I have a database Server with 10 databases. One of the users is with only access to 1 database.
I would like to add this user with all the permissions that they already have to all other databases. Is there anyway where I can do it?
Or do I need to create the same user for each database?
I am using SQL Server Management Studio 2018.
Thanks.
In SSMS go to securities (under database) -> logins
Then select your user and with mouse right click select properties. Then in new window select user mapping tab. Here you select all the databases you want them to give access to. (Here you can also set roles for them). Click OK and you are done. Now they have access to all the databases.
Related
I have created a user with database roles db_datareader, db_datawriter and public. Also I have configured with server roles as public.
Now this user cannot view the list of stored procedure when clicking on stored procedures node in objects explorer. How can I assign permission to see and execute all the stored procedures? I want to do this through SSMS without launching any command.
I am using SQL Server 2012 and below versions:
Microsoft SQL Server Management Studio 11.0.2100.60
Microsoft Data Access Components (MDAC) 10.0.17763.1
Microsoft MSXML 3.0 4.0 5.0 6.0
Microsoft Internet Explorer 9.11.17763.0
Microsoft .NET Framework 4.0.30319.42000
Sistema operativo 6.3.17763
Looks like you can do this, though not as "simple" as you would expect.
I would, personally create a database role to do this. Go to your database in the Object explorer, and expand the Security Folder. Then right click Roles and Select New -> New Database Role.
Give the Role a name (I'll use db_executor) on the General Pane and then go to the Securables Pane. Click Search... at the top and select the radio option Specific Objects... and click OK. Click Object Types... and then tick Databases and then OK. Now click Browse... and tick the database you are adding the role to, then click OK and then OK.
In the datagrid at the bottom locate the Permission Execute, and tick the box in the column Grant. Then OK. This will run the below SQL on your instance:
USE [YourDatabase]
GO
CREATE ROLE [db_executor]
GO
use [YourDatabase]
GO
GRANT EXECUTE To [db_executor]
GO
Yes, Microsoft really is inconsistent with the casing of USE for that statement, and it omits the ; in it's commands.
Now you have created the role, locate the user you want to give access to in the object explorer in the Users folder. Right Click them and select Properties. Go to the Membership Pane and tick the box next to db_executor. Then click OK. This will run the below SQL on your instance:
USE [YourDatabase]
GO
ALTER ROLE [db_executor] ADD MEMBER [YourUser]
GO
Of course, why you wouldn't just run the 2 above commands, which is far quicker, I do not know.
I don't think there's a graphical way of doing this within the UI, but you can create a new query window in SSMS and execute one of these queries.
For a particular role you can:
/* GRANT EXECUTE TO THE ROLE */
GRANT EXECUTE TO role_what_needs_permissions
For a user
USE [the_database]
GO
GRANT EXECUTE TO [the_user]
I've been trying to figure out how to add a new user,
but I haven't managed to figure it out so the new user will have access to only a specific database without being able to see the whole server / users / databases.
Any help will be apperciated
thank you!
To add a new user who have access to only 1 database, you need to create a new login and add a user mapping to that login for the database you want,
to do this, open MSSQL Management Studio, on the left panel, expand your server by click on the checkbox and select security then Logins.
Then, right click on the logins box and select new login.
On the new login window, provide login name(user name) and authentication type, then there's select page tab on the left side, then select user mapping and add the database you want to that user, also remember to add object to default schema of that database.
USE Databasename ;
CREATE USER username WITH PASSWORD='passwd';
GRANT ALL ON Databasename TO username;
If you are on SQL Server 2012 and higher, Contained Databases is what you are looking for.
Making a database contained, you give it the ability to authenticate a user (not login), and the users of contained database will see nothing at the server level, no other databases will be visible to them.
In SQL Server MNGT Studio 2012, we have a database that we only want to grant a specific user read-only access.
So me (being an admin), login into the server.. for arguments sake, the database name is SQLSERVER01
Then once logged in I see Databases, Security, Server Objects, Replication, Management, and SQL Server Agent. I go into the Security tab and go to Logins. The user that we want to give read-only access to already has a login. So I double click on their login. I go to User Mapping. Find the database that I want to give them read-only access to. I click the checkbox next to the database name, and below I give the user db_datareader and public.
So, I call the user and they're able to see the tables within the database, but if they were to right-click on a table name, they can still see the option that says Edit Top 200 Rows, and click it and see the editing gui for that table. Now I didn't test out entering data to see if they could actually edit or add data, because it's too risky.
So my question is, did I give this user the right access? If so, how do I grey out the option to 'Edit Top 200 Rows'? If not, what do I need to do?
Any help is appreciated.
SSMS does not query permissions to determine a user's capabilities or UI options. For example, you may not have DDL modification privileges, but it will let you attempt to script alter/create statements. You can't take away the edit rows option, but if they don't have the permission then the commit will fail when they try to move focus off the row they have edited.
If you want to see the effective permission you can use this function to view the resulting layers of grant/denies:
https://learn.microsoft.com/en-us/sql/relational-databases/system-functions/sys-fn-my-permissions-transact-sql
Generally, make sure the user's login has minimal permissions, then use roles at the DB level that have been previously reviewed/tested.
How do I set up a database so that one does not have access to it? Even with installing SQL Server Management Studio on local machine.
In SQL Server with Windows user or sa can access all databases. How do you limit the access DB of the users?
For assuming that SQL Server is installed on the local machine, not on the server
You can try Single User Mode.
From the linked MSDN article:
Single-user mode specifies that only one user at a time can access the database and is generally used for maintenance actions.
Edit: You edited your question. Now it sounds more like you're asking about Security instead of how to limit the database to one user.
You can edit a user's security in SQL Server Management Studio by drilling down into Security > Logins. There you will see all logins to your instance. You can right click these entries and select Properties to made updates. The easiest way to completely bar a user from accessing any of the databases on the server is by selecting "Disabled" from the "Status" tab.
Well, if you really want to limit this to just one user, there is a simple way (but a bit risky).
Your Windows user is included in the group BuiltinAdministrators. If you really want to remove your Windows user, rerun the installation process and during the setup just change the users in those group.
But beware, you should provide another user, which has access to your database otherwise you end up with a database server without access to it.
Ater that, setup a database login and grant him access to the database you desire.
In the end, you can disable the sa login. This will prevent access with the sa account. But you should have a user which can manage logins and more. Otherwise you have no chance to recreate the password or any other administrative tasks.
When I open SQL Server Management Studio, I have many databases listed there, If I open a database and open the list of its tables and right click on a table and say Select Top 1000 rows it correctly queries that table of that database BUT it also automatically picks TempDb as the database in the available database combobox in the toolbar like the picture below.
So now if I want to write a query by clicking on "New Query" it will look at "tempDB", which is annoying. Is there a way to change this behavior ?
You can select a default database per connection in SQL Server, which might help. Once you've set it, each time you connect to that server, the default database will be selected.
It seems, that DavidG's comment is the best answer.
"Your user account determines the default database."
You can choose default database for your user account in the user properties.
Security - Logins - right mouse click - Properties - and select the default DataBase.
And so, every time when you open new or existed query window the current DataBase would be selected from the default dataBase setting in user porperties.