Security Role Won't Grant Table Access
When I log into the my production server there only two tables (dbperties & Trans) showing under tables when the Dbase is selected. I checked the server roles and I only have “Public” access. I can see the views that have been
created. I have been added to the Group membership and added to one of our vendor groups but I still can't see the additional tables.
However, when I log into the Development site it’s showing all the iMIS tables and I have both “Public” & “SysAdmin” roles.
Should I be added to the
“SysAdmin” role as well?
Thanks in advance.
DJ
Hi,
According to your description, as Erland’s post, if you are a member of Active Directory groups with administrative privileges , it means that you have full permissions on the Windows-level objects, such as the rights to read/write folders, but it does not
mean that your account is administrator in SQL Server except for creating a login name with this account and granting to sysadmin role.
Usually, the members of sysadmin role have administrative privileges on all server databases and resources, and can perform any activity in SQL Server. Generally, DBA is granted the sysadmin permission. If you need to perform any activity in SQL Server,
your account should be added to the sysadmin role. You can right-click sysadmin in Object Explorer/Security/Server Roles in SQL Server Management Studio (SSMS) ,then add your account. Please note that only a sysadmin member has rights to grant users
different permissions in SQL Server.
Public role is a special database role that exists in every user database, and by default, every database user is automatically assigned to this built-in role. If you just need to access and modify all the objects of a database , it’s not necessary to being
a sysadmin member in SQL Server , you can add your account to the db_owner database role.
For more information, please review the following this article: Server and Database Roles in SQL Server.
Thanks
Lydia Zhang
Similar Messages
-
Included are screen grabs of some of the message prompts I'm recieving when attempting to update my iPhoto app.
*side note: my operating system recently crashed, and my comptuer was wiped, so 'salvaging' photos from the current app is not a factor since they've been backedup externally already.Please test after each of the following steps that you haven't already tried. Stop when the problem is resolved. Back up all data before making any changes.
Step 1
Select the Purchases page in the App Store and locate the app(s) in your purchase history. If there's a button markedACCEPT on the right, click it.
Step 2
If you're trying to update iLife or iWork apps that were installed from a purchased DVD, or if you have a refurbished Mac bought directly from Apple, contact App Store customer service for a redemption code. You may be asked for the part number of the DVD.
Step 3
From the App Store menu bar, select
Store ▹ View My Account
Enter your Apple ID password at the prompt. At the lower right corner of the window that opens, click the Reset button. Close the window.
Step 4
If you have a used Mac, the bundled apps were linked to the original owner's Apple ID and can't be transferred to you. Reportedly, customer service has issued redemption codes to some second owners who asked, but it's not guaranteed.
Step 5
Delete the app(s) you want to update and reinstall them. -
What is the difference between USER_TAB_PRIVS and DBA_TAB_PRIVS?
So USER_TAB_PRIVS is a view of DBA_TAB_PRIVS, showing the objects that I own, have granted to someone, or have been granted by someone. Check.
Is there any way to do this:
GRANT SELECT ON PS_PAYGROUP_TBL TO (SELECT OPRID FROM PSOPRDEFN WHERE OPRCLASS = '0')
In other words, I want to grant table access to a specific group of operators....without keying them manually. -
PL/SQL stored proc won't compile when accessing a table in another schema
I am attempting to compile a stored procedured that does something like this:
create or replace PROCEDURE CreateNewBackupTbls
AS
tblExists NUMBER;
v_CatalogName VARCHAR(50);
Cursor ctlg_cursor
IS
Select vchCatalogName
FROM OtherSchema.tblCatalogs;
BEGIN
-- Create AdminMstr backup table if it doesn't already exist
select count(*) into tblExists
from dual
where exists ( select NULL from TABS where Table_Name = 'AdminMstr' );
IF tblExists = 0
THEN
spc_createNewAuditBackupTbl('AdminMstr');
DBMS_OUTPUT.PUT_LINE('Created AdminMstr audit backup table');
END IF;
OPEN ctlg_cursor;
LOOP
FETCH ctlg_cursor INTO v_CatalogName;
EXIT WHEN ctlg_cursor%NOTFOUND;
-- Create Catalog backup table if it doesn't already exist
select count(*) into tblExists
from dual
where exists ( select NULL from TABS where Table_Name = v_CatalogName );
IF tblExists = 0
THEN
spc_createNewAuditBackupTbl(v_CatalogName);
DBMS_OUTPUT.PUT_LINE('Created ' || v_CatalogName || ' audit backup table');
END IF;
END LOOP;
CLOSE ctlg_cursor;
END;
The schema/user this stored procedure belongs to has access to the OtherSchema.tblCatalogs table. I can see it in Sql Developer and I can also type
Select vchCatalogName
FROM OtherSchema.tblCatalogs;
from an SQL plus prompt and it works. So why won't the stored procedure compile?
Thanks,
ChrisWOW! That seems like a very bad design.
Is it just the compiler that has the problem or is the PL/SQL code inside the stored procedure also affected? For example, if I'm doing an
EXECUTE IMMEDIATE 'insert ... INTO OtherSchema.tblTest';
Is this going to be a problem?
The problem with granting the access explicitly is the Archive Schema, which has the stored procedure that is failing, might not exist at the time when the other schemas are created. Therefore, there is no user to grant permissions to. I solved this by granting permissions to the role and when the archive user is created it is assigned that role.
This seems like the proper way to solve this problem. -
Hello everybody,i've forgot my apple password and i wanted to reset it to a new one but i also forgot the security question and the alternative email does not work and i am really need to log in to my apple i d because my iPhone 4g won't let me access it so anyone can help me with it or can i put another apple id to it without putting the first password?THANKS FOR YOUR HELP.
Then call AppleCare and talk to someone in account security.
-
I want to install onyx but my security preferences won't let me download it. Is it safe to change them and download from an unidentified developer? Will they be able to access my information?
1. If you just want to run one application, control-click it and choose Open instead of changing the setting. This only needs to be done once per application.
2. Ensure that you trust any software you choose to open in this way.
(108081) -
Hi,
I am migrating a web application from Websphere to Weblogic. The web application has a security role defined in web.xml (Use LDAP for authentication).
security-role>
<description>Authenticated</description>
<role-name>Authenticated</role-name>
</security-role>
This role is mapped to a special subject "All authenticated user in appliation realm" in WAS.
In weblogic, I have the following setting in weblogic.xml
<wls:security-role-assignment>
<wls:role-name>Authenticated</wls:role-name>
<wls:externally-defined />
</wls:security-role-assignment>
And after deploy the application, have to manually add a security role and add the security policy "Allow access to everyone" to this role.
I am wondering if this setting can be specified in for example weblogic.xml so just deploy web applicaiton using deployment descriptor, and I don't need write script to do that .
ThanksHi,
You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
Hope this will solve your problem.
Regards
MuRam -
Granting/Revoke Access Rights
I have a desktop application which is more of a db management thing. I have different user roles accessing it. Two roles that i am using are as follows:-
NOVICE
ADMIN
Till now, ive implemented:
adding new users,
Logging in for existing users
Ive done this by storing data about users in a table as follows::
NAME
PASSWORD
TYPE ie ADMIN / NOVICE
Now i want to add another functionality. Granting/revoking access rights and priviledges to users. I think a new person,who wants to add himself as ADMIN or NOVICE, would be allowed to do so only if he requests for such a role and is accepted by a SUPER user. This was a thought that came to my mind. Pls guide me in the right direction.
Thanks
DexterIt's hard to interpret what you're trying to do. However I set up such an access control system recently which might point you in the right direction.
Basically there are three tables. One is a table of users (for efficiently most of these tables have "synthetic keys", unique numeric identifiers for references). In this would probably be the user's name and, perhaps, e-mail address etc.., And a digest of the username and password combined. You don't store the actual password text for security reasons (see MessageDigest class).
The second principal table is a list of roles or actions that are protected, each with a name and description.
Permissions are granted in a third table which is an intersection table between users and roles, each row granting one role to one user (can contain further constraints).
One of these roles is, of course, the ability to grant roles. A user with that permission can grant or revoke a role for another user (or some subset of other users) providiing they have the permission itself.
In the java program you can create a class which extends java.security.Permission, when the user logs in, store them in a PermissionCollection. Then you use the "implies" method when you want to test if the current user has a given permission.
Hope this is something to do with what you're trying to do. -
How can I limit/control the addition of auth. objects to security roles?
Checking the authorization object S_USER_VAL it seemed that it grants the ability to limit the addition of authorization objects, but I tried using a test ID in sandbox along with a test role, removing the object, creating ranges in order to limit to a certaing type of auth. objects and didn't work. S_USER_AGR will give me access to limit which type of roles I can modify, but I'm looking to restrict the addition of specific security objects to security roles. If anyone knows the answer to this please share! Thanks in advance for your help!!!!
Edited by: Armando Salas on Nov 29, 2011 7:41 PMHi Armando,
Try with auth.obj. S_USER_AUT. A suggestion. Search this objects with tcode SU24, for instance, for tcode PFCG and it gives a list with objects.
I hope this helps you
Regards
Eduardo -
Change SQL 2012 Security roles after installation
I installed SQL 2012 SP1 Standard edition and during the setup it asked me for the users for various service . I choose to keep them as default
After the installation i could see the services were not started, so i changed everything to Local System
Also in future i may need to change them to run under some domain service account.
What steps do i have to take to make sure approprate rights are granted to the accounts that run the SQL services. I could see Local System just had Public security role.
Can someone guide me on verifying what the security roles for accounts should be.running them as domain account is a good thing and it does not need to part of admin group.
make sure your domain account has access backup paths/locations.
Also, make sure your account has "perform volume maintanence tasks" - to make use of INF.
Is your system 64 bit or 32 bit. if 64 bit, you are okay else you will need to enable lock pages in the memory for the service.
Below are the links to some articles that talk about this:
http://www.mssqltips.com/sqlservertip/2503/how-to-create-secure-sql-server-service-accounts/
http://blogs.msdn.com/b/askjay/archive/2011/02/28/required-rights-for-sql-server-service-account.aspx
http://technet.microsoft.com/en-us/library/ms191543(v=sql.110).aspx
http://blogs.msdn.com/b/sqlserverfaq/archive/2010/05/28/inf-permissions-required-for-sql-server-service-account-to-use-ssl-certificate.aspx
Hope it Helps!! -
Projects Contract (R 12.1.3) Security Role Assignment
In Projects Contract (R 12.1.3), is there any way we can have contingent worker(s) in the List of Values for “Employee” in Security Role Assignment window?
Please check the Profile Option - OKE: Allow Contingent Workers
This profile option determines whether contingent workers can be granted access to contracts or not. -
Hi all,
I have database A and database B. I have a table in A that I want to grant insert access to B. I have a DB link(Blink) created on B. I executed the following statement with errors though. Can someone please advise.
GRANT INSERT, SELECT ON A.table1 TO scott@Blink;Hi,
SunS wrote:
I have user userB in database B who connects to A. When I execute the following statement, I get an error "user or role userB does not exist"
GRANT INSERT, SELECT ON A.table1 TO userB;Exactly.
Now the question is: What user on database A is associated with that link? When someone on database B uses a link to database A, they connect as some particular user on database A. Who is that user on database A?
Say userB on database B is supposed to do things like this
SELECT ... FROM table1@alink;What did you say after "CONNECT TO" when you created the link? If you don't remember, then, on database B, say
SELECT username
FROM all_db_links
WHERE dblink = 'ALINK';That's the user on database A that needs privileges. -
Hi all -
Could someone shed a light on the SLD security roles for me ?
SLD is running fine (on a EP JAVA WAS) but I seem to miss the roles that come with it (LcrUser, LcrAdministrator, etc...)
Can I import/deploy/create them ? When do I use the 'Assign User Groups to Roles' from the VA - SLD Data Supplier ?
thx guys,
PaulHi everyone,
the assignment of SLD roles can be done from the <i>Policy Configurations</i> in the <i>Security Provider Service</i> in the Visual Administrator. Once you are there you'll have to choose the <b>sap.com/com.sap.lcr*sld</b> component and then click the <i>Security Roles</i> tab. From there you should have access to the SLD roles. Since the SLD roles are J2EE roles (they won't show up in the User Management console) and you can assign them to users/user groups from VA.
You can use the "Assign roles to groups" button in the SDL Data Supplier service in case the UME is used with an ABAP backend user sotre. In this case the ABAP user roles will appear as user groups in the J2EE Engine. If the J2EE user groups are created after the SLD server has been deployed, you can perform the mappings by using the SLD configuration service in the Visual Administrator.
For documentation of the above, take a look at the Post Installation guide from service.sap.com/sld -> Media Library.
Hope this helps.
Regards,
Yonko -
Hi All,
I want to know how to get the security roles which we configured in adfsecurity.
Regards,
SmaranHi,
to get all roles associated with the current user, try
SecurityContext secCtx = ADFContext.getCurrent().getSecurityContext();
String[] roles = secCtx.getUserRoles();
To get access to the roles defined on the system (not user specific) then this requires OPSS access. The JavaDocs are here:
http://download.oracle.com/docs/cd/E17904_01/apirefs.1111/e10686/toc.htm
From the top of my head. this is how get access to the JPS context to query system resources.
JpsContextFactory jpsfact = JpsContextFactory.getContextFactory();
JpsContext jpxCtx = jpdfact.getContext();
IdentityStoreService store = jpxCtx.getServiceInstance(IdentityStoreService.class);
... from here on I have no further hint without trying it myself. However, I hope I go you started
Frank -
Unable to assign all security roles to a user with a new custom security role
Dear All,
Happy New Year.!
I have a query regarding the assignment of Security Roles to new users in CRM. Normally we assign the security roles to new users via an Admin user who has 'System Administrator' security role assigned to him/her. This works perfectly fine, and we can assign
any desired security role to the new user.
However, in our case, we need to delegate the user creation rights to some of the client partners. We do not want to give them access to all the Administration functions; hence we created a new Security Role, lets say 'Support User Role'. We have provided
'Create', 'Append', 'Append To', and 'Assign' rights on 'User' entity for this new security role. With this security role, we are able to create new users now, but we are only able to assign 'Agent' security role, not any other security roles.
For example, if user 'x' has Security Role defined as 'Support User Role'. If 'x' tries to add a new user 'y', then 'x' is only able to assign 'Agent' security role to 'y', but not any other security role. As per business requirement, 'x' should be able
to assign some other security roles, including 'Support User Role', to new user 'y'.
I believe that there is something missing in Security Role configuration, which is causing the above problem. We compared both 'Support User Role' and 'System Administrator' security roles, but not able to figure out which minimum rights we can provide to
'Support User Role' so that users with this security role can only add new users (with any security role), and that they are not having access on any other Administration features as well.
Appreciate any help that you can provide on the above issue.
Thanks in anticipation.Hi,
Can you check if you have organization level Read access for Securitity Role and Organization level Assign access for Security role.
Refer:-
http://www.magnetismsolutions.com/blog/paulnieuwelaar/2013/04/22/permissions-required-to-manage-roles-in-dynamics-crm-2011
Hope this helps!!!
Thanks,
Prasad
Make sure to "Vote as Helpful" and "Mark As Answer",if you get answer of your question
Maybe you are looking for
-
I have a nano and want to transfer my music to my new iPad, in all the excitement of setting up my iPad I created a new apple Id and now I can't sync my music! Can someone please advise if there is a way to transfer my music to my iPad manually? If s
-
Saving from Single User Mode???
ok, so my computer *****, and i just want to reformat the drive and start from scratchville. is there any way to have a USB Thumbdrive or external hard drive attached and move files from single user mode to the thumb drive to store it. and then once
-
A1 - Lenovo App Store doesn't list installed apps or possible updates
This may be because of my inexperience with the Lenovo App Store, but whenever I start the Store app, I get an empty list of current and available apps. I did download and install Firefox cleanly, but no other installed apps are shown by the Lenovo S
-
Can I print or export an OD user list?
OK, I am sure there must be numerous ways to go about this... How can I generate a detailed list of the users (and groups?) in the Workgroup Manager?
-
Did latest update for itunes and now can't open Itunes. Get pop of :itunes was not installed correctly.Please reinstall itunes. Error 7 (Windows Error 126). Have reinstalled various times and still can't open itunes. Please help.