I executed the task Take offline of a SQL Server 2008 R2 database.
I cant bring it online!
I tried with
USE master;
GO
ALTER DATABASE [DBNAME] SET ONLINE
I get an error.
User does not have permission to alter database 'DBNAME', the database
does not exist, or the database is not in a state that allows access
checks.
I also tried using the task Bring online and I get the exact same error.
Can anyone help me asap?
I think you're going to need to login with the SA account, or some other account with sysadmin privileges, and then run your code to put it back online. While you're in there, add sysadmin to your account, too. If you don't own the database, you may need to talk to someone else to get the SA password, or ask them to do it for you. Unless you don't have the SA password or it's been dumbed down for security reasons.
Your error is too generic to be usable. Do you actually have the rights to alter the database (I guess you do if you managed to bring it offline)? Can you access teh SQL logs (accessible in the tree via Management > SQL Server logs)? Are you sure the user who is executing the script is the one you expect?
Also, you can try any of the following
* restart the service then retry
* Use the mouse GUI o bring it online (right click on the DB, Tasks, Bring Online)
Had same problem, same error. Even logged on as SA and returned same error. On both problem database the owner was not SA.
Solved by attaching the database. This gives you the opportunity to rename the database was well assign an owner. Assigned owner as SA.
Detached failed database the renamed the newly attached database to the original name.
A lesson in always give SA ownership of new databases.
Related
i'm using db2 9.7 on linux and i created a user "db2fee1i" to be a instance owner. I restored a database, but even being SYSADM i only can connect to database.
I need give DATAACCESS to another user, and appears...
("The command was processed as an SQL statement because it was not a valid Command Line Processor command. During SQL processing it returned: SQL0551N "DB2FEE1I" does not have the required authorization or privilege to perform operation "EXECUTE" on object "NULLID.SQLC2H23". SQLSTATE=42501")
I tryed everything but nothing solves my problem, now i found "SECADM" that can give me the "privileges to execute" into database, but i dont know how to do it.
Someone can help me?!
Original database authorities and privileges are restored from the backup image, so by default your new instance owner ID does not have any special privileges apart from those inherited from PUBLIC.
Prior to restoring the database set the DB2 registry variable db2set DB2_RESTORE_GRANT_ADMIN_AUTHORITIES=ON and restart the instance. After the restore the authorization ID performing it will be granted SECADM, DBADM, DATAACCESS, and ACCESSCTRL authorities.
it worked for me ,
drop the db.
db2set DB2_RESTORE_GRANT_ADMIN_AUTHORITIES=ON
then restore the DB.
I need to copy a SQL Server Express database from one one server to another (virtual) server.
I know how to do this for the database itself - with a backup and restore. I have also looked at this and this which show how to script this - that's great.
However, I also need the permissions to go with it but can't figure out how to do that.
Any pointers would be warmly welcomed.
The logins need to exist already on the destination server, but once they exist, you can wire-up the logins back to the users with a script like this:
sp_change_users_login 'Update_One', 'user-name', 'login-name'
More information on sp_change_users_login can be found on MSDN
Logins are at a server level. Users are at a per-database level. Generally I keep the login name and user name the same to avoid confusion, but they can be different. The Users define the permissions within the database and you've not lost them, just the link to the login.
As an alternative to sp_change_users_login
ALTER USER username WITH LOGIN = newlogin
I am trying to give all the permissions to a user in the User Mapping section of a database. But, I am encountering this error:
"Cannot use special principal dbo"
Server roles of the user:
This is happening because the user 'sarin' is the actual owner of the database "dbemployee" - as such, they can only have db_owner, and cannot be assigned any further database roles.
Nor do they need to be. If they're the DB owner, they already have permission to do anything they want to within this database.
(To see the owner of the database, open the properties of the database. The Owner is listed on the general tab).
To change the owner of the database, you can use sp_changedbowner or ALTER AUTHORIZATION (the latter being apparently the preferred way for future development, but since this kind of thing tends to be a one off...)
Fix: Cannot use the special principal ‘sa’. Microsoft SQL Server, Error: 15405
When importing a database in your SQL instance you would find yourself with Cannot use the special principal 'sa'. Microsoft SQL Server, Error: 15405 popping out when setting the sa user as the DBO of the database. To fix this,
Open SQL Management Studio and Click New Query. Type:
USE mydatabase
exec sp_changedbowner 'sa', 'true'
Close the new query and after viewing the security of the sa, you will find that that sa is the DBO of the database. (14444)
Source:
http://www.noelpulis.com/fix-cannot-use-the-special-principal-sa-microsoft-sql-server-error-15405/
This answer doesn't help for SQL databases where SharePoint is connected. db_securityadmin is required for the configuration databases. In order to add db_securityadmin, you will need to change the owner of the database to an administrative account. You can use that account just for dbo roles.
How can you hide databases you do not have access rights to when logging into SQL Server 2005 / 2008?
Currently if a user connects, they see all the databases on the server, meaning they have to scan though the list to find their database.
After hours of trying to figure out how to create a user account which only has access to 1 DB, and can only see that DB. I think i figured it out!!!!
