CREATE TABLE permission denied in database 'master' on Amazon AWS RDS - sql-server

I followed the instructions on AWS to set up an RDS instance with SQL server Express,
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_NET.quickstart.html
But I find that when I go to run the commane 'Update-Database' that I get:
CREATE TABLE permission denied in database 'master'.
Turns out I'm logged in as 'Guest'??? Despite setting up the db as per instructions.
So I'm expecting that I must have missed something simple, just looking for any hints as to how to get admin access to my own SQL Server hosted on RDS?

The master database is a System database internal to SQL Server. You never need to run CREATE TABLE inside that database. It sounds like you're not in the right database context: you're running commands against that database rather than your own database.

Related

SQL Server RDS Web Edition Gives Access to Everything to New Users

I'm currently setting up roles to give people limited access to our SQL Server RDS Web Edition Database. I would need only insert and select privileges to one table. However, it seems like new users are granted all privileges to all tables by default and I would have to run a recurring script to deny them from all new ones. It seems like this logic is maybe AWS RDS centric as I had a SQL Server developer look at it. Any suggestions how I can add a new user to deny them everything but one table by default?

Restore .bak on Azure SQL database through SSMS: Failed to connect to Server ***. Login Failed for user ***

I am trying to restored a .bak file on an Azure SQL server through SSMS.
The reason why I am doing this is that my company unfortunately blocked any action on the Azure portal itself and therefore I have to find another way around.
I am able to connect successfully to the DB on Azure with my admin account through SSMS.
I first successfully restored the .bak on my local database. And then I am trying:
Again, I am able to connect through the same SSMS to the SQL db.
Moreover, when starting this procedure I get asked to connect first to the DB, which works successfully! What I mean is:
It doesn't give me any error, which is weird because if I try to connect with a wrong password it tells me right away that is wrong. So it kind of accepts it. It's only after when I really start the deployment that it gives me the problem:
Just for now, Azure SQL database doesn't support restore from .bak file.
You work flow should be right, restore the .bak file(database) into a local SQL Server firstly, then deploy the restored database to Azure with "Deploy database to Microsoft Azure SQL database".
Make sure you are using the server admin account of the Azure SQL database. Per my experience, the error is usually caused by the permission limits.
If all of these(SSMS) don't work, please thy other ways. Please try Data Migration Assistant(DMA) migrate the database. If DMA still give the same error, we can ensure that it's not caused by the tools, you need another higher Azure SQL database account permission.
HTH.
Working solution was to use the export data task:
For some reason this worked and the publish to ASQL task from SSMS didn't. I understand this is very based on the restrictions imposed by my company but at least this solution worked.
NOTE: as both Source and Destination use SQL Server Native Client .
Moreover when setting the Destination the refresh of the list of databases might not work (depending on your permissions on Server level) but if you type directly the name of the database it will work. Talking about this:

Error Migrating SQL Server Database to Azure

So I am completely new to .Net Core development, and was given a codebase that I am trying to host on Microsoft Azure. I have the local database file (.mdf) in SQL Server Management Studio, and am trying to deploy it to an Azure Database, However it keeps failing during migration and giving me this issue
Error SQL71627: The element User: [ISOCENTRIC\Administrator] has property >AuthenticationType set to a value that is not supported in Microsoft Azure SQL >Database v12.
(Microsoft.SqlServer.Dac)
However, when I SELECT * FROM master.sys.database_principals; and it dumps the db users list, the "ISOCENTRIC\Administrator" user does not appear in that list, so I cannot find a way to drop it from the DB. Is there something I am missing regarding the location of this user and how I can drop it from the db so I can migrate to Azure?
p.s. This is my first post on here so please let me know if I should make any changes to adhere to correct formatting on this forum.
Thanks in advance.
I guess the database users can't be migrated to Azure SQL DB because they are Windows users. You'll need to drop those users before you deploy this database to Azure SQL DB.
You can always backup and restore a copy of this database, remove the users, and then deploy that one to Azure SQL Db.
I figured out that my query to dump the database users was incorrect, and was able to find and drop the user causing the issue.

What grants are needed for the SQL Server Telegraf plugin in Azure SQL Database

I'm using the Telegraf input plugin for SQL Server (https://github.com/influxdata/telegraf/tree/master/plugins/inputs/sqlserver) to gather metrics and report to InfluxDB. It works well for SQL Server, but though it supports Azure SQL Database the documentation is a bit sparse.
The database user should be created like this:
CREATE LOGIN [telegraf] WITH PASSWORD = N'password';
GRANT VIEW SERVER STATE TO [telegraf];
GRANT VIEW ANY DEFINITION TO [telegraf];
That works on SQL Server, but in Azure it fails:
Securable class 'server' not supported in this version of SQL Server.
I wonder what I need to grant instead in order to solve this in the best possible way. We have a large number of databases running on the same server in an elastic pool, so if it is possible I would like to use a single user that logs in to the master and collects metrics for all the databases at once (the way it works with SQL Server). If that is impossible I can configure multiple logins and process one database at a time.
Perhaps I can grant VIEW DEFINITION at the database level, but VIEW SERVER STATE does not seem to be supported at all.
So, how should I configure the SQL Database login(s) for Telegraf with the SQL Server plugin to make it work?
EDIT:
Running as the super user for the server works without errors, but only produces metrics for master and tempdb. I need metrics for the many application databases and they are missing. Plus running as the super user is less than ideal.
Running as the super user for the server but connecting to a specific application database (add database in connection string) crashes with a nil pointer dereference and the log complains about VIEW DATABASE STATE permission denied in database master (the super user has access, but apparently not when connecting to a spefic database).
Granting VIEW DATABASE and VIEW DEFINITION to telegraf in an application database and connecting directly to that database as telegraf crashes with a nil pointer dereference and the log says the connection was closed.
EDIT 2:
Created bug report https://github.com/influxdata/telegraf/issues/4222.
EDIT 3:
As of the latest release the plugin works if the server admin account is used, so the issue has been solved. There is still no way to run with a less privileged account in Azure DB.
The answer:
GRANT VIEW SERVER STATE is not supported in Azure SQL Database.
On SQL Database Premium Tiers requires the VIEW DATABASE STATE
permission in the database. Permissions can not be granted in Master,
but the views can be queried in user databases. On SQL Database
Standard and Basic Tiers requires the SQL Database server admin
account due to security requirements following from multi tenancy of
those tiers.
Reason:
SQL Azure SQL is PaaS solution, therefore the most "server" specific features, DMVs, settings are blocked by purpose
References:
Grant View Server State - is it possible for a none SA user to have in Azure SQL?
SQL Azure VIEW DATABASE STATE permission denied in database 'master'
Possible workaround: (which is, anyway does not work in ewramner case)
CREATE LOGIN [telegraf] WITH PASSWORD = N'password';
USE [yourDB]
GRANT VIEW DEFINITION TO [telegraf];
GRANT VIEW DATABASE STATE TO [telegraf];
Therefore, (IMHO), there is no way to make such application working in SQL Azure without changing application code

Please explain SQL Azure "master" database

What's the "master" database in SQL Azure for? I just created a subscription and once I created a "new SQL Server" I immediately got "master" database with 1GB size. That database can't be deleted - "delete" button is not active in the management portal.
When I tried to deploy a .dbproj project there Visual Studio said it "couldn't deploy to a system database".
Can I use that database for storing my data? Do I create a new database instead?
Just a note: you will not be charged for the master DB.
master is a required system database that's responsible for holding info about all the the other database on the server instance, system metrics/config, managing logins & database creation etc, its read-only and can't be removed.
You will need to create a new database and deploy to that.
The master database records all the system-level information for a SQL Server system. This includes instance-wide metadata such as logon accounts, endpoints, linked servers, and system configuration settings

Resources