE
    ManagedEntityGetWithRowId
    EXECUTE
    GRANT
    OpsMgrReader
    Error
    Permissions:
    What Else can it be to cause this issue?
    Thanks!

  • The SELECT permission was denied on the object 'extended_properties', database 'mssqlsystemresource', schema 'sys'. (Microsoft SQL Server, Error: 229)

    I have created a user and given him the owner rights for the database.  Though I can LogIn as the user, I cannot access the databases.  I am having the error mesage:
    Failed to retrieve data for this request. (Microsoft.SqlServer.Management.Sdk.Sfc)
    For help, click:
    http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&LinkId=20476
    ADDITIONAL INFORMATION:
    An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
    The SELECT permission was denied on the object 'extended_properties', database 'mssqlsystemresource', schema 'sys'. (Microsoft SQL Server, Error: 229)
    For help, click:
    http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=10.50.1600&EvtSrc=MSSQLServer&EvtID=229&LinkId=20476
    Sha_woop

    Since there are so many possibilities for what might be wrong.  Here's another possibility to look at.  I ran into something where I had set up my own roles on a database.  (For instance, "Administrator", "Manager", "DataEntry", "Customer",
    each with their own kinds of limitations)  The only ones who could use it were "Manager" role or above--because they were also set up as sysadmin because they were adding users to the database (and they were highly trusted).  Also, the users that
    were being added were Windows Domain users--using their domain credentials.  (Everyone with access to the database had to be on our domain, but not everyone on the domain had access to the database--and only a few of them had access to change it.)
    Anyway, this working system suddenly stopped working and I was getting error messages similar to the above.  What I ended up doing that solved it was to go through all the permissions for the "public" role in that database and add those permissions to
    all of the roles that I had created.  I know that everyone is supposed to be in the "public" role even though you can't add them (or rather, you can "add" them, but they won't "stay added").
    So, in "SQL Server Management Studio", I went into my application's database, in other words (my localized names are obscured within <> brackets): "<Computername> (SQL Server <version> - sa)"\Databases\<MyAppDB>\Security\Roles\Database
    Roles\public".  Right-click on "public" and select "Properties".  In the "Database Role Properties - public" dialog, select the "Securables" page.  Go through the list and for each element in the list, come up with an SQL "Grant" statement to
    grant exactly that permission to another role.  So, for instance, there is a scalar function "[dbo].[fn_diagramobjects]" on which the "public" role has "Execute" privilege.  So, I added the following line:
    EXEC ( 'GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @RoleName + '];' )
    Once I had done this for all the elements in the "Securables" list, I wrapped that up in a while loop on a cursor selecting through all the roles in my roles table.  This explicitly granted all the permissions of the "public" role to my database roles. 
    At that point, all my users were working again (even after I removed their "sysadmin" access--done as a temporary measure while I figured out what happened.)
    I'm sure there's a better (more elegant) way to do this by doing some kind of a query on the database objects and selecting on the public role, but after about half and hour of investigating, I wasn't figuring it out, so I just did it the brute-force method. 
    In case it helps someone else, here's my code.
    CREATE PROCEDURE [dbo].[GrantAccess]
    AS
    DECLARE @AppRoleName AS sysname
    DECLARE AppRoleCursor CURSOR LOCAL SCROLL_LOCKS FOR
    SELECT AppRoleName FROM [dbo].[RoleList];
    OPEN AppRoleCursor
    FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
    WHILE @@FETCH_STATUS = 0
    BEGIN
    EXEC ( 'GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT EXECUTE ON [dbo].[sp_alterdiagram] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT EXECUTE ON [dbo].[sp_creatediagram] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT EXECUTE ON [dbo].[sp_dropdiagram] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT EXECUTE ON [dbo].[sp_helpdiagramdefinition] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT EXECUTE ON [dbo].[sp_helpdiagrams] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT EXECUTE ON [dbo].[sp_renamediagram] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[all_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[all_objects] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[all_parameters] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[all_sql_modules] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[all_views] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[allocation_units] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[assemblies] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[assembly_files] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[assembly_modules] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[assembly_references] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[assembly_types] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[asymmetric_keys] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[certificates] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[change_tracking_tables] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[check_constraints] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[column_type_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[column_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[computed_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[conversation_endpoints] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[conversation_groups] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[conversation_priorities] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[crypt_properties] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[data_spaces] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_audit_specification_details] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_audit_specifications] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_files] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_permissions] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_principal_aliases] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_principals] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_role_members] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[default_constraints] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[destination_data_spaces] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[event_notifications] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[events] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[extended_procedures] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[extended_properties] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[filegroups] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[foreign_key_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[foreign_keys] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_catalogs] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_catalog_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_fragments] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_indexes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_stoplists] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_stopwords] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[function_order_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[identity_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[index_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[indexes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[internal_tables] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[key_constraints] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[key_encryptions] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[message_type_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[module_assembly_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[numbered_procedure_parameters] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[numbered_procedures] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[objects] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[parameter_type_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[parameter_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[parameters] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[partition_functions] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[partition_parameters] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[partition_range_values] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[partition_schemes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[partitions] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[plan_guides] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[procedures] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[remote_service_bindings] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[routes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[schemas] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[service_contract_message_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[service_contract_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[service_contracts] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[service_message_types] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[service_queue_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[service_queues] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[services] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[spatial_index_tessellations] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[spatial_indexes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sql_dependencies] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sql_modules] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[stats] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[stats_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[symmetric_keys] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[synonyms] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[syscolumns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[syscomments] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysconstraints] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysdepends] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysfilegroups] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysfiles] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysforeignkeys] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysfulltextcatalogs] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysindexes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysindexkeys] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysmembers] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysobjects] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[syspermissions] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysprotects] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysreferences] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[system_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[system_objects] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[system_parameters] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[system_sql_modules] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[system_views] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[systypes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysusers] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[table_types] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[tables] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[transmission_queue] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[trigger_events] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[triggers] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[type_assembly_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[types] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[views] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_indexes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_attributes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_collections] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_component_placements] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_components] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_elements] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_facets] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_model_groups] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_namespaces] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_types] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_wildcard_namespaces] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_wildcards] TO [' + @AppRoleName + '];' )
    FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
    END
    CLOSE AppRoleCursor
    RETURN 0
    GO
    Once that is in the system, I just needed to "Exec GrantAccess" to make it work.  (Of course, I have a table [RoleList] which contains a "AppRoleName" field that contains the names of the database roles.)
    So, the mystery remains: why did all my users lose their "public" role and why could I not give it back to them?  Was this part of an update to SQL Server 2008 R2?  Was it because I ran another script to delete each user and add them back so to refresh
    their connection with the domain?  Well, this solves the issue for now.
    One last warning: you probably should check the "public" role on your system before running this to make sure there isn't something missing or wrong, here.  It's always possible something is different about your system.
    Hope this helps someone else.

  • Why The SELECT permission was denied on the object 'Facts', database

    What this error means?
    I have configured Data Source to use a specific Windows user name and password. The SQL database have the windows user account with db_owner rights.
    Error 11 OLE DB error: OLE DB or ODBC error: The SELECT permission was denied on the object 'Facts', database 'Customer_2011_CBA', schema 'dbo'.; 42000.
    Error 12 Errors in the OLAP storage engine: An error occurred while processing the 'Facts' partition of the 'Facts' measure group for the 'Customer 2011 CBA Cube' cube from the Customer Analysis Services 1 database.
    Kenny_I

    I'm beginning point:
    Error 11 OLE DB error: OLE DB or ODBC error: The SELECT permission was denied on the object 'Facts', database 'Customer_2011_CBA', schema 'dbo'.; 42000.
    Error 12 Errors in the OLAP storage engine: An error occurred while processing the 'Facts' partition of the 'Facts' measure group for the 'Customer 2011 CBA Cube' cube from the Customer Analysis Services 1 database.
    The Windows account do have right in the SQL Server->Object Explorer->Databases->'Customer_2011_CBA'->Security->The user->Properties->All server roles
    Kenny_I
    can you try your SQL account?
    If you think my suggestion is useful, please rate it as helpful.
    If it has helped you to resolve the problem, please Mark it as Answer.
    Sevengiants.com

  • The SELECT permission was denied on the object 'syscategories', database 'msdb', schema 'dbo'.

    Hi all,
    I have a single select statement to monitor JOB status at database msdb, it works perfectly at versions 2000, 2005 and 2008 but in version 2012 got denied access to views syscategories, sysjobactivity, sysjobhistory, sysjobs and sysjobsteps even having applied
    "grant select on" to user (principals) at database msdb.
    Anyone have seen this and found an solution?
    --- SQL Server Version
    Microsoft SQL Server 2012 (SP1) - 11.0.3000.0 (X64)
        Oct 19 2012 13:38:57
        Copyright (c) Microsoft Corporation
        Enterprise Edition: Core-based Licensing (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1)
    --- My Query
    set nocount on
    select x.job_name, x.job_status, x.monitor_status from (
    select j.name job_name
         , case
             when datediff(minute,s.login_time,current_timestamp) >= 8
                then 'In progress (more than 8h) '
             when datediff(minute,s.login_time,current_timestamp) >= 24
                then 'In progress (more than 24h) '
             else 'In progress'
           end job_status
         , case
             when datediff(minute,s.login_time,current_timestamp) >= 8
                then 8 -- 'In progress (more than 8h) '
             when datediff(minute,s.login_time,current_timestamp) >= 24
                then 9 -- 'In progress (more than 24h) '
             else 7 -- 'In progress'
           end monitor_status
      from sys.dm_exec_sessions s
             join msdb.dbo.sysjobs j
                on master.dbo.fn_varbintohexstr(convert(varbinary(16), j.job_id))COLLATE Latin1_General_CI_AI
                 = substring(replace(s.program_name, 'SQLAgent - TSQL JobStep (Job ', ''), 1, 34)
             inner join msdb.dbo.syscategories c
                on c.category_id = j.category_id
     where s.program_name like '%SQLAGENT - TSQL JOBSTEP%'
       and c.name like 'REPL-%'
    union all
    select j.name
         , case
              when datediff(minute,current_timestamp,ja.next_scheduled_run_date) <= -10
                 then 'Delayed'
              else
                 case jh.run_status
                    when 0 then
                       case when lower(left(j.name,8)) = 'uoldiveo'
                          then 'Failed (admin)'
                          else 'Failed'
                       end
                    when 1 then 'Succeeded'
                    when 2 then 'Retry'
                    when 3 then
                       case when lower(left(j.name,8)) = 'uoldiveo'
                          then 'Cancelled (admin)'
                          else 'Cancelled'
                       end
                    when 4 then 'In progress'
                 end
           end
         , case
              when datediff(minute,current_timestamp,ja.next_scheduled_run_date) <= -10
                 then 0 -- Delayed
              else
                 case jh.run_status
                    when 0 then
                       case when lower(left(j.name,8)) = 'uoldiveo'
                          then 1 -- 'Failed (admin)'
                          else 2 -- 'Failed'
                       end
                    when 1 then 3 -- 'Succeeded'
                    when 2 then 4 -- 'Retry'
                    when 3 then
                       case when lower(left(j.name,8)) = 'uoldiveo'
                          then 5 -- 'Cancelled (admin)'
                          else 6 -- 'Cancelled'
                       end
                    when 4 then 7 -- 'In progress'
                 end
           end
      from (msdb.dbo.sysjobactivity ja left join msdb.dbo.sysjobhistory jh on ja.job_history_id = jh.instance_id)
           join msdb.dbo.sysjobs j on ja.job_id = j.job_id
     where ja.session_id=(select max(session_id) from msdb.dbo.sysjobactivity where job_id = ja.job_id)
            and j.enabled = 1
            and jh.run_status <= 3
    ) x

    I was able to run the below without problems on SQL 2012:
    USE master
    CREATE LOGIN ove WITH PASSWORD = 'ÖLKJLKJ?="#'
    GRANT VIEW SERVER STATE TO ove
    go
    USE msdb
    go
    CREATE USER ove
    GRANT SELECT ON syscategories TO ove
    GRANT SELECT ON sysjobactivity TO ove
    GRANT SELECT ON sysjobhistory TO ove
    GRANT SELECT ON sysjobs TO ove
    GRANT SELECT ON sysjobsteps TO ove
    go
    EXECUTE AS LOGIN = 'ove'
    -- your query here
    REVERT
    go
    DROP USER ove
    go
    USE tempdb
    go
    DROP LOGIN ove
    Have you checked that there is no active DENY in force?
    Rather than granting these permissions, you could package this in a stored procedure that you signed with a certificate and then grant a login and user create from the certificate the required permissions. I discuss this technique in detail in an article
    on my web site:
    http://www.sommarskog.se/grantperm.html
    (But certs will not help you against DENY.)
    Erland Sommarskog, SQL Server MVP, [email protected]

  • EXECUTE permission was denied in sysdb database, schema 'ssma_oracle'.

    Hello,
    I have migrated a database from oracle to SQL server.
    After migration when I run a script on the migrated database,
    I get following error . The user with which I have migrated the database and I am running this script are same.
    Also I have given these 3 permissions on sysdb database to this user - public, db_datareader db_datawriter.
    Please let me know what am I missing?
    Msg 229, Level 14, State 5, Server SERVER5009\SQLEXPRESS, Procedure PROC_LOADTEST , Line 303
    The EXECUTE permission was denied on the object 'db_error_get_oracle_exception_i
    d', database 'sysdb', schema 'ssma_oracle'.
    Msg 229, Level 14, State 5, Server SERVER5009\SQLEXPRESS, Procedure ssma_rethr
    owerror, Line 1
    The EXECUTE permission was denied on the object 'ssma_rethrowerror', database 's
    ysdb', schema 'ssma_oracle'.
    Thanks a lot.

    Hi ManiC24,
    Msg 59999, Level 16, State 1, Procedure PROC_LOADTEST, Line 324
    SSMA Oracle exception emulation for [ORA-00001]
    As other post, the issue is related to Oracle. The number 59999 is used for all Oracle system, user-defined, or predefined exceptions.
    Based on my research, ORA-00001 is common when: "a program tries to insert a "duplicate" row in a table,"  and that, "when a unique constraint is violated the row is NOT added to the table. To overcome this error, either remove
    the unique restriction or do not insert duplicate
    key.
    Reference:
    http://www.dba-oracle.com/sf_ora_00001_unique_constraint_violated.htm
    Thanks,
    Lydia Zhang
    Lydia Zhang
    TechNet Community Support

  • The SELECT permissions was denied on the object 'extended_properties', database 'mssqlsystemresource', schema 'sys'.(Microsoft SQL Server, Error:229

    I have a SQL Server connected intro a Windows Server 2003 Domain Active Directory, the server holds a default instance with a single Database, the SQL Server is 2005 Std Edition, and is using mix mode Authentification, then I able to create SQL Native Users
    and Invoque Windows Domain Users also.
    The Goal of this project is remove the sysadmin Server role for all the Windows Domain Users, to give then a more granular secure model but at the moment is this only way to connect at the Data Base Server.
    I already create Native SQL Servers users without any problem!, they respect Securable Setting, Server Roles, User Mapping, everything...Just when I create a Login Profile form a Domain Users and apply the same setting, I get this error...
    The SELECT permissions was denied on the object 'extended_properties', database 'mssqlsystemresource', schema 'sys'.(Microsoft SQL Server, Error:229)
    But if the user have sysadmin Server Rol he can sing over the server without any issue, I review the .sys view extended_properties and "Public" is the only Database Role placed.
    Any Idea if I need change any Setting in the Secure in SQL Master DataBase? or which is the issue witjh this matter?
    Thank in advance for your help!

    Since there are so many possibilities for what might be wrong.  Here's another possibility to look at.  I ran into something where I had set up my own roles on a database.  (For instance, "Administrator", "Manager", "DataEntry",
    "Customer", each with their own kinds of limitations)  The only ones who could use it were "Manager" role or above--because they were also set up as sysadmin because they were adding users to the database (and they were highly trusted). 
    Also, the users that were being added were Windows Domain users--using their domain credentials.  (Everyone with access to the database had to be on our domain, but not everyone on the domain had access to the database--and only a few of them had access
    to change it.)
    Anyway, this working system suddenly stopped working and I was getting error messages similar to the above.  What I ended up doing that solved it was to go through all the permissions for the "public" role in that database and add those permissions
    to all of the roles that I had created.  I know that everyone is supposed to be in the "public" role even though you can't add them (or rather, you can "add" them, but they won't "stay added").
    So, in "SQL Server Management Studio", I went into my application's database, in other words (my localized names are obscured within <> brackets): "<Computername> (SQL Server <version> - sa)"\Databases\<MyAppDB>\Security\Roles\Database
    Roles\public".  Right-click on "public" and select "Properties".  In the "Database Role Properties - public" dialog, select the "Securables" page.  Go through the list and for each element in the
    list, come up with an SQL "Grant" statement to grant exactly that permission to another role.  So, for instance, there is a scalar function "[dbo].[fn_diagramobjects]" on which the "public" role has "Execute" privilege. 
    So, I added the following line:   
    EXEC ( 'GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @RoleName + '];' )
    Once I had done this for all the elements in the "Securables" list, I wrapped that up in a while loop on a cursor selecting through all the roles in my roles table.  This explicitly granted all the permissions of the "public" role to
    my database roles.  At that point, all my users were working again (even after I removed their "sysadmin" access--done as a temporary measure while I figured out what happened.)
    I'm sure there's a better (more elegant) way to do this by doing some kind of a query on the database objects and selecting on the public role, but after about half and hour of investigating, I wasn't figuring it out, so I just did it the brute-force method. 
    In case it helps someone else, here's my code.
    CREATE PROCEDURE [dbo].[GrantAccess]
    AS
    DECLARE @AppRoleName AS sysname
    DECLARE AppRoleCursor CURSOR LOCAL SCROLL_LOCKS FOR
    SELECT AppRoleName FROM [dbo].[RoleList];
    OPEN AppRoleCursor
    FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
    WHILE @@FETCH_STATUS = 0
    BEGIN
    EXEC ( 'GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT EXECUTE ON [dbo].[sp_alterdiagram] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT EXECUTE ON [dbo].[sp_creatediagram] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT EXECUTE ON [dbo].[sp_dropdiagram] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT EXECUTE ON [dbo].[sp_helpdiagramdefinition] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT EXECUTE ON [dbo].[sp_helpdiagrams] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT EXECUTE ON [dbo].[sp_renamediagram] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[all_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[all_objects] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[all_parameters] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[all_sql_modules] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[all_views] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[allocation_units] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[assemblies] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[assembly_files] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[assembly_modules] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[assembly_references] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[assembly_types] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[asymmetric_keys] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[certificates] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[change_tracking_tables] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[check_constraints] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[column_type_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[column_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[computed_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[conversation_endpoints] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[conversation_groups] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[conversation_priorities] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[crypt_properties] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[data_spaces] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_audit_specification_details] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_audit_specifications] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_files] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_permissions] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_principal_aliases] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_principals] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[database_role_members] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[default_constraints] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[destination_data_spaces] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[event_notifications] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[events] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[extended_procedures] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[extended_properties] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[filegroups] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[foreign_key_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[foreign_keys] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_catalogs] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_catalog_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_index_fragments] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_indexes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_stoplists] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[fulltext_stopwords] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[function_order_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[identity_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[index_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[indexes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[internal_tables] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[key_constraints] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[key_encryptions] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[message_type_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[module_assembly_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[numbered_procedure_parameters] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[numbered_procedures] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[objects] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[parameter_type_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[parameter_xml_schema_collection_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[parameters] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[partition_functions] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[partition_parameters] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[partition_range_values] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[partition_schemes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[partitions] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[plan_guides] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[procedures] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[remote_service_bindings] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[routes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[schemas] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[service_contract_message_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[service_contract_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[service_contracts] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[service_message_types] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[service_queue_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[service_queues] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[services] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[spatial_index_tessellations] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[spatial_indexes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sql_dependencies] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sql_modules] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[stats] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[stats_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[symmetric_keys] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[synonyms] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[syscolumns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[syscomments] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysconstraints] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysdepends] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysfilegroups] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysfiles] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysforeignkeys] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysfulltextcatalogs] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysindexes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysindexkeys] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysmembers] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysobjects] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[syspermissions] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysprotects] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysreferences] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[system_columns] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[system_objects] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[system_parameters] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[system_sql_modules] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[system_views] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[systypes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[sysusers] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[table_types] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[tables] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[transmission_queue] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[trigger_events] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[triggers] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[type_assembly_usages] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[types] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[views] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_indexes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_attributes] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_collections] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_component_placements] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_components] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_elements] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_facets] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_model_groups] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_namespaces] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_types] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_wildcard_namespaces] TO [' + @AppRoleName + '];' )
    EXEC ( 'GRANT SELECT ON [sys].[xml_schema_wildcards] TO [' + @AppRoleName + '];' )
    FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
    END
    CLOSE AppRoleCursor
    RETURN 0
    GO
    Once that is in the system, I just needed to "Exec GrantAccess" to make it work.  (Of course, I have a table [RoleList] which contains a "AppRoleName" field that contains the names of the database roles.)
    So, the mystery remains: why did all my users lose their "public" role and why could I not give it back to them?  Was this part of an update to SQL Server 2008 R2?  Was it because I ran another script to delete each user and add them back
    so to refresh their connection with the domain?  Well, this solves the issue for now.
    One last warning: you probably should check the "public" role on your system before running this to make sure there isn't something missing or wrong, here.  It's always possible something is different about your system.
    Hope this helps someone else.

  • Insuffiecient SQL database Permission for User

    Hi All,
    The following error is coming in the Event Viewer:
    Insufficient SQL database permissions for user 'Name: NNOK\SPPEAPO_SVC001_ES SID: S-1-5-21-2610070952-2089559051-1579118431-1720 ImpersonationLevel: Impersonation' in database 'SharePoint_AdminContent_6fa0b459-ed7c-481f-85c4-b81753e39346' on SQL Server instance
    'NOKWDCFISP'. 
    The EXECUTE permission was denied on the object 'proc_GetTimerRunningJobs', database 'SharePoint_Config', schema 'dbo'.
    Kindly reply if you know the solution for this.
    Thanks in Advance.
    Pravin Dhulap

    Hi Pravin,
    You can grant "WSS_Content_Application_Pools" execute permission to the procedure "proc_GetTimerRunningJobs"
     under SharePoint _Config database, then check results again. 
    Here is another post you can take a look.
    https://social.msdn.microsoft.com/Forums/sharepoint/en-US/a0d08e98-1fd6-42cf-b738-6ba3df082210/search-account-got-insufficient-sql-database-permissions-for-user-execute-permission-was-denied?forum=sharepointadmin
    http://sharepointpaul.blogspot.jp/2013/09/resolution-of-sharepoint-event-id-5214.html
    Thanks
    Daniel Yang
    TechNet Community Support

  • SQL database login for 'SharePoint_Config_2010' on instance 'DB server' failed. Additional error information from SQL Server is included below.

    we formatted Database server and restored all the databases from the backup. but the sharepoint site is giving below error when i access the home page. 
    we have 3 application servers in that two are working fine,  but only one server getting the below error. 
    SQL database login for 'SharePoint_Config_2010' on instance 'db server' failed. Additional error information from SQL Server is included below.
    Login failed for user 'domain\user'.
    could you help what is the issue?

    Hi,
    According to your post, my understanding is that you failed to access sharepoint site with one application server.
    It was due to the MOM/SCOM Agent that has a SharePoint management pack installed, the agents Windows Service runs as ‘Local System’ and thus causes this.
    The workaround is to either kill the SCOM agent service, or set it to run as a dedicated service account.
    In addtion, I recommend to add the logon account of the SharePoint Timer service as a user of the SharePoint_Config database. Give role membership to the account db_owner.
    You also need to add the SharePoint accounts back into sql server.
    There are some similar articles for you to take a look at:
    http://blog.blksthl.com/2012/04/26/login-for-sharepoint_config-login-failed-for-user-domaincomputername-scom-agent/
    http://msdn.microsoft.com/en-us/library/jj551781(v=nav.70).aspx
    http://sharepoint.stackexchange.com/questions/51623/moved-sql-databases-for-sharepoint-2010-and-now-have-a-3351-error
    Best Regards,
    Linda Li
    Linda Li
    TechNet Community Support

  • Event 3351, SQL database login for 'DB_Config' on instance failed. Additional error information from SQL server is mentioned below. Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

    category-database
    event id-3351
    source-sharepoint foundation
    SQL database login for 'DB_Config' on instance 'DB\instance' failed. Additional error information from SQL Server is included below:
    Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
    I have been getting this error every hour on only 1 application server of the 2.
    My farm consists of 2 app servers, 2 wfes & 2 sql nodes.
    My public site is working fine. Authentication is NTLM.
    SharePoint VSS Writer is disabled.None of my appPool accounts are running under local system.
    I have read many forums/blogs, but couldnt find a solution for this.
    Any help would be appreciated!

    Hi,
    As I understand, you found event id 3351 in event log. Please collect more information as below:
    Check if the error also occurs on other servers in your farm.
    Check if backup job is scheduled at the time when the event id occurs.
    Please run Config Wizard or psconfig.exe -cmd secureresources on all servers and test the issue again.
    Regards,
    Rebecca Tu
    TechNet Community Support

  • The connection was denied because the user account is not authorized for remote login

    Using Terminal Server 2008 not able to get non administrator users to login to the remote desktop. Have tried from Windows server 2008 and from Windows servers 2003. Get error login in "The connection was denied because the user account is not authorized for remote login" from Windows Server 2008. Error "The requested session access is denied" from Windows Server 2000.

    Is that seriously the only way to do this? Doesn't this render the "Allow log on through Terminal Services" GP Setting useless?
    I would like to know this answer, as well.  I have created a new AD group for my assistant admins called "Domain Admins (limited)".  I have added this group to the GP setting "Allow log on through Terminal Services", but the
    assistant admins cannot log in through RDP.  It 'feels like' this is all I would need to do.
    Craig
    Found some good info
    here. There are really two things required for a user to connect to a server via RDP. You can configure one of them via Group Policy but not the other.
    1) Allow log on through Terminal Services can be configured through Group Policy, no problem.
    2) Permissions on the RDP-listener must also be granted.  If your user is a member of the local Administrators group or the local Remote Desktop Users group then this is handled.  If you are trying to utilize a new, custom group (as I am),
    then there isn't a way to do this via group policy (that I have found).
    EDIT: Found the answer.  I am creating a blog post to outline the steps.  They aren't hard, but they're not self-explanatory.  It deals with the Restricted Groups mentioned above, but it's still automate-able using Group Policy so that you
    don't have to touch each computer.  I think the above poster (Andrey Ganev) got it right, but
    I had trouble deciphering his instructions.
    Here is my blog post that walks through this entire process, step-by-step.

Maybe you are looking for

  • Problem on node 1

    Dear Experts, We have 2 partitions on our BI Dev system (0 and 1 in the same box), when we tried to add container to the tablespace that resides on those partitions, it resulted error (we forgot the error message) on partition 1, however there is no

  • ODI 10.1.3.5.3 and Windows 7 64 bits: ODI freeze after the logon window

    Hi, I'm trying to use ODI 10.1.3.5.3 but i can't open the application. It show the logon window and after click ok, ODI show the splash screen and nothing happens (the splash screen stay open forever and i need to kill javaw.exe process to close). I'

  • Problem: Input must be in the format _____ in SPAD

    Hello everyone .. (sorry for my english) I want to create a new page format with size in decimal, for example: width = 255.5 mm .. but i get error : Input must be in the format _____ ... I am going to TX SU01 and click in tab Defaults, i probe with a

  • Is there a way to find out whether all of my music files have been imported to iTunes?

    Is there a way to find  out whether all of my music files on the computer have been imported to iTunes? I want to consolidate my music files to tidy it all up into one place, and then delete the originals. I don't want to delete any music until I kno

  • Giving Permissions to specific Distribution Group management for deparment secrety

    Dear ALL In our exchange 2010 environment we have multiple departmental distribution group. We plan to give management of these distribution group members to each departmental secretary. How can achieve this? Kindly help Ashraf