Create a user account ( make sure its not mapped to any Database, otherwise you will get the final error Msg 15110, Level 16, State 1 and note proposed solution)
USE [master]
GO
CREATE LOGIN [us4]
WITH PASSWORD=N'123',
DEFAULT_DATABASE=[master],
CHECK_EXPIRATION=OFF,
CHECK_POLICY=OFF
Right Click on the upper section of the SQL (SQLSERVER Name)>Properties>Permissions>Click on the user account, and select Deny to view databases.
use [master]
GO
DENY VIEW ANY DATABASE TO [us4]
Right Click on the newly created DB, Properties,Files, and change the Owner to the newly created account.(important note: ALTER ROLE [db_owner] ADD MEMBER [us4] does not work)
USE [dbname]
GO
EXEC dbo.sp_changedbowner #loginame = N'us4', #map = false
At this point, once the user logs in he will see the Master,tempdb and will also see the new DB which he is a DB Owner of..You may want to go to Tools>Option and enabled the option to hide system objects so that you don't show the master,tempdb,etc. You may also need SP1 if this option does not work
Msg 15110, Level 16, State 1, Line 1
The proposed new database owner is already a user or aliased in the database.
proposed solution to Msg 15110: to resolve above error simply delete the user from database security node and try again
Hope that helps...
Nikhil
This actually won't work the way that makes sense or that you might expect that it would.
You REVOKE VIEW ANY DATABASE from the public role, but then the user has to be the database owner of the database or it can't be seen, but it still can be accessed.
The problem is a Database Engine Security shortcoming and not likely to be fixed in the current or future release of SQL Server.
Erland Sommarskog opened the following connect item for this a while ago, and it recently was discussed on twitter and with Microsoft by the SQL MVP's.
Vote for the connect and help make it more of a priority for Microsoft to fix:
Connect Feedback
Basically the permissions are stored at the database level, so it would require enumerating each database to determine if the user has connect rights to display the database in the object explorer, which is an expensive task to perform and how the older EM used to do things.
The proposes solution is for this information to be maintained at the server level as well, which is a major change.
You would need to revoke the permission 'VIEW ANY DATABASE' from the role PUBLIC (SQL SERVER 2005 onwards)
Add user to DB as Db owner after removing VIEW ANY DATABASE rights
This will show only the database owned by the login in SSMS.
USE master; GO
DENY VIEW ANY DATABASE TO [loginname]; GO
USE [your db]; GO
DROP USER [loginname]; GO
USE master; GO
ALTER AUTHORIZATION ON DATABASE::[your db]TO [loginname]; GO
Note: this requires the login to exists already
There appears to be a server-side setting on MS SQL 2005 and 2008 to restrict the databases a user may see. I found the following text at sql-server-performance.com
In SQL Server 2005 it is possible with a new server side role that has been created. VIEW ANY DATABASE permission is a new, server-level permission. A login that is granted with this permission can see metadata that describes all databases, regardless of whether the login owns or can actually use a particular database. Please note By default, the VIEW ANY DATABASE permission is granted to the public role. Therefore, by default, every user that connects to an instance of SQL Server 2005 can see all databases in the instance.
When I try to create a SQL Server Login by saying
CREATE LOGIN [ourdomain\SQLAccessGroup] FROM WINDOWS;
I get this error
The server principal 'ourdomain\SQLAccessGroup' already exists.
However, when I try this code
DROP LOGIN [ourdomain\SQLAccessGroup]
I get this error
Cannot drop the login 'ourdomain\SQLAccessGroup', because it does not exist or you do not have permission.
The user that I am executing this code as is a sysadmin. Additionally, the user ourdomain\SQLAccessGroup does not show up in this query
select * from sys.server_principals
Does anyone have any ideas?
We are still struggling to understand the HOW of this issue, but it seems that [ourdomain\SQLAccessGroup] was aliased by a consultant to a different user name (this is part of an MS CRM installation). We finally were able to use some logic and some good old SID comparisons to determine who was playing the imposter game.
Our hint came when I tried to add the login as a user to the database (since it supposedly already existed) and got this error:
The login already has an account under a different user name.
So, I started to examine each DB user and was able to figure out the culprit. I eventually tracked it down and was able to rename the user and login so that the CRM install would work. I wonder if I can bill them $165.00 an hour for my time... :-)
is this when you are restoring from a backup or something? I've found that the following works for me in situations when I'm having problems with user accounts in sql
EXEC sp_change_users_login ‘Auto_Fix’, ‘user_in_here’
This happened to me when I installed SQL Server using a Windows username and then I renamed the computer name and the Windows username from Windows. SQL server still has the old "Computername\Username" in its node of Server->Security->Logins.
The solution is to go to Server->Security->Logins and right-click -> rename the old Windows user and use the new MachineName\Username.
I faced similar issue and i believe the issue was as a result of trying to recreate a login account after deleting an existing one with same name.
Just go through the various databases on the server using SQL Studio.
Example steps:
DBName ->Security->users
at this level for each of the databases, you may see the name of the user account there. Delete all occurrence in each Database as well as its occurrence in the top level Security settings at
Security->Logins
When done, try recreating the login account again and you should be fine.
I had the same story as Shadi.
On the top I can add that it can be also done by query:
ALTER LOGIN "oldname\RMS" WITH name="currentname\RMS"