"MG" <M*@discussions.microsoft.com> wrote in message
news:BDBD991D-23CD-4F39-ACF8-EB10CBEE830B@microsoft.com...
>I have a stored procedure that dynamically builds a BULK INSERT command and
> load data into a temp table. I can run it fine. Of course I am the dbo and
> sa.
>
> The user has BULK Administration rites setup in SQL.
> I gave the user dbo access to the database because the BUILk Admin still
> did
> not let them run the BULK command in the sp. Now that they are BULK Admin
> and
> dbo, they can run the sp but it gives a security error using the temp
> table
> in the BULK INSERT code. When I change the BULK INSERT code to load into a
> real table, it works perfectly. The user has dbo access only to the
> database
> that the sp is running against.  I would rather take the code back to a
> temp
> table.
>
> What is security setup is missing?
>
> Thanks MG

"Aaron Bertrand [SQL Server MVP]" wrote:

> Why can't you grant access to tempdb?  Do you store encryption algorithms,
> credit card information, SSNs in permanent tables there?  Otherwise, all
> they will be able to access is the #table they create.
>
>
>
>
> "MG" <M*@discussions.microsoft.com> wrote in message
> news:BDBD991D-23CD-4F39-ACF8-EB10CBEE830B@microsoft.com...
> >I have a stored procedure that dynamically builds a BULK INSERT command and
> > load data into a temp table. I can run it fine. Of course I am the dbo and
> > sa.
> >
> > The user has BULK Administration rites setup in SQL.
> > I gave the user dbo access to the database because the BUILk Admin still
> > did
> > not let them run the BULK command in the sp. Now that they are BULK Admin
> > and
> > dbo, they can run the sp but it gives a security error using the temp
> > table
> > in the BULK INSERT code. When I change the BULK INSERT code to load into a
> > real table, it works perfectly. The user has dbo access only to the
> > database
> > that the sp is running against.  I would rather take the code back to a
> > temp
> > table.
> >
> > What is security setup is missing?
> >
> > Thanks MG
>
>
>

"Erland Sommarskog" wrote:

> MG (M*@discussions.microsoft.com) writes:
> > I have a stored procedure that dynamically builds a BULK INSERT command
> > and load data into a temp table. I can run it fine. Of course I am the
> > dbo and sa.
> >
> > The user has BULK Administration rites setup in SQL.
> > I gave the user dbo access to the database because the BUILk Admin still
> > did not let them run the BULK command in the sp. Now that they are BULK
> > Admin and dbo, they can run the sp but it gives a security error using
> > the temp table in the BULK INSERT code. When I change the BULK INSERT
> > code to load into a real table, it works perfectly. The user has dbo
> > access only to the database that the sp is running against.  I would
> > rather take the code back to a temp table.
>
> The quirk is that the tempdb has dbo as owner, not the user, which
> apparently matters in this case.
>
> See this old thread for some more details:
> http://groups.google.se/group/comp.databases.ms-sqlserver/browse_thread/thread/8b7dff51b69819fe/9174fb932bed4123?lnk=st&q=&rnum=1&hl=sv#9174fb932bed4123
>
> I take it that you are on SQL 2000?
>
> --
> Erland Sommarskog, SQL Server MVP, esq***@sommarskog.se
>
> Books Online for SQL Server 2005 at
> http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
> Books Online for SQL Server 2000 at
> http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
>

"MG" wrote:

> Erland,
>
> Thanks so much for you help. I thought I had tried that combination of dbo
> for tempdb yesterday but must have missed it. Once I made the user DBO for
> tempdb, which alone seems preposterous, BULK INSERT works with a temp table.
> This is a mess. I truley believe that MS missed this one on their design -
> they should have setup SQL to have BULK Admin permission at either the SQL
> level or database level. Then not required someone to be DBO - it is
> ludicrous. Regardless, it looks like that is what I will be doing:
>
> User is DBO of the database.
> User is DBO of TEMPDB.
> User is BULK Admin
>
> It is rather funny in that I had designed the security wherey there is a
> Role called SuperUser which the few users are members of. Now they are DBO,
> which makes SuperUser pretty much worthless but I will keep it and keep them
> in it just the same incase we get ride of BULK INSERT in a sp. All this
> because of the BULK INSERT design - someday I will laugh but not now.
>
> One more question for you, I have never given anyone dbo for TEMPDb. Are
> there any drawbacks?
> Thanks again,
>
> MG
>
>
>
> "Erland Sommarskog" wrote:
>
> > MG (M*@discussions.microsoft.com) writes:
> > > I have a stored procedure that dynamically builds a BULK INSERT command
> > > and load data into a temp table. I can run it fine. Of course I am the
> > > dbo and sa.
> > >
> > > The user has BULK Administration rites setup in SQL.
> > > I gave the user dbo access to the database because the BUILk Admin still
> > > did not let them run the BULK command in the sp. Now that they are BULK
> > > Admin and dbo, they can run the sp but it gives a security error using
> > > the temp table in the BULK INSERT code. When I change the BULK INSERT
> > > code to load into a real table, it works perfectly. The user has dbo
> > > access only to the database that the sp is running against.  I would
> > > rather take the code back to a temp table.
> >
> > The quirk is that the tempdb has dbo as owner, not the user, which
> > apparently matters in this case.
> >
> > See this old thread for some more details:
> > http://groups.google.se/group/comp.databases.ms-sqlserver/browse_thread/thread/8b7dff51b69819fe/9174fb932bed4123?lnk=st&q=&rnum=1&hl=sv#9174fb932bed4123
> >
> > I take it that you are on SQL 2000?
> >
> > --
> > Erland Sommarskog, SQL Server MVP, esq***@sommarskog.se
> >
> > Books Online for SQL Server 2005 at
> > http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
> > Books Online for SQL Server 2000 at
> > http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
> >

"glen" wrote:

> Just a comment on your original design; might it simplify things to use a
> table variable instead of a temp table?
> --
> glen
>
>
> "MG" wrote:
>
> > Erland,
> >
> > Thanks so much for you help. I thought I had tried that combination of dbo
> > for tempdb yesterday but must have missed it. Once I made the user DBO for
> > tempdb, which alone seems preposterous, BULK INSERT works with a temp table.
> > This is a mess. I truley believe that MS missed this one on their design -
> > they should have setup SQL to have BULK Admin permission at either the SQL
> > level or database level. Then not required someone to be DBO - it is
> > ludicrous. Regardless, it looks like that is what I will be doing:
> >
> > User is DBO of the database.
> > User is DBO of TEMPDB.
> > User is BULK Admin
> >
> > It is rather funny in that I had designed the security wherey there is a
> > Role called SuperUser which the few users are members of. Now they are DBO,
> > which makes SuperUser pretty much worthless but I will keep it and keep them
> > in it just the same incase we get ride of BULK INSERT in a sp. All this
> > because of the BULK INSERT design - someday I will laugh but not now.
> >
> > One more question for you, I have never given anyone dbo for TEMPDb. Are
> > there any drawbacks?
> > Thanks again,
> >
> > MG
> >
> >
> >
> > "Erland Sommarskog" wrote:
> >
> > > MG (M*@discussions.microsoft.com) writes:
> > > > I have a stored procedure that dynamically builds a BULK INSERT command
> > > > and load data into a temp table. I can run it fine. Of course I am the
> > > > dbo and sa.
> > > >
> > > > The user has BULK Administration rites setup in SQL.
> > > > I gave the user dbo access to the database because the BUILk Admin still
> > > > did not let them run the BULK command in the sp. Now that they are BULK
> > > > Admin and dbo, they can run the sp but it gives a security error using
> > > > the temp table in the BULK INSERT code. When I change the BULK INSERT
> > > > code to load into a real table, it works perfectly. The user has dbo
> > > > access only to the database that the sp is running against.  I would
> > > > rather take the code back to a temp table.
> > >
> > > The quirk is that the tempdb has dbo as owner, not the user, which
> > > apparently matters in this case.
> > >
> > > See this old thread for some more details:
> > > http://groups.google.se/group/comp.databases.ms-sqlserver/browse_thread/thread/8b7dff51b69819fe/9174fb932bed4123?lnk=st&q=&rnum=1&hl=sv#9174fb932bed4123
> > >
> > > I take it that you are on SQL 2000?
> > >
> > > --
> > > Erland Sommarskog, SQL Server MVP, esq***@sommarskog.se
> > >
> > > Books Online for SQL Server 2005 at
> > > http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
> > > Books Online for SQL Server 2000 at
> > > http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
> > >

"glen" wrote:

> Just a comment on your original design; might it simplify things to use a
> table variable instead of a temp table?
> --
> glen
>
>
> "MG" wrote:
>
> > Erland,
> >
> > Thanks so much for you help. I thought I had tried that combination of dbo
> > for tempdb yesterday but must have missed it. Once I made the user DBO for
> > tempdb, which alone seems preposterous, BULK INSERT works with a temp table.
> > This is a mess. I truley believe that MS missed this one on their design -
> > they should have setup SQL to have BULK Admin permission at either the SQL
> > level or database level. Then not required someone to be DBO - it is
> > ludicrous. Regardless, it looks like that is what I will be doing:
> >
> > User is DBO of the database.
> > User is DBO of TEMPDB.
> > User is BULK Admin
> >
> > It is rather funny in that I had designed the security wherey there is a
> > Role called SuperUser which the few users are members of. Now they are DBO,
> > which makes SuperUser pretty much worthless but I will keep it and keep them
> > in it just the same incase we get ride of BULK INSERT in a sp. All this
> > because of the BULK INSERT design - someday I will laugh but not now.
> >
> > One more question for you, I have never given anyone dbo for TEMPDb. Are
> > there any drawbacks?
> > Thanks again,
> >
> > MG
> >
> >
> >
> > "Erland Sommarskog" wrote:
> >
> > > MG (M*@discussions.microsoft.com) writes:
> > > > I have a stored procedure that dynamically builds a BULK INSERT command
> > > > and load data into a temp table. I can run it fine. Of course I am the
> > > > dbo and sa.
> > > >
> > > > The user has BULK Administration rites setup in SQL.
> > > > I gave the user dbo access to the database because the BUILk Admin still
> > > > did not let them run the BULK command in the sp. Now that they are BULK
> > > > Admin and dbo, they can run the sp but it gives a security error using
> > > > the temp table in the BULK INSERT code. When I change the BULK INSERT
> > > > code to load into a real table, it works perfectly. The user has dbo
> > > > access only to the database that the sp is running against.  I would
> > > > rather take the code back to a temp table.
> > >
> > > The quirk is that the tempdb has dbo as owner, not the user, which
> > > apparently matters in this case.
> > >
> > > See this old thread for some more details:
> > > http://groups.google.se/group/comp.databases.ms-sqlserver/browse_thread/thread/8b7dff51b69819fe/9174fb932bed4123?lnk=st&q=&rnum=1&hl=sv#9174fb932bed4123
> > >
> > > I take it that you are on SQL 2000?
> > >
> > > --
> > > Erland Sommarskog, SQL Server MVP, esq***@sommarskog.se
> > >
> > > Books Online for SQL Server 2005 at
> > > http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
> > > Books Online for SQL Server 2000 at
> > > http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
> > >

"Alexander Kuznetsov" wrote:

> I had this issue and created a separate database StagingDB where
> everybody is a dbo.
> Since then BULK INSERTs work all right as long as the target table in
> in StagingDB.
>
>