We use an SQL backend ERP system on our Windows Small
Business Server 2k network.
The problem we have is this:
Certain parts of the ERP don't work when logged in as
Domain users, unless they have Domain Admin rights.
Here is the scenario
Pre-Requisites
Windows requires username and password
ERP system requires username and password
User A (Domain Administrator)
User B (Domain User)
1 - User A logs into PC1 (Windows2K/XP). He then then logs
into the ERP system. He can do everything he wishes as he
has full domain admin rights.
2 - After user A is finished with the ERP system he logs
out of the ERP system but leaves PC1 logged on. User B now
opens the ERP system and logs in with his username and
password. He can complete any task he attempts.
THe PC is now logged off.
3 - User B now logs into Windows2K/XP on PC1 with his
WIndows username and password and then logs into the ERP
system. He can access all parts of the ERP as before but
some screens fail to open/initilaize.
He now logs off of the ERP in order that User A can log on
but leaves Windows logged on.
User A logs onto the ERP system and attempts to complete
certain tasks. He can't seem to comlete them now either
(Same taks).
PC logged off
4 - Give User B admin rights and he can now achieve part 1
of this scenario. Obviously it isn't appropriate to give
every user on our network full Admin rights but does
anyone know what could be happening here and where best to
look for solutions? I.e Windows or SQL.
It appears that
1. The ERP may be using trusted connections. That would explain why things
can or can not be done based on who logged into the OS.
2. Also there may be some issues related to connection pooling... When User
B logs into the OS and the ERP, then logs out of the ERP, the ERP continues
to behave as if userB was logged in... Either the ERP is somehow keeping a
connection open or perhaps the connection is not being re-initilized each
time it is returned to the connection pool... Check the connection pool
settings ( as per he ERP system documentation) and see if that helps...
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Robert" <anonymous@.discussions.microsoft.com> wrote in message
news:22d0901c45db5$032581f0$a501280a@.phx.gbl...
> We use an SQL backend ERP system on our Windows Small
> Business Server 2k network.
> The problem we have is this:
> Certain parts of the ERP don't work when logged in as
> Domain users, unless they have Domain Admin rights.
> Here is the scenario
> Pre-Requisites
> Windows requires username and password
> ERP system requires username and password
> User A (Domain Administrator)
> User B (Domain User)
> 1 - User A logs into PC1 (Windows2K/XP). He then then logs
> into the ERP system. He can do everything he wishes as he
> has full domain admin rights.
> 2 - After user A is finished with the ERP system he logs
> out of the ERP system but leaves PC1 logged on. User B now
> opens the ERP system and logs in with his username and
> password. He can complete any task he attempts.
> THe PC is now logged off.
> 3 - User B now logs into Windows2K/XP on PC1 with his
> WIndows username and password and then logs into the ERP
> system. He can access all parts of the ERP as before but
> some screens fail to open/initilaize.
> He now logs off of the ERP in order that User A can log on
> but leaves Windows logged on.
> User A logs onto the ERP system and attempts to complete
> certain tasks. He can't seem to comlete them now either
> (Same taks).
> PC logged off
> 4 - Give User B admin rights and he can now achieve part 1
> of this scenario. Obviously it isn't appropriate to give
> every user on our network full Admin rights but does
> anyone know what could be happening here and where best to
> look for solutions? I.e Windows or SQL.
|||It appears that
1. The ERP may be using trusted connections. That would explain why things
can or can not be done based on who logged into the OS.
2. Also there may be some issues related to connection pooling... When User
B logs into the OS and the ERP, then logs out of the ERP, the ERP continues
to behave as if userB was logged in... Either the ERP is somehow keeping a
connection open or perhaps the connection is not being re-initilized each
time it is returned to the connection pool... Check the connection pool
settings ( as per he ERP system documentation) and see if that helps...
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Robert" <anonymous@.discussions.microsoft.com> wrote in message
news:22d0901c45db5$032581f0$a501280a@.phx.gbl...
> We use an SQL backend ERP system on our Windows Small
> Business Server 2k network.
> The problem we have is this:
> Certain parts of the ERP don't work when logged in as
> Domain users, unless they have Domain Admin rights.
> Here is the scenario
> Pre-Requisites
> Windows requires username and password
> ERP system requires username and password
> User A (Domain Administrator)
> User B (Domain User)
> 1 - User A logs into PC1 (Windows2K/XP). He then then logs
> into the ERP system. He can do everything he wishes as he
> has full domain admin rights.
> 2 - After user A is finished with the ERP system he logs
> out of the ERP system but leaves PC1 logged on. User B now
> opens the ERP system and logs in with his username and
> password. He can complete any task he attempts.
> THe PC is now logged off.
> 3 - User B now logs into Windows2K/XP on PC1 with his
> WIndows username and password and then logs into the ERP
> system. He can access all parts of the ERP as before but
> some screens fail to open/initilaize.
> He now logs off of the ERP in order that User A can log on
> but leaves Windows logged on.
> User A logs onto the ERP system and attempts to complete
> certain tasks. He can't seem to comlete them now either
> (Same taks).
