Post reply

Unable to view a User's Effective Permissions

  • November 22, 2016 at 7:08 am

    #315185

    I have a Database user that is a Windows Type mapped to a SQL Login which is mapped to an Active Directory Group.

    The Login has Public Server Role

    The User has Public Database Role and is a member of custom role that permits SELECT permission to some Views.

    On the User Properties, in the Securables Tab, if I filter by Views and then click the Effective tab where I would expect to see the permissions inherited to the user by it's role membership, I only see the error below

    "Cannot execute as the server principal because the principal "domain\username" does not exist, this type of principal cannot be impersonated, or you do not have permission"

    Can anybody help me resolve this please? I read something about the database owner. The owner was the domain user name of the user who last restored the database. I've since changed this to SA but the error persists.

  • November 22, 2016 at 7:53 am

    #1914012

    What are the permissions of the account you are viewing this dialogue box from? Do you have permission to impersonate?

    Thom~

    Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
    Larnu.uk

  • November 22, 2016 at 7:59 am

    #1914014

    Thom A (11/22/2016)

    What are the permissions of the account you are viewing this dialogue box from? Do you have permission to impersonate?

    As I said, no explicit permissions. The user is a member of the Public Database Role and a User Created Role and this role has SELECT permissions on about 10 Views.

    By selecting this tab, I expected to see the SELECT permissions that the user is inheriting from the Role I created.

  • November 22, 2016 at 8:21 am

    #1914025

    planetmatt (11/22/2016)

    Thom A (11/22/2016)

    What are the permissions of the account you are viewing this dialogue box from? Do you have permission to impersonate?

    As I said, no explicit permissions. The user is a member of the Public Database Role and a User Created Role and this role has SELECT permissions on about 10 Views.

    By selecting this tab, I expected to see the SELECT permissions that the user is inheriting from the Role I created.

    That's not what I asked. I asked what are YOUR permissions, do YOU have permission to impersonate, not the user you are amending.

    Thom~

    Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
    Larnu.uk

  • November 22, 2016 at 8:25 am

    #1914028

    Thom A (11/22/2016)

    planetmatt (11/22/2016)

    Thom A (11/22/2016)

    What are the permissions of the account you are viewing this dialogue box from? Do you have permission to impersonate?

    As I said, no explicit permissions. The user is a member of the Public Database Role and a User Created Role and this role has SELECT permissions on about 10 Views.

    By selecting this tab, I expected to see the SELECT permissions that the user is inheriting from the Role I created.

    That's not what I asked. I asked what are YOUR permissions, do YOU have permission to impersonate, not the user you are amending.

    My Windows Login is a member of Domain Admins and Domain Admins is a SQL Login with SysAdmin Server Role and Database Owner Database Role.

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply