This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 10%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hello,
I have a SQL server (on my server) with 20-30 databases.
Each database has different users (one user per database).
In one database I created a stored procedure with "BULK INSERT" that select content from CSV file (on the same server) and do stuff.
When I run the stored procedure with my user it works fine, but with the database user I get the error "You do not have permission to use the bulk load statement".
How can I open this permission only to this database ?
This is the part of the BULK INSERT:
set @SQL = '
BULK INSERT #Tbl_Csv
FROM ''' + @CsvFileFullName + '''
WITH (
firstrow = 2,
fieldterminator = '','',
rowterminator=''\n'',
batchsize=10000,
maxerrors=10
);
'
EXEC (@sql)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 2%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESX%3C/text%3E%3C/svg%3E)
Hi @nd0911 ,
We have not received a response from you. Did the reply could help you? If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. By doing so, it will benefit all community members who are having this similar issue. Your contribution is highly appreciated.
Best regards,
Seeya
To use the BULK INSERT statement, you need to have the server-level permission ADMINISTER BULK OPERATIONS or be a member of the fixed server role bulkadmin.
So you need to do:
USE master
go
GRANT ADMINISTER BULK OPERATIONS TO user_for_that_database
It is also possible to package the permission with the stored procedure, but I skip the description of how to do this, unless you actually need it.
thank you ErlandSommarskog
what is it means to "to package the permission with the stored procedure", do you mean that the permission will be available for only this stored procedure ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 26%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYK%3C/text%3E%3C/svg%3E)
Hi @nd0911 ,
In addition to the @Erland Sommarskog method there is another one.
There is a server-level role called bulkadmin that does that. Rather than directly granting the permission to a user account you could add a user or group to that role.
Please see below how to find that server role.
Go to its properties and add role members.
thank you YitzhakKhabinsky
can you please guide me how can I do it, because in the server level tree "security > logins" I don't have this database user in the list, I have this user in the database tree "security > users"...
@nd0911 ,
I added a screen shot to the answer.
thank you again.
I saw your screen shot and as I said, the user i'm looking for is not in the server login list, it is in the database, so I dont have access to the user.
There is more than one possible reason you don't see this user among the logins, but you know more about this than we do. (Because we have no knowledge of what has been going on at you server.)
These database users, are they Windows logins or SQL users? Have the database in question been restored from a different server? What does this statement return:
SELECT suser_sname(sid) FROM yourdatabase.sys.database_principals WHERE name = 'yourdatabaseuser'
what is it means to "to package the permission with the stored procedure", do you mean that the permission will be available for only this stored procedure ?
Yes. If you grant the bulk permission to the user, this means that the user can load any file on the server, of which some may include sensitive data. Say that you only want the user to be able to load files in a certain folder. Then you could write the SP so that it validates the input pat and only accepts permitted paths.
But if you are not uncomfortable with granting the database user the server-level permission, there is little reason to dabble with this. I only mentioned it in case granting a server-level permission would be a a concern to you.
An addition to the @Erland Sommarskog method there is another one.
There is a server-level role called bulkadmin that does that. Rather than directly granting the permission to a user account you could add a user or group to that role.
I did mention bulkadmin in my post, but I preferred to give the example with the explicit permission. It's more or less a toss-up which one to use.
Yitzhak make a good point about roles. Rather than granting permission directly to the user, you could do:
USE master
go
CREATE SERVER ROLE bulkusers
GRANT ADMINISTER BULK OPERATIONS TO bulkusers
ALTER SERVER ROLE bulkusers ADD MEMBER user_for_that_database
If the need would arise for another database, you can simply add that database user to bulkusers.
can you please guide me how can I do it, because in the server level tree "security > logins" I don't have this database user in the list, I have this user in the database tree "security > users"...
The one situation where the above would not work would be if you have created these database users as database users WITHOUT LOGIN. Keep in mind is that all you told us is that you have these database users, but you did not tell us how they have been set up.
thank you for your answer.
Yes, you are right, I want to give this user access only to the folder of this CSV file, not more not less.
The user is SQL authentication user with password.
after said that, what is the right way to do it ? (if you need more information to answer please let me know)
Yes, you are right, I want to give this user access only to the folder of this CSV file, not more not less.
In that case, we don't have to discuss why the user does not show up among the logins.
The first step is to write the procedure so that it validates the path, one way or an other. That is, @csvFullFileName in your original post must not be a parameter to the stored procedure.
The short recipe to package the permission with the procedure is as follows:
There may several things above that are new to you. Rather explaining this in detail here, I refer you to an article on my web site: https://www.sommarskog.se/grantperm.html.
That's a not a short article, as I take the time to explain all the mechanisms involved. You don't need to read the full article for your task, only the first five chapters, but that is still more than a mouthful. If you want to get started quickly without understanding of what is going on, you can try the script at https://www.sommarskog.se/grantperm/GrantPermsToSP_server.sql.txt. I explain this script in the article.
I'm super appreciate your answer but I thing it's a little beyond my knowledge and abilities, I don't know how to perform any of your 1 to 6 steps and I'm afraid to break something.
I thing I will need a personal support on this one.
P.S:
Before the CSV I use to have an Excel file, and I didn't need to do all this permissions to access a folder (it's the same SP), but because the Excel file has a limit of one million rows (and I need more) I need to do this switch.
maybe there is another solution ? I don't know, maybe selecting the CSV content like I did with the Excel file (tried it, it's not working)
The excel code:
'insert into #Tbl_Excel
SELECT *
FROM OPENROWSET(
''Microsoft.ACE.OLEDB.12.0''
,''Excel 12.0;HDR=NO;Database=' + @ExcelFileFullName + '''
,''select * from [Sheet1$]'')'
I'm super appreciate your answer but I thing it's a little beyond my knowledge and abilities, I don't know how to perform any of your 1 to 6 steps and I'm afraid to break something.
I thing I will need a personal support on this one.
So that why I wrote an article rather than having to explain it every time.
And, yes, it is quite a few pages to read and digest. But you will learn a few useful things about SQL Server security.
Before the CSV I use to have an Excel file, and I didn't need to do all this permissions to access a folder (it's the same SP), but because the Excel file has a limit of one million rows (and I need more) I need to do this switch.
But that solution was also far less secure. Here you have no control where the user is reading the file. Once you have activated OPENROWSET with sp_configure, you permit any user on the system to read any file than can be accessed with OPENROWSET. And that might be more files than you expect.