Quantcast
Channel: SQL Server Security forum
Viewing all 3027 articles
Browse latest View live

Create External Source from Azure Sql database

July 18, 2016, 2:11 am
$
0
0

Doing this:

CREATEDATABASE SCOPED CREDENTIAL testWITHIDENTITY='XXXX\XXXXXX',
SECRET ='superpass';CREATE EXTERNAL DATA SOURCE testWITH(
    TYPE=RDBMS,
    LOCATION='XX.XX.XX.XX',
    DATABASE_NAME='test',
    CREDENTIAL=test);CREATE EXTERNAL TABLE[dbo].[te]([id][smallint]NOTNULL,[dd][smallint]NOTNULL)WITH( DATA_SOURCE = test)

then, try to select from dbo.te:

select*from dbo.te

Got Error retrieving data from one or more shards. The underlying error message received was: 'A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)'.

what i can do? )

Search

how to find which Group, Login and User has DENY in SQL Server database, Table, View or SP

July 18, 2016, 11:05 am
$
0
0

I am trying to find which 1.Group, 2.Login, 3.User has deny Access on SQL Server database, Table, View or  SP

Is there a Script that help to find out?

Thanks,


What server role is requried to check jobs and logs

June 28, 2016, 8:48 pm
$
0
0

Hi All,

We are from application team, not DBA team. We have the full access on our database used by our application. In our database, there is a stored procedure, which synchronizes data from another database on another database server via Linked Server, and is required to be executed every night. So we requested the DBA team to create a SQL Server job to run this stored procedure as per schedule.

Recently we've found there are some issues with the data synchronization. But we didn't find the same issue when we ran the stored procedure manually. So we would like to check the job and the job logs. But we don't have the access by default.

So we would like to check what server role is required for us to check the job and the job logs like the below sample screenshot, so that we can raise a request to get the access. I know sa will definitely have the access, but that is not preferred.

Thanks,
高麻雀


Are Fixed Schemas owned by Role ,not user ?

July 18, 2016, 10:41 pm
$
0
0

Respected Team,

Hi Everyone ! . I was going through Fixed Schemas properties and noticed that Schema name and schema owner are same.I don't see any user created for these fixed schemas.

For Eg: I was looking into 'db_accessadmin' properties which says Schema owner and Schema name as 'db_accessadmin' . I am confused if Schema owner is a Role ? or is it User , which is hidden or not visible.

Please help me to understand this.

Many Thanks

Chaithanya M


GMSA as SQL Server Login

July 18, 2016, 7:14 am
$
0
0

Can a GMSA be used as a SQL Server login?

We are using GMSA accounts for our IIS application pools and the applications they host need access to SQL Server resources. Each application is accessing SQL Server as the GMSA account the application is running under. We've created logins and assigned appropriate permissions for the GMSA accounts to the appropriate databases. The GMSA accounts work until the GMSA password is changed on the default 30 day interval. After the password change, we are seeing Error 18456, Severity 14, State 38.

In which scenario I should go with Database User WITH LOGIN & Database User WITHOUT LOGIN ?

July 19, 2016, 6:10 am
$
0
0

I've an application under development, SQL Server 2012.

It is not a data critical/sensitive application.

Whether I should go with Database User WITH LOGIN & Database User WITHOUT LOGIN ?

Shashank Verma

Backup database failed

July 19, 2016, 5:31 pm
$
0
0

I connected to remote aws rds instance. Wheni tried to take backup of a database

I am continously facing the below issue-

Msg 262, Level 14, State 1, Line 3
BACKUP DATABASE permission denied in database 'sample'.
Msg 3013, Level 16, State 1, Line 3
BACKUP DATABASE is terminating abnormally.
Any help?

pavankumar

Column level encryption in both on-premise SQL and Azure SQL

July 20, 2016, 12:21 am
$
0
0

Hi,

We are using WPF with 4.6 .net Frame work. We have a requirement to enable column level encryption in both on-premise and Azure SQL servers. We found below two ways to implement the column level encryption. 

1. Always Encryption
https://msdn.microsoft.com/en-IN/library/mt163865.aspx

2. Column Level Encryption
https://msdn.microsoft.com/en-IN/library/ms179331.aspx

Please help me to choose the best option in the above two options.

Thanks & Regards
Naga Suresh D

Search

Privileges needed?

July 20, 2016, 2:22 pm
$
0
0

In SQL2012:

Due to security concerns, we're trying to grant the least privilege to developers in development SQL Server server. I know if you grant DBOwner to the developers, they can do everything in that DB.

However, if we want to restrict the developers to DB_datareader, DB_datawriter and DB_DDLADMIN - these privileges should allow them to create objects, select, insert, update and delete test data.

However, they have permission deny when trying to execute

"grant execute sp_abc to xyz" or

"CREATE ROLE [ud_AXTest] AUTHORIZATION [dbo]"

So, what are my options to allow the developers to be able to execute the 2 commands above?

Thanks!

Changing default port instance from 1433 to another port

July 20, 2016, 9:28 pm
$
0
0

Dear Sir,

I have one database server (IP=192.168.56.112) , but it has two instance with sql server 2008, instance name ( 1- S2008, 2- S2008P2 ) with version 2008 Enterprise like picture=Pic_02.JPG.

I would like to change default port (1- S2008 to port 1600) and (2- S2008P2 to port 1700) with picture=Pic_01.JPG

I change port with instance (1) in application "SQL Server Configuration Manager" --> "SQL Server Network Configuration" --> "Protocols for S2008" --> "TCP/IP" ( IPALL, TCP Dynamic Ports= null, TCP Port=1600)

I change port with instance (1) in application "SQL Server Configuration Manager" --> "SQL Server Network Configuration" --> "Protocols for S2008P2" --> "TCP/IP" ( IPALL, TCP Dynamic Ports= null, TCP Port=1700)

I face issue or wonder why I can login without put port as picture=Picture_login_without_port.JPG.

Please help to guideline and solution for this.

Best regards,
Sereyroth

Remote Desktop group automatically resets every day

July 21, 2016, 2:10 am
$
0
0
Every day the local group - Remote Desktop Users - is reset.  Initially I thought it was a Windows update that had reset it once off, but it's happening every day.  Is there any way I can configure the group to no longer be reset?

Thanks for any help.

migration from SQL 2008R2 to 2014 - default schema for Windows security doesn't work

July 21, 2016, 4:01 am
$
0
0

Hi,

I have a question where someone might have a simple answer for it.

We tried to access a database on SQL Server 2014 and run in strange behavior.

So the workflow was this here:

- backing up the database in SQL server 2008R2

- restoring the database in SQL Server 2014

- setting the compatibility level to SQL 2014  (12.0)

- creating a login for a Windows group, assign DB_owner rights in the restored database and assigned a default schema "dbo" for this windows user group.

What then happens is strange:

Our application creates stored procedures on the fly - but in a schema which is equal to the user name, following a name schema DOMAIN\username. When it then executes the stored procedure an error mesaage comes up "the stored procedure <name> is in different schema than the table <tablename>

After doing some research I found out that this is default behavior on SQL server 2008R2 - there we could not define a default schema when connecting through Windows AD account.

When I use the "data import wizard" and copy all the data into a new, empty database the association to the "dbo" schema is correctly used... the stored procedures are created in "dbo" schema.

So my questions are:

how can I find out about the original compatibility level of the restored database? 

is there a command that can remove these remains from SQL 2008R2 times?


IT architect - Terminal servers, virtualizations, SQL servers, file servers, WAN networks and closely related to software devleopment (8 years + experience in VB, C++ and script langugaes), MCP for SQL server and CCAA for Xenapp 6.5

The target principal name is incorrect

July 21, 2016, 4:23 pm
$
0
0

I have created two certificates with OpenSSL, the Trusted CA Certificate and the certificate to configure SSL on Microsoft SQL Server 2012. I setup the CA certificate on Trusted Root Certification Authorities and the other certificate successfully on SQL Server Configuration Manager. If I force encryption on server side, all connections are encrypted, but if I disable this option letting to the client select if the connection to establish  must SSL or not, I receive the follow error:

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.) (Microsoft SQL Server, Error: -2146893022)

For more details see the original question (stackoverflow.com/questions/37734311/ssl-provider-error-0-the-target-principal-name-is-incorrect). What I am missing?

SSL Certificate Error on SQL Server 2012

July 21, 2016, 1:19 pm
$
0
0

When i try to restart SQL Server Services on SQL server 2012 after applying SSL, i got below errors in Error Log. Please help me to resolve:

Error: 26014, Severity: 16, State: 1.
2016-07-21 15:23:25.39 spid10s     Unable to load user-specified certificate [Cert Hash(sha1) "EDF00A52ABD47819C66D8248152EFBE2F45C228D"]. The server will not accept a connection. You should verify that the certificate is correctly installed. See "Configuring Certificate for Use by SSL" in Books Online.
2016-07-21 15:23:25.39 spid10s     Error: 17182, Severity: 16, State: 1.
2016-07-21 15:23:25.39 spid10s     TDSSNIClient initialization failed with error 0x80092004, status code 0x80. Reason: Unable to initialize SSL support. Cannot find object or property. 
2016-07-21 15:23:25.39 spid10s     Error: 17182, Severity: 16, State: 1.
2016-07-21 15:23:25.39 spid10s     TDSSNIClient initialization failed with error 0x80092004, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. Cannot find object or property. 
2016-07-21 15:23:25.40 spid10s     Error: 17826, Severity: 18, State: 3.
2016-07-21 15:23:25.40 spid10s     Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
2016-07-21 15:23:25.40 spid10s     Error: 17120, Severity: 16, State: 1.
2016-07-21 15:23:25.40 spid10s     SQL Server could not spawn FRunCommunicationsManager thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

FTP Server with User Isolation set An admin to access the rootDir

July 23, 2016, 1:34 am
$
0
0

Hi,

I have configured a 2012 ftp server with User Isolation ,

As you know users are able to see only their home directory which has the same name as their users.

The problem is that we need to have an admin group,that is able to see all the directories.

How is it possible?


Search

'Run as' proxy credentials for regular TSQL

July 24, 2016, 8:13 am
$
0
0

In an attempt to fix this: http://bit.ly/2a9NY3W

I familiarized myself with SQL credential / security handling of cross server / non sql connections.

For jobs, it's possible to

- Create a credential

- Create a proxy

- Run non TSQL Job's using this proxy / credential

However, what strikes me is that it's not possible for 'regular' TSQL jobs (option is greyed out). Am I missing something? Would it be possible to do the same so that OPENROWSET functionality can be delegated to a least privileged user?

SQL Server Agent: view only permission for all jobs

July 25, 2016, 9:32 am
$
0
0

Hi,

currently we are facing the problem that we can't give a user "view only" (view definition and history) permissions on SQL Server Agent Jobs. The build-in roles (SQLAgentUserRole, SQLAgentReaderRole, SQLAgentOperatorRole) grant at least the functionality to create own jobs. But we need a pure "view only" permission.

Can anyone give us a hint?

Kind regards,
Christian



LINQ StoredProcedures?

September 11, 2008, 6:27 am
$
0
0
 

Hello People,

 

IMy Problem how to Implement easy security in a SQL Server DB and a Client with LINQ.

 

More Detail:

I want to develop an Application with technologies: WPF, LINQ, SQL Server. I need to have security for different Users.

I don't want to invent new wheels, so I want to use windows security.

 

I start learning LINQ and one statement I read is: "Avoid use of Stored Procedures in LINQ to get the best form it". OK.

 

If I take a Client - Server application how do I Secure my DB and Client, if I don't use Stored Procedures, if I don't implement the Rules for Reading , Writing etc. data in the DB?

 

My second thought was Ok make it easy use the AzMan (Autohorization Manager) technologie.

But unless I hardcode a user and password in my Application (wich is not secure),  this leads to

an N-Tier Application. Wich in is not very handy to serialize LINQ and the lifting is far more complicated.

So this is no easy approach.

What to do if I want to secure a Client Server  App must I use StoredProcedures or not?

 

Thanks for any hint.

 

Wolfgang



C#

 

User audit Report

July 27, 2016, 10:44 am
$
0
0

Grettings to all.

I need a user audit report that give me this information:

{UserID},{UserDescription},{UserProfile},{UserLastLogon},{UserCreationDate}

Is there a way to acomplish these? Or at least a query that give me these next values, but all in one single query.

Username

User creation date

User permission

User last logon.

Thanks to all for your time.

Regards.

Edgardo Mancía

Task scheduler not completing SQL Server task

July 28, 2016, 11:32 am
$
0
0

After upgrading recently to Windows 10, certain tasks stopped working. I decided to create the tasks all over again.

The way these tasks work is to open an Excel spreadsheet at a certain time in the early morning.

There is VBA macro set to run on opening. It accesses information from an SQL Server database, sends it out as an email, and then closes the spreadsheet. It used to work fine before the upgrade to 10.

I've tried a lot of different things to get it to work: I am creating the task from the Owner account, which is an administrator. I have tried opening the Task Scheduler "as administrator." (The spreadsheet to be opened is also located in a directory of the Owner account, from a trusted location.) I've tried running the task "with highest privileges."

The problem is not the spreadsheet or the VBA code. I am able to run the code and send out the emails by "manually" opening the spreadsheet. It is just that the task won't open it.

The task history shows the following as the last three entries: "Created Task Process", "Task Started", and finally "Action Started."

However, the spreadsheet doesn't seem to be opening.

Any ideas?

Viewing all 3027 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>