Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2005 Forums
 SQL Server Administration (2005)
 Login Problem

Author  Topic 

BButler59
Starting Member

7 Posts
Posted - 2010-10-07 : 16:54:58
I am new to SQL Server Security and I am trying to set up a user to be able to only execute certain stored procedures... the problem I am having is that I cannot get the user to login unless I give him sysAdmin rights. If I just leave the login at public I cannot login, but as soon as I give him sysAdmin rights he can. Even if I give him database owner rights, he still cannot login...

What am I missing?

Thanks.

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2010-10-07 : 17:13:04
What error is he getting? And what tool is he using to login? Your App, SSMS, ...?

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page

BButler59
Starting Member

7 Posts
Posted - 2010-10-07 : 18:20:52
SSMS

the error is Login failed for User... Error 18456
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2010-10-07 : 19:49:37
Please post the exact error message including state and severity.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page

BButler59
Starting Member

7 Posts
Posted - 2010-10-07 : 20:20:45

From the Sql Error Log...

Login failed for 'domain\user'. [CLIENT: 192.168.0.77]
Error: 18456, Severity: 14, State: 11.
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2010-10-07 : 20:26:53
Could you please get the error from SSMS when the user tries it? I think we are going to find it's a default database issue, but need to see the error the user is getting. "Login failed" isn't enough.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page

BButler59
Starting Member

7 Posts
Posted - 2010-10-07 : 20:44:58
pretty much the same error

Cannot connect to <instance>

Login failed for user '<domain\user>'. (Microsoft SQL Server, Error: 18456)
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2010-10-07 : 20:54:18
Interesting, I was expecting it to say something else like mentioning a problem with the default database.

Try setting the default database to one the user has access to just in case.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page

BButler59
Starting Member

7 Posts
Posted - 2010-10-08 : 09:05:53

That did it...

Sorry for the hassle...

1 more (hopefully quick) question...

how can I give a user "almost" sysadmin user rights...

There are a few stored procedures I don't want him to have access to...

I believe that if I give him sysadmin it does not check any other rights... Correct?

So would I have to set up a new database role and grant rights to every object? is there a quick way to do that?

Thanks again,
you saved me a lot of time...
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2010-10-08 : 13:32:09
Give him db_owner on the database and then deny the stored procedures you don't want him to have access to.

Or use something like this (isp_grant_permissions): http://www.sqlteam.com/FORUMS/topic.asp?TOPIC_ID=3486

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page

BButler59
Starting Member

7 Posts
Posted - 2010-10-08 : 14:54:13

Thank you...

I appreciate all your help...
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2010-10-08 : 14:58:41
You're welcome, glad to help.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page

BButler59
Starting Member

7 Posts
Posted - 2010-10-14 : 12:24:40
quote:
Originally posted by tkizer

Give him db_owner on the database and then deny the stored procedures you don't want him to have access to.

Or use something like this (isp_grant_permissions): http://www.sqlteam.com/FORUMS/topic.asp?TOPIC_ID=3486

Tara Kizer


Tara,
Another question...
Can't he change permissions if he is the owner of the database?

Thanks...
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site