Welcome to dbFreaks.com!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Permissions and Bulk Insert

  
   Database Help (Home) -> Programming RSS
Next:  Insert selected records  
Author Message
INTP56

External


Since: Feb 07, 2008
Posts: 41



(Msg. 1) Posted: Thu Feb 07, 2008 1:55 pm
Post subject: Permissions and Bulk Insert
Archived from groups: microsoft>public>sqlserver>programming (more info?)
SS2005. I have a need for users to BULK INSERT files on an adhoc basis.
Basically they want to upload a file and have immediate access.

Right now, I'm doing that by assigning those users to the bulkadmin server
role, and having them call a procedure that actually uploads the file. It
doesn't seem like something I want to do, so I'm considering alternatives.
Although, if this the way to do this it would help me to stop looking for a
better way.

I've been fooling around with the Service Broker, but getting the
permissions right seems beyond my skills. I created a SQL Server account with
bulkadmin, and if I log in on that account and execute code it works, but
when I put that code in the activation procedure or in a procedure it calls,
I get an error stating I don't have permission to bulk insert. I've tried
various combinations of EXECUTE AS for the activation procedures and other
procedures that they call, but to no avail.

We've tried using drop folders and SSIS event watchers, but we have found
that to be unreliable, as the event watchers stop for no apparent reason.
Microsoft has verified the problem and the solution is to get SS2008.

I can call a package that executes the bulk insert. Since I can't pass a
package parameters, I would need it to scan a table looking for a flag, then
using the information in that table and related tables determine what file to
bulk insert into what table. It would be nice if the user could start the
package immediately, but I run into the permission problems again. I guess I
could schedule the package to run every second or something like that, but
that doesn't seem like a scalable solution.

The nature of my data is typically on the order of 20K - 50K rows per file,
sometimes it's in excess of 100K. (Typically machine files generated by data
collection systems) I've tried using ADO recordsets via Excel, but that was
the prohibitivly slow. Calling a procedure from Excel to insert rows one at a
time runs about 2K rows / second, on my machine with no networks slowdowns.
Bulk inserting those files "seems" instantaneous compared with other methods.

This may be a case of me wanting something that doens't make sense. But I
would really like to figure out how to do this on a production server. I have
box rights on my little test system, but I don't have those rights on a box
run by the DBA's.

Any help or insight would be appreciated.

Bob

 >> Stay informed about: Permissions and Bulk Insert 
Back to top
Login to vote
Erland Sommarskog2

External


Since: May 30, 2004
Posts: 2061



(Msg. 2) Posted: Thu Feb 07, 2008 3:19 pm
Post subject: Re: Permissions and Bulk Insert [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
INTP56 (INTP56@discussions.microsoft.com) writes:
> SS2005. I have a need for users to BULK INSERT files on an adhoc basis.
> Basically they want to upload a file and have immediate access.
>
> Right now, I'm doing that by assigning those users to the bulkadmin
> server role, and having them call a procedure that actually uploads the
> file. It doesn't seem like something I want to do, so I'm considering
> alternatives. Although, if this the way to do this it would help me to
> stop looking for a better way.

I have an article on my web site that includes an example of packing
BULK INSERT into a stored procedure, so that users can run BULK INSERT
without being bulkadmin.

http://www.sommarskog.se/grantperm.html

--
Erland Sommarskog, SQL Server MVP, esquel.DeleteThis@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx

 >> Stay informed about: Permissions and Bulk Insert 
Back to top
Login to vote
INTP56

External


Since: Feb 07, 2008
Posts: 41



(Msg. 3) Posted: Fri Feb 08, 2008 11:27 am
Post subject: Re: Permissions and Bulk Insert [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi Erland,

I took your example, and made it work, even using the service broker to fire
events.

I was already aware of that page, and based what I did on it. The part I
missed, was setting TRUSTWORTHY ON for the database in question, I think ....

I deleted my original database, and recreated it with that option.

However, that brought up another difference. I typically login under the
windows account that SQL Server is running in to actually create the
databases, then log back in as me to do my work. I was able to run the
service broker script fine, but when I went to test it, I got the following
error on the line

EXECUTE AS USER = 'BulkUser';

Msg 33009, Level 16, State 2, Line 16
The database owner SID recorded in the master database differs from the
database owner SID recorded in database 'Test'. You should correct this
situation by resetting the owner of database 'Test' using the ALTER
AUTHORIZATION statement.

I looked up ALTER AUTHORIZATION and I'm not sure what I should do with that,
or even what has happened. Although it seems related to the fact the database
was created under a different account.

I already know the production DBA reviews/alters code I send her and runs it
under another account, so this is something I'll have to deal with when
moving my solutions there.

I tried logging in directly as BulkUser, and it "runs" but the file is not
getting inserted.

Obviously I don't have a handle on this permissions thing, it's driving me
nuts!

Bob

"Erland Sommarskog" wrote:

> INTP56 (INTP56@discussions.microsoft.com) writes:
> > SS2005. I have a need for users to BULK INSERT files on an adhoc basis.
> > Basically they want to upload a file and have immediate access.
> >
> > Right now, I'm doing that by assigning those users to the bulkadmin
> > server role, and having them call a procedure that actually uploads the
> > file. It doesn't seem like something I want to do, so I'm considering
> > alternatives. Although, if this the way to do this it would help me to
> > stop looking for a better way.
>
> I have an article on my web site that includes an example of packing
> BULK INSERT into a stored procedure, so that users can run BULK INSERT
> without being bulkadmin.
>
> http://www.sommarskog.se/grantperm.html
>
> --
> Erland Sommarskog, SQL Server MVP, esquel.RemoveThis@sommarskog.se
>
> Books Online for SQL Server 2005 at
> http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
> Books Online for SQL Server 2000 at
> http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
>
 >> Stay informed about: Permissions and Bulk Insert 
Back to top
Login to vote
Erland Sommarskog2

External


Since: May 30, 2004
Posts: 2061



(Msg. 4) Posted: Fri Feb 08, 2008 3:19 pm
Post subject: Re: Permissions and Bulk Insert [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
INTP56 (INTP56@discussions.microsoft.com) writes:
> However, that brought up another difference. I typically login under the
> windows account that SQL Server is running in to actually create the
> databases, then log back in as me to do my work. I was able to run the
> service broker script fine, but when I went to test it, I got the
> following error on the line
>
> EXECUTE AS USER = 'BulkUser';
>
> Msg 33009, Level 16, State 2, Line 16
> The database owner SID recorded in the master database differs from the
> database owner SID recorded in database 'Test'. You should correct this
> situation by resetting the owner of database 'Test' using the ALTER
> AUTHORIZATION statement.

I don't the context where you get this error, so I cannot really say
what is going on. But generally, EXCEUTE AS USER is a little devilish.
When you impersonate a database user, you are sandboxed into your
database, and what happens with access to other databases is not always
what you expect. EXECUTE AS LOGIN circumvents that problem.




--
Erland Sommarskog, SQL Server MVP, esquel DeleteThis @sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
 >> Stay informed about: Permissions and Bulk Insert 
Back to top
Login to vote
INTP56

External


Since: Feb 07, 2008
Posts: 41



(Msg. 5) Posted: Mon Feb 11, 2008 6:17 am
Post subject: Re: Permissions and Bulk Insert [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
As a test, I ran all the scripts as me, and it all works fine, so I know the
code is right. Then I dropped the db and ran all the scripts under the
machine account, and now the activation procedures do not run when I send a
messsage via the service broker.

What is becoming clear is my account on my test server has more privs then
the machine account SQL Server is running under. Probably this other issue is
related to that also. Since the production server I want to finally deploy to
is set up in a similar matter, I'm debating the wisdom of pursueing this
method any further, as any changes I would make to that account would have to
be made on the production server also, which I'm thinkin' ain't happenin'.

Even though it seems like a waste, I could accomplish this task using SSIS
and just scheduling the package every 15 seconds or whatever frequency that
DBA will let me run at to get a similar effect.

Thanks for your time Erland, I do appreciate your advice.

Bob

P.S. I know it's a necessary evil, but I waste more time guessing
permissions than anything else I do.



"Erland Sommarskog" wrote:

> INTP56 (INTP56@discussions.microsoft.com) writes:
> > However, that brought up another difference. I typically login under the
> > windows account that SQL Server is running in to actually create the
> > databases, then log back in as me to do my work. I was able to run the
> > service broker script fine, but when I went to test it, I got the
> > following error on the line
> >
> > EXECUTE AS USER = 'BulkUser';
> >
> > Msg 33009, Level 16, State 2, Line 16
> > The database owner SID recorded in the master database differs from the
> > database owner SID recorded in database 'Test'. You should correct this
> > situation by resetting the owner of database 'Test' using the ALTER
> > AUTHORIZATION statement.
>
> I don't the context where you get this error, so I cannot really say
> what is going on. But generally, EXCEUTE AS USER is a little devilish.
> When you impersonate a database user, you are sandboxed into your
> database, and what happens with access to other databases is not always
> what you expect. EXECUTE AS LOGIN circumvents that problem.
>
>
>
>
> --
> Erland Sommarskog, SQL Server MVP, esquel DeleteThis @sommarskog.se
>
> Books Online for SQL Server 2005 at
> http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
> Books Online for SQL Server 2000 at
> http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
>
 >> Stay informed about: Permissions and Bulk Insert 
Back to top
Login to vote
INTP56

External


Since: Feb 07, 2008
Posts: 41



(Msg. 6) Posted: Tue Feb 12, 2008 6:14 am
Post subject: Re: Permissions and Bulk Insert [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
I was able to change where the error occured. I've included my test script
for reference.

Before, when I created the database users, I didn't specify FOR LOGIN, and
in that case, as the machine account, I got my Msg 33009 on the statement

EXECUTE AS LOGIN = 'BulkUser';

In this version, I did specify FOR LOGIN, and now it did the above statement
OK, but now I got the same message when I tried to EXEC the procedure.

I've checked the machine account currently has every system role. I still
don't understand how it works on my account and not the machine account. I'm
hoping the fact I moved the error will be a clue as what I should do.

Bob

--!00_TestBulkScript.SQL
USE master;
SET NOCOUNT ON;
GO
-- Drop existing database and login accounts
IF EXISTS(SELECT * FROM sys.databases WHERE name = 'BulkCopyTest')
DROP DATABASE BulkCopyTest;
IF EXISTS(SELECT * FROM sys.server_principals WHERE name = 'BulkUser')
DROP LOGIN BulkUser;
IF EXISTS(SELECT * FROM sys.server_principals WHERE name =
'BulkAccount')DROP LOGIN BulkAccount;
GO

CREATE LOGIN BulkUser WITH PASSWORD = 'bulk$1user';
CREATE LOGIN BulkAccount WITH PASSWORD = 'bulk$1account';
GRANT ADMINISTER BULK OPERATIONS TO BulkAccount;
--REVOKE CONNECT SQL FROM BulkAccount;
GO

CREATE DATABASE BulkCopyTest;
ALTER DATABASE BulkCopyTest SET TRUSTWORTHY ON;
GO

USE BulkCopyTest;
IF NOT EXISTS(SELECT * FROM sys.database_principals WHERE name =
'BulkUser')CREATE USER BulkUser FOR LOGIN BulkUser;
IF NOT EXISTS(SELECT * FROM sys.database_principals WHERE name =
'BulkAccount')
CREATE USER BulkAccount FOR LOGIN BulkAccount;
GO

IF EXISTS(SELECT * FROM INFORMATION_SCHEMA.VIEWS WHERE TABLE_NAME =
'vContext')
DROP VIEW dbo.vContext;
GO
CREATE VIEW dbo.vContext AS
SELECT
GETDATE() AS CurrentTime
,ORIGINAL_LOGIN() AS OriginalLogin
,SUSER_SNAME() AS SUserSName
,SYSTEM_USER AS SystemUser
,USER_NAME() AS UserName
,SESSION_USER AS SessionUser
,CURRENT_USER AS CurrentUser;
GO
GRANT SELECT ON dbo.vContext TO public;
GO

IF NOT EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_TYPE =
'BASE TABLE' AND TABLE_NAME = 'BulkTable')
BEGIN
CREATE TABLE dbo.BulkTable
(RowNum INT IDENTITY(1,1) PRIMARY KEY
,DT DATETIME DEFAULT (GETDATE())
,H1 VARCHAR(36)
,H2 VARCHAR(36)
);
GRANT INSERT ON dbo.BulkTable TO BulkAccount;
--Not sure I need this, considering ownership chaining.
END;
GO

IF EXISTS(SELECT * FROM INFORMATION_SCHEMA.VIEWS WHERE TABLE_NAME =
'vBulkTable')
DROP VIEW dbo.vBulkTable;
GO
CREATE VIEW dbo.vBulkTable AS SELECT H1,H2 FROM dbo.BulkTable;
GO
GRANT INSERT ON dbo.vBulkTable TO BulkAccount;
GO

IF EXISTS(SELECT * FROM INFORMATION_SCHEMA.ROUTINES WHERE ROUTINE_TYPE =
'PROCEDURE' AND ROUTINE_NAME = 'BulkInsertTest')
DROP PROCEDURE dbo.BulkInsertTest;
GO

CREATE PROCEDURE dbo.BulkInsertTest
(@UNCFilePath AS VARCHAR(256)
,@FirstRow AS INT = 2
,@ErrorString VARCHAR(4000) = '' OUTPUT
) WITH EXECUTE AS 'BulkAccount'
AS
DECLARE @SQL VARCHAR(4000);
BEGIN
SET @SQL = 'BULK INSERT dbo.vBulkTable FROM ';
SET @SQL = @SQL + CHAR(39) + @UNCFilePath + CHAR(39);
SET @SQL = @SQL + ' WITH (TABLOCK,FirstRow=' + CAST(@FirstRow AS VARCHAR) +
')';
SELECT *,@SQL AS SQLStatement FROM dbo.vContext;
EXEC(@SQL);
END;
GO
GRANT EXECUTE ON dbo.BulkInsertTest TO public;
GO

EXECUTE AS LOGIN = 'BulkUser';
SELECT * FROM dbo.vContext;
DECLARE @strError AS VARCHAR(4000);
EXEC dbo.BulkInsertTest
@UNCFilePath = 'H:\SQLServerBulkInsertTest\ServiceBrokerBulkFile.txt'
,@FirstRow = 2
,@ErrorString = @strError OUTPUT;

IF LEN(ISNULL(@strError,'')) > 0 SELECT @strError AS ErrorString;
REVERT;
SELECT * FROM dbo.vContext;
SELECT * FROM dbo.BulkTable;
GO

-- Clean Up
USE master;
IF EXISTS(SELECT * FROM sys.databases WHERE name = 'BulkCopyTest')
DROP DATABASE BulkCopyTest;
IF EXISTS(SELECT * FROM sys.server_principals WHERE name = 'BulkUser')
DROP LOGIN BulkUser;
IF EXISTS(SELECT * FROM sys.server_principals WHERE name =
'BulkAccount')DROP LOGIN BulkAccount;
GO
 >> Stay informed about: Permissions and Bulk Insert 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
BULK insert - I am trying to do bulk insert 5000 rows into a simple table that has: id pk identity, col_text nvarchar(500) How do i do bulk insert but to only insert data that is not duplicated eg. if i have already in table 'some_text' and bulk inserting ..

Bulk insert problem - Hi! I have done bcp out using -V and -q switch from one table and using only -V switch on another table on the server running on sql server 2000. the datatype used is native i.e. -n switch. When I am trying to import it using BCP IN in the server..

Bulk Insert into New Table - I'm trying to Bulk Insert data but the table has yet to be created. I don't know what the definition of the table should be so the data imports without a hitch. Any suggestions?

bulk insert and openrowset - i'm having the strangest problem right now and can't seem to figure out what's going on- here's the deal: i'm trying to use the openrowset command, in combination with the bulk insert command to load data from a text file into sql server. the text..

block Bulk insert - Hi, I was asked at a job interview to create a trigger that will block the bulk insert in a table. I HAVE NO IDEA OF HOW TO BLOCK BULK INSERT!! Any ideas? Thanks, Carly
   Database Help (Home) -> Programming All times are: Pacific Time (US & Canada)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]