In SQL Azure, I want to assign login name [login1] to user [dbo].
I am currently logged in with [login1] account, and try this:
ALTER USER [dbo] WITH LOGIN = [login1]
But it is saying:
Cannot alter the user 'dbo'.
I have also tried this:
ALTER AUTHORIZATION ON SCHEMA::[dbo] TO [login1]
But it is saying:
Cannot find the user 'login1', because it does not exist or you do
not have permission.
I am able to create new table like [dbo].[MyTable], but can not see it in the table list even though it existed.
Any ideas?
You can't re-map [dbo] to [login1], but you can add [login1] to the db_owner database role. For example:
-- in master db
CREATE LOGIN [login1] WITH PASSWORD = '{Some Password}'
CREATE USER [login1] FOR LOGIN [login1]
-- in user db
CREATE USER [login1] FOR LOGIN [login1]
ALTER ROLE [db_owner] ADD MEMBER [login1]
You need change a database owner
1. Create Login1 (without user in your DB)
2. In your db exec script:
sp_changedbowner 'Login1'
So user [dbo] will automatic link to [login1]
Related
I'm trying to remove an SQL login with the following commands:
USE [myDB]
GO
ALTER ROLE [db_owner] DROP MEMBER [abc]
GO
USE [myDB]
GO
DROP USER [abc]
GO
USE [master]
ALTER SERVER ROLE [sysadmin] DROP MEMBER [abc]
GO
USE [master]
DROP LOGIN [abc]
GO
But SQL returns the following Error:
Login 'abc' owns one or more database(s). Change the owner of the database(s) before dropping the login.
There are no other (Non-System-)Databases present on the server and i litterally just dropped the login from role DB_owner - what is going on?
Users with the db_owner role is not the same as being the owner of the database.
You should use ALTER AUTHORIZATION to give ownership of the database to another principal.
If you get the user's SID then you can query the sys.databases catalog view (specifically the owner_sid column) to discover which databases they currently own.
I am trying to create a user and then alter it in SQL Server. So far I have:
CREATE LOGIN bob1 WITH PASSWORD = '!abcd1234'
GO
ALTER USER bob1 WITH DEFAULT_SCHEMA = dbo;
GO
The first statement works, but then for the second I get:
Msg 15151, Level 16, State 1, Line 6
Cannot alter the user 'bob1', because it does not exist or you do not have permission.
What does that mean exactly? And why would I be able to create a user and then not be able to modify it?
It seems I'm mixing up LOGIN and USER. What is the difference between these two items?
In Azure, Login is not a user, it's used to login the Azure SQL database, you need create the user for login: CREATE USER BOB1 FOR LOGIN bob1, then run ALTER USER bob1 WITH DEFAULT_SCHEMA = dbo;. But it's not necessary, the default schema is dbo, we could not specify it.
Create login to log in the Server/database, then mapping the user to login.
After that you need alter the user enough permission/role to access the database, for example:
ALTER ROLE db_owner ADD MEMBER 'bob1'
Please ref here: Authorize database access to SQL Database, SQL Managed Instance, and Azure Synapse Analytics
I've been struggling my way through create a new DB user for an Azure SQL database. Here are the three statements I'm doing:
Create a new Azure login:
CREATE LOGIN [bobby] WITH PASSWORD = 'Password1'
Create a new DB user within the Azure login:
CREATE USER bobby FOR LOGIN bobby;
ALTER USER bobby with DEFAULT_SCHEMA = 'newschema';
To add a user to a DB group for that database — note, it is only for that database (whatever is in the current USE command):
EXEC sp_addrolemember 'db_owner', 'bobby'
For the life of me I couldn't figure out how to do GRANTs for step three. Every time I would try a statement it would give me some flavor of "permission denied" even though I am the one (and only) admin user in Azure. Is this the only way to add roles in Azure? Or am I totally missing something here?
In Azure SQL database, the whole step should be this:
1. Run the command in master DB:
CREATE LOGIN [bobby] WITH PASSWORD = 'Password1'
2. Go to the user database, run the command bellow:
CREATE USER bobby FOR LOGIN bobby;
ALTER USER bobby with DEFAULT_SCHEMA = 'newschema';
ALTER ROLE db_owner ADD MEMBER [bobby];
Please use server admin to create the login or user firstly.
Ref document here: ALTER ROLE (Transact-SQL)
I want to map login user (i.e. TestUser) to already created database (i.e. JIRADB), but after executing below query no user is added in JIRADB.
Refer the image link provided, I want JIRADB to be checked after execution of the query.
Can someone help me with the exact query to achieve this task?
Here is the code, which I currently tried:-
USE [JIRADB]
GO
CREATE LOGIN TestUser WITH PASSWORD="sauser123', DEFAULT_DATABASE=[JIRADB], CHECK_EXPIRATION=OFF, CHECK_POLICY=ON
GO
Just creating a login isn't enough, that login needs a user in the database as well that is mapped to the login.
USE [master]
GO
CREATE LOGIN TestUser WITH PASSWORD="sauser123', DEFAULT_DATABASE=[JIRADB], CHECK_EXPIRATION=OFF, CHECK_POLICY=ON
GO
USE [JIRADB]
GO
CREATE USER [TestUser] FOR LOGIN [TestUser]
GO
--Optional, add the user to database roles if required
ALTER ROLE db_datareader ADD MEMBER [TestUser]
GO
You will notice I also have an alter role statement in there as well, as if you just create a user in a database, it will just be a member of the public role, if you need any other permissions you must either add the user to a database role, or explicitly assign permissions to them.
I create a db on azure portal. After this I connect to the azure db with my own application which i programming in dotnet. What i want is to create a new login which have the permission to also create new logins. So i connect to master db, then i create a new SQL login, then i create a new user from the login and add them to the loginmanager role. So know i can create new logins with the user but when i want create also user from login then i get an error that i have no permission to alter the the login. So what can i do?
Thanks for helping
Daniel
The problem is that the loginmanager role doesn't have the necessary permissions to create or alter users. The 'CREATE USER' statement requires the 'ALTER ANY USER' permission (details here).
So, in the first step you create a login and user in the master database that has the 'loginmanager' role.
-- connect to the master database with your 'sa' account
CREATE LOGIN login1 WITH PASSWORD='<your password>';
CREATE USER login1user FROM LOGIN login1;
EXEC sp_addrolemember 'loginmanager', 'login1user';
In the second step you need to grant this user the 'ALTER ANY USER' permission. Note that this needs to be done in the application database in which you want to have the user accounts.
-- connect to the application database with your 'sa' account
CREATE USER login1user FROM LOGIN login1;
GRANT ALTER ANY USER TO login1user;
You should now be able to create new logins and the associated users. Note that you create the logins in the master database, and you create the user in the application database.