Why SQL Tables Are Created with domain\username.tablename Instead of dbo.tablename

by Leave a Comment

Let’s start by stating I’m not a SQL DBA ๐Ÿ˜‰ when it comes to databases, I’m just a user who needs a database for my applications ๐Ÿ™‚ Lately, in various environments, we’ve been creating different Ivanti Workspace Control and Automation Manager databases. We simply request an empty database from the SQL department and are assigned DBO rights. Subsequently, we establish a connection to the database from Ivanti Automation Manager (for example) and handle the initial database setup within the application itself.

After initializing the SQL database, the user who performed the initialization can start Ivanti Workspace Control, for example, without encountering any issues. Another user, who has the same permissions (DBO) on the database, is unable to launch the application. The second user is able to access the SQL Database using SQL Management Studio, where they seem to have full control over the database.

While comparing a ‘working database’ with the ‘non-working’ one, we noticed a distinction in SQL table names. In the working database, all tables were named like dbo.table1, dbo.table2, and so forth. In the non-working SQL Database, we observed that all table names began with the username of the individual who initially initialized the database. For example, within the non-functional SQL Database, we observed [Mydomain\Username].table1, etc.

After some investigation, we found out there were several reasons why this might happen. Here’s an overview of the main causes:

1. Default Schema of the User

In SQL Server, each database user can be assigned a default schema. If a user does not explicitly specify a schema when creating a table, the table will be created in their default schema. If the default schema is not set to dbo (which is the default schema for most users), the tables may end up in another schema that includes the domain and username.

Solution: Set the user’s default schema to dbo:

ALTER USER [domain\username] WITH DEFAULT_SCHEMA = dbo;

2. Explicit Schema Specification in SQL Statements

If the SQL statements being executed to create tables include the schema explicitly as domain\username, the tables will be created under that schema.

Solution: Ensure that the SQL statements use dbo or omit the schema to use the default schema:

CREATE TABLE dbo.TableName (Column1 INT, Column2 NVARCHAR(50));

3. Incorrect Connection Context

Sometimes, the connection context or the tool used to run the SQL scripts might be causing the tables to be created with the domain\username schema. This can happen if the tool implicitly uses the connected user’s name as the schema.

Solution:

  • Check the connection settings and the context in which the scripts are being executed.
  • Make sure that the connection is not enforcing a different schema context.

4. Lack of Permissions

If the user creating the tables does not have the necessary permissions on the dbo schema, SQL Server might default to using a schema that the user does have permissions on, which could be their own domain\username schema.

Solution: Grant the necessary permissions to the user on the dbo schema:

GRANT ALTER ON SCHEMA::dbo TO [domain\username];

In our case, the SQL tables were owned by the initial user rather than dbo, requiring us to revert the ownership back to dbo. We ran a SQL query, replacing ‘DOMAIN\USERNAME’ with the current table names, which automatically generated a script to transfer all tables back to dbo ownership.

SELECT 'ALTER SCHEMA dbo TRANSFER [' + s.Name + '].' + o.Name
FROM sys.Objects o
INNER JOIN sys.Schemas s on o.schema_id = s.schema_id
WHERE s.Name = 'DOMAIN\USERNAME'
And (o.Type = 'U' Or o.Type = 'P' Or o.Type = 'V')

The query doesn’t make any changes immediately; it only generates a SQL script, which can then be used to actually change the tables. The sample output of the query-generated SQL script appears as follows:

ALTER SCHEMA dbo TRANSFER [DOMAIN\USERNAME].tblAudits
ALTER SCHEMA dbo TRANSFER [DOMAIN\USERNAME].tblSettings
ALTER SCHEMA dbo TRANSFER [DOMAIN\USERNAME].tblObjects
ALTER SCHEMA dbo TRANSFER [DOMAIN\USERNAME].tblResources
ALTER SCHEMA dbo TRANSFER [DOMAIN\USERNAME].tblFiles
ALTER SCHEMA dbo TRANSFER [DOMAIN\USERNAME].tblFolders

Before proceeding with the table changes, ensure you have a valid SQL backup of the database. This step is essential to safeguard against any potential data loss or unforeseen issues.

This script contains a series of ALTER SCHEMA statements transferring ownership of each table from [DOMAIN\USERNAME] to dbo. Copy the script output generated by the query and execute it on the incorrect database. This action will transfer ownership of all tables from [DOMAIN\USERNAME] to dbo.

Now that we have ‘fixed’ the database tables, let’s ensure this doesn’t happen again by modifying the current SQL configuration to prevent new tables from being created incorrectly.

1. Set Default Schema for Users

Ensure that all new and existing database users have their default schema set to dbo. This can be done when creating the user or later if the user already exists.

Setting Default Schema When Creating a User:

CREATE USER [domain\username] FOR LOGIN [domain\username] WITH DEFAULT_SCHEMA = dbo;

Altering Default Schema for Existing Users:

ALTER USER [domain\username] WITH DEFAULT_SCHEMA = dbo;

2. Create Database Roles with Specific Permissions

Instead of assigning permissions directly to individual users, create roles with the necessary permissions and set the default schema for these roles to dbo.

Creating a Role with Default Schema:

CREATE ROLE [RoleName] AUTHORIZATION [dbo];
ALTER ROLE [RoleName] ADD MEMBER [domain\username];

Hopefully, this article prevents you from encountering the same issue we experienced ๐Ÿ™‚

The Citrix Workspace App sometimes detects an incorrect keyboard layout on OSX.

by Leave a Comment

Apple OSX users sometimes experience an incorrect keyboard layout loaded within their Citrix session. As a result, special characters are often located in different places. The cause of this issue is that Apple has a different keyboard layout compared to Windows, leading to an Apple US-international keyboard being recognized as a Dutch keyboard in Windows.

How to identify your Apple keyboard layout by country or region

Some time ago, we conducted extensive research together with Citrix Support to investigate the cause of this issue and whether there are possibilities to change this behavior. Unfortunately, it has been found that this behavior cannot be changed through a central solution. This behavior can only be altered by making adjustments on a per OSX system basis. This guide provides detailed instructions on what needs to be adjusted.

Read More →

How to manage Windows ACL Permissions on a Synology

by Leave a Comment

For quite some time, I’ve been using Synology PhotoStation to manage all my family photos. Since I’m not the only userโ€”my children also use the appโ€”I thought it might be a good idea to set some permissions on the different folders. In general, I use three different groups: full control, read-write, and read-only. This way, my kids can access all shared family photos but can’t accidentally delete them. Setting access permissions within Synology Photos is somewhat limited, so I had to reorganize my folder structure to fulfill my needs. However, in the end, it worked out very well.

Last week, I decided to move over some additional photos and reorganize parts of my original folder structure. Thinking it would be quicker than using the web GUI, I accessed my photo share through SMB. Immediately, I noticed something wasn’t right. Folders could not be renamed, data couldn’t be moved, and so on. When I looked at the Windows ACL permissions, I noticed they were different from the permissions set in Synology Photos. In my case, most permissions were inherited from the root photos folder.

Read More →