USER PERMISSONS on a Database

Similar Messages

• Copy Users/Permissions/objects from a database to another database

  Can anyone help me how to copy users, permissions, stored procedures, views, functions and all other objects from one database to another database.
   I need a SQL Script to get this job done. I cannot use backup restore or SSIS Package.

  There's also a transfer sqlserver objects task available in SSIS
  http://www.mssqltips.com/sqlservertip/2064/transfer-database-task-and-transfer-sql-server-objects-task-in-ssis/
  Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs

• HTMLDB, Database Users, Permissions

  I am working with a client that has an Oracle DB app that uses Forms 6i for the UI. We want to start using HTMLDB in addition to Forms. Currently, all the users have a database username and password, and user permissions are controlled by database roles and individual table permissions. The goal is to allow the users to login to HTMLDB with their db username and password so the existing db roles and permissions will be in effect.
  I have my HTMLDB configuration setup without a PLSQL Username/Password in the marvel.conf file, and this allows users to login to the HTMLDB apps with their DB username and password. This works fine.
  I have a report setup that selects from an employee table. Only a few roles have select permissions on this table. (I will also add that this table is in a schema that is mapped to the HTMLDB workspace) What I am finding is that, regardless of the permissions assigned to the logged in user, they can run this report.
  Looking at the DB connections in Enterprise Manager, it shows the username of the logged in user, so it would apper that the webserver is connecting to the DB as I would expect. How is it that even non-privileged users can run this report?
  If I login via sqlplus as the same user and attempt to run a select against this table, I get "ora-00942 table or view does not exist", so I am sure my permissions are correct. What am I missing?
  Any help on this is greatly appreciated.
  -Tony

  Tony,
  It is not your imagination, this is how things are 'sposed to work. At a Forms/HTML DB site we worked on, individual users were granted database roles, as you described. Forms controlled access to functionality by interrogating user_role_privs and would display access points to modules via menus in strict accordance with the connected user's privileges. In the back-end, however, the application executed in the super-user schema that had object privileges on everything. But user-level access control had already been accomplished by filtering what could be presented in the UI.
  With HTML DB, your users are connected as their database account. This achieves authentication and obtains the value of USER from the database for :APP_USER. Those users have privileges on schema objects through roles. Roles are not enabled in stored procedures, which is the mechanism through which all database interaction is performed in HTML DB.
  The minimum that you'll need to do is to establish row-level access control by using Oracle's Virtual Private Database feature, or VPD (aka, FGAC/RLS), which you can enable for every page request using the VPD application attribute. There will be an excellent how-to published very soon about that. (BTW, you don't need to connect using the database accounts to use this feature, in fact it's designed assuming the opposite situation.)
  When you need to limit access to application components based on user privileges, you'll have to do much more. For example, you might build an authorization model based on user_role_privs. Ensure that all SQL against the application schema is performed through APIs. The APIs will run in the application schema which should own the objects and would therefore have all required object privileges. The authorization model will be implemented as an API that is called from HTML DB authorization schemes attached to pages, regions, processes, etc. Then you can do things like, if the current user is not a manager don't show them links to the 'Show My Employee Detail' page and don't let them run the page if they attempt to do so and also send someone an email if that happens.
  Scott

• Changing user permissions SQL Database Server for OBIEE repository

  Hi All
  We have installed OBIEE 11g and are using database SQL Server 2008 R2.
  The users of the repositories are connected to the master database, and our client query if these users can be disconnected from the master database, so that only stay connected to their corresponding repositories.
  Please help with this question.
  Regards
  Pedro

  Hi,
  You can move out of Master database with SQL server. If such a case is being considered then you have to create a database with SQL server then move all the existing OBI repository's and its users to the new Database. Once this change is complete on the Database side on Weblogic Database connect strings needs to be changed.
  Let me know if this helped.
  Regards,
  Jay

• Export user permissions  - dropping schema

  Hey, i created a new database from an export of the old database.
  So, for the import I need the user on the new db to import the users schema.
  How can I export the user ( with all his roles and permissions) on the old database and import this on the new database before I start the import.
  Reason:
  I need to drop the users schema from time to time. so the user is dropped with dropping the schema.
  Any ideas ?
  Chris

  If you don't know datapump you will find that a bit difficult but it's definitely a thing to consider.
  expdb user/pw consistent=Y
  correct syntax ?
  No Oracle changed the syntax (they reintroduce the syntax in 11.2 to help people but in 10.2 there is only the datapump syntax)
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14215/dp_export.htm#SUTIL200
  You have to use flashback_time and flashback_scn to replace consistent=y
  Will this export the user the the import will create the user on the new database ?
  Yes it can create the user.
  Whats the syntax for the import ?
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14215/dp_import.htm
  Notice you can do directly the import without the need of an export, directly with a database link !
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14215/dp_import.htm#i1007380
  There are restrictions (LONG columns etc.) but it can be interesting.
  The schema already exists, is there a need to delete the schema ?
  Not necessarily but it can make things easier.
  Best regards
  Phil

• QUOTED_IDENTIFIER when trying to replicate user permissions

  I'm trying to add user permissions to a user on a database but I keep getting the following error. The user already has access to another DB on the same instance but when I try and copy the permissions (manaully or by query) this error appears. Can someone
  help. Thanks in advance.
  SELECT failed because the following SET options have incorrect settings: 'QUOTED_IDENTIFIER'. Verify that SET options are correct for use with indexed views and/or indexes on computed columns and/or filtered indexes and/or query notifications and/or XML data type methods and/or spatial index operations. (Microsoft SQL Server, Error: 1934)

  Good day
  1. please post the exact query that you are using while you are getting this error. 
  2. The error "SELECT failed because the following SET options have incorrect settings..." usually mean that you can change the SET option regarding the issue or just change the query a bit (options can be change or configure during the connection
  string or after you are connected). For example in your case you might tried to use simple quotation mark in the code
  SET QUOTED_IDENTIFIER causes SQL Server to follow the ISO rules regarding quotation mark delimiting identifiers and literal strings.
  * check this blog regarding the issue:
  http://sqlhints.com/2012/02/04/insertupdate-failed-because-the-following-set-options-have-incorrect-settings-quoted_identifier/
  * for more information regarding QUOTED_IDENTIFIER please
  check this link.
  * For more information and some example regarding GRANT Object Permissions please
  check this link, or
  this link.
    Ronen Ariely
   [Personal Site]    [Blog]    [Facebook]

• How to create many user in the same database

  hi
  my question is "How to create many user in the same database(application)?"
  for example, i have students, teachers, and staffs user using my application.
  i can create many users to use the same application right?, how ^^''' ???
  (right now i can only create application and then it shows every data in my DB
  but i want it to show only the data for the user who login to that application)
  Thanks.
  ps. i'm newbie, please help T^T

  You need to create a user table within your application that maintains their privileges. If you have LDAP you could use this for authorisation otherwise the table would handle that as well (store passwords etc). Your reports etc would then be filtered on information from this table.
  Check out some of the sample applications to see how authorisation and access is implemented (Online store is one). The how-to on the issue tracking system should also have some useful pointers.
  http://download-west.oracle.com/docs/cd/B31036_01/doc/appdev.22/b28839/issue_track.htm#BABBGBJG
  cheers,
  Ron

• Daily report for user sessions in oracle10g database

  I would like to genarate the daily report for user sessions in oracle10g database
  daily report of how many of sessions present in oracle database for each user

  Thanks for link ( I know you always post the oracle document link here)
  But I am expecting scripts( someting like logon trigger and logg off trigger) to genarate the user session report.

• How to add multiple users permissions to a calendar using powershell?

  I have an organization that was recently setup in Exchange Online and they have unique circumstances in that every user in the organization needs "reviewer"
  access to every other users calendars.  I cannot change the default permission since new users added after this should not be able to see these calendars details.  There are a few I will go back to run a Set command on to change an individual permission
  here and there for specific needs, but the main need is below.
  I have basic experience with powershell commands and have found how to manually add a single users permissions to a calendar using the command below:
  Add-MailboxFolderPermission -Identity alias:\calendar -user alias -AccessRights reviewer
  Since it's not realistic to run this command thousands of times changing the user aliases each time, I was hoping someone could help me build a command to run on a single mailbox's calendar that would add every current user in the organization with certain
  permissions such as "reviewer" or "availabilityonly".
  Thanks for the help!

  Hi,
  A possible solution is to do this via Security Groups.
  Add-MailboxFolderPermission -Identity [email protected]:\Calendar -User [email protected] -AccessRights Owner
  This way, you simply add users that require access to the CalendarOwnerAccessGroup
  You still have to run this on every mailbox that should have this feature, but that could be solved using powershell piping.
  http://technet.microsoft.com/en-us/library/ee176927.aspx
  /Anders Eide

