I try (for the first time) to create a user account on my SQL Azure database.
I have read in some blogs that I have to create these command lines
CREATE LOGIN login_name WITH PASSWORD = 'strong_password';
CREATE USER 'user_name' FOR LOGIN 'login_name';
And then
USE [Database];
GO
GRANT CONNECT TO login_name;
But, when I try to connect with this new account on my database, I have the message error 916
The server principal "login_name is not able to access the database "master" under the current security context.
I don't understand because the don't create my new user for the master but for a specific database in my SQL Azure environment (I have 5 databases in my SQL Azure by the way)
If you have any idea to help me, thanks in advance
When first logging in, unless a database is specified in the connection string, a login connects to its default database. If the database is not specified in the CREATE LOGIN statement, the system default of master is used.
To fix this, use this for your CREATE LOGIN:
CREATE LOGIN login_name WITH PASSWORD = 'strong_password',
DEFAULT_DATABASE = MyDatabase;
Related
I am currently setting up some users for my Azure SQL DWH. I have created a Login at server level and a User at my database. However, I am getting a login failed message if I try to use my database user. If I use the Login I have created it works just fine. This Login also only has access to the views I have granted it access to. Am I missing something really obvious or is there something different about logins and roles in SQL DWH?
CREATE LOGIN Login WITH PASSWORD = 'Password';
CREATE USER User FROM LOGIN Login;
You cannot use “user” as the name of the new database login because is a reserved word. Additionally add the login to the datareader role and try again.
EXEC sp_addrolemember 'db_datareader', 'newdatabaseuser';
Try to login to the SQL Data Warehouse server without specifying the database. If you are able to connect then with above statement you may solve the issue.
If you are trying to get connected from an application please make sure you are using appropriate drivers. Learn more about it here.
Hope this helps.
I created a new SQL server with a database in Azure and after logging in with the admin account I added a new user that I wanted to only have access to one database.
In SSMS I right clicked on mynewdatabase database and selected New Query.
I executed
CREATE USER mynewuser WITH PASSWORD ='good password here';
ALTER ROLE db_owner ADD MEMBER mynewuser ;
Now after logging in as mynewuser I can still see the master database.
The question is how do I restrict mynewuser to only access mynewdatabase?
I'm sure this is something basic.
In SQL Server, including Azure SQL DB, all users can can see all system databases in sys.databases. This is not the same as being able to connect to them or run queries in them. This does not disclose any sensitive information as these are system databases and whether you saw them listed or not you would know they were there. See https://msdn.microsoft.com/en-us/library/ms178534.aspx#Anchor_0.
Based on the steps you describe, you have created a contained user that should not be able to connect to the master database or run queries in Azure SQL DB.
I have just created a new user on an newly created Oracle 12C database and cannot use it to login from either SQL*Plus or SQL Developer. What am I doing wrong? I can connect as SYSTEM but not as NEWGUY.
-- logged in as SYSTEM....
alter session set CONTAINER=PDBNEW
create user NEWGUY identified by FRED
grant connect to NEWGUY
I can connect as system but trying to connect changing only the username and password results in failure. (ORA-91917: invalid username/password; login denied.
I can see NEWGUY in the DBA_USERS table.
I'll amend this if you need more information....
Remember everyone that if you create a PDB you have to open it and set it to read/write in order for it to be open for business.
ALTER PLUGGABLE DATABASE myPDBDatabase OPEN READ WRITE;
I have downloaded database and attached it to my local sql server, however I can't seem to change the password of one the existing user's on the db.
Using the following command:
ALTER LOGIN [NotificationsUser] WITH PASSWORD = 'password';
I get the error:
Msg 15151, Level 16, State 1, Line 1
Cannot alter the login
'NotificationsUser', because it does
not exist or you do not have
permission.
Is this possible?, what access permissions do I need to change user permissions anyway ?
If you've attached this database to your local SQL server then you'll need to do a couple of things:
If you haven't already done so, create user logins on your SQL server to match the ones that exist in the attached database. It's simpler to do this before attaching the database. But it can be done after the DB has been attached.
Because the SID's of the users in the newly attached database won't be the same as the newly created logins you'll need to resolve this using the sp_change_users_login stored procedure. The database user's are in effect orphaned.
For example if you have:
SQL Login: bob Attached database user: bob
Open a new query in SQL Management Studio for the attached database then run:
sp_change_users_login #action='report'
If you have "orphaned" users in your database then you'll see a result set that looks like:
UserName UserSID
bob 0x57F6DFA5D5D7374A97769856E7CB5610
To reconnect this user to a SQL login execute:
sp_change_users_login #action='update_one',
#loginname='bob',
#usernamepattern='bob'
I think you're confusing a database user with a server login.
Your database may have a user in it called NotificationUser but this needs to be associated with a server login, which is the object you're trying to alter with the script. A database restore from a different server won't have created this server login so there's a good chance it doesn't exist on your server. More info here
I have a database with user 'dbo' that has a login name "domain\xzy". How do I change it from "domain\xzy" to "domain\abc".
I figured it out. Within SQL Management Studio you have to right-click on the database -> Properties -> Files -> Owner field. Change this field to the login name/account that you want associated with the "dbo" username for that database. Please keep in mind that the login name/account you choose must already be setup in the sql server under Security -> Logins
If you are trying to remap a login to a db user you can use sp_change_user_login
exec sp_change_user_login 'Update_One', 'user', 'login'
PhantomTypist gives a good answer using the GUI. For achieving the same result with TSQL, you can use this code:
USE [My_Database_Name]
GO
EXEC dbo.sp_changedbowner #loginame = N'domain\abc', #map = false
GO
This is a Windows login, not a SQL Server login, so you cannot 'change' the login name since it is linked to the user account in Active Directory.
Create a new Server Login (Windows) mapped to the new windows user (and remove the old one if necessary). Then in login's Security > User Mapping, permission that login to the appropriate database as user 'dbo' (or assign to the db_owner role)