I would like to disconnect all users from SQL Server except sa.
The need for this is:
I wrote a db maintenance utility for my ERP. Before running it I need to ask all users to logoff.
So somehow I would like to give them a message (through ERP) "disconnecting in 5 minutes, please save your work and logoff or you'll be kicked out" and then after 5 minutes run the command on the server that disconnects all people.
I want "sa" or anyway "1 specific user" not to be disconnected, since the db maintenance utilty will use that user for db connection.
I found this:
use master
alter database MyDatabase set offline with rollback immediate
but how to say "one specific user is an exception"?
Use single_user instead of offline:
alter database [DatabaseName] set single_user with rollback immediate
The initial "single user" will be the one issuing the alter database command. You could then proceed to only allow specific users to log on:
alter login [LoginName] disable
Related
I have a SQL Server 2008 disaster recovery DB that gets restored on a nightly basis from our production server. Every time this happens, a specific user/login with read-only access to the DB breaks.
What is the best way to have the user/login either recreated, or the db_datareader user mapping to the database restored after the DB restore is complete?
This is caused because SQL logins and SQL users use a SID as the actual identification, and the SID won't match since they're generated by each server individually. Windows users and logins use the SID from the domain, so they work just fine. Logins like sa and users like dbo use well-known SIDs that are fixed.
You're supposed to fix it with ALTER USER:
ALTER USER <UserName> WITH LOGIN <LoginName>;
But, IMX, most people still use sp_change_users_login, even though it's deprecated. It's a bit more convenient because it doesn't require you to specify everything manually and you can remap multiple logins with one command.
--List orphaned users
EXEC sp_change_users_login #Action = 'Report';
--Auto remap users to logins that have the same name
EXEC sp_change_users_login #Action = 'Auto_Fix';
--Manual remap
EXEC sp_change_users_login #Action = 'Update_One', #UserNamePattern = <UserName>, #LoginName = <LoginName>;
I need lock functionality on db to some user, while sa making changes on this db.
Example:
user create some databases:
database1
database2
database3
As sa i want to restrict user to making changes in database1, but user can still make changes in database2-3.
ALTER DATABASE database1 SET SINGLE_USER WITH ROLLBACK IMMEDIATE
isn't an option.
upd. Why isn't an option? Because:
I execute ALTER DATABASE database1 SET SINGLE_USER WITH ROLLBACK IMMEDIATE from java code using hibernate -> i got lock, ok. But when transaction commits other user can connect to database. I want do something like:
1. acquire lock
2. do anything, even restart my java application
3. release lock
I have admin rights on a SQL Server 2012 Server and have a user that wants me to create a "throw away" database for them on the server.
Basically, I'm looking to:
Create this database
Give the user full access / rights TO ONLY THAT DATABASE
Have them see it and its schema - but not any other DBs - in the SSMS Object Explorer
I've found quite a few answers around online and the one that got me closest was this one:
https://stackoverflow.com/a/15400392/1693085
Basically giving me these lines of SQL to execute:
--Step 1: (create a new user)
create LOGIN hello WITH PASSWORD='foo', CHECK_POLICY = OFF;
-- Step 2:(deny view to any database)
USE master;
GO
DENY VIEW ANY DATABASE TO hello;
-- step 3 (then authorized the user for that specific database , you have to use the master by doing use master as below)
USE master;
GO
ALTER AUTHORIZATION ON DATABASE::yourDB TO hello;
GO
However, when I then log in as this user and right click on a created table, I get the following error repeated dozens of times:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
------------------------------
ADDITIONAL INFORMATION:
The EXECUTE permission was denied on the object 'xp_instance_regread', database 'mssqlsystemresource', schema 'sys'.
And, if I ignore it and try and delete the table anyways, I get basically the same error again.
All I basically want to do is create a user and ensure they have no more access than that one database, but have full access on that one...
Am I doing something wrong / What should I change??
Thanks!!!
You can get around this by granting the user permission to the stored procedure:
USE master
GO
GRANT EXEC ON OBJECT::master.dbo.xp_instance_regread TO hello
GO
I'm not sure how to even ask this question. We are running SQL Server 2008 R2. I'm not the admin, but a programmer. I need to write an application that updates some database stuff at night. I'm going to set a flag to disable logins to the database, but I want to make a particular database unavailable to anyone except me, even if someone is already logged in to the database. My program will run nightly, as a batch file, presumably with admin privileges.
I'm expecting to produce something like a script of SQL commands. I could take the database offline, except I need to make modifications to it myself. Not sure the best way to handle this.
You can basically just set the database to "single-user" mode and use it exclusively - this T-SQL will do this:
USE master;
GO
ALTER DATABASE AdventureWorks2012
SET SINGLE_USER
WITH ROLLBACK IMMEDIATE;
GO
(of course - replace AdventureWorks2012 with your own database name!)
This will make the database "single-user", e.g. only you have access to it, and it will boot off any users that's currently online, and will rollback all open transactions.
Read more about single user mode on MSDN!
This example sets the database to SINGLE_USER mode to obtain exclusive access. The termination option WITH ROLLBACK IMMEDIATE is specified in the first ALTER DATABASE statement. This will cause all incomplete transactions to be rolled back and any other connections to the AdventureWorks2012 database to be immediately disconnected.
Since you are using an administrative account to perform the updates, I'll assume the account is in one of these roles: db_owner, dbcreator, sysadmin. Use the ALTER DATABASE SET ... syntax to control database access during the DML operations.
The assumption is that database users you want to lock out aren't in the above mentioned roles.
USE master;
-- only allow members of db_owner, dbcreator, or sysadmin roles to access
-- database, allowing current transactions time to complete. if you want to
-- drop access immediately, add WITH ROLLBACK IMMEDIATE
ALTER DATABASE SET RESTRICTED_USER;
-- data load
-- return database to normal operating state
ALTER DATABASE SET MULTI_USER;
A while back I set up a database under SQL Server 2008 called myDB in Windows XP, then under Logins under the server, I clicked Properties on my computer login name COMP23/Andrew and mapped myDB database to this using dbowner as its rights.
Then I cloned this XP installation as a backup, installed Visa, realising I did not want Vista I re-imaged back my original XP copy onto the same machine. However the DB mapping has got really confused! Basically under the server login COMP23\Andrew, it says its mapped to myDB, but when I click myDB and look at its users its not there. I think its lost its SID mapping because it thinks its a new machine.
Under the server login COMP23\Andrew I can't untick the mapping to myDB as when I do it says "Cannot drop the user dbo". I can't alter the dbo user either - it won't let me. But nor can I make the user appear under myDB users! Which means I can't login through my website settings (asp.net web.config) file! When I login it just says Cannot open database "myDB" requested by the login. The login failed.
Login failed for user 'COMP23\ASPNET'
Any ideas? How I can remap this properly? I've even tried reinstalling SQL Server 2008 but the computer name is still there mapped to the database.
Because dbo is the owner of the database, its mapping must be changed by changing the owner of the database:
ALTER AUTHORIZATION ON database::[<yourdb>] TO [sa];
First of all, you can't have quote marks surrounding the stored procedure name. Secondly, it isn't autofix but auto_fix.
Finally, once those corrections are made, you get this error message:
Msg 15600, Level 15, State 1, Procedure sp_change_users_login, Line
181 An invalid parameter or option was specified for procedure
'sys.sp_change_users_login'.
when you run this command:
EXEC sp_change_users_login #Action = 'auto_fix', #LoginName = '<your username>'
Since you mentioned the SID mapping issue, have you tried using sp_change_users_login? Use the autofix option to re-map your login to the one in the database.
For your example above you should execute the following while connected to the database
EXEC `sp_change_users_login` #Action = 'autofix', #LoginName = 'COMP23\ASPNET'
USE [Database]
GO
ALTER USER [dbo] WITH NAME=[username]
GO
sp_changedbowner 'sa'
GO