I have a SQL Server database that has database userid/password protection.
When I open the database through EM I can add/delete/modify any table, but
when I look at the permissions for any of the tables there are NO options
set for any user of the database! I don't understand the purpose of the
permissions, I guess, since they don't have to be set in order to get access
to the tables.
TIA,
Larry Woodswrong
table permissions are important. They are required in order to
access/update/delete data.
HOW are you connecting to SQL Server?
NT Authentication?
SQL Server Authentication?
If SQL Server auth, what account are you using? sa? If so, that is the
"GOD" account. You have full permissions to do anything and everything.
If you are using NT auth, what rights does your NT account have? Is it
assigned server or database roles that allow the activities that you are
performing?
Finally, what rights/permissions have been granted to the PUBLIC role?
Often (unfortunately) companies simply grant all rights to the public
role...and then evey account (SQL and NT) inherit the rights assigned to the
public role. For obvious reasons this is a bad security model.
SQL Server has a strong security model and it works well when it is setup by
someone who knows what they are doing. In the wrong hands...
Keith
"Larry Woods" <larry@.NOSPAMlwoods.com> wrote in message
news:eM31J1KdEHA.3864@.TK2MSFTNGP10.phx.gbl...
> I have a SQL Server database that has database userid/password protection.
> When I open the database through EM I can add/delete/modify any table, but
> when I look at the permissions for any of the tables there are NO options
> set for any user of the database! I don't understand the purpose of the
> permissions, I guess, since they don't have to be set in order to get
access
> to the tables.
> TIA,
> Larry Woods
>|||My database is remote to my workstation. I am using EM on the workstation.
The database has a userid/password (not 'sa') but the userid has "public"
and "db_owner" roles. Does the "db_owner" have complete access to all
tables/fields WITHOUT specifying anything in the permissions dialogs?
My "public" role only has "SELECT" and "EXEC" permissions.
Thanks, again.
Larry Woods
And,
"Keith Kratochvil" <sqlguy.back2u@.comcast.net> wrote in message
news:%23PTfc5KdEHA.3728@.TK2MSFTNGP09.phx.gbl...
> wrong
> table permissions are important. They are required in order to
> access/update/delete data.
> HOW are you connecting to SQL Server?
> NT Authentication?
> SQL Server Authentication?
> If SQL Server auth, what account are you using? sa? If so, that is the
> "GOD" account. You have full permissions to do anything and everything.
> If you are using NT auth, what rights does your NT account have? Is it
> assigned server or database roles that allow the activities that you are
> performing?
> Finally, what rights/permissions have been granted to the PUBLIC role?
> Often (unfortunately) companies simply grant all rights to the public
> role...and then evey account (SQL and NT) inherit the rights assigned to
the
> public role. For obvious reasons this is a bad security model.
> SQL Server has a strong security model and it works well when it is setup
by
> someone who knows what they are doing. In the wrong hands...
> --
> Keith
>
> "Larry Woods" <larry@.NOSPAMlwoods.com> wrote in message
> news:eM31J1KdEHA.3864@.TK2MSFTNGP10.phx.gbl...
protection.[vbcol=seagreen]
but[vbcol=seagreen]
options[vbcol=seagreen]
> access
>|||Correct. The dbo_owner role allows you complete access to everything.
From Books Online
Roles
Fixed database role Description
db_owner Has all permissions in the database.
You can get to this page yourself. right-click on the Books Online icon in
your task bar. Select Jump to URL
enter the following:
mk:@.MSITStore:C:\Program%20Files\Microso
ft%20SQL%20Server\80\Tools\Books\arc
hitec.chm::/8_ar_da_3xns.htm
Keith
"Larry Woods" <larry@.NOSPAMlwoods.com> wrote in message
news:uNv%23vFLdEHA.3380@.TK2MSFTNGP12.phx.gbl...
> My database is remote to my workstation. I am using EM on the
workstation.
> The database has a userid/password (not 'sa') but the userid has "public"
> and "db_owner" roles. Does the "db_owner" have complete access to all
> tables/fields WITHOUT specifying anything in the permissions dialogs?
> My "public" role only has "SELECT" and "EXEC" permissions.
> Thanks, again.
> Larry Woods
> And,
> "Keith Kratochvil" <sqlguy.back2u@.comcast.net> wrote in message
> news:%23PTfc5KdEHA.3728@.TK2MSFTNGP09.phx.gbl...
> the
setup[vbcol=seagreen]
> by
> protection.
> but
> options
the[vbcol=seagreen]
>|||Hi Larry,
ob_owner means you can do anything to that particular
database. If there are other databases you can attack to
then you may have different access rights.
I would sugest you have a look at
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/architec/8_ar_da_8yur.asp and its sub
groups for a bit of background
Peter
MCDBA
>--Original Message--
>My database is remote to my workstation. I am using EM
on the workstation.
>The database has a userid/password (not 'sa') but the
userid has "public"
>and "db_owner" roles. Does the "db_owner" have complete
access to all
>tables/fields WITHOUT specifying anything in the
permissions dialogs?
>My "public" role only has "SELECT" and "EXEC" permissions.
>Thanks, again.
>Larry Woods
>And,
>"Keith Kratochvil" <sqlguy.back2u@.comcast.net> wrote in
message
>news:%23PTfc5KdEHA.3728@.TK2MSFTNGP09.phx.gbl...
order to[vbcol=seagreen]
If so, that is the[vbcol=seagreen]
anything and everything.[vbcol=seagreen]
account have? Is it[vbcol=seagreen]
activities that you are[vbcol=seagreen]
the PUBLIC role?[vbcol=seagreen]
to the public[vbcol=seagreen]
rights assigned to[vbcol=seagreen]
>the
security model.[vbcol=seagreen]
well when it is setup[vbcol=seagreen]
>by
hands...[vbcol=seagreen]
userid/password[vbcol=seagreen]
>protection.
add/delete/modify any table,[vbcol=seagreen]
>but
there are NO[vbcol=seagreen]
>options
the purpose of the[vbcol=seagreen]
in order to get[vbcol=seagreen]
>
>.
>|||Thanks for the quick response from all you guys. Now, tackle the other
email that I sent! ;-)
Why can I get to my SQL Server db tables through EM but NOT through a Access
project? In the Access project I can read/select any table in the database,
but no modify/add/delete capabilities.
''
Thanks, again.
Larry Woods
"Peter the Spate" <anonymous@.discussions.microsoft.com> wrote in message
news:5c1a01c474b4$b6cba070$a301280a@.phx.gbl...[vbcol=seagreen]
> Hi Larry,
> ob_owner means you can do anything to that particular
> database. If there are other databases you can attack to
> then you may have different access rights.
> I would sugest you have a look at
> http://msdn.microsoft.com/library/default.asp?
> url=/library/en-us/architec/8_ar_da_8yur.asp and its sub
> groups for a bit of background
> Peter
> MCDBA
>
> on the workstation.
> userid has "public"
> access to all
> permissions dialogs?
> message
> order to
> If so, that is the
> anything and everything.
> account have? Is it
> activities that you are
> the PUBLIC role?
> to the public
> rights assigned to
> security model.
> well when it is setup
> hands...
> userid/password
> add/delete/modify any table,
> there are NO
> the purpose of the
> in order to get|||Probably because you do not have permissions in Access to
chenge the database, however in SQL Server you have
db_owner permission that does allow you to.
Peter
>--Original Message--
>Thanks for the quick response from all you guys. Now,
tackle the other
>email that I sent! ;-)
>Why can I get to my SQL Server db tables through EM but
NOT through a Access
>project? In the Access project I can read/select any
table in the database,
>but no modify/add/delete capabilities.
>''
>Thanks, again.
>Larry Woods
>"Peter the Spate" <anonymous@.discussions.microsoft.com>
wrote in message
>news:5c1a01c474b4$b6cba070$a301280a@.phx.gbl...
complete[vbcol=seagreen]
permissions.[vbcol=seagreen]
in[vbcol=seagreen]
rights[vbcol=seagreen]
message[vbcol=seagreen]
tables[vbcol=seagreen]
understand[vbcol=seagreen]
set[vbcol=seagreen]
>
>.
>|||Thanks, Peter.
That may be, but I can't find any place in Access where you can set
permissions.
Any suggestions?
Larry Woods
"Peter the Spate" <anonymous@.discussions.microsoft.com> wrote in message
news:5dfb01c474b8$6cc4d560$a501280a@.phx.gbl...[vbcol=seagreen]
> Probably because you do not have permissions in Access to
> chenge the database, however in SQL Server you have
> db_owner permission that does allow you to.
> Peter
>
> tackle the other
> NOT through a Access
> table in the database,
> wrote in message
> complete
> permissions.
> in
> rights
> message
> tables
> understand
> set|||How do you link your tables? Try using a specific user that has the
appropriate permissions within SQL Server.
Keith
"Larry Woods" <larry@.NOSPAMlwoods.com> wrote in message
news:elv2x3LdEHA.3792@.TK2MSFTNGP09.phx.gbl...
> Thanks, Peter.
> That may be, but I can't find any place in Access where you can set
> permissions.
> Any suggestions?
> Larry Woods
> "Peter the Spate" <anonymous@.discussions.microsoft.com> wrote in message
> news:5dfb01c474b8$6cc4d560$a501280a@.phx.gbl...
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment