Localization and BUILTIN groups

Is there a synonym for the group BUILTIN\Users which can be used for GRANT ... TO and sp_grantlogin/sp_grantdbaccess, but which will work on localized computers?

I have a number of automated unit tests I wish to run on two different computers. The process involves recreating a database if it does not exist and then granting access and privileges to the BUILTIN\Users group.

The problem is that one computer is installed with a Swedish Windows XP Professional (the users group is called BUILTIN\Anv?ndare) and the other is an English WinXP MCE (the group is called BUILTIN\Users) so I cannot easily script this.

An alternative is to be able to retrieve the respective name through a .NET class or the Windows API.

Is any of this possible?

Thanks,
Johan

synonyms can be used only to securables residing inside a schema not principals or users.

you can however rename a login to a more friendly name inside a datbase using sp_grant dbaccess

Examples

This example adds an account for the Windows NT user Corporate\GeorgeW to the current database and gives it the name Georgie.

EXEC sp_grantdbaccess 'Corporate\GeorgeW', 'Georgie'

|||So there's no way to refer to BUILTIN\Users without knowing what language OS the machine has installed?

This works on an English OS only:
execute sp_grantlogin [BUILTIN\Users];
execute sp_grantdbaccess [BUILTIN\Users];.. and this on a Swedish OS:
execute sp_grantlogin [BUILTIN\Anv?ndare];
execute sp_grantdbaccess [BUILTIN\Anv?ndare];|||

run both statement and

put it in a try... catch.. block...

i mean use error handling

|||Good thinking!
Thanks|||

Actually you don't need to use try..catch at all. All Windows operating systems have certain number of well-known groups / users. These are universal and the SIDs for those are also the same across machines/windows OSes. So in your case, just do the following:

declare @.builtin_admins nvarchar(128)

set @.builtin_admins = suser_sname(0x01020000000000052000000020020000)

exec sp_grantdbaccess @.builtin_admins

declare @.builtin_users nvarchar(128)

set @.builtin_users = suser_name(0x01020000000000052000000021020000)

exec sp_grantdbaccess @.builtin_users

The SID values are the well-known values that will not change and you can use that to lookup the name. This will not work for user-defined groups.

|||That does it for me.
Thanks a million.

Local Groups and Access.

I'm trying to prototype some reports, and having difficulties granting access
to users, connecting to my LocalHost.
I work for a company that uses LDAP.
I have RS running on my LocalHost, and would like to grant access to users
to Report Manager so they can render reports.
In the Computer management > Local Users & Groups > Groups: I see Users,
Guests. Can I add these group(s) in the Report Manager using 'New Role
Assignment', and assign a Role, like Browser, then will a unknown user be
able to visit the site and render some reports.
Thanks,
rwiethornI'm getting closer, the user can see the reportmanger but cannot run a report.
Here is what I did:
I created a user on my local machine, call him Bob. I then created a group
on my local machine, called ReportViewers, and added Bob to the group. I then
added the group to ReportManager, gave it a Content Manager role, and for
'Configure site-wide security', System Role Assignments, assigned the group
as System Users.
However, they can not view the report. Ther error points to the Datasource.
The Datasource is supposed to pull a recordset from the AdventureWorks
catalog. It uses the SA account. When I look at the datasource in the
ReportManager, the credentials are saved (user name: sa and its password).
So why would that not return the results from the AdventureWorks database?
Do I neeed to add the local group also to the Database and catalog?
Do I need to add the IUSR_machine account to the database?
Do I need to add the ASPNET account to the group?
All help is appreciated,
thanks, confused,
rwiethorn
"rwiethorn" wrote:
> I'm trying to prototype some reports, and having difficulties granting access
> to users, connecting to my LocalHost.
> I work for a company that uses LDAP.
> I have RS running on my LocalHost, and would like to grant access to users
> to Report Manager so they can render reports.
> In the Computer management > Local Users & Groups > Groups: I see Users,
> Guests. Can I add these group(s) in the Report Manager using 'New Role
> Assignment', and assign a Role, like Browser, then will a unknown user be
> able to visit the site and render some reports.
> Thanks,
> rwiethorn

Local group permissions

Hi,
Is it possible to grant role assignment to report server local groups in
SSRS 2000? if so, how? I can't do it.
Thanks
AlexI managed to set local group policy only by adding the users to a
server-level group and then assign that group permissions. The same can be
done by adding individual accounts to the server itself, but I was unable to
create groups within RS itself.
Hope this assists,
"Alex" wrote:
> Hi,
> Is it possible to grant role assignment to report server local groups in
> SSRS 2000? if so, how? I can't do it.
> Thanks
> Alex
>
>|||Is is possible to restrict group rights per report using domain groups.
If I want a particular user to be able to view one or two reports and those
alone without viewing other reports, how would I attempt this. Say I want
only Sales see the sales reports, payroll to see only payroll, Tech Support
to see Tech Support and etc...
is this possible?
Regards,
Samson
"Logicalman" wrote:
> I managed to set local group policy only by adding the users to a
> server-level group and then assign that group permissions. The same can be
> done by adding individual accounts to the server itself, but I was unable to
> create groups within RS itself.
> Hope this assists,
> "Alex" wrote:
> > Hi,
> >
> > Is it possible to grant role assignment to report server local groups in
> > SSRS 2000? if so, how? I can't do it.
> >
> > Thanks
> > Alex
> >
> >
> >|||Samson,
Yes, you simply add the user to the group having permission on that report.
Be aware though, that by adding the user to that group he/she will then be
able to view ALL reports that particular group has permissions to.
example.
Report 1
Report 2
Report 3
Report 4
Group A
Group B
If Group A is given permission to browse Reports 1 and 2, and Group B is
given permission to view Reports 2,3 and 4.
By adding User X to Broup A, he/she will have access to Reports 1 and 2, by
adding User z to Group B he/she will have access to Reports 2,3 and 4.
If you want User Y to view Report 2 only, and no other Reports, then you
will need to either add that user directly to Report 2, or create a new Group
C, and assign permissions to Group C to view Report 2.
Again, such Gropus may be part of the Active Directory or the Server.
I hope this clears up any ambiguity.
"Samson" wrote:
> Is is possible to restrict group rights per report using domain groups.
> If I want a particular user to be able to view one or two reports and those
> alone without viewing other reports, how would I attempt this. Say I want
> only Sales see the sales reports, payroll to see only payroll, Tech Support
> to see Tech Support and etc...
> is this possible?
>
> --
> Regards,
> Samson
>
> "Logicalman" wrote:
> > I managed to set local group policy only by adding the users to a
> > server-level group and then assign that group permissions. The same can be
> > done by adding individual accounts to the server itself, but I was unable to
> > create groups within RS itself.
> >
> > Hope this assists,
> >
> > "Alex" wrote:
> >
> > > Hi,
> > >
> > > Is it possible to grant role assignment to report server local groups in
> > > SSRS 2000? if so, how? I can't do it.
> > >
> > > Thanks
> > > Alex
> > >
> > >
> > >|||That is good news. I guess my question is how. I created 3 users groups,
sales, techs, payroll.
How do I set the permission on the particular folder that holds the reports?
Regards,
Samson
"Logicalman" wrote:
> Samson,
> Yes, you simply add the user to the group having permission on that report.
> Be aware though, that by adding the user to that group he/she will then be
> able to view ALL reports that particular group has permissions to.
> example.
> Report 1
> Report 2
> Report 3
> Report 4
> Group A
> Group B
> If Group A is given permission to browse Reports 1 and 2, and Group B is
> given permission to view Reports 2,3 and 4.
> By adding User X to Broup A, he/she will have access to Reports 1 and 2, by
> adding User z to Group B he/she will have access to Reports 2,3 and 4.
> If you want User Y to view Report 2 only, and no other Reports, then you
> will need to either add that user directly to Report 2, or create a new Group
> C, and assign permissions to Group C to view Report 2.
> Again, such Gropus may be part of the Active Directory or the Server.
> I hope this clears up any ambiguity.
>
> "Samson" wrote:
> > Is is possible to restrict group rights per report using domain groups.
> >
> > If I want a particular user to be able to view one or two reports and those
> > alone without viewing other reports, how would I attempt this. Say I want
> > only Sales see the sales reports, payroll to see only payroll, Tech Support
> > to see Tech Support and etc...
> >
> > is this possible?
> >
> >
> > --
> > Regards,
> >
> > Samson
> >
> >
> > "Logicalman" wrote:
> >
> > > I managed to set local group policy only by adding the users to a
> > > server-level group and then assign that group permissions. The same can be
> > > done by adding individual accounts to the server itself, but I was unable to
> > > create groups within RS itself.
> > >
> > > Hope this assists,
> > >
> > > "Alex" wrote:
> > >
> > > > Hi,
> > > >
> > > > Is it possible to grant role assignment to report server local groups in
> > > > SSRS 2000? if so, how? I can't do it.
> > > >
> > > > Thanks
> > > > Alex
> > > >
> > > >
> > > >|||I think after reading youtr post again I can set the permission within the
report as well. I think I understand now.
Regards,
Samson
"Samson" wrote:
> That is good news. I guess my question is how. I created 3 users groups,
> sales, techs, payroll.
> How do I set the permission on the particular folder that holds the reports?
>
> --
> Regards,
> Samson
>
> "Logicalman" wrote:
> > Samson,
> >
> > Yes, you simply add the user to the group having permission on that report.
> > Be aware though, that by adding the user to that group he/she will then be
> > able to view ALL reports that particular group has permissions to.
> > example.
> > Report 1
> > Report 2
> > Report 3
> > Report 4
> >
> > Group A
> > Group B
> >
> > If Group A is given permission to browse Reports 1 and 2, and Group B is
> > given permission to view Reports 2,3 and 4.
> > By adding User X to Broup A, he/she will have access to Reports 1 and 2, by
> > adding User z to Group B he/she will have access to Reports 2,3 and 4.
> >
> > If you want User Y to view Report 2 only, and no other Reports, then you
> > will need to either add that user directly to Report 2, or create a new Group
> > C, and assign permissions to Group C to view Report 2.
> > Again, such Gropus may be part of the Active Directory or the Server.
> >
> > I hope this clears up any ambiguity.
> >
> >
> > "Samson" wrote:
> >
> > > Is is possible to restrict group rights per report using domain groups.
> > >
> > > If I want a particular user to be able to view one or two reports and those
> > > alone without viewing other reports, how would I attempt this. Say I want
> > > only Sales see the sales reports, payroll to see only payroll, Tech Support
> > > to see Tech Support and etc...
> > >
> > > is this possible?
> > >
> > >
> > > --
> > > Regards,
> > >
> > > Samson
> > >
> > >
> > > "Logicalman" wrote:
> > >
> > > > I managed to set local group policy only by adding the users to a
> > > > server-level group and then assign that group permissions. The same can be
> > > > done by adding individual accounts to the server itself, but I was unable to
> > > > create groups within RS itself.
> > > >
> > > > Hope this assists,
> > > >
> > > > "Alex" wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > Is it possible to grant role assignment to report server local groups in
> > > > > SSRS 2000? if so, how? I can't do it.
> > > > >
> > > > > Thanks
> > > > > Alex
> > > > >
> > > > >
> > > > >