Re: Effective Permissions Error with Domain User



Yes I did. I set the database compatibility to 2005. WHat is interesting is
that Effective Permissions work for the Domain\Administrator group. I did a
server profile trace and found that it was calling the Execute As User. This
led me to the following clues:

When I run the following:

EXECUTE AS USER = 'MYDOMAIN\Domain Users';

I get the error:

Msg 15517, Level 16, State 1, Line 1
Cannot execute as the database principal because the principal
"MYDOMAIN\Domain Users" does not exist, this type of principal cannot be
impersonated, or you do not have permission.


But if I run:

EXECUTE AS USER = 'MYDOMAIN\Administrator';

It works fine.

This leads me to believe it is some sort of permissions issue.

Any info would be greatly appreciated.

Thanks



"Uri Dimant" wrote:

Scott
Did you get these database from SQL Server 2000 by using a RESTORE command?

What is the compatibilty level of both databases?


"Scott Eguires" <ScottEguires@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:870F7328-15EF-40E5-B7ED-7F9262C46DD7@xxxxxxxxxxxxxxxx
If I create a new Login at the server level for a domain group :i.e.,

MyDomain\Domain Users

Then I go add a user tied into this new Login to my database i.e.,
Northwind
or pubs to add a user tied to this login.


Why is it then when I go to Database Properties -> Permissions and select
Effective Permissions on this new user I get the following error:


TITLE: Microsoft SQL Server Management Studio

------------------------------

Cannot show requested dialog.

------------------------------
ADDITIONAL INFORMATION:

An exception occurred while executing a Transact-SQL statement or batch.
(Microsoft.SqlServer.ConnectionInfo)

------------------------------

Cannot execute as the server principal because the principal
"EGUIRES\Domain
Users" does not exist, this type of principal cannot be impersonated, or
you
do not have permission. (Microsoft SQL Server, Error: 15406)

For help, click:
http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.1399&EvtSrc=MSSQLServer&EvtID=15406&LinkId=20476

------------------------------

BUTTONS:

OK


The guest account seems fine for this but any manual entries I try that is
linked to my domain gets this error.





I would appreciate any light you can shed on this



Scott Eguires





.



Relevant Pages

  • Re: Execute Persmission denied on object sp_OACreate
    ... SQL Server doesn't check permissions on indirectly referenced objects as ... You can prevent ad-hoc execution of powerful master database procs while ... >I have a user who has execute permissions on a store procedure in a>database> which in turns executes 4 stored procedures in the master database. ...
    (microsoft.public.sqlserver.security)
  • RE: copy permissions from one user to another?
    ... THIS STORED PROCEDURE GENERATES COMMANDS ... -- ADD USER TO SERVER ... -- CREATE TABLE TO HOLD LIST OF USERS IN CURRENT DATABASE ... -- SET COMMAND TO FIND USER PERMISSIONS HAS IN CURRENT DATABASE ...
    (microsoft.public.sqlserver.security)
  • Re: How to prevent DELETEs in a table
    ... It is the dbo database USER, not server-level groups, that determins ... It has implicit permissions that can not be denied. ... SQL Server just skips any permission validation for sysadmins. ...
    (microsoft.public.sqlserver.server)
  • Re: Execute Persmission denied on object sp_OACreate
    ... > SQL Server is creating a job behind the scenes. ... > permissions. ... > SA account password and gaining access to the database. ... >>> How can get a user permissions to execute these stored procedures ...
    (microsoft.public.sqlserver.security)
  • SQL 2000 Windows Authentication - Same User Multiple Groups
    ... view-level permissions such that we can permit/deny a database action ... Execute permission on UpdateResearch to only IT (and explicitly Denied ... Windows group and we have assigned the appropriate group permissions on ...
    (microsoft.public.sqlserver.security)