> PC logged off
> 4 - Give User B admin rights and he can now achieve part 1
> of this scenario. Obviously it isn't appropriate to give
> every user on our network full Admin rights but does
> anyone know what could be happening here and where best to
> look for solutions? I.e Windows or SQL.
|||One last thing i forgot to mention was that we had to
change a network card and driver on the server and before
this the parts of the ERP which do not function proplery
now worked prior to the new card/driver being installed.
Any advice/assistance in this matter greatly appreciated
>--Original Message--
>It appears that
>1. The ERP may be using trusted connections. That would
explain why things
>can or can not be done based on who logged into the OS.
>2. Also there may be some issues related to connection
pooling... When User
>B logs into the OS and the ERP, then logs out of the ERP,
the ERP continues
>to behave as if userB was logged in... Either the ERP is
somehow keeping a
>connection open or perhaps the connection is not being re-
initilized each
>time it is returned to the connection pool... Check the
connection pool
>settings ( as per he ERP system documentation) and see if
that helps...
>--
>Wayne Snyder, MCDBA, SQL Server MVP
>Mariner, Charlotte, NC
>www.mariner-usa.com
>(Please respond only to the newsgroups.)
>I support the Professional Association of SQL Server
(PASS) and it's
>community of SQL Server professionals.
>www.sqlpass.org
>"Robert" <anonymous@.discussions.microsoft.com> wrote in
message[vbcol=seagreen]
>news:22d0901c45db5$032581f0$a501280a@.phx.gbl...
--[vbcol=seagreen]
--[vbcol=seagreen]
logs[vbcol=seagreen]
he[vbcol=seagreen]
now[vbcol=seagreen]
on[vbcol=seagreen]
part 1[vbcol=seagreen]
to
>
>.
>
|||One last thing i forgot to mention was that we had to
change a network card and driver on the server and before
this the parts of the ERP which do not function proplery
now worked prior to the new card/driver being installed.
Any advice/assistance in this matter greatly appreciated
>--Original Message--
>It appears that
>1. The ERP may be using trusted connections. That would
explain why things
>can or can not be done based on who logged into the OS.
>2. Also there may be some issues related to connection
pooling... When User
>B logs into the OS and the ERP, then logs out of the ERP,
the ERP continues
>to behave as if userB was logged in... Either the ERP is
somehow keeping a
>connection open or perhaps the connection is not being re-
initilized each
>time it is returned to the connection pool... Check the
connection pool
>settings ( as per he ERP system documentation) and see if
that helps...
>--
>Wayne Snyder, MCDBA, SQL Server MVP
>Mariner, Charlotte, NC
>www.mariner-usa.com
>(Please respond only to the newsgroups.)
>I support the Professional Association of SQL Server
(PASS) and it's
>community of SQL Server professionals.
>www.sqlpass.org
>"Robert" <anonymous@.discussions.microsoft.com> wrote in
message[vbcol=seagreen]
>news:22d0901c45db5$032581f0$a501280a@.phx.gbl...
--[vbcol=seagreen]
--[vbcol=seagreen]
logs[vbcol=seagreen]
he[vbcol=seagreen]
now[vbcol=seagreen]
on[vbcol=seagreen]
part 1[vbcol=seagreen]
to
>
>.
>
Showing posts with label erp. Show all posts
Showing posts with label erp. Show all posts
Friday, March 9, 2012
Permissions
We use an SQL backend ERP system on our Windows Small
Business Server 2k network.
The problem we have is this:
Certain parts of the ERP don't work when logged in as
Domain users, unless they have Domain Admin rights.
Here is the scenario
Pre-Requisites
---
Windows requires username and password
ERP system requires username and password
---
User A (Domain Administrator)
User B (Domain User)
1 - User A logs into PC1 (Windows2K/XP). He then then logs
into the ERP system. He can do everything he wishes as he
has full domain admin rights.
2 - After user A is finished with the ERP system he logs
out of the ERP system but leaves PC1 logged on. User B now
opens the ERP system and logs in with his username and
password. He can complete any task he attempts.
THe PC is now logged off.
3 - User B now logs into Windows2K/XP on PC1 with his
WIndows username and password and then logs into the ERP
system. He can access all parts of the ERP as before but
some screens fail to open/initilaize.
He now logs off of the ERP in order that User A can log on
but leaves Windows logged on.
User A logs onto the ERP system and attempts to complete
certain tasks. He can't seem to comlete them now either
(Same taks).
PC logged off
4 - Give User B admin rights and he can now achieve part 1
of this scenario. Obviously it isn't appropriate to give
every user on our network full Admin rights but does
anyone know what could be happening here and where best to
look for solutions? I.e Windows or SQL.It appears that
1. The ERP may be using trusted connections. That would explain why things
can or can not be done based on who logged into the OS.
2. Also there may be some issues related to connection pooling... When User
B logs into the OS and the ERP, then logs out of the ERP, the ERP continues
to behave as if userB was logged in... Either the ERP is somehow keeping a
connection open or perhaps the connection is not being re-initilized each
time it is returned to the connection pool... Check the connection pool
settings ( as per he ERP system documentation) and see if that helps...
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Robert" <anonymous@.discussions.microsoft.com> wrote in message
news:22d0901c45db5$032581f0$a501280a@.phx
.gbl...
> We use an SQL backend ERP system on our Windows Small
> Business Server 2k network.
> The problem we have is this:
> Certain parts of the ERP don't work when logged in as
> Domain users, unless they have Domain Admin rights.
> Here is the scenario
> Pre-Requisites
> ---
> Windows requires username and password
> ERP system requires username and password
> ---
> User A (Domain Administrator)
> User B (Domain User)
> 1 - User A logs into PC1 (Windows2K/XP). He then then logs
> into the ERP system. He can do everything he wishes as he
> has full domain admin rights.
> 2 - After user A is finished with the ERP system he logs
> out of the ERP system but leaves PC1 logged on. User B now
> opens the ERP system and logs in with his username and
> password. He can complete any task he attempts.
> THe PC is now logged off.
> 3 - User B now logs into Windows2K/XP on PC1 with his
> WIndows username and password and then logs into the ERP
> system. He can access all parts of the ERP as before but
> some screens fail to open/initilaize.
> He now logs off of the ERP in order that User A can log on
> but leaves Windows logged on.
> User A logs onto the ERP system and attempts to complete
> certain tasks. He can't seem to comlete them now either
> (Same taks).
> PC logged off
> 4 - Give User B admin rights and he can now achieve part 1
> of this scenario. Obviously it isn't appropriate to give
> every user on our network full Admin rights but does
> anyone know what could be happening here and where best to
> look for solutions? I.e Windows or SQL.|||One last thing i forgot to mention was that we had to
change a network card and driver on the server and before
this the parts of the ERP which do not function proplery
now worked prior to the new card/driver being installed.
Any advice/assistance in this matter greatly appreciated
>--Original Message--
>It appears that
>1. The ERP may be using trusted connections. That would
explain why things
>can or can not be done based on who logged into the OS.
>2. Also there may be some issues related to connection
pooling... When User
>B logs into the OS and the ERP, then logs out of the ERP,
the ERP continues
>to behave as if userB was logged in... Either the ERP is
somehow keeping a
>connection open or perhaps the connection is not being re-
initilized each
>time it is returned to the connection pool... Check the
connection pool
>settings ( as per he ERP system documentation) and see if
that helps...
>--
>Wayne Snyder, MCDBA, SQL Server MVP
>Mariner, Charlotte, NC
>www.mariner-usa.com
>(Please respond only to the newsgroups.)
>I support the Professional Association of SQL Server
(PASS) and it's
>community of SQL Server professionals.
>www.sqlpass.org
>"Robert" <anonymous@.discussions.microsoft.com> wrote in
message
> news:22d0901c45db5$032581f0$a501280a@.phx
.gbl...
--[vbcol=seagreen]
--[vbcol=seagreen]
logs[vbcol=seagreen]
he[vbcol=seagreen]
now[vbcol=seagreen]
on[vbcol=seagreen]
part 1[vbcol=seagreen]
to[vbcol=seagreen]
>
>.
>
Business Server 2k network.
The problem we have is this:
Certain parts of the ERP don't work when logged in as
Domain users, unless they have Domain Admin rights.
Here is the scenario
Pre-Requisites
---
Windows requires username and password
ERP system requires username and password
---
User A (Domain Administrator)
User B (Domain User)
1 - User A logs into PC1 (Windows2K/XP). He then then logs
into the ERP system. He can do everything he wishes as he
has full domain admin rights.
2 - After user A is finished with the ERP system he logs
out of the ERP system but leaves PC1 logged on. User B now
opens the ERP system and logs in with his username and
password. He can complete any task he attempts.
THe PC is now logged off.
3 - User B now logs into Windows2K/XP on PC1 with his
WIndows username and password and then logs into the ERP
system. He can access all parts of the ERP as before but
some screens fail to open/initilaize.
He now logs off of the ERP in order that User A can log on
but leaves Windows logged on.
User A logs onto the ERP system and attempts to complete
certain tasks. He can't seem to comlete them now either
(Same taks).
PC logged off
4 - Give User B admin rights and he can now achieve part 1
of this scenario. Obviously it isn't appropriate to give
every user on our network full Admin rights but does
anyone know what could be happening here and where best to
look for solutions? I.e Windows or SQL.It appears that
1. The ERP may be using trusted connections. That would explain why things
can or can not be done based on who logged into the OS.
2. Also there may be some issues related to connection pooling... When User
B logs into the OS and the ERP, then logs out of the ERP, the ERP continues
to behave as if userB was logged in... Either the ERP is somehow keeping a
connection open or perhaps the connection is not being re-initilized each
time it is returned to the connection pool... Check the connection pool
settings ( as per he ERP system documentation) and see if that helps...
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Robert" <anonymous@.discussions.microsoft.com> wrote in message
news:22d0901c45db5$032581f0$a501280a@.phx
.gbl...
> We use an SQL backend ERP system on our Windows Small
> Business Server 2k network.
> The problem we have is this:
> Certain parts of the ERP don't work when logged in as
> Domain users, unless they have Domain Admin rights.
> Here is the scenario
> Pre-Requisites
> ---
> Windows requires username and password
> ERP system requires username and password
> ---
> User A (Domain Administrator)
> User B (Domain User)
> 1 - User A logs into PC1 (Windows2K/XP). He then then logs
> into the ERP system. He can do everything he wishes as he
> has full domain admin rights.
