I am currently working on a project to help configure an application in GCP, been working mostly in Azure and I am a bit confused with users and rights in Cloud SQL for SQL Server. It seems that SA is not permitted and I can understand that but in their documentation it states:
You can create other SQL Server users or roles. All Users you create using Cloud SQL are granted the same database permissions as the sqlserver login. if you use a different method the user wont have the same permissions as the customer admin accounts.
My questions.
Create with cloud sql means i have to use the console to create those users and not thru TSQL inside say SQL Server Management Studio that connects to SQL Server?
If i create a login will I then be able to add that login as a user to the database?
thank you.
Related
Two questions I am not in a position to confirm via deploying to an Azure resource group (due to my account limitations). So far, I have not found resources that answers my questions.
1. AD Users and Groups
Can Active Directory (AD) Users and AD Groups SQL Server Logins or Database users be migrated from On premise SQL databases to Azure SQL?
The environment I will be working on has the on premise AD synced to Azure Active Directory (AAD).
So far, I have only seen that SQL Logins can be migrated.
2. Authentication
I know that SQL Login and Windows Authentication login are options to connect to the Source database. Are both of these option also available in the destination Azure SQL database?
So far I have only seen SQL Login as an option for connection to the destination database (see below screenshot). This might be because there are no AAD accounts associated with the blank Azure SQL target database I am trying to connect to. The Server Admin is set for the target database.
No, unfortunately you can't migrate the Active Directory (AD) Users and AD Groups to Azure SQL Database. Yes, you move SQL logins from the SQL Server source to Azure SQL Database by using Database Migration Service in offline mode.
You can also migrate Windows users and groups using T-SQL DDL syntax with the help of this tutorial.
You can use Azure AD authentication to connect with Azure SQL Database. It is an alternative to SQL Logins Authentication. Please refer Azure Active Directory authentication for more details.
You can simply use SQL Server Management Studio (SSMS) to connect with Azure SQL Database using Azure AD credentials. Install the SSMS on your local windows machine and login with AAD credentials as shown in image below.
If I use one of the methods to migrate a SQL server instance with several databases into a Azure Managed Instance, would the procedure also replicate any login accounts with access rights?
Particular interested in knowing how this handles Active Directory accounts
From what I know, it doesn't and you cannot use Windows Authentication but only SQL Server Authentication or Azure AD. I've migrated several times a local database of my local SQL Server instance to Azure and I've done it using Export Data-Tier to .bacpac (this is the extension of the DB in Azure) and then deploying it (both actions from SSMS):
However, please be aware that you have to drop any users that use for authentication Windows Authentication because you'll get an error at the moment of deploying it since it cannot inherit your server's active directory settings. Then, you can define your own AD in Azure and use it.
Managed instance is a new deployment option of Azure SQL Database, providing near 100% compatibility with the latest SQL Server on-premises (Enterprise Edition) Database Engine.
The migration only support replicate the login.
You could get this from this document: Tutorial: Migrate SQL Server to an Azure SQL Database managed instance offline using DMS:
By default, Azure Database Migration Service only supports migrating SQL logins. To enable support for migrating Windows logins, see the Prerequisites section of this tutorial.
That means you must re-create all the users and grant it access right(database roles) manually.
Hope this helps.
I am facing problem regarding database permissions. I have created my database named FCProject. I created a login for that database in SQL Server Management Studio. My login is working fine but all I want to restrict access to FCProject database through users who can log in to SQL Server through Windows authentication mode.
Because I want only FC login to be able to view or modify data of FC database in SQL Server Management Studio.
I have tried creating a login through Management Studio. Is there any problem in creating login? Or something else? Please help
You are mixing up two things that should be kept separate here:
A login is on the server level - it gives an account (a Windows account, or a SQL Server specific account) the permission to connect to this server
Each database can then define user for its own use - based on those logins.
So in your case, what you need to do is to:
create a number of logins on the server-level
create users in your FCLogin database for just those logins
and then you're fine - only those accounts that you've defined explicitly can access your FCLogin database and use it.
See the Stairway to SQL Server security series of articles on SQL Server Central (very well worth registering for their contents!) which explains all the ins and outs in great detail
I am trying to create a login system on an asp.net website which allows a user to register and log in the website. I require the registered user details to be stored on a database which I already have on Azure.
I have so far created the login system as shown here: http://msdn.microsoft.com/en-us/library/windowsazure/hh508981.aspx and the form works. However, when I log in to the azure management portal I cannot find the user's registered details. I also need to add more fields to the registration form in the database.
Does anyone know where I can view the registered users and how I can add more fields?
If you follow the same link you used to create your application you will see the schema that is used by SQL Azure to store this information as below:
Now if you want to access this database directly, what you really need is SQL Server Management Studio (SSMS) to connect with this Database and access it from your local machine. Follow this link below to download and configure SQL Azure studio locally so you can connect to SQL database and the modify the schema or look the records etc. Once you have SSMS connected with SQL Database, you can manage it like any other on-premise database.
Managing Windows Azure SQL Database using SQL Server Management Studio
I'm want to create a SQl Server login for a IIS web application. Since the Web Application using IIS 7.5 identity, and in addition in production the Sql Server may be in a separate machine, I'm looking for use a user and password based connection string.
Now, I'm a little confused how to create this login in Sql Server 2008 R2. Should I use databawse specific User, or a global login? Should I Database Role or Application Role?
What are the best practices to get a login for an IIS application that don't use Stored Procedures, but makes a use of an ORM tool, like NHibernate?
The following article:
http://msdn.microsoft.com/en-us/library/bb882673.aspx
recommends using Integrated Security to connect to the database.