I have just created a new user on an newly created Oracle 12C database and cannot use it to login from either SQL*Plus or SQL Developer. What am I doing wrong? I can connect as SYSTEM but not as NEWGUY.
-- logged in as SYSTEM....
alter session set CONTAINER=PDBNEW
create user NEWGUY identified by FRED
grant connect to NEWGUY
I can connect as system but trying to connect changing only the username and password results in failure. (ORA-91917: invalid username/password; login denied.
I can see NEWGUY in the DBA_USERS table.
I'll amend this if you need more information....
Remember everyone that if you create a PDB you have to open it and set it to read/write in order for it to be open for business.
ALTER PLUGGABLE DATABASE myPDBDatabase OPEN READ WRITE;
Related
I try (for the first time) to create a user account on my SQL Azure database.
I have read in some blogs that I have to create these command lines
CREATE LOGIN login_name WITH PASSWORD = 'strong_password';
CREATE USER 'user_name' FOR LOGIN 'login_name';
And then
USE [Database];
GO
GRANT CONNECT TO login_name;
But, when I try to connect with this new account on my database, I have the message error 916
The server principal "login_name is not able to access the database "master" under the current security context.
I don't understand because the don't create my new user for the master but for a specific database in my SQL Azure environment (I have 5 databases in my SQL Azure by the way)
If you have any idea to help me, thanks in advance
When first logging in, unless a database is specified in the connection string, a login connects to its default database. If the database is not specified in the CREATE LOGIN statement, the system default of master is used.
To fix this, use this for your CREATE LOGIN:
CREATE LOGIN login_name WITH PASSWORD = 'strong_password',
DEFAULT_DATABASE = MyDatabase;
how its possible to see 'sa' login in connection with login which have only granted to read some views? Probably cant to edit anything, but can see. And also can see list of databases, but cant to open. All in SQL Management Studio. Login just created by:
create login YourTpvLogin with password = 'enter new password here'
go
create user YourTpvUser for login YourTpvLogin
go
grant select on YourView to YourTpvUser
Thank you for explanation or way how to fix it.
Ok... First of all Every SQL Server login belongs to the public server role. Next - The public server role is granted VIEW ANY DATABASE permission which means that a login that is granted this permission can see metadata that describes all databases including master database which in turn records all the system-level information for a SQL Server system including information about SQl server logins and sa login of course is not an exception.
So... any new login can see all databases and logins but can't modify them.
Possible "solution" for hiding databases is to deny a login the VIEW ANY DATABASE permission.
To limit visibility to database metadata, deny a login the VIEW ANY
DATABASE permission. After this permission is denied, a login can see
only metadata for master, tempdb, and databases that the login owns.
And... you can't completely hide the sa login because every login must be able to read server's metadata from the master database.
I can not access my sql server connection from c# code. I get this error:
Sql Exception: No Process Is on the Other End of the Pipe
thats the connection string in my app.config:
<add name="DefaultConnection" providerName="System.Data.SqlClient" connectionString="Data Source=BELLA\SQLEXPRESS;Initial Catalog=TLP;User Id=pascal;Password=test;Pooling=False"/>
When I use windows authentication: Integrated Security=True;
Then I can connect to the database.
BUT I can NOT use windows authentication because the opening of the sql connection is done from within a windows service which is run as LocalSystem. When I do this I get this error:
Login failed. Login failed for user 'NT AUTHORITY\SYSTEM'
Its the first time I create a login + user in sql management studio so I am nearly sure I did something wrong and its my fault.
This is what I did:
1) Create a new login in the server`s security folder with sql authentication user:pascal and password:test.
2) Went to my database and create a new user in the security folder with user: pascal and login: pascal and schema: dbo
3) Did I forget something?
Solutions from other people:
1) I have also tried this link but no luck my Sql Select on the suspect_pages table is empty.
Error: No process is on the other end of the pipe
2) My Sql Server network configuration has ENABLED on the tcp/ip, names pipes and shared memory settings.
3) SQL Server 2008 can't login with newly created user
Number 1 to 3 did not help at all.
All this is done on my local machine. No network is here.
Did you enable Shared Memory and TCP/IP providers in SQL configuration?
If not, try opening the SQL Server Configuration Manager utility and enabling Shared Memory and TCP/IP. The order that works for me is Shared Memory (1) and TCP/IP (2) for both server and client.
Also, make sure you are creating both a SQL LOGIN and DATABASE USER for PASCAL with correct rights.
Check out my blog article on creating logins. http://craftydba.com/?p=656
The snippet below will blow away and recreate your login/user with the correct default database, default schema and read/write privileges.
-- Which database to use.
USE [TLP]
GO
-- Delete existing user.
IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'pascal')
DROP USER [pascal]
GO
-- Which database to use.
USE [master]
GO
-- Delete existing login.
IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'pascal')
DROP LOGIN [pascal]
GO
-- Add new login.
CREATE LOGIN [pascal] WITH PASSWORD=N'test', DEFAULT_DATABASE=[TLP]
GO
-- Which database to use.
USE [TLP]
GO
-- Add new user.
CREATE USER [pascal] FOR LOGIN [pascal] WITH DEFAULT_SCHEMA=[dbo]
GO
-- Add to database read / write roles
EXEC sp_addrolemember 'db_datareader', 'pascal'
EXEC sp_addrolemember 'db_datawriter', 'pascal'
GO
-- Add to database owner role?
-- Only give out if application needs a high level of privileges.
-- EXEC sp_addrolemember 'db_owner', 'pascal'
-- GO
Server level protocols.
Client level protocols.
I never choose NETBIOS since it is a non-routable protocol.
If you are still having issues, please post a screen shot and more details.
Probably an unusual scenario but I just got this exception and tracked it down to an invalid database name in the Initial Catalogue value of the connection string.
I have downloaded database and attached it to my local sql server, however I can't seem to change the password of one the existing user's on the db.
Using the following command:
ALTER LOGIN [NotificationsUser] WITH PASSWORD = 'password';
I get the error:
Msg 15151, Level 16, State 1, Line 1
Cannot alter the login
'NotificationsUser', because it does
not exist or you do not have
permission.
Is this possible?, what access permissions do I need to change user permissions anyway ?
If you've attached this database to your local SQL server then you'll need to do a couple of things:
If you haven't already done so, create user logins on your SQL server to match the ones that exist in the attached database. It's simpler to do this before attaching the database. But it can be done after the DB has been attached.
Because the SID's of the users in the newly attached database won't be the same as the newly created logins you'll need to resolve this using the sp_change_users_login stored procedure. The database user's are in effect orphaned.
For example if you have:
SQL Login: bob Attached database user: bob
Open a new query in SQL Management Studio for the attached database then run:
sp_change_users_login #action='report'
If you have "orphaned" users in your database then you'll see a result set that looks like:
UserName UserSID
bob 0x57F6DFA5D5D7374A97769856E7CB5610
To reconnect this user to a SQL login execute:
sp_change_users_login #action='update_one',
#loginname='bob',
#usernamepattern='bob'
I think you're confusing a database user with a server login.
Your database may have a user in it called NotificationUser but this needs to be associated with a server login, which is the object you're trying to alter with the script. A database restore from a different server won't have created this server login so there's a good chance it doesn't exist on your server. More info here
A while back I set up a database under SQL Server 2008 called myDB in Windows XP, then under Logins under the server, I clicked Properties on my computer login name COMP23/Andrew and mapped myDB database to this using dbowner as its rights.
Then I cloned this XP installation as a backup, installed Visa, realising I did not want Vista I re-imaged back my original XP copy onto the same machine. However the DB mapping has got really confused! Basically under the server login COMP23\Andrew, it says its mapped to myDB, but when I click myDB and look at its users its not there. I think its lost its SID mapping because it thinks its a new machine.
Under the server login COMP23\Andrew I can't untick the mapping to myDB as when I do it says "Cannot drop the user dbo". I can't alter the dbo user either - it won't let me. But nor can I make the user appear under myDB users! Which means I can't login through my website settings (asp.net web.config) file! When I login it just says Cannot open database "myDB" requested by the login. The login failed.
Login failed for user 'COMP23\ASPNET'
Any ideas? How I can remap this properly? I've even tried reinstalling SQL Server 2008 but the computer name is still there mapped to the database.
Because dbo is the owner of the database, its mapping must be changed by changing the owner of the database:
ALTER AUTHORIZATION ON database::[<yourdb>] TO [sa];
First of all, you can't have quote marks surrounding the stored procedure name. Secondly, it isn't autofix but auto_fix.
Finally, once those corrections are made, you get this error message:
Msg 15600, Level 15, State 1, Procedure sp_change_users_login, Line
181 An invalid parameter or option was specified for procedure
'sys.sp_change_users_login'.
when you run this command:
EXEC sp_change_users_login #Action = 'auto_fix', #LoginName = '<your username>'
Since you mentioned the SID mapping issue, have you tried using sp_change_users_login? Use the autofix option to re-map your login to the one in the database.
For your example above you should execute the following while connected to the database
EXEC `sp_change_users_login` #Action = 'autofix', #LoginName = 'COMP23\ASPNET'
USE [Database]
GO
ALTER USER [dbo] WITH NAME=[username]
GO
sp_changedbowner 'sa'
GO