Re: Over-Protected
From: Giacomo (00avoidspam_at_solsticepoint.com)
Date: 08/04/03
- Next message: Ray Higdon: "Re: Over-Protected"
- Previous message: Dejan Sarka: "Re: which table is used to store the link between the user_logins and the roles?"
- In reply to: Ray Higdon: "Re: Over-Protected"
- Next in thread: Ray Higdon: "Re: Over-Protected"
- Reply: Ray Higdon: "Re: Over-Protected"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 4 Aug 2003 08:16:16 -0400
He is using a mirroring system I am unfamiliar with. I've been thinking
about this over the weekend. I'm not sure how he is granting me rights. He
is trying to protect the accounting data. I think what may be happening is
the rights for every table but the accounting tables have been granted and
then individual fields on the sensitive tables. I don't believe I have true
dbo rights although he insists I do. I've scheduled a meeting with him.
I'm hoping I can hash it out but I'm a little hazy about what to look for.
>Are you saying the backup of
> the database is different than your database
I made a backup of his database on my own system, and because I had
manipulated alot of the data, I rebuilt his database from my machine
(scripts for tables, views, procedures) and then passed data from my machine
to his. After a backup, I noticed double sets of every table... empty
tables under dbo and complete ones under giacomo.
Giacomo
"Ray Higdon" <rayhigdon@higdonconsulting.com> wrote in message
news:086801c35901$33f6af70$a301280a@phx.gbl...
> That's an interesting one. The extension in front of the
> table is your SQL username. Are you saying the backup of
> the database is different than your database? For example:
>
> If you run this:
>
> create table foo (ikey int)
>
> Is it named giacomo.foo or dbo.foo? If you have DBO rights
> it should be named dbo.foo which unless the network guys
> are using some weird jobs or triggers it should remain
> that way regardless of backup.
>
> Also, how do you know the backup is different? Are you
> restoring it to your local machine or something?
>
> Ray Higdon MCSE, MCDBA, CCNA
>
> >-----Original Message-----
> >Ray,
> >If its not too much, another clarification will help.
> In addition to the
> >problem with logins, it appears that when the network
> server is backed up
> >with - well, instead of backing up the data I place
> there, the backup places
> >the data and the tables into the database with my network
> identifier
> >appended [ex giacomo.tablename], instead of with
> the "dbo." extension.
> >Although the backup adequately saves my data, the tables
> listed as
> >"dbo.tablename" are all empty yet have the same names as
> the tables I am
> >inserting into the database (minus the prefix, of
> course). I haven't
> >figured a way to get a handle on the problem. Network
> admin insists I have
> >complete rights to the database, but backup doesn't see
> it that way. Is
> >there a way to coerce backup to see my tables as the real
> tables and not the
> >empty dbo tables it seems to create after a backup? I
> think it is software
> >running in the background that produces this
> empty "reflection" of the real
> >data. I'm lost enough so that an attempt to take an
> advanced server course
> >at a local college was turned down because I lack so many
> of the basics.
> >Giacomo
> >"Ray Higdon" <rayhigdon@higdonconsulting.com> wrote in
> message
> >news:036001c35891$5565e830$a601280a@phx.gbl...
> >> Good luck, sometimes the network staff can be your
> biggest
> >> bottleneck :)
> >>
> >> Ray Higdon MCSE, MCDBA, CCNA
> >>
> >> >-----Original Message-----
> >> >Thanks Ray,
> >> >The network admin admits to not having a strong
> knowledge
> >> of SQL. I
> >> >simulated what I thought should happen and have a
> woking
> >> model which goes...
> >> >1) add user, 2) grant required permission to stored
> >> procedure on the server,
> >> >3) grant permission for user to stored procedure, 4)
> >> grant select
> >> >permission to user for required tables (or check to be
> >> sure user has access
> >> >to table or required fields) accessed in procedure...
> >> and when this was
> >> >done, access went without a hitch. I guessing from
> what
> >> you've said here
> >> >that until the same or similar is done on the main
> >> server, I'm out of luck.
> >> >My next step, if I'm correct, is to convince the net
> >> admin that creating a
> >> >role with adequate rights to use a program accessing
> this
> >> data is his next
> >> >step.
> >> >Giacomo
> >> >
> >> >"Ray Higdon" <rayhigdon@higdonconsulting.com> wrote in
> >> message
> >> >news:04f901c35885$197ca680$a301280a@phx.gbl...
> >> >> Specifying the owner name before the table does not
> use
> >> >> any different permissions. NT permissions should have
> >> >> nothing to do with whether or not a user can select
> >> from a
> >> >> table. NT permissions are neccessary for the account
> >> that
> >> >> runs the SQL Services but not the users. Your problem
> >> >> looks like it has to do with standard SQL security.
> >> >>
> >> >> HTH
> >> >>
> >> >> Ray Higdon MCSE, MCDBA, CCNA
> >> >>
> >> >> >-----Original Message-----
> >> >> >In our plant, the network administrator has both the
> >> >> directory security
> >> >> >locked down and the sql server security locked
> down. I
> >> >> can't be certain
> >> >> >about the purpose of the Windows NT Authority (file-
> >> >> folder security). I
> >> >> >know that we run Macola and Macola manages to
> overcome
> >> >> the security
> >> >> >restrictions of the Windows NT Authority on the
> >> network.
> >> >> >
> >> >> >The network administrator would like me to create
> >> >> procedures and possibly
> >> >> >views that will enable the users to run modules that
> >> >> access the database
> >> >> >using searches. When I enable the permissions for a
> >> >> particular user in SQL
> >> >> >Server (2000), the user is still denied permission
> to
> >> >> view the SQL results.
> >> >> >
> >> >> >I may be approaching this from a wrong angle but to
> >> date
> >> >> have tried the
> >> >> >following:
> >> >> >
> >> >> >Create Procedure Test()
> >> >> > SELECT * FROM Unlocked Table
> >> >> > GO
> >> >> >
> >> >> >also using my permission
> >> >> >
> >> >> >Create Procedure Test1()
> >> >> > SELECT * FROM Giacomo.UnlockedTable
> >> >> > GO
> >> >> >
> >> >> >and with dbo rights
> >> >> >
> >> >> >Create Procedure Test2()
> >> >> > SELECT * FROM dbo.UnlockedTable
> >> >> > GO
> >> >> >
> >> >> >I created the table. I created the stored
> procedure.
> >> I
> >> >> have access to do
> >> >> >this. The only access I don't have is to the actual
> >> >> Server directory. I
> >> >> >am guessing that the Windows NT (Folder) Authority
> is
> >> >> interfering with the
> >> >> >SQL Server Authority. Is this possible, and if
> so, is
> >> >> there a way around
> >> >> >it?
> >> >> >
> >> >> >Giacomo
> >> >> >
> >> >> >
> >> >> >.
> >> >> >
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >
- Next message: Ray Higdon: "Re: Over-Protected"
- Previous message: Dejan Sarka: "Re: which table is used to store the link between the user_logins and the roles?"
- In reply to: Ray Higdon: "Re: Over-Protected"
- Next in thread: Ray Higdon: "Re: Over-Protected"
- Reply: Ray Higdon: "Re: Over-Protected"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
