Is it possible to set up a default set of role mappings for Microsoft SQL Server (2008 R2 for instance) that apply to subsequent databases?
Example: Whenever I create a new database on the server, I want it to map db_owner to a login group called Group_A and db_datareader to a group called Group_B.
The databases are created by a 3rd party application, so doing it in the CREATE statement is not enough. What I hope for is to set a default behaviour for the server itself.
Every new database is created as a copy of the model database on the SQL server. So when you do the mapping the the MODEL db every new DB should replicate that. I haven't tried that with roles and groups but you can try it and let me know whether it works...
Related
I'm trying to export a database from a CloudSQL SQL Server Express Database, that is currently attached on a user other than sqlserver, and import it on a new CloudSQL SQL Server Standard Database. While I can export/import normally with BAK files, I'm unable to create a new user on the destination database and grant it the db_owner on the imported schema, everything always goes only to the sqlserver user. Can someone help me out?
Best regards.
You haven't mentioned what have you tried, for creating users and what output you received when you tried that.
But have you tried creating the user using gcloud cli? gcloud sql users create
https://cloud.google.com/sdk/gcloud/reference/sql/users/create
You can assign the above user to access a specific database once it has been created using the command above.
If the new Standard Database is on a new Cloud SQL instance, you might be using the new default MASTER database. By design, the "db_owner" role cannot be attributed there, so you may create a new database and grant the role on that new one instead.
I'm trying to determine who created a database in my SQL Server instance. The .trc logs seem to have been purged and I can't locate a backup of them. I know when the database was created and have found the .bak file that was used to create the database, but I can't determine WHO created it.
Any other ideas how I can figure this out? (SSMS schema history report also doesn't go back far enough)
Based on the following article:
There is no dbo concept for server scope securables. They are always owned by the login that created them, no matter of any server roles that the login might be a member of.
So by default, the database owner is the one who created the database, but you have to make sure that no one changed this property:
To check the database owner, in SQL Server management studio, Right click on the database and in the Properties window >> General Tab >> check the owner property:
I created a new SQL server with a database in Azure and after logging in with the admin account I added a new user that I wanted to only have access to one database.
In SSMS I right clicked on mynewdatabase database and selected New Query.
I executed
CREATE USER mynewuser WITH PASSWORD ='good password here';
ALTER ROLE db_owner ADD MEMBER mynewuser ;
Now after logging in as mynewuser I can still see the master database.
The question is how do I restrict mynewuser to only access mynewdatabase?
I'm sure this is something basic.
In SQL Server, including Azure SQL DB, all users can can see all system databases in sys.databases. This is not the same as being able to connect to them or run queries in them. This does not disclose any sensitive information as these are system databases and whether you saw them listed or not you would know they were there. See https://msdn.microsoft.com/en-us/library/ms178534.aspx#Anchor_0.
Based on the steps you describe, you have created a contained user that should not be able to connect to the master database or run queries in Azure SQL DB.
How do I set permissions in SQL Server 2008 R2 such that the user can freely create, modify, and drop databases, but only their own - and can't read, see or modify anything else?
This can be done I guess by creating new user and not mapping any DBs created by other users.Hence this user can have permission to do anything with DBs created by him or her.
I am a complete SQL Server newbie but I have experience with Oracle and MySQL. I am using SQL Server Management Studio.
I have an existing database that I want to create views from but I want those views to reside in another database (schema?) which will be accessible by a separate user account that can connect via JDBC.
I can create the database easily enough, right click "Databases" and select "New Database". From there I am lost.
1) How do I grant select/update/delete permissions (to create and update views) on one database to the new database?
2) How do I create a new user?
3) How do I grant permissions for users?
Thanks in advance.
Like Martin said you need a new schema not a database.
CREATE SCHEMA [SchemaName] AUTHORIZATION dbo;
Create your Views under the new schema name then,
CREATE LOGIN [LoginName] {FROM WINDOWS} (If you are using an AD Group)
USE [DatabaseName];
CREATE USER [LoginName/Username]; (They can be the same)
GRANT EXECUTE, SELECT, INSERT, DELETE, VIEW DEFINITION ON Schema::[NewSchemaName] TO [LoginName/Username];
If you want to have a Role the create the role under the database and make the UserName a member of the Role and grant the permissions to the role.