I have a Database server created in Azure [not a managed instance] and a Server Admin user was created, many SQL users were added and they were able to login without any issues. Now all of a sudden, SQL users I newly create can't login. It's giving Login failed message with Error# 18456
Here are the SQL commands I am using to create the user [after logging in as Server Admin]:
CREATE LOGIN reportslogin WITH password='' - this in "master" database
CREATE USER reportsuser from LOGIN reportslogin - this is in MyDatabase
ALTER ROLE db_datareader ADD MEMBER reportsuser - this again is in MyDatabase
Now I disconnect the server and when I try reconnecting to the server using the reportsuser, I get this:
What am I doing wrong?
Actually, the error is caused by you database login name.
You should using the Login reportslogin to login the database, not the username reportsuser !
We must using the login name to access the Azure SQL database, not the username.
A login is a simple credential for accessing SQL Server. For example,
SQL Login is for Authentication and SQL Server User is for Authorization. Authentication can decide if we have permissions to access the server or not and Authorization decides what are different operations we can do in a database. Login are created at the SQL Server instance level and User is created at SQL Server database level.
Please reference:
Login and SQL User
Difference between a User and a Login in SQL Server
Suggestions:
create the login and user with the same name:
USE master
CREATE LOGIN reportslogin WITH password='Xunmi110'
USE user_database
CREATE USER reportsuser FOR LOGIN reportslogin
ALTER ROLE db_datareader ADD MEMBER reportsuser
One login for one user.
Hope this helps.
Related
Here are my steps:
Step #1. Create a contained user in my SQL Server 2019 database
Step #2. Use this database-level user to connect to “Partially contained database” in my SQL Server. Yes, it works
Step #3. Export this SQL Server 2019 database to a .bacpac file, and import it into Azure database via Azure Portal
Step #4. Use this database-level user to connect to Azure database, no luck. But if I logged in as SA to Azure, I can see this user.
Step #5. Drop this user and recreate it in Azure database. All good. I could connect.
I was expecting that step #4 would work. Not sure why it failed. I googled some but could not find answers. Any suggestions?
Export and import the .bacpac file to create the new database in Azure SQL database, it's a database migration.
The limit is that We must create the login/user manually.
We can not database-level user to connect to Azure database directly, we must enable the login and user first.
To improve security, SQL Server Authentication logins are stored in a
DAC export file without a password. When the file is imported, the
login is created as a disabled login with a generated password. To
enable the logins, sign in using a login that has ALTER ANY LOGIN
permission and use ALTER LOGIN to enable the login and assign a new
password that can be communicated to the user. This is not needed for
Windows Authentication logins because their passwords are not managed
by SQL Server.
For more details, you could ref: Import a BACPAC File to Create a New User Database
HTH.
Adding on to the answer by #LeonYue, you can change the password for users that have no login (i.e. database-level SQL authentication) after import by connecting to the database as sysadmin and executing ALTER USER <user-name> WITH PASSWORD='<user-password>';.
Like on-prem contained database users, Azure SQL Database allows SQL authentication at the database level for users with a password (no associated login). However, the password is not exported/imported for security reasons.
I have created Logins in Azure SQL via SSMS on two other environments, but on the third Azure SQL Server, the same exact SQL command creates logins but they don't show in SSMS. I am using these Logins to then users for databases. As I have stated it has worked on every other Azure SQL Server.
However, when I create my Logins, they don't show up under Security > Logins and if I try to create user for the db, I get the following error:
'myuser' is not a valid login or you do not have permission.
Here is my SQL to create the Login:
CREATE LOGIN myuser WITH PASSWORD = 'p#ssword';
Here is my SQL I run on a selected database to add the above created user with execute rights:
CREATE USER [myuser] FROM LOGIN [myuser];
GRANT EXECUTE TO [myuser]
To be clear, the Login (first SQL) said that it is created, but it doesn't show in SSMS and doesn't allow me to create Users in the DBs
I am trying to connect to sql server from Pentaho. I have created a user on the database and I am able to connect with that user from Pentaho. However, the user seems to require the sysadmin server role. Without that role, the user is unable to connect from Pentaho. The error message from Pentaho simply states that the login failed for user.
The user is able to login without the sysadmin role from the SSMS application.
Does a user seriously need to be a sysadmin to connect from Pentaho?
No, user should not be sysadmin in order to connect to sql server from Pentaho. Create login first then map that login to user. Use the below commands.
create login login_name with password ='acds'
create user user_name for login login_name with default_schema='schema_name'
I created a sql azure DB. I had 3 options as source:
blank database
sample
backup
I selected blank. No username and password was asked. in the connection string there is a place holder for username and password. What should I give here?
And more over I am not able to connect to this DB from VS studio(asking username and password).
Edited Later: Actually I get to give user name and password when I create a server and not a DB. what I did above was creating a new db on an existing server and hence no username was asked.
You will need to use the credentials that you set up when configuring the hosting SQL Azure Server. If you want to use another account just for that database (recommended), you will need to login to the SQL Azure Server using the original credentials and follow this post:
SCRIPT :
connect to Master and run below query:
CREATE LOGIN blog WITH password='xxxxxxx'
GO
CREATE USER [blog] FOR LOGIN [blog] WITH DEFAULT_SCHEMA=[dbo]
GO
Then Connect to Database of your choice and run below:
CREATE USER [blog] FOR LOGIN [blog] WITH DEFAULT_SCHEMA=[dbo]
GO
EXEC sp_addrolemember 'db_owner', 'blog';
GO
please see the below link for more details
http://kitsula.com/Article/How-to-create-custom-user-login-for-Azure-SQL-Database
i connect the sql server windows authentication and create a simple database and table on it,and so define the new log in user and set to sql server authentication,every thing is fine,but i connect the database with windows authentication too,i want to delete the windows authentication,and i want just connect that database with only sql server authentication,this picture for that problem:
when i connect with sql server authentication,i define the rajabi user log in.
but i want just rajabi user can be connect to this database.how can i solve that?thanks.
What if any roles have you granted the new user? Granting the reader role to the new user should allow said user to connect.
Right click on your user -> Properties -> Membership -> Anything checked? I usually check the db_datareader just to allow a user to connect.
Please run on your database
DROP USER [UserAccount]
CREATE USER [UserAccount] FOR LOGIN [UserAccount]
EXEC sp_addrolemember N'db_owner', N'UserAccount'