I have a SQL Server database that has database userid/password protection.
When I open the database through EM I can add/delete/modify any table, but
when I look at the permissions for any of the tables there are NO options
set for any user of the database! I don't understand the purpose of the
permissions, I guess, since they don't have to be set in order to get access
to the tables.
TIA,
Larry Woodswrong
table permissions are important. They are required in order to
access/update/delete data.
HOW are you connecting to SQL Server?
NT Authentication?
SQL Server Authentication?
If SQL Server auth, what account are you using? sa? If so, that is the
"GOD" account. You have full permissions to do anything and everything.
If you are using NT auth, what rights does your NT account have? Is it
assigned server or database roles that allow the activities that you are
performing?
Finally, what rights/permissions have been granted to the PUBLIC role?
Often (unfortunately) companies simply grant all rights to the public
role...and then evey account (SQL and NT) inherit the rights assigned to the
public role. For obvious reasons this is a bad security model.
SQL Server has a strong security model and it works well when it is setup by
someone who knows what they are doing. In the wrong hands...
--
Keith
"Larry Woods" <larry@.NOSPAMlwoods.com> wrote in message
news:eM31J1KdEHA.3864@.TK2MSFTNGP10.phx.gbl...
> I have a SQL Server database that has database userid/password protection.
> When I open the database through EM I can add/delete/modify any table, but
> when I look at the permissions for any of the tables there are NO options
> set for any user of the database! I don't understand the purpose of the
> permissions, I guess, since they don't have to be set in order to get
access
> to the tables.
> TIA,
> Larry Woods
>|||My database is remote to my workstation. I am using EM on the workstation.
The database has a userid/password (not 'sa') but the userid has "public"
and "db_owner" roles. Does the "db_owner" have complete access to all
tables/fields WITHOUT specifying anything in the permissions dialogs?
My "public" role only has "SELECT" and "EXEC" permissions.
Thanks, again.
Larry Woods
And,
"Keith Kratochvil" <sqlguy.back2u@.comcast.net> wrote in message
news:%23PTfc5KdEHA.3728@.TK2MSFTNGP09.phx.gbl...
> wrong
> table permissions are important. They are required in order to
> access/update/delete data.
> HOW are you connecting to SQL Server?
> NT Authentication?
> SQL Server Authentication?
> If SQL Server auth, what account are you using? sa? If so, that is the
> "GOD" account. You have full permissions to do anything and everything.
> If you are using NT auth, what rights does your NT account have? Is it
> assigned server or database roles that allow the activities that you are
> performing?
> Finally, what rights/permissions have been granted to the PUBLIC role?
> Often (unfortunately) companies simply grant all rights to the public
> role...and then evey account (SQL and NT) inherit the rights assigned to
the
> public role. For obvious reasons this is a bad security model.
> SQL Server has a strong security model and it works well when it is setup
by
> someone who knows what they are doing. In the wrong hands...
> --
> Keith
>
> "Larry Woods" <larry@.NOSPAMlwoods.com> wrote in message
> news:eM31J1KdEHA.3864@.TK2MSFTNGP10.phx.gbl...
> > I have a SQL Server database that has database userid/password
protection.
> > When I open the database through EM I can add/delete/modify any table,
but
> > when I look at the permissions for any of the tables there are NO
options
> > set for any user of the database! I don't understand the purpose of the
> > permissions, I guess, since they don't have to be set in order to get
> access
> > to the tables.
> >
> > TIA,
> >
> > Larry Woods
> >
> >
>|||Correct. The dbo_owner role allows you complete access to everything.
From Books Online
Roles
Fixed database role Description
db_owner Has all permissions in the database.
You can get to this page yourself. right-click on the Books Online icon in
your task bar. Select Jump to URL
enter the following:
mk:@.MSITStore:C:\Program%20Files\Microsoft%20SQL%20Server\80\Tools\Books\arc
hitec.chm::/8_ar_da_3xns.htm
--
Keith
"Larry Woods" <larry@.NOSPAMlwoods.com> wrote in message
news:uNv%23vFLdEHA.3380@.TK2MSFTNGP12.phx.gbl...
> My database is remote to my workstation. I am using EM on the
workstation.
> The database has a userid/password (not 'sa') but the userid has "public"
> and "db_owner" roles. Does the "db_owner" have complete access to all
> tables/fields WITHOUT specifying anything in the permissions dialogs?
> My "public" role only has "SELECT" and "EXEC" permissions.
> Thanks, again.
> Larry Woods
> And,
> "Keith Kratochvil" <sqlguy.back2u@.comcast.net> wrote in message
> news:%23PTfc5KdEHA.3728@.TK2MSFTNGP09.phx.gbl...
> > wrong
> > table permissions are important. They are required in order to
> > access/update/delete data.
> >
> > HOW are you connecting to SQL Server?
> > NT Authentication?
> > SQL Server Authentication?
> >
> > If SQL Server auth, what account are you using? sa? If so, that is the
> > "GOD" account. You have full permissions to do anything and everything.
> >
> > If you are using NT auth, what rights does your NT account have? Is it
> > assigned server or database roles that allow the activities that you are
> > performing?
> >
> > Finally, what rights/permissions have been granted to the PUBLIC role?
> > Often (unfortunately) companies simply grant all rights to the public
> > role...and then evey account (SQL and NT) inherit the rights assigned to
> the
> > public role. For obvious reasons this is a bad security model.
> >
> > SQL Server has a strong security model and it works well when it is
setup
> by
> > someone who knows what they are doing. In the wrong hands...
> >
> > --
> > Keith
> >
> >
> > "Larry Woods" <larry@.NOSPAMlwoods.com> wrote in message
> > news:eM31J1KdEHA.3864@.TK2MSFTNGP10.phx.gbl...
> > > I have a SQL Server database that has database userid/password
> protection.
> > > When I open the database through EM I can add/delete/modify any table,
> but
> > > when I look at the permissions for any of the tables there are NO
> options
> > > set for any user of the database! I don't understand the purpose of
the
> > > permissions, I guess, since they don't have to be set in order to get
> > access
> > > to the tables.
> > >
> > > TIA,
> > >
> > > Larry Woods
> > >
> > >
> >
>|||Hi Larry,
ob_owner means you can do anything to that particular
database. If there are other databases you can attack to
then you may have different access rights.
I would sugest you have a look at
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/architec/8_ar_da_8yur.asp and its sub
groups for a bit of background
Peter
MCDBA
>--Original Message--
>My database is remote to my workstation. I am using EM
on the workstation.
>The database has a userid/password (not 'sa') but the
userid has "public"
>and "db_owner" roles. Does the "db_owner" have complete
access to all
>tables/fields WITHOUT specifying anything in the
permissions dialogs?
>My "public" role only has "SELECT" and "EXEC" permissions.
>Thanks, again.
>Larry Woods
>And,
>"Keith Kratochvil" <sqlguy.back2u@.comcast.net> wrote in
message
>news:%23PTfc5KdEHA.3728@.TK2MSFTNGP09.phx.gbl...
>> wrong
>> table permissions are important. They are required in
order to
>> access/update/delete data.
>> HOW are you connecting to SQL Server?
>> NT Authentication?
>> SQL Server Authentication?
>> If SQL Server auth, what account are you using? sa?
If so, that is the
>> "GOD" account. You have full permissions to do
anything and everything.
>> If you are using NT auth, what rights does your NT
account have? Is it
>> assigned server or database roles that allow the
activities that you are
>> performing?
>> Finally, what rights/permissions have been granted to
the PUBLIC role?
>> Often (unfortunately) companies simply grant all rights
to the public
>> role...and then evey account (SQL and NT) inherit the
rights assigned to
>the
>> public role. For obvious reasons this is a bad
security model.
>> SQL Server has a strong security model and it works
well when it is setup
>by
>> someone who knows what they are doing. In the wrong
hands...
>> --
>> Keith
>>
>> "Larry Woods" <larry@.NOSPAMlwoods.com> wrote in message
>> news:eM31J1KdEHA.3864@.TK2MSFTNGP10.phx.gbl...
>> > I have a SQL Server database that has database
userid/password
>protection.
>> > When I open the database through EM I can
add/delete/modify any table,
>but
>> > when I look at the permissions for any of the tables
there are NO
>options
>> > set for any user of the database! I don't understand
the purpose of the
>> > permissions, I guess, since they don't have to be set
in order to get
>> access
>> > to the tables.
>> >
>> > TIA,
>> >
>> > Larry Woods
>> >
>> >
>
>.
>|||Thanks for the quick response from all you guys. Now, tackle the other
email that I sent! ;-)
Why can I get to my SQL Server db tables through EM but NOT through a Access
project? In the Access project I can read/select any table in the database,
but no modify/add/delete capabilities.
''
Thanks, again.
Larry Woods
"Peter the Spate" <anonymous@.discussions.microsoft.com> wrote in message
news:5c1a01c474b4$b6cba070$a301280a@.phx.gbl...
> Hi Larry,
> ob_owner means you can do anything to that particular
> database. If there are other databases you can attack to
> then you may have different access rights.
> I would sugest you have a look at
> http://msdn.microsoft.com/library/default.asp?
> url=/library/en-us/architec/8_ar_da_8yur.asp and its sub
> groups for a bit of background
> Peter
> MCDBA
>
> >--Original Message--
> >My database is remote to my workstation. I am using EM
> on the workstation.
> >The database has a userid/password (not 'sa') but the
> userid has "public"
> >and "db_owner" roles. Does the "db_owner" have complete
> access to all
> >tables/fields WITHOUT specifying anything in the
> permissions dialogs?
> >
> >My "public" role only has "SELECT" and "EXEC" permissions.
> >
> >Thanks, again.
> >
> >Larry Woods
> >
> >And,
> >"Keith Kratochvil" <sqlguy.back2u@.comcast.net> wrote in
> message
> >news:%23PTfc5KdEHA.3728@.TK2MSFTNGP09.phx.gbl...
> >> wrong
> >> table permissions are important. They are required in
> order to
> >> access/update/delete data.
> >>
> >> HOW are you connecting to SQL Server?
> >> NT Authentication?
> >> SQL Server Authentication?
> >>
> >> If SQL Server auth, what account are you using? sa?
> If so, that is the
> >> "GOD" account. You have full permissions to do
> anything and everything.
> >>
> >> If you are using NT auth, what rights does your NT
> account have? Is it
> >> assigned server or database roles that allow the
> activities that you are
> >> performing?
> >>
> >> Finally, what rights/permissions have been granted to
> the PUBLIC role?
> >> Often (unfortunately) companies simply grant all rights
> to the public
> >> role...and then evey account (SQL and NT) inherit the
> rights assigned to
> >the
> >> public role. For obvious reasons this is a bad
> security model.
> >>
> >> SQL Server has a strong security model and it works
> well when it is setup
> >by
> >> someone who knows what they are doing. In the wrong
> hands...
> >>
> >> --
> >> Keith
> >>
> >>
> >> "Larry Woods" <larry@.NOSPAMlwoods.com> wrote in message
> >> news:eM31J1KdEHA.3864@.TK2MSFTNGP10.phx.gbl...
> >> > I have a SQL Server database that has database
> userid/password
> >protection.
> >> > When I open the database through EM I can
> add/delete/modify any table,
> >but
> >> > when I look at the permissions for any of the tables
> there are NO
> >options
> >> > set for any user of the database! I don't understand
> the purpose of the
> >> > permissions, I guess, since they don't have to be set
> in order to get
> >> access
> >> > to the tables.
> >> >
> >> > TIA,
> >> >
> >> > Larry Woods
> >> >
> >> >
> >>
> >
> >
> >.
> >|||Probably because you do not have permissions in Access to
chenge the database, however in SQL Server you have
db_owner permission that does allow you to.
Peter
>--Original Message--
>Thanks for the quick response from all you guys. Now,
tackle the other
>email that I sent! ;-)
>Why can I get to my SQL Server db tables through EM but
NOT through a Access
>project? In the Access project I can read/select any
table in the database,
>but no modify/add/delete capabilities.
>''
>Thanks, again.
>Larry Woods
>"Peter the Spate" <anonymous@.discussions.microsoft.com>
wrote in message
>news:5c1a01c474b4$b6cba070$a301280a@.phx.gbl...
>> Hi Larry,
>> ob_owner means you can do anything to that particular
>> database. If there are other databases you can attack to
>> then you may have different access rights.
>> I would sugest you have a look at
>> http://msdn.microsoft.com/library/default.asp?
>> url=/library/en-us/architec/8_ar_da_8yur.asp and its sub
>> groups for a bit of background
>> Peter
>> MCDBA
>>
>> >--Original Message--
>> >My database is remote to my workstation. I am using EM
>> on the workstation.
>> >The database has a userid/password (not 'sa') but the
>> userid has "public"
>> >and "db_owner" roles. Does the "db_owner" have
complete
>> access to all
>> >tables/fields WITHOUT specifying anything in the
>> permissions dialogs?
>> >
>> >My "public" role only has "SELECT" and "EXEC"
permissions.
>> >
>> >Thanks, again.
>> >
>> >Larry Woods
>> >
>> >And,
>> >"Keith Kratochvil" <sqlguy.back2u@.comcast.net> wrote in
>> message
>> >news:%23PTfc5KdEHA.3728@.TK2MSFTNGP09.phx.gbl...
>> >> wrong
>> >> table permissions are important. They are required
in
>> order to
>> >> access/update/delete data.
>> >>
>> >> HOW are you connecting to SQL Server?
>> >> NT Authentication?
>> >> SQL Server Authentication?
>> >>
>> >> If SQL Server auth, what account are you using? sa?
>> If so, that is the
>> >> "GOD" account. You have full permissions to do
>> anything and everything.
>> >>
>> >> If you are using NT auth, what rights does your NT
>> account have? Is it
>> >> assigned server or database roles that allow the
>> activities that you are
>> >> performing?
>> >>
>> >> Finally, what rights/permissions have been granted to
>> the PUBLIC role?
>> >> Often (unfortunately) companies simply grant all
rights
>> to the public
>> >> role...and then evey account (SQL and NT) inherit the
>> rights assigned to
>> >the
>> >> public role. For obvious reasons this is a bad
>> security model.
>> >>
>> >> SQL Server has a strong security model and it works
>> well when it is setup
>> >by
>> >> someone who knows what they are doing. In the wrong
>> hands...
>> >>
>> >> --
>> >> Keith
>> >>
>> >>
>> >> "Larry Woods" <larry@.NOSPAMlwoods.com> wrote in
message
>> >> news:eM31J1KdEHA.3864@.TK2MSFTNGP10.phx.gbl...
>> >> > I have a SQL Server database that has database
>> userid/password
>> >protection.
>> >> > When I open the database through EM I can
>> add/delete/modify any table,
>> >but
>> >> > when I look at the permissions for any of the
tables
>> there are NO
>> >options
>> >> > set for any user of the database! I don't
understand
>> the purpose of the
>> >> > permissions, I guess, since they don't have to be
set
>> in order to get
>> >> access
>> >> > to the tables.
>> >> >
>> >> > TIA,
>> >> >
>> >> > Larry Woods
>> >> >
>> >> >
>> >>
>> >
>> >
>> >.
>> >
>
>.
>|||Thanks, Peter.
That may be, but I can't find any place in Access where you can set
permissions.
Any suggestions?
Larry Woods
"Peter the Spate" <anonymous@.discussions.microsoft.com> wrote in message
news:5dfb01c474b8$6cc4d560$a501280a@.phx.gbl...
> Probably because you do not have permissions in Access to
> chenge the database, however in SQL Server you have
> db_owner permission that does allow you to.
> Peter
>
> >--Original Message--
> >Thanks for the quick response from all you guys. Now,
> tackle the other
> >email that I sent! ;-)
> >
> >Why can I get to my SQL Server db tables through EM but
> NOT through a Access
> >project? In the Access project I can read/select any
> table in the database,
> >but no modify/add/delete capabilities.
> >
> >''
> >
> >Thanks, again.
> >
> >Larry Woods
> >
> >"Peter the Spate" <anonymous@.discussions.microsoft.com>
> wrote in message
> >news:5c1a01c474b4$b6cba070$a301280a@.phx.gbl...
> >> Hi Larry,
> >>
> >> ob_owner means you can do anything to that particular
> >> database. If there are other databases you can attack to
> >> then you may have different access rights.
> >>
> >> I would sugest you have a look at
> >> http://msdn.microsoft.com/library/default.asp?
> >> url=/library/en-us/architec/8_ar_da_8yur.asp and its sub
> >> groups for a bit of background
> >>
> >> Peter
> >> MCDBA
> >>
> >>
> >> >--Original Message--
> >> >My database is remote to my workstation. I am using EM
> >> on the workstation.
> >> >The database has a userid/password (not 'sa') but the
> >> userid has "public"
> >> >and "db_owner" roles. Does the "db_owner" have
> complete
> >> access to all
> >> >tables/fields WITHOUT specifying anything in the
> >> permissions dialogs?
> >> >
> >> >My "public" role only has "SELECT" and "EXEC"
> permissions.
> >> >
> >> >Thanks, again.
> >> >
> >> >Larry Woods
> >> >
> >> >And,
> >> >"Keith Kratochvil" <sqlguy.back2u@.comcast.net> wrote in
> >> message
> >> >news:%23PTfc5KdEHA.3728@.TK2MSFTNGP09.phx.gbl...
> >> >> wrong
> >> >> table permissions are important. They are required
> in
> >> order to
> >> >> access/update/delete data.
> >> >>
> >> >> HOW are you connecting to SQL Server?
> >> >> NT Authentication?
> >> >> SQL Server Authentication?
> >> >>
> >> >> If SQL Server auth, what account are you using? sa?
> >> If so, that is the
> >> >> "GOD" account. You have full permissions to do
> >> anything and everything.
> >> >>
> >> >> If you are using NT auth, what rights does your NT
> >> account have? Is it
> >> >> assigned server or database roles that allow the
> >> activities that you are
> >> >> performing?
> >> >>
> >> >> Finally, what rights/permissions have been granted to
> >> the PUBLIC role?
> >> >> Often (unfortunately) companies simply grant all
> rights
> >> to the public
> >> >> role...and then evey account (SQL and NT) inherit the
> >> rights assigned to
> >> >the
> >> >> public role. For obvious reasons this is a bad
> >> security model.
> >> >>
> >> >> SQL Server has a strong security model and it works
> >> well when it is setup
> >> >by
> >> >> someone who knows what they are doing. In the wrong
> >> hands...
> >> >>
> >> >> --
> >> >> Keith
> >> >>
> >> >>
> >> >> "Larry Woods" <larry@.NOSPAMlwoods.com> wrote in
> message
> >> >> news:eM31J1KdEHA.3864@.TK2MSFTNGP10.phx.gbl...
> >> >> > I have a SQL Server database that has database
> >> userid/password
> >> >protection.
> >> >> > When I open the database through EM I can
> >> add/delete/modify any table,
> >> >but
> >> >> > when I look at the permissions for any of the
> tables
> >> there are NO
> >> >options
> >> >> > set for any user of the database! I don't
> understand
> >> the purpose of the
> >> >> > permissions, I guess, since they don't have to be
> set
> >> in order to get
> >> >> access
> >> >> > to the tables.
> >> >> >
> >> >> > TIA,
> >> >> >
> >> >> > Larry Woods
> >> >> >
> >> >> >
> >> >>
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >|||How do you link your tables? Try using a specific user that has the
appropriate permissions within SQL Server.
--
Keith
"Larry Woods" <larry@.NOSPAMlwoods.com> wrote in message
news:elv2x3LdEHA.3792@.TK2MSFTNGP09.phx.gbl...
> Thanks, Peter.
> That may be, but I can't find any place in Access where you can set
> permissions.
> Any suggestions?
> Larry Woods
> "Peter the Spate" <anonymous@.discussions.microsoft.com> wrote in message
> news:5dfb01c474b8$6cc4d560$a501280a@.phx.gbl...
> > Probably because you do not have permissions in Access to
> > chenge the database, however in SQL Server you have
> > db_owner permission that does allow you to.
> >
> > Peter
> >
> >
> > >--Original Message--
> > >Thanks for the quick response from all you guys. Now,
> > tackle the other
> > >email that I sent! ;-)
> > >
> > >Why can I get to my SQL Server db tables through EM but
> > NOT through a Access
> > >project? In the Access project I can read/select any
> > table in the database,
> > >but no modify/add/delete capabilities.
> > >
> > >''
> > >
> > >Thanks, again.
> > >
> > >Larry Woods
> > >
> > >"Peter the Spate" <anonymous@.discussions.microsoft.com>
> > wrote in message
> > >news:5c1a01c474b4$b6cba070$a301280a@.phx.gbl...
> > >> Hi Larry,
> > >>
> > >> ob_owner means you can do anything to that particular
> > >> database. If there are other databases you can attack to
> > >> then you may have different access rights.
> > >>
> > >> I would sugest you have a look at
> > >> http://msdn.microsoft.com/library/default.asp?
> > >> url=/library/en-us/architec/8_ar_da_8yur.asp and its sub
> > >> groups for a bit of background
> > >>
> > >> Peter
> > >> MCDBA
> > >>
> > >>
> > >> >--Original Message--
> > >> >My database is remote to my workstation. I am using EM
> > >> on the workstation.
> > >> >The database has a userid/password (not 'sa') but the
> > >> userid has "public"
> > >> >and "db_owner" roles. Does the "db_owner" have
> > complete
> > >> access to all
> > >> >tables/fields WITHOUT specifying anything in the
> > >> permissions dialogs?
> > >> >
> > >> >My "public" role only has "SELECT" and "EXEC"
> > permissions.
> > >> >
> > >> >Thanks, again.
> > >> >
> > >> >Larry Woods
> > >> >
> > >> >And,
> > >> >"Keith Kratochvil" <sqlguy.back2u@.comcast.net> wrote in
> > >> message
> > >> >news:%23PTfc5KdEHA.3728@.TK2MSFTNGP09.phx.gbl...
> > >> >> wrong
> > >> >> table permissions are important. They are required
> > in
> > >> order to
> > >> >> access/update/delete data.
> > >> >>
> > >> >> HOW are you connecting to SQL Server?
> > >> >> NT Authentication?
> > >> >> SQL Server Authentication?
> > >> >>
> > >> >> If SQL Server auth, what account are you using? sa?
> > >> If so, that is the
> > >> >> "GOD" account. You have full permissions to do
> > >> anything and everything.
> > >> >>
> > >> >> If you are using NT auth, what rights does your NT
> > >> account have? Is it
> > >> >> assigned server or database roles that allow the
> > >> activities that you are
> > >> >> performing?
> > >> >>
> > >> >> Finally, what rights/permissions have been granted to
> > >> the PUBLIC role?
> > >> >> Often (unfortunately) companies simply grant all
> > rights
> > >> to the public
> > >> >> role...and then evey account (SQL and NT) inherit the
> > >> rights assigned to
> > >> >the
> > >> >> public role. For obvious reasons this is a bad
> > >> security model.
> > >> >>
> > >> >> SQL Server has a strong security model and it works
> > >> well when it is setup
> > >> >by
> > >> >> someone who knows what they are doing. In the wrong
> > >> hands...
> > >> >>
> > >> >> --
> > >> >> Keith
> > >> >>
> > >> >>
> > >> >> "Larry Woods" <larry@.NOSPAMlwoods.com> wrote in
> > message
> > >> >> news:eM31J1KdEHA.3864@.TK2MSFTNGP10.phx.gbl...
> > >> >> > I have a SQL Server database that has database
> > >> userid/password
> > >> >protection.
> > >> >> > When I open the database through EM I can
> > >> add/delete/modify any table,
> > >> >but
> > >> >> > when I look at the permissions for any of the
> > tables
> > >> there are NO
> > >> >options
> > >> >> > set for any user of the database! I don't
> > understand
> > >> the purpose of the
> > >> >> > permissions, I guess, since they don't have to be
> > set
> > >> in order to get
> > >> >> access
> > >> >> > to the tables.
> > >> >> >
> > >> >> > TIA,
> > >> >> >
> > >> >> > Larry Woods
> > >> >> >
> > >> >> >
> > >> >>
> > >> >
> > >> >
> > >> >.
> > >> >
> > >
> > >
> > >.
> > >
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment