Server principal already exists but doesn't show in SSMS - sql-server

I have created Logins in Azure SQL via SSMS on two other environments, but on the third Azure SQL Server, the same exact SQL command creates logins but they don't show in SSMS. I am using these Logins to then users for databases. As I have stated it has worked on every other Azure SQL Server.
However, when I create my Logins, they don't show up under Security > Logins and if I try to create user for the db, I get the following error:
'myuser' is not a valid login or you do not have permission.
Here is my SQL to create the Login:
CREATE LOGIN myuser WITH PASSWORD = 'p#ssword';
Here is my SQL I run on a selected database to add the above created user with execute rights:
CREATE USER [myuser] FROM LOGIN [myuser];
GRANT EXECUTE TO [myuser]
To be clear, the Login (first SQL) said that it is created, but it doesn't show in SSMS and doesn't allow me to create Users in the DBs

Related

Azure SQL is not letting me create a SQL User

I have a Database server created in Azure [not a managed instance] and a Server Admin user was created, many SQL users were added and they were able to login without any issues. Now all of a sudden, SQL users I newly create can't login. It's giving Login failed message with Error# 18456
Here are the SQL commands I am using to create the user [after logging in as Server Admin]:
CREATE LOGIN reportslogin WITH password='' - this in "master" database
CREATE USER reportsuser from LOGIN reportslogin - this is in MyDatabase
ALTER ROLE db_datareader ADD MEMBER reportsuser - this again is in MyDatabase
Now I disconnect the server and when I try reconnecting to the server using the reportsuser, I get this:
What am I doing wrong?
Actually, the error is caused by you database login name.
You should using the Login reportslogin to login the database, not the username reportsuser !
We must using the login name to access the Azure SQL database, not the username.
A login is a simple credential for accessing SQL Server. For example,
SQL Login is for Authentication and SQL Server User is for Authorization. Authentication can decide if we have permissions to access the server or not and Authorization decides what are different operations we can do in a database. Login are created at the SQL Server instance level and User is created at SQL Server database level.
Please reference:
Login and SQL User
Difference between a User and a Login in SQL Server
Suggestions:
create the login and user with the same name:
USE master
CREATE LOGIN reportslogin WITH password='Xunmi110'
USE user_database
CREATE USER reportsuser FOR LOGIN reportslogin
ALTER ROLE db_datareader ADD MEMBER reportsuser
One login for one user.
Hope this helps.

How to create login on azure ms sql server with access to all databases?

I need to create a login on a server that will have access to all databases on this server.
I have two azure servers: production and stage. I make a copy of a database from prod server on stage server. Then I need to do insert some test data in this new copied database.
The copying process is made on runbooks in azure automation account so every time I want to execute SQL script on a database I need to provide a login&password to a server.
If I create a login TestLogin on stage server and then copy database from prod server to stage, then this login does not have access to a new db. Thus, I need to login as administrator and create a TestUser in this new database for TestLogin.
This does not work for Azure:
GRANT CONTROL SERVER TO TestLogin;
Is there any way I can grant a TestLogin all rights so that it can have access to all the databases on server?
When you create a login in one instance of SQL Server and assign any roles to this user on a specific database, and then copy the database to another SQL Server instance, you have this user in the database, but no login for that user in the second SQL Server. This is also called an "orphaned user". Here is an article that describes how to fix that.
This does not work on Azure. You have to use ALTER USER instead.
As you said in comment, you must login with admin, then you have the permission to alter the new user in master DB, set the user as DB manager or db_owner.
If you only create new login or user and don't give it more permission, this login/user only and login the Database but can't access no database.
Fore details, please see Controlling and granting database access to SQL Database and SQL Data Warehouse.
Hope this helps.

Azure SQL Database v12 AD authentication, some users not able to login

Hi I have configured Azure active directory authentication on Azure SQL Server.
After that I have added contained DB users on a SQL Database by using the following queries
Created user
CREATE USER [John.Marsh#contoso.com] FROM EXTERNAL PROVIDER;
Assigned following permissions
EXEC sp_addrolemember 'db_datareader', 'John.Marsh#contoso.com';
GO
EXEC sp_addrolemember 'db_datawriter', 'John.Marsh#contoso.com';
GO
GRANT EXECUTE ON SCHEMA :: dbo TO [John.Marsh#contoso.com];
GO
GRANT ALTER ON SCHEMA :: dbo TO [John.Marsh#contoso.com];
GRANT CREATE TABLE TO [John.Marsh#contoso.com];
GRANT SELECT,DELETE,UPDATE,INSERT TO [John.Marsh#contoso.com];
GRANT VIEW ANY COLUMN MASTER KEY DEFINITION to [John.Marsh#contoso.com];
GRANT VIEW ANY COLUMN ENCRYPTION KEY DEFINITION to [John.Marsh#contoso.com];
Some users are able to login and access the DB but some users getting error message saying login failed for the user.
Do I need to provide more permissions?
By default, connections to Azure SQL that do not specify a specific database will attempt to log into the master database. Because AAD uses group based membership, if a user is part of a group that can access the master database, they will be able to login. Users that get denied login are typically denied because they have not been granted rights to master and no specific database was specified in the connection string.
To connect through SSMS: On the "Connect to Database Engine" dialog select the "Options" button, the "Connection Properties" tab and specify the database name in the "Connect to database:" dropdown. You'll need to know it b/c the user does may not have access to master to read the list of databases on the virtual database server.
You can get a connection string for your tech stack from the Azure Portal under the "Overview" for the database.

Why i can not delete user log in in my database?

i connect the sql server windows authentication and create a simple database and table on it,and so define the new log in user and set to sql server authentication,every thing is fine,but i connect the database with windows authentication too,i want to delete the windows authentication,and i want just connect that database with only sql server authentication,this picture for that problem:
when i connect with sql server authentication,i define the rajabi user log in.
but i want just rajabi user can be connect to this database.how can i solve that?thanks.
What if any roles have you granted the new user? Granting the reader role to the new user should allow said user to connect.
Right click on your user -> Properties -> Membership -> Anything checked? I usually check the db_datareader just to allow a user to connect.
Please run on your database
DROP USER [UserAccount]
CREATE USER [UserAccount] FOR LOGIN [UserAccount]
EXEC sp_addrolemember N'db_owner', N'UserAccount'

db_datareader User mapping is allowed to do Update, Create Queries

In a SQL Server 2008 R2 database, I created a user login with:
Server Role: Public
User Mapping: master, model, msdb
Database Role Membership db_datareader, public
When I use with new user login to connect it connects and I can run update, create commands. Which I don't want to run.
The same setting I tried in SQL Server 2012. It didn't allowed me to run update and create commands.
I get an error :
CREATE TABLE permission denied in database 'TEMP'.
In SQL Server 2012 I have a different database.
Please give solution
I have followed this https://www.itsupportguides.com/server-side-tips/sql-management-studio-how-to-create-read-only-users/
for this Login
mark SERVER Role for following Databases as db_DenyDataReader , and db_DenyDatawriter

Resources