How can I create owner for my database (that has been created with codes) owner with user guest?? I want to give access to my database to every client on local network. If I manually set guest it works true but I want with code do it.
My code is:
use test
alter user[guest] login [guest]
exec sp_addrolemember 'db_owner','guest';
I want to set the owner of my database to guest user that exist, but this code doesn't execute successfully. Where is my problem??
thanks.
use test;
alter user 'guest' WITH login='guest';
exec sp_addrolemember 'db_owner','guest';
GO;
Related
How to create user oracle database using C# not using SQL manually input username,password? I want to create Oracle database user using C# language into Visual Studio Form.
When I click Create button then it should automatically create database username and password using C# language. Please help me.
enter image description here
Well, that's not a straightforward task. I don't speak C# so I'll comment only Oracle side of story.
New users are created by another, privileged user (i.e. the one that is granted CREATE USER privilege) - not every user is capable of doing it. For example, SYS is, but SYS is special and you shouldn't use it at all, but create another user and grant it privileges required to perform such actions (one option is to grant it DBA role).
Now, connected as that privileged user, you'd run a CREATE USER command which looks like this:
create user oliur --> this is username
identified by oliur_pw --> this is password
default tablespace users
temporary tablespace temp
profile default
quota unlimited on users;
List of available tablespaces is
select tablespace_name from dba_tablespaces;
Once you do that, you should grant some initial privileges to newly created user. Otherwise, he won't be able to do anything, not even connect to the database. That would be CREATE SESSION privilege. Some other privileges:
grant create session to oliur;
grant create table to oliur;
grant create procedure to oliur;
...
Perhaps you could create a stored procedure, which resides in the privileged user's schema. You'd pass username (as a parameter), and it would create user with that name. As of the password, you can set it to be the same as username, something constant, encrypted, etc. - it's up to you.
Note that such a procedure has to utilize dynamic SQL (EXECUTE IMMEDIATE) because otherwise you can't perform DDL from a procedure.
This is how it might look like:
create or replace procedure p_create_user (par_username in varchar2) is
begin
execute immediate ('create user ' || par_username ||
' identified by ' || par_username ||
' default tablespace user_data ' ||
' temporary tablespace temp' ||
' profile default' ||
' quota unlimited on user_data');
execute immediate ('grant create session to ' || par_username);
end;
/
In Oracle, call it like this:
begin
p_create_user('oliur');
end;
/
PL/SQL procedure successfully completed.
OK, let's connect as oliur:
SQL> connect oliur/oliur#kc11g
Connected.
Cool, success! Can we do something else?
SQL> create table test (id number);
create table test (id number)
*
ERROR at line 1:
ORA-01031: insufficient privileges
Nope, missing privileges to do that.
Now, as of C# part of the story, you just have to figure out how to call an Oracle procedure, but I hope that this is way simpler task than the above.
How can I create a SQL user in a SQL Server Express database that I added to my project?
I need to create a user to use in a connection string that doesn't use Integrated Security.
You would need to create a SQL Authenticated login first with CREATE LOGIN then add a user associated with that login to your database by using CREATE USER.
USE [master]
GO
CREATE LOGIN [JohnEgbert] WITH PASSWORD=N'YourPassword',
DEFAULT_DATABASE=[YourDB], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
USE [YourDB]
GO
CREATE USER [JohnEgbert] FOR LOGIN [JohnEgbert] WITH DEFAULT_SCHEMA=[dbo]
GO
If you create a SQL login and a SQL user without errors, but then get an error when trying to connect, you may have the SQL Authentication mode disabled. To check, run:
SELECT SERVERPROPERTY('IsIntegratedSecurityOnly')
If this returns 1, then SQL Authentication (mixed mode) is disabled.
You can change this setting using SSMS, regedit, or T-SQL:
EXEC xp_instance_regwrite N'HKEY_LOCAL_MACHINE', N'Software\Microsoft\MSSQLServer\MSSQLServer', N'LoginMode', REG_DWORD, 2
Then restart the SQL Server service, and create a login and a user, here with full permissions:
CREATE LOGIN myusername WITH PASSWORD=N'mypassword',
DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
EXEC sp_addsrvrolemember 'myusername', 'sysadmin'
CREATE USER myusername FOR LOGIN myusername WITH DEFAULT_SCHEMA=[dbo]
I wrote a simple c# code that connect to sql-server database and execute a query:
cmd = new SqlCommand(txtQuery.Text.ToString().Trim(), con);
cmd.ExecuteNonQuery();
in my db I have a table named myTB. I have two users too: user1(owner), user2(new user created)
I logged in (connected to DB) with user2's username and password !
I can access the tables that created by user1 with the query bellow:
"select * from user1.myTB"
(I don't know why I get error with this query:"select * from myTB", forget it now!)
Now I wanna REVOKE 'select' permission from user2. I mean I don't want user2 to execute the select query on myTB table which is created by user1.
what should I do is a problem that I'm stuck on it !
I used this query, but nothing changed !
Q1: "Revoke select ON user1.myTB FROM user2"
again user2 can do select * from user1.myTB !!! WHY !?
please help me with this.
thanks.
user2 is probably getting it's permissions from a role membership.
Run:
use [<YourDatabase>]
GO
exec sp_helpuser
find the user in the first column, and then look at the second column. Is the user a member of db_datareader or db_owner?
If so, you can revoke membership, say for db_datareader, by doing:
exec sp_droprolemember 'db_datareader', 'user2'
GO
You cannot REVOKE something you did not GRANT. Looks like you want to:
investigate and understand why user2 has permission to SELECT
possibly DENY permission to SELECT to user2
The permission work like following:
initialy an user has the poermissions derived from his group mebership (including public roles)
GRANT explictly grants a privilege
REVOKE takes back a previously granted priviledge, reverting to the user having the privileges implictily inherited from group(s) memberhip
DENY denies a privilege
The rules of precedence are that any DENY take precedence over any GRANT or inherited privilege. One can get access through a number of GRANTs but one single DENY will revoke the privilege. You cannot GRANT/REVOKE/DENY permissions to the securable owner (members of db_owner own everything and members of sysadmin own everything on the entire server).
Thanks friends,
I've solved it and use DENY instead of REVOKE :
DENY select ON user1.myTB TO user2
I created a login to connect to SQL SERVER.
create login bobLogin with password = 'bobpass' , default_database = bobDB
but when i am connecting sql server using this, it does not connects? because it needs a user.
so i created a user:
create user bobDB_USER for login bobLogin
then i connected to sql server using bobLogin & tried to create table:
create table bobDbTable(eid int)
which gives permission denied error;
so i granted permission:
GRANT CREATE TABLE TO bobDB_USER
then i again connected using bobLogin, & tried to create a table but it gave error:
The specified schema name "dbo" either does not exist or you do not have permission to use it.
why so? its creating the table in the dbo schema, thats why? so how do i grant him this permission ?
i dont want to create a new schema. is it necessary?
You would need to GRANT ALTER ON SCHEMA::dbo TO bobDB_USER to allow objects to be created in the dbo schema.
I would also use a Role too.
create role bobDB_ROLE
EXEC sp_addrolemember 'bobDB_ROLE', 'bobDB_USER'
GRANT ALTER ON SCHEMA::dbo TO bobDB_ROLE
However, you could addbobDB_USER into db_owner if it requires these rights
EXEC sp_addrolemember 'db_owner', 'bobDB_USER'
Note: end user permissions are quite different to admin type rights. If 'bobDB_USER' is an end user, then they should not be creating objects
How would I programmatically go about limiting the access of a database in SQL Server 2000 to the database owner for that database? Example... if I right-click "Properties" on the "Northwind" database in Enterprise Manager, the Owner is listed as sa. How would I limit access for this database to just the sa login?
You could set the database to RESTRICTED_USER availability.
ALTER DATABASE MyDatabase SET RESTRICTED_USER
-- OR --
ALTER DATABASE MyDatabase SET RESTRICTED_USER WITH ROLLBACK IMMEDIATE
http://msdn.microsoft.com/en-us/library/ms190249.aspx
http://msdn.microsoft.com/en-us/library/aa275464(SQL.80).aspx
Some thoughts:
You can neither deny not restrict the sa login at all, anywhere in a SQL Server Instance
Do not use "sa" day to day
It makes more sense to limit to the members of the db_owner database role, per database (SET RESTRICTED_USER above)
The database owner id is fairly random: sa only owns this because sa created it, or ownership was changed to sa
Other than that, what is the reasoning behind your request?