tags:

views:

188

answers:

3
Q: 

SQL assign read/write access to all users on PC

I'm installing an SQL database and our application on a single PC. Under Vista this needs to be installed by an administrator account, but this means that the regular user account(s) can run our program, but it can't access the database it needs.

What I need is a simple way of allowing all NT logins on the PC to have access to the database.

I thought I'd solved it: In SSMS I can manually assign db_datareader/writer roles to BUILTIN\Users, and it works perfectly.

However, if my installer programmatically executes the following, it doesn't work:

USE [OurDatabase]
GO
EXEC sp_addrolemember N'db_datawriter', N'BUILTIN\Users'
GO
EXEC sp_addrolemember N'db_datareader', N'BUILTIN\Users'
GO

The users get assigned the roles, but they still can't access the database. The only difference I can see in SSMSE is that in the latter case, they also gain ownership of a new "BUILTIN\Users" schema, which I suspect may be screwing things up. Clearly SSMS does something slightly different...

Can anyone suggest a way to get this working programmatically?

A: 

What about setting the application only to run as administrator on vista?

Jim  2009-10-20 14:22:31
That's specifically what I'm trying to avoid. The application runs as a non-elevated user, and I don't want the administrator to have to go to the machine and type in his password every time a user wishes to run the program!
Jason Williams  2009-10-20 14:52:09
+2  A: 

In OurDatabase, what user is mapped to the login? Do you see a difference in the SSMS method vs. programmatic? What is the default schema for the user mapped to the group login when it works?

Aaron Bertrand  2009-10-20 14:28:55
If I do it in SSMS and ask it to script the changes from the "New User" dialog, it produces the SQL script in my question - so I can't see any difference in what I'm doing programatically. In all cases the default schema appears to be blank (and uneditable). The only difference I can see in SSMS is that the programmatiically added user owns a new "BUILTIN\Users" schema, which just magically appeared - so my only hint is that maybe I need to find a way to make it use a better default schema?
Jason Williams  2009-10-20 14:57:44
See my answer for a full explanation of the solution. But Accepting Aaron's as it pointed me to the solution.
Jason Williams  2009-10-20 15:16:26
A: 

Ah, it appears that SSMS also does a CREATE USER [BUILTIN\Users] FOR LOGIN [BUILTIN\Users] on the database if the user doesn't exist.

I was twiddling the permissions on and off several times while trying to work out what to do, and on subsequent attempts the user already existed so SSMS didn't bother with the CREATE command. So when I finally figured out what I needed to do, I was getting an incomplete (for my needs) script out of it.

This wasn't obvious because the effects of this command are not seen in the user properties; they appear in the User Mapping in the Server Security\Logins section of SSMS.

Thanks to Aaron (the mention of logins had me looking at the Security\Logins page and I spotted the difference in the mappings there)

Jason Williams  2009-10-20 15:15:28

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?