'sa' user when executing the below script, the following error message is shown.
IF NOT EXISTS (SELECT LOGINNAME FROM MASTER.DBO.SYSLOGINS WHERE NAME = N'p_sys')
BEGIN
CREATE LOGIN [p_sys] WITH PASSWORD=N'test', DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF;
ALTER ROLE sysadmin ADD MEMBER p_sys;
END
Msg 15151, Level 16, State 1, Line 4
Cannot alter the role 'sysadmin', because it does not exist or you do not have permission.
I do not want to use sp_addsrvrolemember because MS says it is deprecated.
Please help.
alter role is for database roles, but sysadmin is server role. Try alter server role instead:
ALTER SERVER ROLE server_role_name ADD MEMBER p_sys
Related
I need to create a SQL Server user and link it to my database, so I used the following script
-- Create the user 'tester' for database PILLS
USE [master]
DROP DATABASE [PILLS]
GO
CREATE DATABASE [PILLS]
GO
-- CREAZIONE UTENTE
IF NOT EXISTS(SELECT sp.name AS ServerLoginName, dp.name AS DBUserName FROM sys.server_principals sp LEFT JOIN sys.database_principals dp ON sp.sid = dp.sid WHERE sp.name = 'tester')
CREATE LOGIN [tester] WITH PASSWORD=N'tester', DEFAULT_DATABASE=[PILLS], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
-- MAPPING UTENTE SU DATABASE
USE [PILLS]
CREATE USER tester FROM LOGIN tester;
-- CAMBIO ACCESSI
USE [PILLS]
ALTER LOGIN [tester] DISABLE
GO
ALTER SERVER ROLE [securityadmin] ADD MEMBER [tester]
GO
ALTER SERVER ROLE [serveradmin] ADD MEMBER [tester]
GO
ALTER SERVER ROLE [setupadmin] ADD MEMBER [tester]
GO
ALTER SERVER ROLE [processadmin] ADD MEMBER [tester]
GO
ALTER SERVER ROLE [diskadmin] ADD MEMBER [tester]
GO
ALTER SERVER ROLE [dbcreator] ADD MEMBER [tester]
GO
ALTER SERVER ROLE [bulkadmin] ADD MEMBER [tester]
GO
ALTER LOGIN [tester] ENABLE
GO
The script runs fine but my user doesn't have the server roles as I set previously.
Each instruction looks fine and I've also compared them with the ones generated by SQL Server.
Any ideas?
I'm trying to remove an SQL login with the following commands:
USE [myDB]
GO
ALTER ROLE [db_owner] DROP MEMBER [abc]
GO
USE [myDB]
GO
DROP USER [abc]
GO
USE [master]
ALTER SERVER ROLE [sysadmin] DROP MEMBER [abc]
GO
USE [master]
DROP LOGIN [abc]
GO
But SQL returns the following Error:
Login 'abc' owns one or more database(s). Change the owner of the database(s) before dropping the login.
There are no other (Non-System-)Databases present on the server and i litterally just dropped the login from role DB_owner - what is going on?
Users with the db_owner role is not the same as being the owner of the database.
You should use ALTER AUTHORIZATION to give ownership of the database to another principal.
If you get the user's SID then you can query the sys.databases catalog view (specifically the owner_sid column) to discover which databases they currently own.
Trying to add a new SQL Server Authentication user to an Azure SQL Database instance. The script below is being used. I am logged in as the server admin.
But the script fails at the member role assignment. The login and user are created but I cannot login to the database server.
Script:
use [master]
CREATE LOGIN test WITH password='somethingsecure';
GO
CREATE USER test FROM LOGIN test;
GO
EXEC sp_addrolemember 'db_datareader', 'test';
EXEC sp_addrolemember 'db_datawriter', 'test';
However the above script fails with the following error:
Msg 15151, Level 16, State 1, Line 6
Cannot alter the role 'db_datareader', because it does not exist or you do not have permission.
Msg 15151, Level 16, State 1, Line 6
Cannot alter the role 'db_datawriter', because it does not exist or you do not have permission.
The issue is trying to add the User and Roles to the master database.
All that is needed is to create the Login against master and then create the User and assign Roles against the actual database in the Azure SQL Database server.
See modified script:
use [master]
CREATE LOGIN test WITH password='somethingsecure';
GO
use [your-database]
CREATE USER test FROM LOGIN test;
GO
EXEC sp_addrolemember 'db_datareader', 'test';
EXEC sp_addrolemember 'db_datawriter', 'test';
Note: If you want to create a User with access to the master database, this answer will not help.
In SQL Azure, I want to assign login name [login1] to user [dbo].
I am currently logged in with [login1] account, and try this:
ALTER USER [dbo] WITH LOGIN = [login1]
But it is saying:
Cannot alter the user 'dbo'.
I have also tried this:
ALTER AUTHORIZATION ON SCHEMA::[dbo] TO [login1]
But it is saying:
Cannot find the user 'login1', because it does not exist or you do
not have permission.
I am able to create new table like [dbo].[MyTable], but can not see it in the table list even though it existed.
Any ideas?
You can't re-map [dbo] to [login1], but you can add [login1] to the db_owner database role. For example:
-- in master db
CREATE LOGIN [login1] WITH PASSWORD = '{Some Password}'
CREATE USER [login1] FOR LOGIN [login1]
-- in user db
CREATE USER [login1] FOR LOGIN [login1]
ALTER ROLE [db_owner] ADD MEMBER [login1]
You need change a database owner
1. Create Login1 (without user in your DB)
2. In your db exec script:
sp_changedbowner 'Login1'
So user [dbo] will automatic link to [login1]
i have application and sql server 2012 user ( i need to keep him with minimum permission)
i need to perform bulk insert by my application .
so i need to grant and deny the bulk permission by using SP
when i try
Alter PROCEDURE grantRole #Grant bit
With Execute As Owner AS
if(#Grant=1)
ALTER SERVER ROLE [bulkadmin] ADD MEMBER [myUser]
else
ALTER SERVER ROLE [bulkadmin] DROP MEMBER [myUser]
GO
i get the error
Msg 15151, Level 16, State 1, Line 1
Cannot alter the server role 'bulkadmin', because it does not exist or you do not have permission.
note that :the SP 'grantRole' exec from my application by the connection of the user -which is the user need to grant/deny the role- with execute permission
but as developer i have the permission
how can i solved or is their another way