I created a SQL server login "LOG1", granted him "ALTER" privilege on anothe
r
sql login "log2"
When I connect using "LOG1", right click on "log2" in "logins, security",
try to change its password I get the following error :
Change password failed......Additional info........
Can not alter login 'log2' because it does not exist or you dont have
permissions error 15151
Thanks for your helpProbably because you aren't supplying the old password when
you go through SSMS. Read the rest of the permissions
section in books online for ALTER LOGIN.
-Sue
On Thu, 26 Oct 2006 13:59:01 -0700, SalamElias
<eliassal@.online.nospam> wrote:
>I created a SQL server login "LOG1", granted him "ALTER" privilege on anoth
er
>sql login "log2"
>When I connect using "LOG1", right click on "log2" in "logins, security",
>try to change its password I get the following error :
>Change password failed......Additional info........
>Can not alter login 'log2' because it does not exist or you dont have
>permissions error 15151
>Thanks for your help|||Hello Salam,
I understand that you cannot change password of another login even you have
grant the alter login permission to the login. As Sue mentioned, this
behavior is as designed and you could refer to Books Online
ms-help://MS.SQLCC.v9/MS.SQLSVR.v9.en/tsqlref9/html/e247b84e-c99e-4af8-8b50-
57586e1cb1c5.htm for details. Any users without SQL admin rights/control
server permissions shall provide old password informaiton to change a
password of logins. This even occurs if the login want to change its own
password. This is a security purpose design.
You may try the following statement to change the password
Alter login testuser with password='newpass' old_password='oldpass'
Actually, this calls the following API in SQL Server.
ChangePassword(System.String oldPassword, System.String newPassword)
I understand it might be not convenient under some situation though it may
bring more security to SQL Server. Your feedback on this issue is routed to
the product team, and I also encourage you submit via the link below
http://lab.msdn.microsoft.com/produ...ck/default.aspx
If anything is unclear or you have concerns on the issue, please feel free
to let's know. Thank you.
Best Regards,
Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Community Support
========================================
==========
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscript...ault.aspx#notif
ications
<http://msdn.microsoft.com/subscript...ps/default.aspx>.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
<http://msdn.microsoft.com/subscript...rt/default.aspx>.
========================================
==========
This posting is provided "AS IS" with no warranties, and confers no rights.|||Hello Salam,
I'm still interested in this issue. If you have any comments or questions,
please feel free to let's know. We look forward to hearing from you.
Best Regards,
Peter Yang
MCSE2000/2003, MCSA, MCDBA
Microsoft Online Community Support
========================================
=============
This posting is provided "AS IS" with no warranties, and confers no rights.
========================================
==============|||"Peter Yang [MSFT]" wrote:
> Hello Salam,
> I understand that you cannot change password of another login even you hav
e
> grant the alter login permission to the login. As Sue mentioned, this
> behavior is as designed and you could refer to Books Online
> ms-help://MS.SQLCC.v9/MS.SQLSVR.v9.en/tsqlref9/html/e247b84e-c99e-4af8-8b5
0-
> 57586e1cb1c5.htm for details. Any users without SQL admin rights/control
> server permissions shall provide old password informaiton to change a
> password of logins. This even occurs if the login want to change its own
> password. This is a security purpose design.
> You may try the following statement to change the password
> Alter login testuser with password='newpass' old_password='oldpass'
>
Thanks - this answer solved my problem. Nowhere in the indicated BOL page
does it say about the requirement to supply the old password to change the
new password - it even has the OLD_PASSWORD section in [optional] square
brackets in the Syntax section.
(When we create user accounts we set a default password, then get the user
to login and change it to something only they know. We were getting an
unhelpful "Login doesn't exists or permission denied" message, when the
users tried to change their details on our new SQL Server 2005 Server)|||I think your right in terms of the documentation not being
clear. The help topic for sp_password is alludes to the
issue a bit more. Nothing all that direct though.
-Sue
On Wed, 1 Nov 2006 03:51:02 -0800, chrisredburn
<chrisredburn@.discussions.microsoft.com> wrote:
>
>"Peter Yang [MSFT]" wrote:
>
>Thanks - this answer solved my problem. Nowhere in the indicated BOL page
>does it say about the requirement to supply the old password to change the
>new password - it even has the OLD_PASSWORD section in [optional] squar
e
>brackets in the Syntax section.
>(When we create user accounts we set a default password, then get the user
>to login and change it to something only they know. We were getting an
>unhelpful "Login doesn't exists or permission denied" message, when the
>users tried to change their details on our new SQL Server 2005 Server)|||I opened a request for updating the permissions section of ALTER LOGIN.
Thanks
Laurentiu Cristofor [MSFT]
Software Development Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Sue Hoegemeier" <Sue_H@.nomail.please> wrote in message
news:hjmik29h0qm3lnrjfgkpostj8h7mjuu1ob@.
4ax.com...
>I think your right in terms of the documentation not being
> clear. The help topic for sp_password is alludes to the
> issue a bit more. Nothing all that direct though.
> -Sue
> On Wed, 1 Nov 2006 03:51:02 -0800, chrisredburn
> <chrisredburn@.discussions.microsoft.com> wrote:
>
>|||Thanks Laurentiu!
-Sue
On Thu, 2 Nov 2006 11:55:24 -0800, "Laurentiu Cristofor
[MSFT]" <Laurentiu.Cristofor@.nospam.com> wrote:
>I opened a request for updating the permissions section of ALTER LOGIN.
>Thanks
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment