Please bear with me as I am trying to learn Azure. I have in my resource group a SQL Server database, and a blob storage account with a container. I am the owner of these resources.
I am trying to create an external data source on my SQL database to link to my blob storage account, but I am running into a permissions issue that I cannot seem to resolve. Running the query:
CREATE EXTERNAL DATA SOURCE MyAzureBlobStorage
WITH (
TYPE = BLOB_STORAGE,
LOCATION = 'https://[redacted].blob.core.windows.net/'
);
Returns this error message:
Msg 15247, Level 16, State 1, Line 1
User does not have permission to perform this action.
My Google-fu seems to be betraying me, as I can't seem to find any references to this issue. Am I missing something basic? I'm browsing through my Azure Dashboard but I can't find any obvious way to manage specific database permissions, although I would have assumed that given that I am the owner, I had maximum possible permissions?
Please provide the credential as shown below:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'some strong password';
CREATE DATABASE SCOPED CREDENTIAL MyAzureBlobStorageCredential
WITH IDENTITY = 'SHARED ACCESS SIGNATURE',
SECRET = 'sv=2015-12-11&ss=b&srt=sco&sp=rwac&se=2017-02-01T00:55:34Z&st=2016-12-29T16:55:34Z&spr=https&sig=copyFromAzurePortal';
CREATE EXTERNAL DATA SOURCE MyAzureBlobStorage
WITH ( TYPE = BLOB_STORAGE,
LOCATION = 'https://myazureblobstorage.blob.core.windows.net',
CREDENTIAL= MyAzureBlobStorageCredential);
I was having the same error when trying to create an EXTERNAL DATA SOURCE. What worked for me was add the grant CONTROL for the database user:
GRANT CONTROL to your_db_user
Related
I'm trying to follow this tutorial but I'm having issues with granting CONTROL permission.
This is on a Dedicated SQL pool (formerly SQL DW) within Azure by following this tutorial.
I initially try CREATE MASTER KEY ENCRYPTION BY PASSWORD = '23987hxJ#KL95234nl0zBe'; which returns
User does not have permission to perform this action.
So I try to apply CONTROL permission to the user account:
GRANT CONTROL ON DATABASE::master TO useradmin
But this returns
Principal doesn't exist or doesn't have sufficient privileges.
I have search the web for a solution but I cant find one that has yet worked so any help or advice would be much appreciated!
To create MASTER key in azure SQL, follow below statement in Azure SQL data base.
CREATE MASTER KEY
GO
For more details refer this SO Thread by Alberto Morillo and also refer this Microsoft official document.
Updated:
I reproduced same thing in my environment its working fine .
sample code:
CREATE MASTER KEY ENCRYPTION BY PASSWORD='xxxx'
GO
CREATE DATABASE SCOPED CREDENTIAL [cred-name] WITH IDENTITY = 'User_name' , SECRET = 'xxxx'
GO
I am trying to create an external table to be able to elastic query across databases on my Azure SQL server. I am following the steps outlined in:
https://learn.microsoft.com/en-us/azure/azure-sql/database/elastic-query-getting-started-vertical and https://www.mssqltips.com/sqlservertip/6445/azure-sql-cross-database-query/.
After creating the master key
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<master_key_password>';
I then try to create the Database Scoped Credential that I am going to use to access the server for the external database.
CREATE DATABASE SCOPED CREDENTIAL = ElasticDBQueryCred
WITH IDENTITY = '<username I use to login to server>',
SECRET = '<password I use to login to server>';
The error then pops up on IDENTITY that says
Incorrect syntax near 'IDENTITY'. Expecting CREATEDBOPT_BACKUPSTORAGEREDUNDANCY, CREATEDBOPT_CATALOGCOLLATION, CREATEDBOPT_FILESTREAM, CREATEDBOPT_LOGAPPLY, CREATEDBOPT_OTHER, or CREATEDBOPT_PERSISTENT_LOG_BUFFER
There is nothing in the documentation about this.
I've a Azure SQL database where I'm trying to create an external data source to load CSV data to database from a blob storage.
I've created a database scoped credential using the following query.
CREATE DATABASE SCOPED CREDENTIAL [https://forecaststorage01.blob.core.windows.net]
WITH IDENTITY = 'SHARED ACCESS KEY',
SECRET = 'SAS Token';
Then created an external data source,
CREATE EXTERNAL DATA SOURCE [demodata]
WITH (
TYPE = BLOB_STORAGE,
LOCATION = 'https://forecaststorage01.blob.core.windows.net',
CREDENTIAL = [https://forecaststorage01.blob.core.windows.net]
);
When I try to run the following query,
SET NOCOUNT ON;
BULK INSERT input.RawData
FROM 'csv-data/egypt_sales_data.csv'
WITH (DATA_SOURCE = 'demodata',
FORMAT = 'CSV');
It says
"Failed to execute query. Error: Cannot find the CREDENTIAL 'https://forecaststorage01.blob.core.windows.net' because it does not exist or you do not have permission.'
Then I've granted access to database scoped credential to the user 'dbo' using the following query,
GRANT CONTROL ON DATABASE SCOPED CREDENTIAL::[https://forecaststorage01.blob.core.windows.net] TO [dbo]
Then I tried to bulk insert again. But it still shows the error,
"Failed to execute query. Error: Cannot find the CREDENTIAL 'https://forecaststorage01.blob.core.windows.net', because it does not exist or you do not have permission.
"
Why I cannot access the database scoped credentials?
If you try to run the first statement on Azure SQL you should get an error:
'CREATE CREDENTIAL' is not supported in this version of SQL Server.
You have to use the CREATE DATABASE SCOPED CREDENTIAL command. And also the IDENTITY value must be SHARED ACCESS SIGNATURE not "key":
CREATE DATABASE SCOPED CREDENTIAL [https://forecaststorage01.blob.core.windows.net]
WITH IDENTITY = 'SHARED ACCESS SIGNATURE',
SECRET = 'SAS Token';
That should fix your issue
I created an Azure SQL Database AzureSQLTestDb in an Azure subscription. I can connect to this db using SSMS with my Azure SQL Admin login, as well as with my Azure AD account. I can run queries on it, as well. But following this article, from MS Azure team, when I try to create a Master key as follows, it gives me the error shown below. Question: What I may be missing here, and how can we resolve the issue?
Remarks: I know the above linked article mentions CONTROL permission required. But I am the one who created the db and the Azure SQL server.
-- Creates the master key.
-- The key is encrypted using the password "23987hxJ#KL95234nl0zBe".
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '23987hxJ#KL95234nl0zBe';
Error:
Msg 15247, Level 16, State 1, Line 3
User does not have control permission to perform this action.
It seems like the issue with the permissions.
As per this official document, you need CONTROL permission on the database to create the master key.
You can GRANT CONTROL permission using below command:
GRANT CONTROL ON DATABASE::<dtabase:name> TO <user_name>
If the user already have CONTROL permission, try the ALTER command to create a new database master key and reencrypts the keys below it in the encryption hierarchy.
ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = '23987hxJ#KL95234nl0zBe';
I'm currently working through an example on cross database queries on SQL Azure. http://www.c-sharpcorner.com/article/cross-database-queries-in-azure-sql/
I'm currently working on the following section -
CREATE EXTERNAL DATA SOURCE RefmyDemoDB2
WITH
(
TYPE=RDBMS,
LOCATION='your server name',
DATABASE_NAME='myDemoDB2',
CREDENTIAL= your “Server admin login”
);
I'm getting the following error The specified credential cannot be found or the user does not have permission to perform this action.
I have the correct LOCATION and DATABASE_NAME however the CREDENTIAL seems wrong. I am using the Server-Admin account that is displayed in the overview of the database server on Azure, I also use this role to log into management studio and can query both databases ok.
Can anyone please advise?
Try this, Creating new Credentials
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'STrongPA5swor$';
CREATE DATABASE SCOPED CREDENTIAL MyLogin
WITH IDENTITY = 'MyLogin',
SECRET = 'STrongPA5swor$';
CREATE EXTERNAL DATA SOURCE PHPSTGRemoteReferenceData
WITH
(
TYPE=RDBMS,
LOCATION='servername',
DATABASE_NAME='DBName',
CREDENTIAL= MyLogin
);
This works for me