> 2 - After user A is finished with the ERP system he logs
> out of the ERP system but leaves PC1 logged on. User B now
> opens the ERP system and logs in with his username and
> password. He can complete any task he attempts.
> THe PC is now logged off.
> 3 - User B now logs into Windows2K/XP on PC1 with his
> WIndows username and password and then logs into the ERP
> system. He can access all parts of the ERP as before but
> some screens fail to open/initilaize.
> He now logs off of the ERP in order that User A can log on
> but leaves Windows logged on.
> User A logs onto the ERP system and attempts to complete
> certain tasks. He can't seem to comlete them now either
> (Same taks).
> PC logged off
> 4 - Give User B admin rights and he can now achieve part 1
> of this scenario. Obviously it isn't appropriate to give
> every user on our network full Admin rights but does
> anyone know what could be happening here and where best to
> look for solutions? I.e Windows or SQL.|||One last thing i forgot to mention was that we had to
change a network card and driver on the server and before
this the parts of the ERP which do not function proplery
now worked prior to the new card/driver being installed.
Any advice/assistance in this matter greatly appreciated
>--Original Message--
>It appears that
>1. The ERP may be using trusted connections. That would
explain why things
>can or can not be done based on who logged into the OS.
>2. Also there may be some issues related to connection
pooling... When User
>B logs into the OS and the ERP, then logs out of the ERP,
the ERP continues
>to behave as if userB was logged in... Either the ERP is
somehow keeping a
>connection open or perhaps the connection is not being re-
initilized each
>time it is returned to the connection pool... Check the
connection pool
>settings ( as per he ERP system documentation) and see if
that helps...
>--
>Wayne Snyder, MCDBA, SQL Server MVP
>Mariner, Charlotte, NC
>www.mariner-usa.com
>(Please respond only to the newsgroups.)
>I support the Professional Association of SQL Server
(PASS) and it's
>community of SQL Server professionals.
>www.sqlpass.org
>"Robert" <anonymous@.discussions.microsoft.com> wrote in
message
> news:22d0901c45db5$032581f0$a501280a@.phx
.gbl...
--[vbcol=seagreen]
--[vbcol=seagreen]
logs[vbcol=seagreen]
he[vbcol=seagreen]
now[vbcol=seagreen]
on[vbcol=seagreen]
part 1[vbcol=seagreen]
to[vbcol=seagreen]
>
>.
>
Permissions
We use an SQL backend ERP system on our Windows Small
Business Server 2k network.
The problem we have is this:
Certain parts of the ERP don't work when logged in as
Domain users, unless they have Domain Admin rights.
Here is the scenario
Pre-Requisites
---
Windows requires username and password
ERP system requires username and password
---
User A (Domain Administrator)
User B (Domain User)
1 - User A logs into PC1 (Windows2K/XP). He then then logs
into the ERP system. He can do everything he wishes as he
has full domain admin rights.
2 - After user A is finished with the ERP system he logs
out of the ERP system but leaves PC1 logged on. User B now
opens the ERP system and logs in with his username and
password. He can complete any task he attempts.
THe PC is now logged off.
3 - User B now logs into Windows2K/XP on PC1 with his
WIndows username and password and then logs into the ERP
system. He can access all parts of the ERP as before but
some screens fail to open/initilaize.
He now logs off of the ERP in order that User A can log on
but leaves Windows logged on.
User A logs onto the ERP system and attempts to complete
certain tasks. He can't seem to comlete them now either
(Same taks).
PC logged off
4 - Give User B admin rights and he can now achieve part 1
of this scenario. Obviously it isn't appropriate to give
every user on our network full Admin rights but does
anyone know what could be happening here and where best to
look for solutions? I.e Windows or SQL.It appears that
1. The ERP may be using trusted connections. That would explain why things
can or can not be done based on who logged into the OS.
2. Also there may be some issues related to connection pooling... When User
B logs into the OS and the ERP, then logs out of the ERP, the ERP continues
to behave as if userB was logged in... Either the ERP is somehow keeping a
connection open or perhaps the connection is not being re-initilized each
time it is returned to the connection pool... Check the connection pool
settings ( as per he ERP system documentation) and see if that helps...
--
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Robert" <anonymous@.discussions.microsoft.com> wrote in message
news:22d0901c45db5$032581f0$a501280a@.phx.gbl...
> We use an SQL backend ERP system on our Windows Small
> Business Server 2k network.
> The problem we have is this:
> Certain parts of the ERP don't work when logged in as
> Domain users, unless they have Domain Admin rights.
> Here is the scenario
> Pre-Requisites
> ---
> Windows requires username and password
> ERP system requires username and password
> ---
> User A (Domain Administrator)
> User B (Domain User)
> 1 - User A logs into PC1 (Windows2K/XP). He then then logs
> into the ERP system. He can do everything he wishes as he
> has full domain admin rights.
> 2 - After user A is finished with the ERP system he logs
> out of the ERP system but leaves PC1 logged on. User B now
> opens the ERP system and logs in with his username and
> password. He can complete any task he attempts.
> THe PC is now logged off.
> 3 - User B now logs into Windows2K/XP on PC1 with his
> WIndows username and password and then logs into the ERP
> system. He can access all parts of the ERP as before but
> some screens fail to open/initilaize.
