• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1265
  • Last Modified:

Bulk Insert Access Denied

Hi,
 I'm using VB.Net with an SQL Server 2008 R2 DB.
I've got a stored procedure that uses bulk insert to import some files in from a location on the network. It works great when I execute it from sql server.

When I try to execute from the VB app it throws an exeption stating: ex = {"Cannot bulk load because the file "\\usoscs101\DATA\INCOMING\TmTly\GET\Sortfill.TXT" could not be opened. Operating system error code 5(Access is denied.)."}

I haven't been able to grant myself permission for Administer bulk operations. So I'm thinking that might be the problem, but then I'm not sure why I could go into the sp and execute it.  I'm pretty much my own DBA so I'm figuring out some SQL Server as I go.

Thanks,
David
SPcode.txt
VBcode.txt
0
coperations07
Asked:
coperations07
  • 7
  • 5
  • 3
  • +2
1 Solution
 
Steve WalesSenior Database AdministratorCommented:
Does the user that the SQL Server service runs under have access to the Network Share you're trying to read from ?
0
 
coperations07Author Commented:
Yes. I drilled down to it just to make sure but it will open when I log in. It uses Windows Authentication.

I also have other applications that hit the same path and execute stored procedures that are running without issue.
0
 
Steve WalesSenior Database AdministratorCommented:
Check the Security Sections of these two documents:

http://msdn.microsoft.com/en-us/library/ms188365.aspx
http://msdn.microsoft.com/en-us/library/ms175915.aspx

I don't know a great deal about the finer details of Windows Security, but between them and this thread: http://social.msdn.microsoft.com/Forums/en-US/transactsql/thread/35578a01-5859-4277-9b70-fc61e3b48813

It seems that the section on "Security Account Delegation (Impersonation)" is what may be relevant.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
appariCommented:
>>It works great when I execute it from sql server.
Are you using same credentials when executing from sqlserver and vb?
0
 
Ramesh Babu VavillaCommented:
0
 
coperations07Author Commented:
Yes I'm using the same credentials for vb and sqlserver.

I added the shared path...or atleast followed the steps and executed this:
USE master
go
exec xp_cmdshell 'net use z: \\usoscs101\DATA\INCOMING\TmTly\GET'

I ran the app again and got the same message. Then I changed the path in the SP to 'z:\filename.txt' and it changes the message to an error code 3(file not found).
0
 
Steve WalesSenior Database AdministratorCommented:
What user is the SQL Server service running as ?

Is it the same user you're connecting as ?  The SQL Server service owner, if different from your user, is the user that needs to have access to the file and path.

Does that user have the required permissions ?
0
 
coperations07Author Commented:
I remote into the server using the same windows login and password that I use to login to my computer that runs the vb app. Is this what you are asking?
0
 
Steve WalesSenior Database AdministratorCommented:
No.

Do Start/Run and and then services.msc.

In the list of Services, you'll see SQL Server (MSSQLSERVER) - assuming it's the default instance.

The last column is usually "Log On As".

What do you see there ?  If it's "Local System" - then it won't have access to the network share.  

SQL Server uses the credentials of the service owner to access that file, not the credentials you use to connect to the SQL Server database engine.
0
 
coperations07Author Commented:
Ah...ok.  It doesn't say local system, but it doesn't show my id either. It shows YYYPlantSQLAdmin, which is probably the guy that installed the server. I'll check out the security for that id.
0
 
coperations07Author Commented:
I got full control rights for the Admin user to that network path, but I'm still running into the same issue.
0
 
Steve WalesSenior Database AdministratorCommented:
Seems like you may need to go back to this:  http://msdn.microsoft.com/en-us/library/ms188365.aspx and visit the section on Security Account Delegation (Impersonation).

I've never done that and am not familiar with that aspect of Windows, so I'm of limited help with that exact setup, sorry.
0
 
Anthony PerkinsCommented:
Provided that the SQL Server service account has the appropriate permissions as indicated previously, then you should be able to access the files using a UNC path (don't use mapped drives).
0
 
Ramesh Babu VavillaCommented:
alter database      dbname set partner timeout 60

change the  database name with dbname
0
 
coperations07Author Commented:
I'm using the UNC paths. I tried to map the driver earlier, but it didn't fix so I changed back.

sqlservr - when I execute that alter db command I get a message saying the database is not configured for mirroring.
0
 
Anthony PerkinsCommented:
I'm using the UNC paths. I tried to map the driver earlier, but it didn't fix so I changed back.
That is just the point you cannot use a mapped drive when using a service.  So if you are using UNC path, then the only reasons that it would fail is that the SQL Server service account:
1. Does not have the appropriate permissions in SQL Server and/or
2. It is not a domain account or does not have access to the folder on the remote server.
0
 
Anthony PerkinsCommented:
when I execute that alter db command I get a message saying the database is not configured for mirroring.
Just a word of caution:  Please, please read up on any advice provided here, before trying it, a lot of suggestions are useless and some are downright dangerous.  Just a cursory look in SQL Server's BOL would have told you that:
A. It is related to database Mirroring and
B. Setting the timeout period between mirrored instances.

Neither one have anything remotely to do with your question.

Please be careful.
0
 
coperations07Author Commented:
Thanks ac. I'm going to dig into the security and see what I can find.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 5
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now