SQL 2008 R2 Permission issues - sql-server-2008-r2

SQL 2008 R2
The below is all being performed within SSMS
I have a Db that sat on a Dev server quite happily and everything ran peachy as sysadmin with sql authentication account.
This code has been migrated to a test box where a reduced permission set exists on the dbo schema, where users have been allocated read/write and execute on the schema through Windows authentication.
Here's where the fun starts, when I run certain stored proc's they show as succesful but error logging on the procedure advised that it cannot see certain tables or it does not have the appropriate permissions to do so.
Oddly though despite all the tables currently sit on the same schema, the same issue is not seen on all others tables.
If I elivate the permission to Db Owner, then the issue disappears completely.
Has anyone else come across this issue before and if so how did you get around it?

Related

How can I create a user in embedded Firebird 3.0

I need to create users in Firebird 3.0 embedded databases, but using with standard command returns error.
command:
CREATE USER miusuario
PASSWORD 'miclave';
return:
Engine Error (code = 335544382): Missing user management plugin.
SQL Error (code = -901): Unsuccessful execution caused by system error that does not preclude
successful execution of subsequent statements
I need to create the users on both in runtime and in development.
Any idea how to solve this problem? I've looked in the Firebird documentation and can't get anything to help me.
I do not use the Firebird in server mode, only embedded.
Firebird Embedded does not perform authentication1, and it will accept any username you specify at connect. Creating users is unnecessary, and in your case impossible because it looks like the user management plugin is not configured or available (setting UserManager in firebird.conf). However, even if that plugin was configured, it would be pointless to create users if you only use Firebird Embedded, because Firebird Embedded won't actually use the data of that user.
In Firebird, privileges are granted to usernames not to user records in a security database2. So, even though there exists no user with that username, you can grant it rights (in fact, that is also possible in Firebird server).
You can login (password is ignored) with any username when using Firebird Embedded. The logged in user will then assume any rights granted to that username.
1: This has always been the case on Windows, on Linux this is only the case since Firebird 3, in earlier versions on Linux, Firebird Embedded did perform actual authentication using the security database
2: Except for a small set of privileges like admin in security database and database creation privileges

Changing System Administrator in MDS database

So the consultant who created our MDS database has left but his account is still the system admin. I looked everywhere online on how to change the old admin and it suggested everywhere to do it through udpSecuritySetAdministrator stored procedure but the problem for me is that I cannot find the udpSecuritySetAdministrator in the MDS database. I looked everywhere in the database but it simply does not exist and I even created a new MDS database and stored procedure still does not exist. Any suggestions? Thanks!
EXECUTE [mdm].[udpSecuritySetAdministrator]

OPENJSON not available on SQL Server 2016 with compatibility level set to 130

I am attempting to use OPENJSON in a database that is running on SQL Server 2016, and get the following error when running this simple test query (which works fine on a different 2016 database)
select * from OPENJSON('{ "test": "test" }')
Invalid object name 'OPENJSON'.
I know about the compatibility level settings, but that doesn't seem to be the case on this database. It's compatibility level is already set to 130. This particular database was migrated from an old 2008R2 database. Is there something else we need to do to access the OPENJSON function?
EDIT
As a test, I created a new empty database on the same database server, and the above query works fine. So the database server doesn't seem to be the issue, it's something related to the one database we migrated.
If it matters, I'm connected as the SA account.
The database's reported compatibility level is 130 from both SSMS gui and by running SELECT compatibility_level FROM sys.databases WHERE name = 'MyDB';
For no reason other than to test, I ran ALTER DATABASE MyDB SET COMPATIBILITY_LEVEL = 130 , and now everything works. I don't know what would cause that.
EDIT
I think I know what caused the weird behavior now. The database that was exhibiting this behavior is a dev database that is created every single morning via replication from the prod database. After some more researching, the prod database was not set to compatibility level 130, but rather 100. I'm thinking that when replication occured and restored the dev DB from the prod log files, even though the dev db was set to 130, something was mismatched between the two. I've since upped prod to 130 as well and all should be good going forward.

Creating a user without an associated login is not supported in SQL Server 2008 R2

When scripting a SQL Server 2000 database, on an SQL Server 2000 version of SQL Server, with SQL Server Management Studio 2008 R2 (10.50.1617.0) i get the error:
Creating a user without an associated login is not supported in SQL Server 2008 R2.
With the full stack trace:
Microsoft.SqlServer.Management.Smo.SmoException: Creating a user without an associated login is not supported in SQL Server 2008 R2.;
at Microsoft.SqlServer.Management.SqlScriptPublish.GeneratePublishPage.worker_DoWork(Object sender, DoWorkEventArgs e) at System.ComponentModel.BackgroundWorker.OnDoWork(DoWorkEventArgs e)
at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument)
What is a good way to resolve this issue.
i've considered:
creating a login (and incur the wrath high atop the thing)
deleting the user (and incur the wrath from high atop the place)
select some rather than all objects to script, and don't script the user that offends SQL Server 2008 R2
But i'll let people on SO post answers, get answers upvoted, and accept an answer that best solves the problem.
As instructed. Just don't script the database users that have no associated login. You can do this in the Tasks > Generate Scripts wizard (pointing 2008 or later SSMS at your 2000 instance) by choosing to select specific database objects and unchecking any troublesome users:
I suspect that your SQL Server 2000 database has user aliases: these were required in SQL Server 6.5 in some circumstances because it was, er, crap,
Note what MSDN says:
sp_addalias is provided for backward compatibility. Microsoft® SQL Server™ version 7.0 provides roles and the ability to grant permissions to roles as an alternative to using aliases.
Run sp_helpuser on the SQL Server 2000 box and review the output and remove them

EF 4.1 CF: CREATE DATABASE permission denied in database 'master'

Entity Framework 4.1 Code First works great with SQLEXPRESS on localhost. However, I'm now ready to connect to a regular SQL 2008 server.
I created a new database "NewEfDatabase".
Then changed my "ApplicationServices" connectionString in Web.config to point to my new database with integrated security.
But then I get this error:
"CREATE DATABASE permission denied in database 'master'."
So...
a) What permissions does EF 4.1 CF need on said SQL server to do its work?
b) Can I setup an empty database on SQL 2008 for EF 4.1 CF, or do I have to let it do all that work for me? (I'm not sure my DBA would appreciate letting my EF app have rights to do anything outside a particular database)
Did you make sure to set your Database Initializer to null in your code:
Database.SetInitializer<MyDbContext>(null);
All built-in implementations if the initializer may try to drop or create a new database. The error you get indicate that EF tried to drop/create a database but hasn't the right to do so in your SQL Server instance. The line above is the only option to avoid this generally and is suited (I think even absolutely necessary) for live environments anyway where you don't want accidental deletion (due to model changes or something).
Setup a login for your application within SQL server. Give that user dbcreator permission (by right clicking on the login, go to server roles, and check the "dbcreator" checkbox)
Try not to used the windows-intergrated authorization, like what I replied in this post: EF Code First - {"CREATE DATABASE permission denied in database 'master'."}.
It worked for me.