Re: Clearer version of my earlier question re sp_grantlogin and sp_grantdbaccess
From: Tibor Karaszi (tibor_please.no.email_karaszi_at_hotmail.nomail.com)
Date: 03/29/04
- Next message: Tom Oakley: "MSDE Installation failed"
- Previous message: Jeff Russell: "Instance name specified is invalid"
- In reply to: Clive Elsworth: "Re: Clearer version of my earlier question re sp_grantlogin and sp_grantdbaccess"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 29 Mar 2004 16:48:12 +0200
> Hello again - you and I were in contact about 4 years ago or so <snip>
Ahh, yes. Thanks for reminding me, Clive. :-)
> Maybe I'll just have to invest in one of those utilities that tells you all
> the differences between two DBs - so I can be sure I never miss anything -
> but I'd rather not if possible.
I take it that you have already determined that it is too labor intensive to continuously add onto a script
file while you do changes, so the script file in the end contains the necessary ALTER TABLE commands etc? This
is perfectly doable, but only you can determine whether you consider this hinders your development too much to
be worth it.
> It doesn't seem right that sa - that should have total control over a SQL
> Server, doesn't have the right to grant DB access to Domain Groups. What do
> you think?
Seems I missed this in the beginning of the thread. I thought that your problem is that you don't are
connected as sysadmin. I realize now that you are connected as sa. I didn't know that an SQL Server login as
sa doesn't give you the ability to add Windows Logins from a domain as database users to a database, and if
you read the documentation for sp_grantdbaccess, it only say that you need to be sysadmin (etc). If this is
what you are seeing, then you might want to post a bug report (or rather open a case which might end up in a
bug report being filed).
-- Tibor Karaszi, SQL Server MVP http://www.karaszi.com/sqlserver/default.asp "Clive Elsworth" <clive@takethisbitout.elsworth.dircon.co.uk> wrote in message news:%23Zd5q5vEEHA.1376@TK2MSFTNGP10.phx.gbl... > Tibor > > Hello again - you and I were in contact about 4 years ago or so - I don't > think I've been to Sweden since then unfortunately. It may have been my SQL > Beautifier that we were discussing then, which after giving away a fair bit > I have not developed since. In any case you were a great help with a trick > to restart SQL Agent when SQL Server restarts (using sp_procoption) which I > have since given away to countless students in classes I have taught. > > Anyhow.. > > I did the install about a month ago as Domain Admin (default install - mixed > mode - not recommended I know, but I really need it) and ran the > sp_grantlogin and sp_grantdbaccess fine, because I was then at the 'Admin' > site where they let me login as Domain Admin. Since then, they wanted a > minor enhancement which meant altering a number of Tables, SPs and Views. > What I usually like to do in this situation is: > > 1. - Backup the customer's DB and restore it to my laptop > 2. - Transfer the customer's data to the newly enhanced DB on my laptop, > which I have tested with the app back in my office > 3. - Transfer and Restore that DB to the customer server PC > 4. - Grant rights to network groups to the DB now on the customer server PC > > In the end I had to do it the other way which was to: > 1. - Backup the customer's DB and restore it to my laptop > 2. - Apply all the changes to their DB and hope I hadn't missed anything. > 3. - Restore it back to their server - the domain groups still existed as DB > users and so no further action was necessary. > > Maybe I'll just have to invest in one of those utilities that tells you all > the differences between two DBs - so I can be sure I never miss anything - > but I'd rather not if possible. > > It doesn't seem right that sa - that should have total control over a SQL > Server, doesn't have the right to grant DB access to Domain Groups. What do > you think? > > Best Regards > > Clive > > > > "Tibor Karaszi" <tibor_please.no.email_karaszi@hotmail.nomail.com> wrote in > message news:exVYrQpEEHA.1032@TK2MSFTNGP09.phx.gbl... > > First question is whether the SQL Server install is a default install or > if you can add some login first. > > > > If it is a default install, the only logins which exists are the Windows > Administrators group and "sa" (which > > requires mixed mode - not recommended). However, in order to install SQL > Server, you need to be Administrator > > anyhow, so why not just run the script which creates the users after > install? Am I missing something? > > > > -- > > Tibor Karaszi, SQL Server MVP > > http://www.karaszi.com/sqlserver/default.asp > > > > > > "Clive Elsworth" <clive@takethisbitout.elsworth.dircon.co.uk> wrote in > message > > news:OrihgJpEEHA.3864@TK2MSFTNGP12.phx.gbl... > > > I have amended this post from the one I posted a few hours ago - to make > it > > > clearer (and friendlier!). > > > > > > I have developed an app for my customer and it assigns different > privilege > > > levels to users based on which domain network group they belong to. > > > > > > However the only way I have found to be able to grant them access to the > sql > > > server and > > > database is to connect with a trusted connection having logged in as > Domain > > > Admin. Is that correct? > > > (I have to go to another site in order to be allowed to do this which is > > > somewhat inconvenient). > > > > > > What I would like to able to do but cannot is log into MSDE as sa and > run > > > the following: > > > > > > use AppDB > > > > > > exec sp_grantlogin 'TheirDomain\AppManagers' > > > exec sp_grantdbaccess 'TheirDomain\AppManagers' > > > > > > exec sp_grantlogin 'TheirDomain\AppReadWrite' > > > exec sp_grantdbaccess 'TheirDomain\AppReadWrite' > > > > > > etc. > > > > > > Can someone let me know if I could achieve the above with a trusted > > > connection to MSDE as > > > something less than Domain Admin? If so what network rights would I > need? > > > > > > Many thanks in advance, for your time and expertise! > > > > > > Clive Elsworth (London UK) > > > > > > > > > -- > > > www.EndorphinSoftware.co.uk > > > > > > > > > --- > > > Outgoing mail is certified Virus Free. > > > Checked by AVG anti-virus system (http://www.grisoft.com). > > > Version: 6.0.631 / Virus Database: 404 - Release Date: 17/03/2004 > > > > > > > > > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.631 / Virus Database: 404 - Release Date: 18/03/2004 > >
- Next message: Tom Oakley: "MSDE Installation failed"
- Previous message: Jeff Russell: "Instance name specified is invalid"
- In reply to: Clive Elsworth: "Re: Clearer version of my earlier question re sp_grantlogin and sp_grantdbaccess"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
