I am developing a web application which in production connects to an Azure database but in my local environment connects to a SQL Server running in Docker. I would like my local database to link to the Azure database so that I can easily copy data from production. I was able to successfully link via these commands:
EXEC sp_addlinkedserver
#server='remote',
#srvproduct='',
#provider='sqlncli',
#datasrc='mydb.database.windows.net',
#location='',
#provstr='',
#catalog='mydb';
EXEC sp_addlinkedsrvlogin
#rmtsrvname = 'remote',
#useself = 'false',
#rmtuser = 'my_username',
#rmtpassword = 'my_password';
EXEC sp_serveroption 'remote', 'rpc out', true;
...however although I can connect and am using the same username & password used by the app itself which works, I cannot see my objects in the dbo schema, only sys and INFORMATION_SCHEMA.
Why am I unable to see [remote].[mydb].[dbo].* objects when linking to a remote Azure database? I get this error when attempting to SELECT:
Msg 7314, Level 16, State 1, Line 1
The OLE DB provider "MSOLEDBSQL" for linked server "remote" does not contain the table ""mydb"."dbo"."my_table"". The table either does not exist or the current user does not have permissions on that table.
Have you looked at the table's permissions?
It appears to be a permissions problem. Your query is correct.
As a piece of advice, try connecting the server using a specific user who has been granted select permission on particular table/database.
GRANT select ON DATABASE::database_name TO username;
GO
Data from Azure sql database:
Output from Linked service:
Related
I have a local SQL Server. My computer login is Domain\myName.
The local SQL Server instance allows me to sign in using Windows authentication. I am in logins as Domain\myName. I am using a third party app that creates a directory that only Domain\myName can access.
So I tried to create a credential for Domain\myName and then use a proxy to run a SQL Server Agent job that writes to that directory. However, when I right click on credentials, the only location that show up is <mycomputername>, so Domain\myName does not appear in the identity list.
How can I get Domain\myName to be able to run a job with the correct authorization to write to a directory?
Thanks
If you mean that SSMS dialog is not giving you a picker to select a Domain account, just use TSQL
USE msdb ;
GO
CREATE CREDENTIAL myNameCredential WITH IDENTITY = 'Domain\myName',
SECRET = 'G3$1o)lkJ8HNd!';
GO
-- creates proxy and assigns the credential
EXEC dbo.sp_add_proxy
#proxy_name = 'Proxy for myName',
#enabled = 1,
#description = 'Proxy for myName',
#credential_name = 'myNameCredential' ;
GO
-- grants the proxy "Proxy for myName" access to
-- the Powershell Scripting subsystem.
EXEC dbo.sp_grant_proxy_to_subsystem
#proxy_name = N'Proxy for myName',
#subsystem_id = 12 ;
GO
Create a SQL Server Agent Proxy - Using Transact-SQL
Note that the TSQL job step doesn't do a real local logon for the proxy account, so you'll have to use PowerShell or CMDEXEC.
I have restored a SQL Server 2019 database from a .BAK file to a Google Cloud SQL instance.
I can connect to the instance using Visual Studio SQL Connection. I issue the following command to check the database owner, which should be: mydb_adm
USE master;
SELECT suser_sname(owner_sid) AS 'DB Owner' FROM sys.databases WHERE name = 'mydb';
DB Owner
--------
sqlserver
The above is expected, as the restore was done while using the sqlserver account which is the default user created when the SQL instance is provisioned by Google Cloud (according to the docs).
So, I need to change the DB owner; I execute the following command:
USE mydb
EXEC sp_changedbowner 'mydb_adm'
The system displays the following error message:
Msg 15151, Level 16, State 1, Line 1
Cannot find the principal 'mydb_adm', because it does not exist or you do not have permission.
The same message is displayed for:
ALTER AUTHORIZATION ON DATABASE::mydb TO mydb_adm;
However, the "mydb_adm" principal DOES exist, i.e.:
SELECT name, sid FROM sys.server_principals WHERE name = 'mydb_adm';
name sid
---- ---
mydb_adm 0xD81398C7DB0D724BB2738A2EC59BB554
.. so it must be a permission problem with the sqlserver account. When I query the DB, it appears the "sqlserver" user does NOT have ALTER permissions, i.e.:
UserName Permission Type Permission State
-------- --------------- ----------------
sqlserver ALTER DENY
... So how can I change the database owner or issue any ALTER commands using the "sqlserver" account? (There seems to be no way to grant the ALTER permission to the sqlserver user).
Any help / advice would be appreciated.
Thank-you to #DanGuzman for providing a "work-around", i.e.: while connected to the SQL instance using the "sqlserver" user, the following commands were used:
USE mydb;
CREATE USER mydb_adm;
ALTER ROLE db_owner ADD member mydb_adm;
After some additional digging, I also found the following in the Google Cloud docs at https://cloud.google.com/sql/docs/sqlserver/users, which states:
Cloud SQL for SQL Server is a managed service, so it restricts access
to certain system stored procedures and tables that require advanced
privileges. In Cloud SQL, you cannot create or have access to users
with superuser permissions.
Note: The sysadmin role is not supported. Therefore, you cannot run
system stored procedures that require the sysadmin role. As one of
the many examples, you cannot run the sp_OADestroy stored procedure
because it requires the sysadmin role.
As well as the following from the SQL Server docs at https://learn.microsoft.com/en-us/sql/t-sql/statements/alter-authorization-transact-sql?view=sql-server-ver15#remarks, which state:
Requirements for the person executing the ALTER AUTHORIZATION
statement: If you are not a member of the sysadmin fixed server role,
you must have at least TAKE OWNERSHIP permission on the database, and
must have IMPERSONATE permission on the new owner login.
hence, commands such as EXEC sp_changedbowner ... or ALTER AUTHORIZATION ON DATABASE:: ... will raise the error (Msg 15151, ... you do not have permission.)
Hope that helps anyone else that may run into this type of issue.
Is there any way to connect to a server with t-sql?
I want to assign a shortcut to it
I already tried ':Connect -serverName ...'
Thanks for your time
Edit: I just want to do what "connect to database engine" does with SQL commands
You can set up linked servers like this:
EXEC sp_addlinkedServer N'remoteSqlServer\Instance', N'SQL Server'
EXEC sp_addlinkedsrvlogin #rmtsrvname = N'remoteSqlServer\Instance', #useself = 'FALSE',
#rmtuser = N'user', #rmtpassword = N'password'
(replace the 'remoteSqlServer\instance' name with your actual server name and instance name, and 'user' with the user to log in with, and 'password' with that user's login password)
From then on, you can reference the server using the same dot notation that you use to reference different databases on the same server:
SELECT * FROM [server\instance].[database].[schema].[tableName]
You do not have to 'connect' to these other servers in SQL Server Management Studio... you can just be on one server, and reference all the others, and mix them into your queries as you need.
I have downloaded database and attached it to my local sql server, however I can't seem to change the password of one the existing user's on the db.
Using the following command:
ALTER LOGIN [NotificationsUser] WITH PASSWORD = 'password';
I get the error:
Msg 15151, Level 16, State 1, Line 1
Cannot alter the login
'NotificationsUser', because it does
not exist or you do not have
permission.
Is this possible?, what access permissions do I need to change user permissions anyway ?
If you've attached this database to your local SQL server then you'll need to do a couple of things:
If you haven't already done so, create user logins on your SQL server to match the ones that exist in the attached database. It's simpler to do this before attaching the database. But it can be done after the DB has been attached.
Because the SID's of the users in the newly attached database won't be the same as the newly created logins you'll need to resolve this using the sp_change_users_login stored procedure. The database user's are in effect orphaned.
For example if you have:
SQL Login: bob Attached database user: bob
Open a new query in SQL Management Studio for the attached database then run:
sp_change_users_login #action='report'
If you have "orphaned" users in your database then you'll see a result set that looks like:
UserName UserSID
bob 0x57F6DFA5D5D7374A97769856E7CB5610
To reconnect this user to a SQL login execute:
sp_change_users_login #action='update_one',
#loginname='bob',
#usernamepattern='bob'
I think you're confusing a database user with a server login.
Your database may have a user in it called NotificationUser but this needs to be associated with a server login, which is the object you're trying to alter with the script. A database restore from a different server won't have created this server login so there's a good chance it doesn't exist on your server. More info here
A while back I set up a database under SQL Server 2008 called myDB in Windows XP, then under Logins under the server, I clicked Properties on my computer login name COMP23/Andrew and mapped myDB database to this using dbowner as its rights.
Then I cloned this XP installation as a backup, installed Visa, realising I did not want Vista I re-imaged back my original XP copy onto the same machine. However the DB mapping has got really confused! Basically under the server login COMP23\Andrew, it says its mapped to myDB, but when I click myDB and look at its users its not there. I think its lost its SID mapping because it thinks its a new machine.
Under the server login COMP23\Andrew I can't untick the mapping to myDB as when I do it says "Cannot drop the user dbo". I can't alter the dbo user either - it won't let me. But nor can I make the user appear under myDB users! Which means I can't login through my website settings (asp.net web.config) file! When I login it just says Cannot open database "myDB" requested by the login. The login failed.
Login failed for user 'COMP23\ASPNET'
Any ideas? How I can remap this properly? I've even tried reinstalling SQL Server 2008 but the computer name is still there mapped to the database.
Because dbo is the owner of the database, its mapping must be changed by changing the owner of the database:
ALTER AUTHORIZATION ON database::[<yourdb>] TO [sa];
First of all, you can't have quote marks surrounding the stored procedure name. Secondly, it isn't autofix but auto_fix.
Finally, once those corrections are made, you get this error message:
Msg 15600, Level 15, State 1, Procedure sp_change_users_login, Line
181 An invalid parameter or option was specified for procedure
'sys.sp_change_users_login'.
when you run this command:
EXEC sp_change_users_login #Action = 'auto_fix', #LoginName = '<your username>'
Since you mentioned the SID mapping issue, have you tried using sp_change_users_login? Use the autofix option to re-map your login to the one in the database.
For your example above you should execute the following while connected to the database
EXEC `sp_change_users_login` #Action = 'autofix', #LoginName = 'COMP23\ASPNET'
USE [Database]
GO
ALTER USER [dbo] WITH NAME=[username]
GO
sp_changedbowner 'sa'
GO