Group NT permission problems
Adam.Bean
Posts: 28
Error 880: BACKUP DATABASE permission denied in database: (admin)
SQL error 15404: Could not obtain information about Windows NT group/user 'domain\beana', error code 0x5.
When using SSMS or SQLBU gui, I receive this error when attempting to backup databases that reside on a SQL server in our QA domain. Our domain is fully trusted to the QA domain, but the QA domain can not talk back to us.
The SQL Backup Agent is running under the same account which is running SQL Server in these domains (which are domain admins).
We connect as part of NT groups from our domain. We use AD to manage several layers of groups with different access. I am connected through BUILTIN\Administrators as I have box administration rights. I've also tried through a SQLAdmin group. Both return the same error. When I give myself direct permissions domain\beana on the instance, it works without problem. So it looks to be a problem with NT groups.
Thoughts?
Thanks
SQL error 15404: Could not obtain information about Windows NT group/user 'domain\beana', error code 0x5.
When using SSMS or SQLBU gui, I receive this error when attempting to backup databases that reside on a SQL server in our QA domain. Our domain is fully trusted to the QA domain, but the QA domain can not talk back to us.
The SQL Backup Agent is running under the same account which is running SQL Server in these domains (which are domain admins).
We connect as part of NT groups from our domain. We use AD to manage several layers of groups with different access. I am connected through BUILTIN\Administrators as I have box administration rights. I've also tried through a SQLAdmin group. Both return the same error. When I give myself direct permissions domain\beana on the instance, it works without problem. So it looks to be a problem with NT groups.
Thoughts?
Thanks
Comments
1) Does the SQL Backup Agent have sufficient permissions to perform the backup (otherwise it will be unable to execute)
2) Does the caller have sufficient permissions to issue a BACKUP statement on that database (otherwise it will introduce security vulnerabilities)
In this case it appears that your account may not have sufficient permissions to perform the backup, which appears to be confirmed further when you add your account to the SQL Server instance.
To resolve this, you need to make sure that the user running the command has the explicit permissions to perform the backup. If you would not expect to be able to perform a native SQL Server Backup, then the same rules apply for SQL Backup.
Hope that helps,
Jason
- Yes, I have box and sql admin against the target server.
As stated, If I make myself a login as NT ... domain\BEANA and make myself a sysadmin, it works. If I am part of BuiltinAdmins or another NT group managed by AD, it does not work.
The problem seems to be purely with using NT groups.
On x64 servers, Software\Red Gate\SQL Backup does not exist.
The path is, Software\Wow6432Node\Red Gate\SQL Backup.
Also, SOFTWARE\Red Gate\SQL Backup\InstalledInstances does not exist under that path nor Wow6432Node.
Anyways, I gave read permissions to the following per your instructions:
HKLM\Software\Microsoft\MSSQLServer\Setup
HKLM\Software\Microsoft\Microsoft SQL Server HKLM\Software\Wow6432Node\Microsoft\Microsoft SQL Server HKLM\Software\Wow6432Node\Red Gate\SQL Backup
And it is still failing.
Please advise...
Thank you
Any thoughts?