I am trying to use a DACPAC database project in Azure Data Studio.
So far, it works fine except for the "publishing" of the project to the actual DB.
When I generate the delta script, I see that all permissions on all schemas are being dropped.
I know that I could exclude certain objects:
SQL Server DACPAC Deployment Dropping Users/Roles/Permissions
However, I would prefer to have also the permissions of DB roles on a schema in the DB project.
Here, of course, the order is important. (Create schema, create user, create DB role, add user to DB role, grant permission for DB role on schema)
How (and to which file) can I add the schema permissions to the project and how can it be ensured that the TSQL statements that are generated are executed in the correct oder?
Thx.
At the linked QA have a look at the XML: there are separate parameters
DropPermissionsNotInSource
DropRoleMembersNotInSource
represented in sqlproj/publish.xml in a reversed way
<DoNotDropRoleMembership>True</DoNotDropRoleMembership>
<DoNotDropPermissions>True</DoNotDropPermissions>
By switching them to "do not drop" state you can avoid excluding permissions from deployment. Thus new permissions (defined in project but missing on target server) would be created but old ones (existing on target server but missing in the project) will not be dropped. Same goes for role membership.
Valid command order in publish script is guaranteed by the SSDT engine.
Still, permissions on target server can be lost if publishing requires object recreation. For example if you alter table-type then referencing procs will be dropped and recreated after type recreation.
I have a SQL agent job whereby we do a restore of a full backup of production data on a nightly basis. We are setting up a new server and when I attempt to run the job on the new server I receive an error on the job of
3701 - Cannot drop database because it does not exist or you do not have permission.
This is confounding me because we are using the dbo user to accomplish this step and the database is listed in sys.databases catalog view. I have tried altering the database to put it into single_user to no avail.
The first step of the job kills all connections and that passes. I am not sure where this error is coming from because everything looks in accord to me. We can also drop the database manually through logging in as the sa.
I have a program that I run every month. It creates a new database. Let's use dbname.
I am connected to the server as a user with plenty of roles.
The first command is:
CREATE DATABASE dbname;
This works fine and the database is created.
The next command is:
GRANT SELECT ON [dbo].[dbname] to myusername;
This does not work and returns the following error:
Cannot find the object 'dbname', because it does not exist or you do not have permission.
I am the owner of the database.
How do I grant select to this user.
myuser is in the database.
If I log onto SQL Server Management Studio as the user that created the table, I am able to apply the read permissions to this database?
I am using SQL Server 2005 on Windows Server 2003 and the commands are sent to the server using VB.net
Any help would be appreciated.
TIA,
Bill
Your GRANT SELECT ON query is incorrect; you do not specify the database operator.
The following query will work:
GRANT SELECT ON [dbname] to [username]
I tried to migrate a SQL Server database by Export Data-tier Application (.bacpac file) from an Amazon RDS instance to other, but import didn't succeed. So now I want to delete the database (which is empty), when I try to:
DROP DATABASE mydatabase;
I get the error:
Cannot drop the database 'mydatabase', because it does not exist or
you do not have permission
Some context:
I've tried using SQL Server Management Studio, and choosing close connections: same error.
I'm logged as master user.
I can create and drop other databases, but not this one.
I just have these effective permissions on this database: CONNECT, SHOWPLAN, VIEW DATABASE STATE, VIEW DEFINITION (don't know why or how is this possible).
Any help is greatly appreciated!
I ran into this same issue. After trying to restore a database via SSMS using a .bacpac, it fails and leaves you with a database that you appear to not have permissions to drop.
A workaround, is to use the rdsadmin rename function to rename it to something else, which then seems to fix the permission issue and allows you to drop it.
EXEC rdsadmin.dbo.rds_modify_db_name N'<OldName>', N'<NewName>'
Then just drop the DB. Hope that helps someone else in the same predicament.
This is the answer for an old thread but who knows, it might help someone having the same issue.
I ran into the same problem, but in my case, my database was in an offline mode. If the database is in offline mode, it won't allow you to drop it with the drop command. first, you should bring the database back online by running this sp and then execute the drop table command.
EXEC rdsadmin.dbo.rds_set_database_online databasename
If your database is in a Multi-AZ deployment, then you need to run this command to drop those databases:
EXECUTE msdb.dbo.rds_drop_database N'DBName'
Sounds like your not a member of the correct role.
https://msdn.microsoft.com/en-us/library/ee240822.aspx
Permissions
A DAC can only be deleted by members of the sysadmin or serveradmin fixed server roles, or by the database owner. The built-in SQL Server system administrator account named sa can also launch the wizard.
https://msdn.microsoft.com/en-us/library/ms178613.aspx
Permissions
SQL Server - Requires the CONTROL permission on the database, or ALTER ANY DATABASE permission, or membership in the db_owner fixed database role.
Azure SQL Database - Only the server-level principal login (created by the provisioning process) or members of the dbmanager database role can drop a database.
Parallel Data Warehouse - Requires the CONTROL permission on the database, or ALTER ANY DATABASE permission, or membership in the db_owner fixed database role.
There is a context menu in MSSQL - Script Stored Procedure as -> DROP and CREATE
But when I am generating procedure, it do not contain existing GRANT EXECUTE role.
How can I add (automatically!) it to generating script?
In SSMS, go to Tools, Options, SQL Server Object Explorer, Scripting and in the Object Scripting Options section, change Script Permissions to True.