I've got hundreds of individual MS Access files that contain data on individual locations, each with an identical table structure. Rather than creating one database with all these files, they were all save in different folder locations. I'm trying to wrangle the data into one place so it can be more useful and I'm exploring the RODBC package for R to do that.
I'm using the RODBC package in 32 bit Rstudio to access MS Access databases in file locations which I can open and read from. I can establish the file connections and list out all the table objects for each database, but every time I try to query or read one of the tables I get this error:
[1] "42000 -1907 [Microsoft][ODBC Microsoft Access Driver] Record(s)
cannot be read; no read permission on 'HabitatUnits'." [2] "[RODBC]
ERROR: Could not SQLExecDirect 'SELECT * FROM HabitatUnits'"
I experimented another access data base that I created and I was able to read the data no problem, so it must be a restriction imposed on the other data sets. Is there a way to grant access so that R can read in this data without going through each data base to manually change the accessibility?
Somebody or something must have had read permission on the tables before. It is unlikely that each separate table has a unique user.
So the way to grant generic access through RODBC is to identify and use the correct user name and security database. How were the original tables created, by who, and from what?
Access 'workgroup security' works almost exactly the same was Windows security works. There are users and groups, which are associated with ID values. And there are permissions, which are associated with ID values, and if you have the correct workgroup file, you can associate permissions with users and groups.
The default user is called 'admin' and has a universal ID value. Any database object which is owned by the ID value can be used by anybody who has a copy of Access installed, because that ID value is universally always the default.
If you create another user, and use that user to create or take ownership of an object and remove the default permission given to the universal 'admin' user and universal 'admins' group and universal 'users' group, then the default user won't have read permission.
An 'admin' password by itself is worthless. The 'admin' user is universal, so you can just use a copy of a system workgroup where the 'admin' password is blank. If someone gives you an 'admin' password, it means either that the password is useless, or that the password is actually for something else (perhaps encryption), or that the password is for someone else - not the 'admin' user, but the other user used for object creation/ownership, for which you need to find the workgroup and username.
Access workgroup permissions work the same way as Windows Domain Permissions, but they are not the same thing. They are a completely separate system, devised before Windows had any form of security or authentication or permissions. The list of users is held in a table in a security database (by default, system.mdw). The list of groups is in a table in the same database/file. The list of users that is in each group is in the same database/file. And the ID values associated with each user and group in the same file.
By looking in the hidden system tables of an Access/Jet database, you can see the ID values associated with permissions for the tables and other objects. To match those ID values with names and groups and passwords, you must have the matching security database.
Related
I need to import a sql. database to Wordpress through phpMyAdmin.
Anytime I want to create a new database this error happens (#1044 - Access denied for user 'xxx' to database 'zzz').
Thanks for your help.
You can check all privileges permission of database user and also check our sql file. May be mention there "CAEATE DATABASE '*******'" if you have that then you remove that. Most of this #1044 refer you to check your database user and permission of your database. I think this suggestion will help you.
As the others have mentioned, shared hosting environments generally don't allow you to create any arbitrary database name, sometimes you're limited to only one database and sometimes it has to be a subset of your username or something. If that's the case, you'll need to edit the .sql file to force it to use the database name you've been assigned.
If that's not the case, it's likely the user you are logged in as doesn't have the privileges to create a new database, so you'll need to log in as a user that does have privileges. Perhaps you're not logged in as the user you think you are. Note that the username and host value need to match, otherwise you could be logged in as the anonymous user instead of one that has permissions (for instance, if your user account is mia with host field 127.0.0.1 but you're logged in via the socket connection to 'localhost', it doesn't match.
I am running Oracle 11.g and the id I am using has DBA role (full access supposedly).
When I tried to create a table under another schema, it works fine. However, when I tried to create a table with organization index, I was prompted
ORA-01950: no privileges on tablespace
I double checked my id has unlimited tablespace. My ID and the targeted schema are both in the same tablespace.
Supplemental info: I am able to run the same creat table statement w/ organization index under my own schema.
Creating objects may require two privileges: your user needs privileges to create the objects, and the schema owner needs privileges to use resources related to that object. So while you have the ability to create a table in another schema, that schema also needs the privileges to write data to the related tablespaces:
alter user $username quota unlimited on $tablespace;
This approach is safer than granting the UNLIMITED TABLESPACE role. That role grants more than necessary, and if someone later tries to cleanup the privileges, revoking that role also undoes individual privileges, as described in this article.
I granted the targeted schedma unlimited tablespace and it's resolved.
The data entry form in My DB 2010 will not allow anything to be entered. If I make DataEntry to YES, the from is blank. If I change it to NO, it displays the typing fields, but I cannot enter anything. I have also made Additions and Edits to YES.
The DB is linked to another DB stored in a network where I have only read only access. When I copy the DB from the network to my local machine and relink the tables, the data entry form works fine. I need this DB to work from the network.
You're using bound forms, which in a shared environment isn't best practice, but the root issue is that you only have read access to the back end database. You'll have to request read/write entitlements to the folder location that contains the back end database. Another option would be move the back end database to a new location where users do have read/write access. Lastly, you could always link the tables using an entitlement that does have read/write access.
I use asp.net 4 C# and entity framework 4 with MS SQL 2008. I'm trying to set up my web application locally using IIS 7.
For my website I user Asp membership provider which has installed different tables and sprocs in my db (aspnet_).
Running the script we receive this error:
The EXECUTE permission was denied on the object 'aspnet_CheckSchemaVersion', database 'XXX', schema 'dbo'. at System.Data.SqlClient.SqlConnection.OnError
How can I solve the problem?
There should be some db roles related to the membership tables, eg aspnet_profile_fullaccess. Make sure the account you're using is a member of the appropriate role.
You should NOT assign the user you connect to the DB as dbowner privilege. The account should have only the rights it needs & nothing more. If you grant dbo & someone were to exploit a flaw in your website they would have full uncontrolled access to your entire db to what they wanted - delete tables, change data at will.
I don't think you should make the user the db_owner. I had the same problem, and it was sufficient to grand the 4 roles with BasicAccess to my user + to give him EXECUTE permission on all stored proc:
GRANT EXECUTE TO [theUserName];
I know this is not ideal. One should grant EXECUTE permissions only on the required stored proc, but if you need a quick solution until you find which SP's your user needs to be able to execute, this should work.
The problem is that the User ID the application is logging in with doesn't have enough privileges in the database. It either needs to be the database owner or be granted permissions on all the aspnet_ stored procedures.
So please check the permissions in SQL server 2008 for this particular user. and if possible make this user as a dbowner.
Hope this helps...
Edit : i wanted you to make it as dbowner just to verify that there are some permission issues,once you are sure about the problem, you can assign permissions to that user. hence knowing the exact cause and the exact solution.
I agree that one can test by adding the db_owner role to verify the permission error. But should be reminded with all urgency to test only and be sure to remove the role.
Right click on the Login User >> select properties >> then User Mapping.
Looking at the SQL error provided, you can surmise this is the issue based on "Execute Permission was denied". After using db_owner role as a test and confirmation, one can then look at the various SQL statements to see what stored procedures are getting called. For example consider the following
SQL As String = "EXEC [EAC].[myStoredProcedure] " etc . . . "
After you find out the various stored procedures used by the application, you can then grant execute on those specific executes. For example, considering the following SQL.
USE DATABASE
GRANT EXECUTE ON OBJECT::EAC.myStoredProcedure
TO myRoleorUser;
Note that the EAC.myStoredProcedure mentioned in the code is found when expanding the database and then Programmability and then expand Stored Procedures.
Here is the Microsoft KB for further help on targeting the specific stored procedures on SQL server.
https://learn.microsoft.com/en-us/sql/relational-databases/stored-procedures/grant-permissions-on-a-stored-procedure?view=sql-server-2017
We have a security module which, based on group/role membership, controls permissions to resources in ASP.Net. I've built a custom ASP.Net Role Provider that queries Active Directory for group membership and which is used by this module.
Security checking works as follows for each request (caching used in places for performance reasons but excluded from this list):
Query AD for list of users group memberships
Query database for a list of users and groups with access to the requested resource
Compare results from AD with results from the database. If the user explicitly has rights or if a group that the user is in has rights then allow access, else don't.
The problem arises when we have nested groups. Lets say we have two groups: ParentGroup and ChildGroup, where ChildGroup is a member of ParentGroup in Active Directory and where our user is a member of ChildGroup. According to the logic above if we give ChildGroup access to a resource then then the user can access the resource too.
Now logically (to me anyways) if we give ParentGroup access to a resource then all members of it, and any sub groups and their members acquired recursively, should also be able to access said resource. But instead, because of the way my logic works they can't access the resource. Step 1 from the above list does not see ParentGroup it only see's ChildGroup, and Step 2 only see's ParentGroup and does not see ChildGroup.
So the question is, to make it work how I described it "Logically" should, where should I fix the problem, and is there some method that would work better then another?
Try using the WindowsPrincipal.IsInRole() method instead of querying AD directly. I posted some sample code over here which might help.