• How to force my Web part to run regardless of users permissions

  I have created the following custom permission , which will allow users to Create items without being able to view,edit them:-
  $spweb=Get-SPWeb -Identity "http://vstg01";
  $spRoleDefinition = New-Object Microsoft.SharePoint.SPRoleDefinition;
  $spRoleDefinition.Name = "Submit only";
  $spRoleDefinition.Description = "Can submit/add forms/files/items into library or list but cannot view/edit them.";
  $spRoleDefinition.BasePermissions = "AddListItems, ViewPages, ViewFormPages, Open";
  $spweb.RoleDefinitions.Add($spRoleDefinition);
  $spweb.Dispose();
  then inside my "Issue Tracking List" i stop inheriting permission from team site , and i define the following permission for all users:-
  now users can add items and they can not view them ,, which is perfect :).
  But now i wanted to add a custom web part to my Create form which will hide certain fields if the user is not within specific group ,the web part looks as follow:-
  protected override void OnInit(EventArgs e)
  base.OnInit(e);
  InitializeControl();
  using (SPSite site = new SPSite(SPContext.Current.Site.Url))
  using (SPWeb web = site.OpenWeb())
  web.AllowUnsafeUpdates = true;
  SPGroup group = web.Groups["Intranet Visitors"];
  bool isUser = web.IsCurrentUserMemberOfGroup(group.ID);
  if (!isUser)
  SPList myList = web.Lists.TryGetList("Issue List");
  SPField titleField = myList.Fields.GetField("Category");
  titleField.Hidden = true;
  titleField.ShowInEditForm = false;
  titleField.ShowInNewForm = false;
  titleField.ShowInDisplayForm = false;
  titleField.Update();
  myList.Update();
  // web.AllowUnsafeUpdates = false;
  else
  SPList myList = web.Lists.TryGetList("Issue List");
  SPField titleField = myList.Fields.GetField("Title");
  titleField.Hidden = false;
  titleField.Update();
  myList.Update();
  // //web.AllowUnsafeUpdates = false;
  web.AllowUnsafeUpdates = false;
  then i deploy the web part and i add it to the Create form. but after doing so user are not able to create items and they will get the following error:-
  Sorry this site has not been shared with you
  so can anyone advice how to force my web part to run , without checking the users permissions or with minimal permssions ?

  in this case, use the elevated privileges to read/add/edit items with elevated privileges with below code.
  but make sure the page which you add this web part have at least read access to all user.
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using (SPSite site = new SPSite(web.Site.ID))
  // implementation details omitted
  More: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges.aspx
  Bistesh
  Ok after adding :-
  SPSecurity.RunWithElevatedPrivileges(delegate()
  users with the following permissions can create items:-
  "AddListItems, ViewPages, ViewFormPages, Open";
  and they can not edit/read them, which is great. but i am facing a caching problem , because if user is inside the "Intranet visitor" he will be able to see Category field as mentioned in my code, but if i remove him from the "Intranet Visitor"
  he still can see the field,, although in the web part i specify not to display the Category column if the user is not inside the "Intranet visitor " group... here is my current code:-
  protected override void OnInit(EventArgs e)
  base.OnInit(e);
  InitializeControl();
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using (SPSite site = new SPSite(SPContext.Current.Site.Url))
  using (SPWeb web = site.OpenWeb())
  web.AllowUnsafeUpdates = true;
  SPGroup group = web.Groups["Intranet Visitor"];
  bool isUser = web.IsCurrentUserMemberOfGroup(group.ID);
  if (!isUser)
  SPList myList = web.Lists.TryGetList("Risk & Issue Management");
  SPField titleField = myList.Fields.GetField("Category");
  titleField.Hidden = true;
  titleField.ShowInEditForm = false;
  titleField.ShowInNewForm = false;
  titleField.ShowInDisplayForm = false;
  titleField.Update();
  myList.Update();
  // web.AllowUnsafeUpdates = false;
  else
  SPList myList = web.Lists.TryGetList("Risk & Issue Management");
  SPField titleField = myList.Fields.GetField("Category");
  titleField.Hidden = false;
  titleField.ShowInEditForm = true;
  titleField.ShowInNewForm = true;
  titleField.ShowInDisplayForm = true;
  titleField.Update();
  myList.Update();
  web.AllowUnsafeUpdates = false;
  so can you advice please ? is this a caching problem, or once the user add at-least single item he will be able to see all columns ?

• SharePoint Online switching to mobile view when attempting to add user permissions

  Hello,
  I am having a very weird problem that just started out of no where. It happens when I go to the Site Settings of my site collection and click on Site Permissions. When I click Grant Permissions to try to add users, the browser will immediately switch to
  the mobile view.
  I am able to switch back to the regular browser view, then when I click Grant Permissions, the box to select the user opens. I then choose the user and click Share. After clicking Share, the popup immediately goes to the mobile view. When I exit that the
  users were never granted permissions.
  This only happens so far when I am trying to add permissions. Is there something that I could have messed up?
  What is happening and how can I fix this? I am out of ideas and unable to add permissions for users. I do not want to have to blow this site collection away.
  Thanks.

  Hi Andy,
  According to your description, my understanding is that the page would switch to mobile view when attempting to add user permissions in SharePoint Online.
  I recommend to verify the things below:
  Clear the caches in browser to see if the issue still occurs.
  Test the same scenario in another computer to see if the issue still occurs.
  Append mobile=0 to the URLs in SharePoint Online.
  In the meanwhile, you can post your question to the forum for SharePoint Online: http://social.technet.microsoft.com/Forums/msonline/en-US/home?forum=onlineservicessharepoint.
  More experts will assist you, then you will get more information relation to SharePoint Online.
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support

• Add multiple users to a certain database in the SQL server in one go

  I wonder if there is any method to add multiple users to a certain database in the SQL server in one go and without using transact code.
  I can add a single user to a certain database “Q” for example by right click on the user “U1” for example then properties then in user mapping tab select
  the database “Q”, so there should be a method to add multiple users ( U1,U2,U3…) to this database?
  Best Regards,
  Ahmad

  Many thanks Visakh16,
  I can do this using the below script, but what I am searching for is do to this without any scripting.
  USE TestDatabase; --Make sure you have the right database
  DECLARE @sql VARCHAR(MAX) = '';
  SELECT @sql = @sql + 'CREATE USER ' + name + ' FOR LOGIN ' + name + ';
  ' +
  'GRANT CREATE TABLE, CREATE PROCEDURE, CREATE VIEW, VIEW DEFINITION TO ' + name + ';
  FROM sys.server_principals p
  WHERE p.type in ('S','U') -- SQL Logins and Windows Login. Do not change!
  and p.name in ('U1','U2','U3'); -- List of names to add. alter to suit
  PRINT @sql; -- Show the statements being executed in the messages pane
  EXEC(@sql); -- Run the statements that have been built
  Thanks,
  Ahmad

• Unable to reset user permissions

  I have a big problem: I can't reset the user permissions and ACLs (with the resetpassword in the recovery partition), and my permissions are totally wrong. When I click on "reset" after ~0,5 sec the buttons says finished, but it didn't. I have a Fusion Drive built in, don't know if that's important.

  Hi,
  SIM uses the credentials you have set on the Resource Parameters page to reset the users password on thier behalf. Therefore the SIM resource credentials must have the appropriate permissions to reset a users password.
  To test the to see if there is a permissions issue please use the resource credentials that SIM uses to communicate with AIX and login to AIX natively and attempt to change the users password.

• What are high and low values in sharepoint 2013 user permissions?

  So I hit this api:
  http://win-a3q7ml82p8f/sharepoint_site/_api/web/roledefinitions/
  And got the different high and low values. But I am not clear with what they mean:
  For eg:
  High: 176, Low: 138612833
  and
  High: 176, Low: 138612801
  So for different values of Low how does it change the permissions?
  For 176 its binary is 10110000. So looking at this table here: http://www.dctmcontent.com/sharepoint/Articles/Permissions%20and%20Mask%20Values.aspx
  I can understand that 176 would mean the following set of permissions:
  DeleteVersions
  OpenItems
  ApproveItems
  But what's confusing me is, that user has OpenItems permissions but not ViewListItems permission? Am I wrong in understanding this?
  Also how does the value of Low change the overall user permissions?
  Note: I looked at this answer: http://social.msdn.microsoft.com/Forums/sharepoint/en-US/9d6df168-e8f5-4323-8c34-0646c03eff68/rest-api-what-are-high-and-low-in-effectivebasepermissions-and-getusereffectivepermissions?forum=sharepointdevelopment
  But honestly I cant understand what that means. Can someone help please?

  check this blog may explain you...
  http://jamestsai.net/Blog/post/Understand-SharePoint-Permissions---Part-1-SPBasePermissions-in-Hex2c-Decimal-and-Binary---The-Basics.aspx
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• Unknown User Permissions - Erase and Install Backup Plan

  Hi everyone,
  I upgraded from Tiger and therefore have the unknown user permissions problems. I'd like to erase and install my system and am writing to verify the following:
  If I copy my data (with the funny permissions) to a Powerbook in Firewire Disk Mode, reinstall Leopard on my new iMac, then copy the data back from the Powerbook in disk target mode, will the permissions be fixed?
  Thank you, Tom Bertram.

  Thomas,
  If you are talking about the "unknown" group problem seen in the permissions portion of Get Info, be aware that Apple is in the process of putting out a Knowledge Base article to address this and it may be wise to be patient a little longer.
  The user accounts inherited from Tiger belong to a "group" that has a missing piece of information -- a group name that Leopard wants. The installer should have dealt with this but it didn't. Anyway, a couple of simple Terminal commands can fix this for each such account. Once the Group description is proper, there will no longer be any need to change the group membership of your files.
  Unfortunately the first couple tries Apple made of describing how to do this appear to be in error. See the following thread:
  http://discussions.apple.com/thread.jspa?threadID=1280472&tstart=0
  The correct commands should be posted by Apple shortly and then you can resolve this without having to do a whole re-install.
  --Bob