> He now logs off of the ERP in order that User A can log on
> but leaves Windows logged on.
> User A logs onto the ERP system and attempts to complete
> certain tasks. He can't seem to comlete them now either
> (Same taks).
> PC logged off
> 4 - Give User B admin rights and he can now achieve part 1
> of this scenario. Obviously it isn't appropriate to give
> every user on our network full Admin rights but does
> anyone know what could be happening here and where best to
> look for solutions? I.e Windows or SQL.|||One last thing i forgot to mention was that we had to
change a network card and driver on the server and before
this the parts of the ERP which do not function proplery
now worked prior to the new card/driver being installed.
Any advice/assistance in this matter greatly appreciated
>--Original Message--
>It appears that
>1. The ERP may be using trusted connections. That would
explain why things
>can or can not be done based on who logged into the OS.
>2. Also there may be some issues related to connection
pooling... When User
>B logs into the OS and the ERP, then logs out of the ERP,
the ERP continues
>to behave as if userB was logged in... Either the ERP is
somehow keeping a
>connection open or perhaps the connection is not being re-
initilized each
>time it is returned to the connection pool... Check the
connection pool
>settings ( as per he ERP system documentation) and see if
that helps...
>--
>Wayne Snyder, MCDBA, SQL Server MVP
>Mariner, Charlotte, NC
>www.mariner-usa.com
>(Please respond only to the newsgroups.)
>I support the Professional Association of SQL Server
(PASS) and it's
>community of SQL Server professionals.
>www.sqlpass.org
>"Robert" <anonymous@.discussions.microsoft.com> wrote in
message
>news:22d0901c45db5$032581f0$a501280a@.phx.gbl...
>> We use an SQL backend ERP system on our Windows Small
>> Business Server 2k network.
>> The problem we have is this:
>> Certain parts of the ERP don't work when logged in as
>> Domain users, unless they have Domain Admin rights.
>> Here is the scenario
>> Pre-Requisites
>> ---
--
>> Windows requires username and password
>> ERP system requires username and password
>> ---
--
>> User A (Domain Administrator)
>> User B (Domain User)
>> 1 - User A logs into PC1 (Windows2K/XP). He then then
logs
>> into the ERP system. He can do everything he wishes as
he
>> has full domain admin rights.
>> 2 - After user A is finished with the ERP system he logs
>> out of the ERP system but leaves PC1 logged on. User B
now
>> opens the ERP system and logs in with his username and
>> password. He can complete any task he attempts.
>> THe PC is now logged off.
>> 3 - User B now logs into Windows2K/XP on PC1 with his
>> WIndows username and password and then logs into the ERP
>> system. He can access all parts of the ERP as before but
>> some screens fail to open/initilaize.
>> He now logs off of the ERP in order that User A can log
on
>> but leaves Windows logged on.
>> User A logs onto the ERP system and attempts to complete
>> certain tasks. He can't seem to comlete them now either
>> (Same taks).
>> PC logged off
>> 4 - Give User B admin rights and he can now achieve
part 1
>> of this scenario. Obviously it isn't appropriate to give
>> every user on our network full Admin rights but does
>> anyone know what could be happening here and where best
to
>> look for solutions? I.e Windows or SQL.
>
>.
>
Business Server 2k network.
The problem we have is this:
Certain parts of the ERP don't work when logged in as
Domain users, unless they have Domain Admin rights.
Here is the scenario
Pre-Requisites
---
Windows requires username and password
ERP system requires username and password
---
User A (Domain Administrator)
User B (Domain User)
1 - User A logs into PC1 (Windows2K/XP). He then then logs
into the ERP system. He can do everything he wishes as he
has full domain admin rights.
2 - After user A is finished with the ERP system he logs
out of the ERP system but leaves PC1 logged on. User B now
opens the ERP system and logs in with his username and
password. He can complete any task he attempts.
THe PC is now logged off.
3 - User B now logs into Windows2K/XP on PC1 with his
WIndows username and password and then logs into the ERP
system. He can access all parts of the ERP as before but
some screens fail to open/initilaize.
He now logs off of the ERP in order that User A can log on
but leaves Windows logged on.
User A logs onto the ERP system and attempts to complete
certain tasks. He can't seem to comlete them now either
(Same taks).
PC logged off
4 - Give User B admin rights and he can now achieve part 1
of this scenario. Obviously it isn't appropriate to give
every user on our network full Admin rights but does
anyone know what could be happening here and where best to
look for solutions? I.e Windows or SQL.It appears that
1. The ERP may be using trusted connections. That would explain why things
can or can not be done based on who logged into the OS.
2. Also there may be some issues related to connection pooling... When User
B logs into the OS and the ERP, then logs out of the ERP, the ERP continues
to behave as if userB was logged in... Either the ERP is somehow keeping a
connection open or perhaps the connection is not being re-initilized each
time it is returned to the connection pool... Check the connection pool
settings ( as per he ERP system documentation) and see if that helps...
--
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Robert" <anonymous@.discussions.microsoft.com> wrote in message
news:22d0901c45db5$032581f0$a501280a@.phx.gbl...
> We use an SQL backend ERP system on our Windows Small
> Business Server 2k network.
> The problem we have is this:
> Certain parts of the ERP don't work when logged in as
> Domain users, unless they have Domain Admin rights.
> Here is the scenario
> Pre-Requisites
> ---
> Windows requires username and password
> ERP system requires username and password
> ---
> User A (Domain Administrator)
> User B (Domain User)
> 1 - User A logs into PC1 (Windows2K/XP). He then then logs
> into the ERP system. He can do everything he wishes as he
> has full domain admin rights.
> 2 - After user A is finished with the ERP system he logs
> out of the ERP system but leaves PC1 logged on. User B now
> opens the ERP system and logs in with his username and
> password. He can complete any task he attempts.
> THe PC is now logged off.
> 3 - User B now logs into Windows2K/XP on PC1 with his
> WIndows username and password and then logs into the ERP
> system. He can access all parts of the ERP as before but
> some screens fail to open/initilaize.
> He now logs off of the ERP in order that User A can log on
> but leaves Windows logged on.
> User A logs onto the ERP system and attempts to complete
> certain tasks. He can't seem to comlete them now either
> (Same taks).
> PC logged off
> 4 - Give User B admin rights and he can now achieve part 1
> of this scenario. Obviously it isn't appropriate to give
> every user on our network full Admin rights but does
> anyone know what could be happening here and where best to
> look for solutions? I.e Windows or SQL.|||One last thing i forgot to mention was that we had to
change a network card and driver on the server and before
this the parts of the ERP which do not function proplery
now worked prior to the new card/driver being installed.
Any advice/assistance in this matter greatly appreciated
>--Original Message--
>It appears that
>1. The ERP may be using trusted connections. That would
explain why things
>can or can not be done based on who logged into the OS.
>2. Also there may be some issues related to connection
pooling... When User
>B logs into the OS and the ERP, then logs out of the ERP,
the ERP continues
>to behave as if userB was logged in... Either the ERP is
somehow keeping a
>connection open or perhaps the connection is not being re-
initilized each
>time it is returned to the connection pool... Check the
connection pool
>settings ( as per he ERP system documentation) and see if
that helps...
>--
>Wayne Snyder, MCDBA, SQL Server MVP
>Mariner, Charlotte, NC
>www.mariner-usa.com
>(Please respond only to the newsgroups.)
>I support the Professional Association of SQL Server
(PASS) and it's
>community of SQL Server professionals.
>www.sqlpass.org
>"Robert" <anonymous@.discussions.microsoft.com> wrote in
message
>news:22d0901c45db5$032581f0$a501280a@.phx.gbl...
>> We use an SQL backend ERP system on our Windows Small
>> Business Server 2k network.
>> The problem we have is this:
>> Certain parts of the ERP don't work when logged in as
>> Domain users, unless they have Domain Admin rights.
>> Here is the scenario
>> Pre-Requisites
>> ---
--
>> Windows requires username and password
>> ERP system requires username and password
>> ---
--
>> User A (Domain Administrator)
>> User B (Domain User)
>> 1 - User A logs into PC1 (Windows2K/XP). He then then
logs
>> into the ERP system. He can do everything he wishes as
he
>> has full domain admin rights.
>> 2 - After user A is finished with the ERP system he logs
>> out of the ERP system but leaves PC1 logged on. User B
now
>> opens the ERP system and logs in with his username and
>> password. He can complete any task he attempts.
>> THe PC is now logged off.
>> 3 - User B now logs into Windows2K/XP on PC1 with his
>> WIndows username and password and then logs into the ERP
>> system. He can access all parts of the ERP as before but
>> some screens fail to open/initilaize.
>> He now logs off of the ERP in order that User A can log
on
>> but leaves Windows logged on.
>> User A logs onto the ERP system and attempts to complete
>> certain tasks. He can't seem to comlete them now either
>> (Same taks).
>> PC logged off
>> 4 - Give User B admin rights and he can now achieve
part 1
>> of this scenario. Obviously it isn't appropriate to give
>> every user on our network full Admin rights but does
>> anyone know what could be happening here and where best
to
>> look for solutions? I.e Windows or SQL.
>
>.
>
Permissions
We use an SQL backend ERP system on our Windows Small
Business Server 2k network.
The problem we have is this:
Certain parts of the ERP don't work when logged in as
Domain users, unless they have Domain Admin rights.
Here is the scenario
Pre-Requisites
---
Windows requires username and password
ERP system requires username and password
---
User A (Domain Administrator)
User B (Domain User)
1 - User A logs into PC1 (Windows2K/XP). He then then logs
into the ERP system. He can do everything he wishes as he
has full domain admin rights.
2 - After user A is finished with the ERP system he logs
out of the ERP system but leaves PC1 logged on. User B now
opens the ERP system and logs in with his username and
password. He can complete any task he attempts.
THe PC is now logged off.
3 - User B now logs into Windows2K/XP on PC1 with his
WIndows username and password and then logs into the ERP
system. He can access all parts of the ERP as before but
some screens fail to open/initilaize.
He now logs off of the ERP in order that User A can log on
but leaves Windows logged on.
User A logs onto the ERP system and attempts to complete
certain tasks. He can't seem to comlete them now either
(Same taks).
PC logged off
4 - Give User B admin rights and he can now achieve part 1
of this scenario. Obviously it isn't appropriate to give
every user on our network full Admin rights but does
anyone know what could be happening here and where best to
look for solutions? I.e Windows or SQL.If a user who is a domain admin logs into SQL Server, if the
default BUILTIN\Administrators group has not been modified
or removed, the user will have sysadmin access through their
membership in the local administrators group on the SQL
Server - domain admins are members of the local admins group
and this group gets access to SQL Server through the
BUILTIN\Administrators group. The BUILTIN\Administrators
group are members of sysadmins.
How the security needs to be set up and how the users need
to be configured depends on the ERP system. You should
follow up with the vendor of this system to properly
configure security for the users of the system.
-Sue
On Tue, 29 Jun 2004 01:41:08 -0700, "Robert"
<anonymous@.discussions.microsoft.com> wrote:
>We use an SQL backend ERP system on our Windows Small
>Business Server 2k network.
>The problem we have is this:
>Certain parts of the ERP don't work when logged in as
>Domain users, unless they have Domain Admin rights.
>Here is the scenario
>Pre-Requisites
>---
>Windows requires username and password
>ERP system requires username and password
>---
>User A (Domain Administrator)
>User B (Domain User)
>1 - User A logs into PC1 (Windows2K/XP). He then then logs
>into the ERP system. He can do everything he wishes as he
>has full domain admin rights.
>2 - After user A is finished with the ERP system he logs
>out of the ERP system but leaves PC1 logged on. User B now
>opens the ERP system and logs in with his username and
>password. He can complete any task he attempts.
>THe PC is now logged off.
>3 - User B now logs into Windows2K/XP on PC1 with his
>WIndows username and password and then logs into the ERP
>system. He can access all parts of the ERP as before but
>some screens fail to open/initilaize.
>He now logs off of the ERP in order that User A can log on
>but leaves Windows logged on.
>User A logs onto the ERP system and attempts to complete
>certain tasks. He can't seem to comlete them now either
>(Same taks).
>PC logged off
>4 - Give User B admin rights and he can now achieve part 1
>of this scenario. Obviously it isn't appropriate to give
>every user on our network full Admin rights but does
>anyone know what could be happening here and where best to
>look for solutions? I.e Windows or SQL.|||One last thing i forgot to mention was that we had to
change a network card and driver on the server and before
this the parts of the ERP which do not function proplery
now worked prior to the new card/driver being installed.
Any advice/assistance in this matter greatly appreciated
>--Original Message--
>If a user who is a domain admin logs into SQL Server, if
the
>default BUILTIN\Administrators group has not been modified
>or removed, the user will have sysadmin access through
their
>membership in the local administrators group on the SQL
>Server - domain admins are members of the local admins
group
>and this group gets access to SQL Server through the
>BUILTIN\Administrators group. The BUILTIN\Administrators
>group are members of sysadmins.
>How the security needs to be set up and how the users need
>to be configured depends on the ERP system. You should
>follow up with the vendor of this system to properly
>configure security for the users of the system.
>-Sue
>On Tue, 29 Jun 2004 01:41:08 -0700, "Robert"
><anonymous@.discussions.microsoft.com> wrote:
>
--[vbcol=seagreen]
--[vbcol=seagreen]
logs[vbcol=seagreen]
he[vbcol=seagreen]
now[vbcol=seagreen]
on[vbcol=seagreen]
1[vbcol=seagreen]
to[vbcol=seagreen]
>.
>|||You really need to contact the vendor of the ERP. I couldn't
even start to guess on what "not function properly" would
mean and functioning properly or expected behavior would be
defined by the vendor of the ERP.
-Sue
On Tue, 29 Jun 2004 06:38:20 -0700, "Robert"
<anonymous@.discussions.microsoft.com> wrote:
[vbcol=seagreen]
>One last thing i forgot to mention was that we had to
>change a network card and driver on the server and before
>this the parts of the ERP which do not function proplery
>now worked prior to the new card/driver being installed.
>Any advice/assistance in this matter greatly appreciated
>
>the
>their
>group
>--
Business Server 2k network.
The problem we have is this:
Certain parts of the ERP don't work when logged in as
Domain users, unless they have Domain Admin rights.
Here is the scenario
Pre-Requisites
---
Windows requires username and password
ERP system requires username and password
---
User A (Domain Administrator)
User B (Domain User)
1 - User A logs into PC1 (Windows2K/XP). He then then logs
into the ERP system. He can do everything he wishes as he
has full domain admin rights.
2 - After user A is finished with the ERP system he logs
out of the ERP system but leaves PC1 logged on. User B now
opens the ERP system and logs in with his username and
password. He can complete any task he attempts.
THe PC is now logged off.
3 - User B now logs into Windows2K/XP on PC1 with his
WIndows username and password and then logs into the ERP
system. He can access all parts of the ERP as before but
some screens fail to open/initilaize.
He now logs off of the ERP in order that User A can log on
but leaves Windows logged on.
User A logs onto the ERP system and attempts to complete
certain tasks. He can't seem to comlete them now either
(Same taks).
PC logged off
4 - Give User B admin rights and he can now achieve part 1
of this scenario. Obviously it isn't appropriate to give
every user on our network full Admin rights but does
anyone know what could be happening here and where best to
look for solutions? I.e Windows or SQL.If a user who is a domain admin logs into SQL Server, if the
default BUILTIN\Administrators group has not been modified
or removed, the user will have sysadmin access through their
membership in the local administrators group on the SQL
Server - domain admins are members of the local admins group
and this group gets access to SQL Server through the
BUILTIN\Administrators group. The BUILTIN\Administrators
group are members of sysadmins.
How the security needs to be set up and how the users need
to be configured depends on the ERP system. You should
follow up with the vendor of this system to properly
configure security for the users of the system.
-Sue
On Tue, 29 Jun 2004 01:41:08 -0700, "Robert"
<anonymous@.discussions.microsoft.com> wrote:
>We use an SQL backend ERP system on our Windows Small
>Business Server 2k network.
>The problem we have is this:
>Certain parts of the ERP don't work when logged in as
>Domain users, unless they have Domain Admin rights.
>Here is the scenario
>Pre-Requisites
>---
>Windows requires username and password
>ERP system requires username and password
>---
>User A (Domain Administrator)
>User B (Domain User)
>1 - User A logs into PC1 (Windows2K/XP). He then then logs
>into the ERP system. He can do everything he wishes as he
>has full domain admin rights.
>2 - After user A is finished with the ERP system he logs
>out of the ERP system but leaves PC1 logged on. User B now
>opens the ERP system and logs in with his username and
>password. He can complete any task he attempts.
>THe PC is now logged off.
>3 - User B now logs into Windows2K/XP on PC1 with his
>WIndows username and password and then logs into the ERP
>system. He can access all parts of the ERP as before but
>some screens fail to open/initilaize.
>He now logs off of the ERP in order that User A can log on
>but leaves Windows logged on.
>User A logs onto the ERP system and attempts to complete
>certain tasks. He can't seem to comlete them now either
>(Same taks).
>PC logged off
>4 - Give User B admin rights and he can now achieve part 1
>of this scenario. Obviously it isn't appropriate to give
>every user on our network full Admin rights but does
>anyone know what could be happening here and where best to
>look for solutions? I.e Windows or SQL.|||One last thing i forgot to mention was that we had to
change a network card and driver on the server and before
this the parts of the ERP which do not function proplery
now worked prior to the new card/driver being installed.
Any advice/assistance in this matter greatly appreciated
>--Original Message--
>If a user who is a domain admin logs into SQL Server, if
the
>default BUILTIN\Administrators group has not been modified
>or removed, the user will have sysadmin access through
their
>membership in the local administrators group on the SQL
>Server - domain admins are members of the local admins
group
>and this group gets access to SQL Server through the
>BUILTIN\Administrators group. The BUILTIN\Administrators
>group are members of sysadmins.
>How the security needs to be set up and how the users need
>to be configured depends on the ERP system. You should
>follow up with the vendor of this system to properly
>configure security for the users of the system.
>-Sue
>On Tue, 29 Jun 2004 01:41:08 -0700, "Robert"
><anonymous@.discussions.microsoft.com> wrote:
>
--[vbcol=seagreen]
--[vbcol=seagreen]
logs[vbcol=seagreen]
he[vbcol=seagreen]
now[vbcol=seagreen]
on[vbcol=seagreen]
1[vbcol=seagreen]
to[vbcol=seagreen]
>.
>|||You really need to contact the vendor of the ERP. I couldn't
even start to guess on what "not function properly" would
mean and functioning properly or expected behavior would be
defined by the vendor of the ERP.
-Sue
On Tue, 29 Jun 2004 06:38:20 -0700, "Robert"
<anonymous@.discussions.microsoft.com> wrote:
[vbcol=seagreen]
>One last thing i forgot to mention was that we had to
>change a network card and driver on the server and before
>this the parts of the ERP which do not function proplery
>now worked prior to the new card/driver being installed.
>Any advice/assistance in this matter greatly appreciated
>
>the
>their
>group
>--
Monday, February 20, 2012
Permission Error again
I am using an ERP system with SQL Server as the back end. When our user tried to run a function in ERP system, they got the following error:
229,"42000",[Microsoft][ODBC SQL Server Driver][SQL Server]SELECT permission denied on object 'Grant', database 'HEI', owner 'dbo'
I ran "sp_helprotect Grant" to check the permission, it looks okay.
When I used the administrator's User ID to login to the machine and ran the same function in ERP, it works fine.
Anyone knows how to fix it?
The error means that the principal used by your system to connect to SQL Server and SELECT from object [Grant] doesn’t have permission to select on that object.
When you connect as an administrator and try to select from the same object, the system will use your current context (administrator) and allow the call, but most likely (and actually I would recommend against it) your ERP system is not using administrator credentials and it requires explicit permissions in order to execute the SELECT statement.
Can you tell us what was the result of the sp_helprpotect call? It should be similar to this output:
OwnerObjectGranteeGrantor ProtectType ActionColumn
-- -- - -- --
dboGrant<<ERP user>> dboGrantSelect .
As an additional note: choosing an object name that may conflict with SQL Server syntax (such as [Grant]) is not a practice I would personally recommend as it may cause conflicts when parsing the statements (forcing you to always use the quoted [] name form) and making the statements a lot more difficult to read.
I hope this information helps
-Raul Garcia
SDE/T
SQL Server Engine
Subscribe to:
Posts (Atom)