If a user is not authorized to see a database can I exclude that database from even appearing in Management Studio for that user
TIA,
Barkingdog
↧
Hide database names from unauthroized users in SSMS
↧
Linked Server issu
Hi,
I have 2 standalone SQL servers in the same AD domain. Let say SQL01 and SQL02 for the purposes of the post (SQL Server 2017).
I am trying to add SQL02 as a linked server from SQL01. When I do this directly from SQL01 it works. I am using the logons current context to connect.
Obviously, we don't want developers accessing this directly from SQL so have an RDS server that they access Management Studio from. When they test the connection they get the below error:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. (.Net SqlClient Data Provider)
I assumed this was an SPN issue so downloaded the Kerberos Configuration tool. When it analysed the SPNs it says mismatched. Is this because we are using the "NT Service" accounts for login? Eg should we be using proper service accounts for the SQL Services?
Or is It something completely different?
↧
↧
DROP user fails with "The database principal has granted or denied permissions to catalog objects in the database and cannot be dropped."
running SQL SERVER 2012
This is a strange one! I have a database user I'm trying to drop from a database. It's the SSIS catalog database. When I try to drop the user I get the follwing mesage
"The database principal has granted or denied permissions to catalog objects in the database and cannot be dropped."
From what I can tell the user has not issued grants to any objects. I queried the "sys.database_permissions" for the SSIS database. I checked both the "user_name(grantor_principal_id)" and "user_name(grantee_principal_id)" and the user is not listed.
I confirmed the user does not own a schema either and the user is not in any of the database roles.
Any ideas what else could be causing this?
Thanks!
↧
Column Encryption Key
I have created DATABASE_OBJECT_CHANGE_GROUP in SQL audit and it returned COLUMN ENCRYPTION KEY in the audit log. I did not setup any encryption in database and i get nothing returned with query below.
SELECT db_id() as database_id,COUNT_BIG(DISTINCT(V.column_encryption_key_id)) [ColumnEncryptionKeyCount],
encryption_algorithm_name
FROM
sys.column_encryption_keys K WITH(nolock) JOIN
sys.column_encryption_key_values V WITH(nolock)
ON K.column_encryption_key_id = V.column_encryption_key_id
GROUP BY encryption_algorithm_name
HAVING
COUNT_BIG(DISTINCT(V.column_encryption_key_id)) > 0
Would like to get some advise on how to get the related encryption column so i can get rid of it as the information appear quite frequent in audit log and consuming space.
↧
Active Directory authentication for SQL Server using JDBC
Hi
I have a requirement in which windows logged in user would be XXXX and I would like to make a JDBC connection through a java program using another Active Directory user to authenticate to SQL Server.
Is it possible, if possible please help me getting some information on how to do it using JDBC.
This is bit urgent requirement. Appreciate your help in this.
Thanks
Sara
↧
↧
Windows Authentication using Microsoft JDBC
I hope this is the correct forum for this question. I'm trying to connect to a SQL Server database using Microsoft's JDBC driver with Windows Authentication.
I've created two executables, one .NET and one Java, that attempt to connect to my database via windows authentication.
The .NET executable sees the current username as MyDomain\MyUsername, and the connection works. The Java executable sees the current username as MyUsername (no domain), and the connection fails with this message:
"The login is from an untrusted domain and cannot be used with Windows authentication"
So I think I need to get Java to recognize the current domain somehow. Has anyone got this to work?
↧
SQL Server Error 258
Hi Everyone,
Please check the below screenshot once, One of my client getting this error he was unable to connect to the server.
As I checked TCPIP protocol was enabled and i'm able to access the server as well but the guy getting below error message.
Please suggest me how to troubleshoot this issue..Thanks in advance!
Regards
V
DBA
↧
Cannot generate an acccurate list of SQL Agent jobs and there owner , when owner is a member of a group and not a login themselves
Hi
You can get a list if SQL agent jobs and their owners joining sysjobs and syslogins thus
SELECT j.name,j.owner_sid, l.loginname
FROM MSDB.dbo.sysjobs j
LEFT OUTER JOIN Master.dbo.syslogins l
ON j.owner_sid = l.sid
We want to see the owner of the jobs that are not owned by SA.
If a job is owned by someone where they dont have a login of their own, but instead they are a member of a group (that has a login) - then there is not a row in syslogins for their SID. i.e. in this case we can see from SQL that someone owns the job, but not who (above SQL returns NULL in the loginname column). This SID is in the format 0x0105000000000005150000002AD0375C0B75D976828BA628AEC00000
Is their a way around this (using SQL) ?
We can look at the job properties in SSMS to see the actual owner - but not via SQL.
Thanks
G
↧
xp_cmdshell
Hi guys,
The EXECUTE permission was denied on the object 'xp_cmdshell', database 'mssqlsystemresource', schema 'sys'
I added
USE MASTER
GO
EXEC sp_xp_cmdshell_proxy_account 'ad\ad_acount', '######';
GO
GRANT EXEC ON [master].[dbo].[xp_cmdshell] to [ad\ad_account]
GO
xp_cmdshell is on on sp_configure
but the error message still occurs when executing xp_cmdshell
thanks
MCSA SQL Server MCITIP SQL Server 2008
↧
↧
Azure SQL Database - Set Firewall Settings
Hello,
We will use Azure SQL Databases as our System database which means users will connect to our Azure SQL Database from the different region with the different device with different ISP.
Question,
1) What is the rule of thumb or recommendation for the "Firewall settings" for our scenario, Dynamic IP? (Asking our ISP for the IP address range assigned or get
static IP for our client might not work here as some customer may access our System from overseas)
2) What is the potential risk if we neglect the incoming IP with "Start IP: 0.0.0.0 End IP: 255.255.255.255" setting and rely only on Azure SQL Server Access control (IAM)?
Thanks,
Pierre
↧
DPM 2016 Installation With Remote SQL Server
Hi Guys
I'm trying to install DPM 2016 with a SQL 2014 Running on different Machine. I've created Firewall rules for necessary ports and Executables. But I'm stuck with one rule. Can someone help me how to Check the following rule? Thanks in advance
Set up firewall rules so that the DPM server can communicate with the SQL Server computer:
Make sure TCP/IP is enabled with default failure audit and enable password policy checking.
↧
Extended Events Clarification on max memory size
Hi,
I would like to know the maximum limit of event session memory size
Max memory size (sys.server_event_session_fields.max_memory)
I have a machine with
Total Physical Mem: 61 GB
Max Server Memory : 60GB
I've tried to check the maximum memory size limit. It takes upto 2GB, not sure how that is?
ALTER EVENT SESSION [xe2] ON SERVER ADD TARGET package0.ring_buffer(SET max_memory=(<memory here>))
In that command if I supply 1GB/2GB for <memory here> it works and if I supply 3GB it will fails saying
Msg 25641, Level 16, State 0, Line 19
For target, "package0.ring_buffer", the parameter "max_memory" passed is invalid.
Anyone knows how the limit is calculated?
Second question on this.
I've set 'max server memory (MB)',1048576 (1GB) and I was able to create ring buffer session with max memory of the event session to 2GB. Can the ring buffer target memory surpass 'max server memory (MB)' also?
↧
Ring Buffer Memory Parameters - Buffer Vs Max
Hi,
I've an event session created as below
CREATE EVENT SESSION [xe2] ON SERVER
ADD EVENT sqlserver.sp_statement_completed(SET collect_object_name=(1)
ACTION(sqlserver.database_id,sqlserver.database_name,sqlserver.sql_text,sqlserver.username))
ADD TARGET package0.ring_buffer(SET max_memory=(2097152))
WITH (MAX_MEMORY=1048576 KB,EVENT_RETENTION_MODE=ALLOW_SINGLE_EVENT_LOSS,MAX_DISPATCH_LATENCY=30 SECONDS,MAX_EVENT_SIZE=0 KB,MEMORY_PARTITION_MODE=NONE,TRACK_CAUSALITY=OFF,STARTUP_STATE=OFF)
GO
It creates the session successfully. But, what is the meaning of the following two parameters
(SET max_memory=(2097152)) this memory (2GB) &
WITH (MAX_MEMORY=1048576 KB this memory (1GB)
↧
↧
How to verify Connections to SQL Server is Encrypted
I have a test scenario as below, I want to know if the connection from client PC to the SQL Server is considered as encrypted.
1. I deployed certificate to certificate store on the server that is hosting SQL Server.
2. On the same server, in SSCM, I was able to pick up the certificate that deployed in step 1. I also make ForceEncryption=Yes
3. From a client PC, I was able to using SSMS to connect to the SQL Server (Note: I didn't check "Encrypt Connection" or "Trust Server Certificate" in SSMS)
4. I run query from the client PC to verify the connection if it is encrypted. got the screenshot below.
The odd is the query shows the connection is encrypted, but on the right-hand side, the properties of the connection tells the connection is not encrypted. Why?
Thanks!
↧
Help to login the SQL Server
In a new machine, the SQL Server is installed by our company admin account. But now the employee is using his own account. The employee account can not login to the server and sa is also disabled.
Can anyone give me some help. Thanks in advance.
↧
List permissions of procedures from 2 databases
I am trying to list permissions on procedures from multiple databases. Is there a way do this?
I am right now doing
use <db1>
<select from sys.database_permissions"
use <db2>
<select from sys.database_permissions"
Instead of doing that, I want to select from some view which gives permissions from all databases at once. Is this possible? is there an internal view?
↧
Why a certificate was used automatically?
I my test environment, I installed bunch of certificates in Certificate Store on the server hosing SQL Engine Service. I didn't specify anywhere in SQL to use these certificates. After I restart the SQL Server Engine Service, I found one certificate's ThumbPrint in the log. See below scrrenshot
I want to know
1. why does the SQL pick a certificate from certificate store for encryption automatically when it get restarted?
2. There are many certificates in the certificate store, it seems to me that SQL just randomly picked one. is there a rule for SQL to decide which certificate to pick?
Thanks!
↧
↧
Is there a case that an application don't allow encrpted connections?
I am going to encrypt all connections to our SQL Server Instances. I plan to set "Force Encryption=Yes" and assign a certificate in SSCM on the server where the SQL Engine is hosted. In this case, I don't need make any modification on client side, all connections will be encrypted. I have tested it in my test environment, the connections are encrypted.
I want to know if there are circumstances that the client application doesn't allow establishing the encrypted connections configured as above? I don't want to miss any scenarios that couldn't causing the connection failure, that's why I ask this question.
Thanks.
↧
SSMA Extensions is generating audit login failed trace logs
SSMA Extensions is generating audit login failed trace logs
This is happening on both ssma 7.11 and 6.0 for sql server 2014.
Can check on the following trace file: bit ly 2B1E80u
Are there any issues that this can cause?
This is happening on both ssma 7.11 and 6.0 for sql server 2014.
Can check on the following trace file: bit ly 2B1E80u
Are there any issues that this can cause?
↧
Restrict table access from server user
Hi all,
We have web server running web application and SQL Server.
Our developer has access to the server for:
- Updating web applications
- Updating SQL Server with new stored procedures
How can we restrict developer from accessing confidential tables in the SQL database?
↧