I am trying to create a set of users in Sql server 2008 SP1 with access to database for any specific time say 12:00AM to 6:00AM . If that user try to access the database before 12:00AM or after 6:00AM the access shall be denied is there any inbuild feature for user management available.
Thanks,
Atul
You can create a logon trigger that denies them the ability to connect to between those times, but there's no simple way to cut off their access if they stay longer than desired.
One ugly way to do it would be to examine all connections at 6 am, and for those coming from people you no longer want connected, issuing a KILL command. But that would be a very "abrupt" experience for those users - any transactions that were still in progress at that time would be rolled back.
Can you tell how your clients are connecting to you database ? I think it would be easier to implement logon restrictions to the front end of the system.
Related
I'm trying to add/remove users from mySql and phpMyAdmin
but I keep getting this error
The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
This means your server is currently running with --skip-grant-tables.
This option causes the server to start without using the privilege system at all, which gives anyone with access to the server unrestricted access to all databases.
Essentially, anyone who can connect to it can do anything they like. You currently have no username/password restrictions at all and no users have been loaded. If this server is accessible over the public internet, it is highly, massively insecure right now.
Trying to add/remove users in this state is like going to a warehouse, killing the security guard, then yelling at his corpse "DON'T LET BOB IN, I HATE BOB." and expecting that to work.
I run a series of DTS packages via SQL Server (2000) Agent every night. They have been running ok for years until I added a couple of transform data tasks that pick up info from another local SQL Server (2008).
The odd thing is that the tasks run ok for about a week and then fail with the error 'Login failed for user domain\$duplicate-1889'. I don't run these packages using this user account, in fact I don't think it's a real account. I have a Windows account called dbadmin which has been set up on both servers to have access. This dbadmin account is used to start up the SQL Server Agent service and run the scheduled jobs.
When the jobs fail, all have to do to get them to run again is to stop and restart SQL Server Agent. But after a week they fail again with the same issue. Also, it's not the same day of the week each time.
I checked the Windows event log and although I can see the error, I can't figure out its cause. Any help or pointers would be appreciated.
The domain\$duplicate-1889 name looks like machine account. Every machine joined to a domain has such an account in the domain that the machine uses to authenticate to the domain.
The passwords for those accounts are automatically handled and the password is periodically changed automatically. By default that interval is 30 days but if is changed to once a week in your environment maybe there's a problem when the computer's password has been updated?
It is possible to disable the automatic changing maybe that's worth trying to see if the problem dissapears.
I am installing TFS2010. There is a separate Application Tier server and Database Tier server. I am using an already existing database, called Tfs_Configuration. When entering the database name/instance name I am able to test it and obtain the green check-mark so TFS can find the database. The version of SQL server I am connecting to is - SQL Server 2008 SP3. But when I run the readiness tests I get the following messages-
First are those two warning causing the error?
Also, I have db_owner rights to the existing database (Tfs_Configuration) that I am connecting to. What other rights do I need? And what can I do to resolve these issues?
The first error suggests you need the sysadmin role which is in fact a SQL Server role which can be enabled by doing the following:http://blog.sqlauthority.com/2008/12/27/sql-server-add-any-user-to-sysadmin-role-add-users-to-system-roles/
Hope that moves you past at least one error.
You need to be Sysadmin of the SQL instance or a role that is able to create new databases, because the installer wants to create an additional database for the DefaultCollection (and the TFS_Warehouse, TFS_Analysis). Therefore it is not enough to be the owner of TFS_Configuration.
I have a situation where I need to determine the password of a database user in SQL Server 2008 (not R2, just regular 2008). It is a native SQL Server account, and has no password restrictions / policies assigned to it. I have full sysadmin access on the SQL Server already; under normal circumstances I would simply reset the password for this user (it is NOT the sa user) to a known value, however the account is used for a variety of processes as is, and cannot be changed; unfortunately, the existing password was not documented anywhere, and nobody knows what it is.
I have found a number of different ways to do this in SQL Server 2000 and SQL Server 2005, but none of them appear to work in SQL Server 2008. Note, the user is indeed active, and in fact its credentials are actually saved in the SQL Server Management Studio, where I can log in with the SQL Server user whose password I need to obtain -- so, I know that the account is good. I just need to find out what the password is! :P
Thanks very much!
I'm afraid the official position is to reset the password, which I know you don't want to do. Beyond that I believe you're stuck trying out 3rd party applications that claim to have this ability, but none guarantee success. Of course, passwords are supposed to be hard to discover...
I have a website on a shared server . it uses Sql server as database ( also shared ) with an account limited to execute procedures . now I wonder if anyone who has access to sql server could read and manipulate my data without having my credentials ( by using thier own ) ? if so how can I track users logged into my database and more importantly stop them ?
There are two ways to connect to SQL using a SQL login or using windows authentication. These are your logins to the server. To then connect to the database you have to be granted rights to the database. So as long as your login is the only one that has been granted rights to the DB then you have no need to worry.
Depending on the rights you have on the DB could set up roles within the DB and allocate user(s) to the roles. This way the only way anyone can do anything in your db is if they are a member of the roles you have set up (or they have an SA account on the server or have also been set up with dbo rights on the database).
Again depending on what rights you have on the server you could set up a trace (google sp_trace_create and sp_trace_setevent) to capture logins to your database this writes to the harddrive of the server and then you can use fn_trace_gettable to query this data.
The problem goes beyond Execute permissions and logging access...
The bottom line is that you and your data are at the mercy of the the host. If they can be trusted and are competent, your data should be safe. However, if you are unsure, or if you are storing data that is too valuable to risk, your only choices are to either encrypt the data so that nothing useful can be gleamed from it and make sure you have a backup, or find a different host who will provide appropriate safeguards.