Hi!
I've just moved a mdb to MSDE without problem. The problem comes when I try
to open the tables I have attached via ODBC. Tables are in MSDE and I call
them from Access.
I get an error telling me that the user is not allowed to read (error
18456). Following that message, I get a login screen. If I enter the sa user
password it connects and allows me to see the table contents.
I use MSDE Manager to manage the server, but any other option is welcomed if
I should have more control over it.
What I would like to do is that no password is asked when the users run the
Access database.
Thanks in advance.
Xavier Boneu
hi Xavier,
Xavier Boneu wrote:
> Hi!
> I've just moved a mdb to MSDE without problem. The problem comes when
> I try to open the tables I have attached via ODBC. Tables are in MSDE
> and I call them from Access.
> I get an error telling me that the user is not allowed to read (error
> 18456). Following that message, I get a login screen. If I enter the
> sa user password it connects and allows me to see the table contents.
> I use MSDE Manager to manage the server, but any other option is
> welcomed if I should have more control over it.
> What I would like to do is that no password is asked when the users
> run the Access database.
> Thanks in advance.
you have then to specify, in the ODBC management console, to use integrated
security... you have then to manage your Windows account to grant them
access to the MSDE instance, using sp_grantlogin system stored procedure (
http://msdn.microsoft.com/library/de...ga-gz_8dri.asp )
and grant each login, or WinNT group (if you can manage them at group level
instead of single account level you will gain some freedom) access to each
desired database via sp_grantdbaccess system stored procedure (
http://msdn.microsoft.com/library/de...ga-gz_290z.asp )
Andrea Montanari (Microsoft MVP - SQL Server)
http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
DbaMgr2k ver 0.11.1 - DbaMgr ver 0.57.0
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
-- remove DMO to reply
|||Hi!
Thanks for your info. I'll try it and post back the results.
Xavier Boneu
"Andrea Montanari" wrote:
> hi Xavier,
> Xavier Boneu wrote:
> you have then to specify, in the ODBC management console, to use integrated
> security... you have then to manage your Windows account to grant them
> access to the MSDE instance, using sp_grantlogin system stored procedure (
> http://msdn.microsoft.com/library/de...ga-gz_8dri.asp )
> and grant each login, or WinNT group (if you can manage them at group level
> instead of single account level you will gain some freedom) access to each
> desired database via sp_grantdbaccess system stored procedure (
> http://msdn.microsoft.com/library/de...ga-gz_290z.asp )
> --
> Andrea Montanari (Microsoft MVP - SQL Server)
> http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
> DbaMgr2k ver 0.11.1 - DbaMgr ver 0.57.0
> (my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
> interface)
> -- remove DMO to reply
>
>
|||Andrea,
I am trying what you suggest but it works only partialy.
I've issued the sp_grantlogin and sp_grantdbaccess but when I try to execute
a query from a client computer I get an error saying I have no permission to
SELECT the object 'mytable', database 'mydtabase' , owner 'dbo'. (#229)
What I wrote was:
EXEC sp_grantlogin 'companyname\username'
EXEC sp_grantdbaccess 'companyname\username'
but something is still missing...
Could you give me a hand with this error?
Thank you.
Xavier
Xavier Boneu
"Andrea Montanari" wrote:
> hi Xavier,
> Xavier Boneu wrote:
> you have then to specify, in the ODBC management console, to use integrated
> security... you have then to manage your Windows account to grant them
> access to the MSDE instance, using sp_grantlogin system stored procedure (
> http://msdn.microsoft.com/library/de...ga-gz_8dri.asp )
> and grant each login, or WinNT group (if you can manage them at group level
> instead of single account level you will gain some freedom) access to each
> desired database via sp_grantdbaccess system stored procedure (
> http://msdn.microsoft.com/library/de...ga-gz_290z.asp )
> --
> Andrea Montanari (Microsoft MVP - SQL Server)
> http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
> DbaMgr2k ver 0.11.1 - DbaMgr ver 0.57.0
> (my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
> interface)
> -- remove DMO to reply
>
>
|||Andrea,
I am trying what you suggest but it works only partialy.
I've issued the sp_grantlogin and sp_grantdbaccess but when I try to execute
a query from a client computer I get an error saying I have no permission to
SELECT the object 'mytable', database 'mydtabase' , owner 'dbo'. (#229)
What I wrote was:
EXEC sp_grantlogin 'companyname\username'
EXEC sp_grantdbaccess 'companyname\username'
but something is still missing...
Could you give me a hand with this error?
Thank you.
Xavier
Xavier Boneu
"Andrea Montanari" wrote:
> hi Xavier,
> Xavier Boneu wrote:
> you have then to specify, in the ODBC management console, to use integrated
> security... you have then to manage your Windows account to grant them
> access to the MSDE instance, using sp_grantlogin system stored procedure (
> http://msdn.microsoft.com/library/de...ga-gz_8dri.asp )
> and grant each login, or WinNT group (if you can manage them at group level
> instead of single account level you will gain some freedom) access to each
> desired database via sp_grantdbaccess system stored procedure (
> http://msdn.microsoft.com/library/de...ga-gz_290z.asp )
> --
> Andrea Montanari (Microsoft MVP - SQL Server)
> http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
> DbaMgr2k ver 0.11.1 - DbaMgr ver 0.57.0
> (my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
> interface)
> -- remove DMO to reply
>
>
|||hi Xavier,
Xavier Boneu wrote:
> Andrea,
> I am trying what you suggest but it works only partialy.
> I've issued the sp_grantlogin and sp_grantdbaccess but when I try to
> execute a query from a client computer I get an error saying I have
> no permission to SELECT the object 'mytable', database 'mydtabase' ,
> owner 'dbo'. (#229)
the security goes on :D
as you add a database user to your preferred database, he/she will only be
member of the Public database role, and usually that role has no kind of
access to object's data...
you can so grant the desired permission (SELECT/INSERT/UPDATE/DELETE) to the
Public database role (not recommended at all) or make him/her member of
specific builtin (or user defined) database role(s) [
http://msdn.microsoft.com/library/de..._addp_4boy.asp ,
http://msdn.microsoft.com/library/de..._addp_33s5.asp ]
...
that's to say you can make him/her member of the default db_datareader role
to permit only data browsing, eventually db_datawriter to allow data
modification, or grant him/her only specific privilegs on specific tables...
usually you make him/her member of custom db roles granting only EXEC
privileges to defined stored procedures for data retrevial/modification, and
/or SELECT/INSERT/UPDATE/DELETE privileges on user define views as it's not
a best practice to allow direct access to base table (please have a look at
http://msdn.microsoft.com/library/de...ga-gz_8odw.asp)
you can start reading at
http://www.microsoft.com/technet/pro...sp3sec00.mspx,
http://www.developer.com/tech/article.php/721441
Andrea Montanari (Microsoft MVP - SQL Server)
http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
DbaMgr2k ver 0.11.1 - DbaMgr ver 0.57.0
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
-- remove DMO to reply
|||Andrea,
Thanks for your help. By now, I have granted db_datareader and db_datawriter
permisions to all the users. This way they can work and now, with more time,
I will read the information you have suggested and 'study' to manage MSDE
better.
Thanks a lot!!!
Xavier Boneu
"Andrea Montanari" wrote:
> hi Xavier,
> Xavier Boneu wrote:
> the security goes on :D
> as you add a database user to your preferred database, he/she will only be
> member of the Public database role, and usually that role has no kind of
> access to object's data...
> you can so grant the desired permission (SELECT/INSERT/UPDATE/DELETE) to the
> Public database role (not recommended at all) or make him/her member of
> specific builtin (or user defined) database role(s) [
> http://msdn.microsoft.com/library/de..._addp_4boy.asp ,
> http://msdn.microsoft.com/library/de..._addp_33s5.asp ]
> ...
> that's to say you can make him/her member of the default db_datareader role
> to permit only data browsing, eventually db_datawriter to allow data
> modification, or grant him/her only specific privilegs on specific tables...
> usually you make him/her member of custom db roles granting only EXEC
> privileges to defined stored procedures for data retrevial/modification, and
> /or SELECT/INSERT/UPDATE/DELETE privileges on user define views as it's not
> a best practice to allow direct access to base table (please have a look at
> http://msdn.microsoft.com/library/de...ga-gz_8odw.asp)
> you can start reading at
> http://www.microsoft.com/technet/pro...sp3sec00.mspx,
> http://www.developer.com/tech/article.php/721441
> --
> Andrea Montanari (Microsoft MVP - SQL Server)
> http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
> DbaMgr2k ver 0.11.1 - DbaMgr ver 0.57.0
> (my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
> interface)
> -- remove DMO to reply
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment