Dado que hay tantas posibilidades para lo que podría estar mal. Aquí hay otra posibilidad de mirar. Me encontré con algo donde había establecido mis propios roles en una base de datos. (Por ejemplo, "Administrador", "Administrador", "Entrada de datos", "Cliente", cada uno con sus propios tipos de limitaciones). Los únicos que podían usarlo eran los de "Gerente" o superior, porque también estaban configurados como sysadmin porque estaban agregando usuarios a la base de datos (y eran altamente confiables). Además, los usuarios que se estaban agregando eran usuarios del Dominio de Windows, utilizando sus credenciales de dominio. (Todos los que tenían acceso a la base de datos tenían que estar en nuestro dominio, pero no todos en el dominio tenían acceso a la base de datos, y solo algunos de ellos tenían acceso para cambiarla).
De todos modos, este sistema funciona de repente dejó de funcionar y recibí mensajes de error similares a los de arriba. Lo que terminé haciendo fue resolver todos los permisos del rol "público" en esa base de datos y agregar esos permisos a todos los roles que había creado. Sé que se supone que todos tienen el rol "público" aunque no puedan agregarlos (o más bien, pueden "agregarlos", pero no "seguirán agregándose").
Por lo tanto, en "SQL Server Management Studio", entré en la base de datos de mi aplicación, en otras palabras (mis nombres localizados están ocultos dentro de <> corchetes): "(SQL Server - sa)" \ Databases \\ Security \ Roles \ Database Roles \ public ". Haga clic con el botón derecho en" public "y seleccione" Properties ". En el cuadro de diálogo" Database Role Properties - public ", seleccione la página" Securables ".Repase la lista y, para cada elemento de la lista, proponga una instrucción SQL "Grant" para otorgar exactamente ese permiso a otra función. Entonces, por ejemplo, hay una función escalar "[dbo]. [Fn_diagramobjects]" en la cual la función "pública" tiene el privilegio "Ejecutar". Por lo tanto, he añadido la línea siguiente:
EXEC ('GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @RoleName + '];')
Una vez que había hecho esto para todos los elementos de la lista "Asegurables", envolví que hasta en un bucle mientras que en un cursor de selección a través de todos los papeles en mis papeles mesa. Esto explícitamente otorgó todos los permisos del rol "público" a mis funciones de base de datos. En ese momento, todos mis usuarios estaban trabajando nuevamente (incluso después de haber eliminado su acceso "sysadmin" - hecho como una medida temporal mientras descubría lo que sucedió.)
Estoy seguro de que hay una mejor (más elegante) forma de hacer esto haciendo una especie de consulta sobre los objetos de la base de datos y seleccionando el rol público, pero después de aproximadamente media hora de investigación, no estaba descifrándolo, así que lo hice con el método de la fuerza bruta. En caso de que ayude a alguien más, aquí está mi código.
CREATE PROCEDURE [dbo].[GrantAccess]
AS
DECLARE @AppRoleName AS sysname
DECLARE AppRoleCursor CURSOR LOCAL SCROLL_LOCKS FOR
SELECT AppRoleName FROM [dbo].[RoleList];
OPEN AppRoleCursor
FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
WHILE @@FETCH_STATUS = 0
BEGIN
EXEC ('GRANT EXECUTE ON [dbo].[fn_diagramobjects] TO [' + @AppRoleName + '];')
EXEC ('GRANT EXECUTE ON [dbo].[sp_alterdiagram] TO [' + @AppRoleName + '];')
EXEC ('GRANT EXECUTE ON [dbo].[sp_creatediagram] TO [' + @AppRoleName + '];')
EXEC ('GRANT EXECUTE ON [dbo].[sp_dropdiagram] TO [' + @AppRoleName + '];')
EXEC ('GRANT EXECUTE ON [dbo].[sp_helpdiagramdefinition] TO [' + @AppRoleName + '];')
EXEC ('GRANT EXECUTE ON [dbo].[sp_helpdiagrams] TO [' + @AppRoleName + '];')
EXEC ('GRANT EXECUTE ON [dbo].[sp_renamediagram] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[all_columns] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[all_objects] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[all_parameters] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[all_sql_modules] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[all_views] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[allocation_units] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[assemblies] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[assembly_files] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[assembly_modules] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[assembly_references] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[assembly_types] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[asymmetric_keys] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[certificates] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[change_tracking_tables] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[check_constraints] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[column_type_usages] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[column_xml_schema_collection_usages] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[columns] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[computed_columns] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[conversation_endpoints] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[conversation_groups] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[conversation_priorities] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[crypt_properties] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[data_spaces] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[database_audit_specification_details] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[database_audit_specifications] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[database_files] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[database_permissions] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[database_principal_aliases] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[database_principals] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[database_role_members] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[default_constraints] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[destination_data_spaces] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[event_notifications] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[events] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[extended_procedures] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[extended_properties] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[filegroups] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[foreign_key_columns] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[foreign_keys] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[fulltext_catalogs] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[fulltext_index_catalog_usages] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[fulltext_index_columns] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[fulltext_index_fragments] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[fulltext_indexes] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[fulltext_stoplists] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[fulltext_stopwords] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[function_order_columns] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[identity_columns] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[index_columns] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[indexes] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[internal_tables] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[key_constraints] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[key_encryptions] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[message_type_xml_schema_collection_usages] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[module_assembly_usages] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[numbered_procedure_parameters] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[numbered_procedures] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[objects] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[parameter_type_usages] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[parameter_xml_schema_collection_usages] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[parameters] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[partition_functions] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[partition_parameters] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[partition_range_values] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[partition_schemes] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[partitions] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[plan_guides] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[procedures] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[remote_service_bindings] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[routes] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[schemas] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[service_contract_message_usages] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[service_contract_usages] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[service_contracts] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[service_message_types] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[service_queue_usages] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[service_queues] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[services] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[spatial_index_tessellations] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[spatial_indexes] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sql_dependencies] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sql_modules] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[stats] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[stats_columns] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[symmetric_keys] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[synonyms] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[syscolumns] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[syscomments] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sysconstraints] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sysdepends] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sysfilegroups] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sysfiles] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sysforeignkeys] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sysfulltextcatalogs] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sysindexes] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sysindexkeys] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sysmembers] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sysobjects] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[syspermissions] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sysprotects] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sysreferences] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[system_columns] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[system_objects] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[system_parameters] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[system_sql_modules] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[system_views] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[systypes] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[sysusers] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[table_types] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[tables] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[transmission_queue] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[trigger_events] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[triggers] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[type_assembly_usages] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[types] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[views] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[xml_indexes] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[xml_schema_attributes] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[xml_schema_collections] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[xml_schema_component_placements] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[xml_schema_components] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[xml_schema_elements] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[xml_schema_facets] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[xml_schema_model_groups] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[xml_schema_namespaces] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[xml_schema_types] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[xml_schema_wildcard_namespaces] TO [' + @AppRoleName + '];')
EXEC ('GRANT SELECT ON [sys].[xml_schema_wildcards] TO [' + @AppRoleName + '];')
FETCH NEXT FROM AppRoleCursor INTO @AppRoleName
END
CLOSE AppRoleCursor
RETURN 0
GO
Una vez que está en el sistema, solo necesitaba "Exec GrantAccess" para que funcione. (Por supuesto, tengo una tabla [RoleList] que contiene un campo "AppRoleName" que contiene los nombres de las funciones de la base de datos.
Entonces, el misterio sigue siendo: ¿por qué todos mis usuarios perdieron su rol "público" y por qué? no podría devolvérselos? ¿Esto era parte de una actualización de SQL Server 2008 R2? ¿Fue porque ejecuté otra secuencia de comandos para eliminar a cada usuario y volver a agregarlos para actualizar su conexión con el dominio? Bueno, esto resuelve el problema. problema por ahora.
Una última advertencia: es probable que deba verificar el rol "público" en su sistema antes de ejecutar esto para asegurarse de que no falta algo o es incorrecto, aquí. Siempre es posible que algo sea diferente en su sistema
Espero que esto ayude a otra persona.
¡No se preocupe, eso nos convierte en dos! Saludos por publicar la respuesta. – Yos
Haz que tres;) – jValdron
¡Hazlo cuatro! :) –