Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

permission script Expand / Collapse
Author
Message
Posted Friday, January 03, 2014 1:33 PM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Yesterday @ 9:54 AM
Points: 1,720, Visits: 3,063
We need to add a user to our server for a vendor network monitoring tool.
The provide in their documentation of a script that creates the permissions.
It is in the attachment of this post.

But I don't quite understand the script, esp, the last line, does it mean to add the user to each database on the server, or does it mean to only add the user to msdb database?

If it is added to each database, what permission it grants to?


Thanks,



  Post Attachments 
permission.txt (20 views, 492 bytes)
Post #1527709
Posted Saturday, January 04, 2014 10:52 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Saturday, April 12, 2014 11:40 AM
Points: 2,795, Visits: 8,297
sp_MSforeachdb will run the command/script in every database.

I use it when I want to search every database for something, such as a "where used" scenario, but would be hesitant to make changes to all databases that way.



Post #1527832
Posted Tuesday, January 07, 2014 10:39 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Yesterday @ 9:54 AM
Points: 1,720, Visits: 3,063
Thanks, it adds it to each database, but didn't grant any permission,
But I guess it defaults to connect permission, that is just what the vendor product needs
Post #1528582
Posted Wednesday, January 08, 2014 5:15 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 2:23 PM
Points: 5,951, Visits: 12,821
sqlfriends (1/7/2014)
Thanks, it adds it to each database, but didn't grant any permission,
But I guess it defaults to connect permission, that is just what the vendor product needs

It will default to public role


-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1528849
Posted Wednesday, January 08, 2014 10:15 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Yesterday @ 9:54 AM
Points: 1,720, Visits: 3,063
So does it have connect permissions?

If not, how this works, the vendor's script grant the service account to each database without specifically add any other permissions, but they said this is for to grant connect to each database.
I am not getting it.

See http://knowledgebase.solarwinds.com/kb/questions/4851/AppInsight+for+SQL+Requirements+and+Permissions
Post #1528977
Posted Wednesday, January 08, 2014 10:34 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 2:23 PM
Points: 5,951, Visits: 12,821
yes it will have connect permission, it will also default to the public database role for access

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1528991
Posted Wednesday, January 08, 2014 10:51 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Yesterday @ 9:54 AM
Points: 1,720, Visits: 3,063
Thanks, I cannot find any information on line about Public role has connect permission to a database.
Could you provide a link that tells public role has connect permission.

What I understand is everyone is a member of public role, so why this vendor script add this account to each database?


Thanks,
Post #1529000
Posted Wednesday, January 08, 2014 11:30 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 2:12 PM
Points: 12,741, Visits: 31,052
yeah, i didn't see a value in it either;
the grant for GRANT VIEW ANY DEFINITION TO AppInsightUser
lets the login see the metadata without having to be a user int he database anyway;
unless there is another command that is granting that user db_datareader in each db as well,, i don't see the need for a user in each db.


Lowell

--There is no spoon, and there's no default ORDER BY in sql server either.
Actually, Common Sense is so rare, it should be considered a Superpower. --my son
Post #1529018
Posted Wednesday, January 08, 2014 12:02 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 2:23 PM
Points: 5,951, Visits: 12,821
sqlfriends (1/8/2014)
Thanks, I cannot find any information on line about Public role has connect permission to a database.
Could you provide a link that tells public role has connect permission.

That's not what I said. Once a user is created in the database and has connect ability they will automatically default to public database role access.


-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1529033
Posted Wednesday, January 08, 2014 12:28 PM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Yesterday @ 9:54 AM
Points: 1,720, Visits: 3,063
Lowell (1/8/2014)
yeah, i didn't see a value in it either;
the grant for GRANT VIEW ANY DEFINITION TO AppInsightUser
lets the login see the metadata without having to be a user int he database anyway;
unless there is another command that is granting that user db_datareader in each db as well,, i don't see the need for a user in each db.


I totally agree, That's the reason I posted this message. Maybe GRANT VIEW ANY DEFINITION is not enough?
Then it grant the user to the database.
But what does it really do , I don't know.

Thanks
Post #1529043
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse