I'm looking at the Database Project in VS2010, the idea being that I want something I can use to keep track of the database schema (in source control) and the ability to generate "new install" scripts, and change scripts.
When I create a new database project wizard and import my existing database schema, it won't "build". I get the error:
SQL03006: User: [scanner] has an
unresolved reference to Login
[scanner].
The SQL that generates this error:
CREATE USER [scanner] FOR LOGIN
[scanner];
The user "scanner" is a login defined in the database I imported. I have no idea what it's teling me, and google isn't throwing much up. Any ideas?
The Login is actually defined in the master database of the server install. The CREATE USER statement needs to point at an existing Login otherwise it errors. The Database Project is not aware of the Login at the server level. Either you can create a Server Project to handle the Logins, or you can turn off the checking of Security objects in your Database Project. See the answer by Demetri M for more details: http://social.msdn.microsoft.com/Forums/eu/vstsdb/thread/1f8226fe-b791-4344-8735-3d38307e8664
I'm using Visual Studio 2012 for a SQL Server 2008 R2 database project. The options listed by #Judah don't appear to work anymore.
They now appear to be Settings that you configure while doing a Schema Compare:
Right click database project >
Choose 'Schema Compare' >
Choose the 'Settings' gear icon >
Choose the 'Object Types' tab >
Logins are Non-Application-scoped. Database roles, Permissions, Role Memberships, and Users are all Application-scoped.
Unfortunately, the only way that I can find to preserve these is to save the schema compare. This can be a little inconvenient if you're sharing this on a team and would like project/database (or server) settings for any schema compare.
It gets the job done, though.
You can change the create user scripts to create roles.
So instead of "Create user userName for login loginName;"
use "Create Role [userName] authorization dbo;"
This is a hack, but as long as you aren't having to deal with users and roles in your project, you can happily do the following:
GRANT EXECUTE
ON OBJECT::[dbo].[sp_name] TO [userName];
Apparently, this issue is still occurring on VS2017 database projects as well.
I've managed to solve it by first creating the login and then create the user.
-- Windows Account
CREATE LOGIN [Domain\Username]
FROM WINDOWS WITH DEFAULT_LANGUAGE = [us_english];
GO
CREATE USER [Domain\Username] FOR LOGIN [Domain\Username];
GO
-- Sql Acccount
CREATE LOGIN [sql_account] WITH PASSWORD = 'Ch#ngeth1spA$swurD'
GO
CREATE USER [sql_account]
FROM LOGIN [sql_account]
WITH DEFAULT_SCHEMA = dbo
GO
-- Then set the sql file Build Action to "Build"
In the database project open the 'Security' folder (assuming that's how your database was imported). For each user profile that is causing an issue, set the build action to 'None' in the properties panel. You will also have to remove them from any other files in which they appear, including Permissions.sql and RoleMemberships.sql.
Related
Our business has just changed Active Directories and the domain changed, from "YMS" to "YMSNET". So I used to be able to log in with "YMS\tkol" and I can now log in with "YMSNET\tkol" (these usernames and domains are faked for the purpose of example), but when I log in as that now, I can't actually expand any of the databases or look at any of the tables, I can just see a list of the database names. When I try to expand a database in the UI it says "This database is not accessible (Object Explorer)."
Now I have another user, called "sqluser", and I keep trying to use that user to log in as well by changing the Authentication Method to SQL Server Authentication rather than Windows Authentication. But I get Microsoft SQL Server, Error: 4064
Now I know this sqluser user exists and the password is correct, because I can authenticate to the server and successfully interact with the tables from an external process on a separate computer on the same network (node.js, package mssql). And I used the query on the accepted answer on this question, and found my sqluser is there, with roles db_accessadmin, db_ddladmin, db_owner. And yet it still won't let me log in with that user in the SQL Server Management Studio UI
How can I get this working again and log in with my sqluser account? Or add the appropriate permissions for my YMSNET\tkol account?
--- edit ---
My first idea is that, because I can log into the UI with YMSNET\tkol, but I can interact with the databases externally with sqluser, that there is some query or command I can run with sqluser that will add permissions for YMSNET\tkol so that that user can now look at all the databases and tables. I don't know which commands I'd run for that.
It can be because your account's default database is mapped to some another db which is not available for you, for instance, you have no permissions there, or that database not exists anymore etc.
Your organization DBA can fix it by:
ALTER LOGIN [sqluser] WITH DEFAULT_DATABASE = [rightDB]
Default db name can be checked by:
select default_database_name from sys.server_principals
where name = 'sqluser'
This property can be overridden by opening "Options" of SSMS connection window and specifying it explicitly:
I have created 2 SQL Server Database Projects in VS 2013 and imported schemas from 2 databases that reside on the same SQL instance. Both databases have SQL Users, let's say [MyUser1] and [MyUser2], that use a single SQL Login, let's say [MyLogin]. The issue is both projects want to create the SQL Login and this causes the error
"SQL71508 The model already has an element that has the same name MyLogin"
DB1 Project
CREATE LOGIN [MyLogin] WITH PASSWORD = N'xyz';
CREATE USER [MyUser1] FOR LOGIN [MyLogin];
DB2 Project
CREATE LOGIN [MyLogin] WITH PASSWORD = N'xyz';
CREATE USER [MyUser2] FOR LOGIN [MyLogin];
I've tried:
Removing CREATE LOGIN from one of the projects. Issue is then CREATE USER generates an error because it wants the CREATE LOGIN for the Login to exist.
To find a way to ignore the error, but all I've found is how to ignore warnings.
Using the following to check if Login already exists, however an error is generated at the "If" indicating, "SQL700001 The statement is not recognized in this context".
If Not Exists (Select name From master.sys.server_principals Where name = 'MyLogin')
Begin
CREATE LOGIN [MyLogin]
WITH PASSWORD = N'xyz';
End
Does anyone have any thoughts on how to correct or work around this issue? Thanks!
Also, my primary reason for creating the DB2 project was due to views in DB1 that are based on tables in DB2. Without the DB2 project referenced in the DB1 project, the SQL to create the views generated errors about not finding the tables in DB2. So, if anyone has any thoughts on how to workaround this issue, that would be helpful too.
Never add the same item twice in SSDT projects. Where the same item exists in more than one project, create a master project for the server.
Leave the users alone, just move the logins to a common project.
Think inheritance when designing SSDT projects. Do not forget to include the IncludeCompositeObjects switch for deployments of each individual database.
We have a SQL Server that uses SQL Server Authentication, with users that can deploy, and others that can read, for the sake of simplicity, I'll call them "deploy" and "web".
I'm having difficulty setting permissions up using a Visual Studio (2012) Database project, as the "deploy" user does not have sufficient permissions to create new server logins.
I can add scripts to do things like:
GRANT SELECT ON foo.bar TO [web]
This then sulks (with "SQL71501: Permission has an unresolved reference to object [web].") until I add:
CREATE USER [web] FOR LOGIN [web];
This then sulks (with "SQL71501: User: [web] has an unresolved reference to Login [web].") until I add:
CREATE LOGIN [web] WITH PASSWORD = '******';
This then fails to publish with:
Dropping Permission...
Dropping Permission...
Creating [webuser]...
(67,1): SQL72014: .Net SqlClient Data Provider: Msg 15247, Level 16, State 1, Line 1 User does not have permission to perform this action.
(67,0): SQL72045: Script execution error. The executed script:
CREATE LOGIN [webuser]
WITH PASSWORD = '**';
An error occurred while the batch was being executed.
This doesn't make sense, as the user already exists, so shouldn't need creating
How can I allow publishing via the deployment user without trying to (re)create the login each time? Or, is it possible to reference the externally created user, without having to publish it?
As the user already exists, I suspect that the user that is used to perform the deploy doesn't have rights to view it. The below should be all you need to resolve this.
GRANT VIEW DEFINITION ON LOGIN::web TO deploy
when I deploy adventure works cube it fails, and i get: user does not have permission to create a new object in 'GARY-PC', or the object does not exist.
trying to process cube from adventureworks DW and having what seem like permissions issues (?).
took following steps (i am using sql server 2008 R2 developer edition and VS 2008):
1 downloaded and successfully created adventureworksDW (2008R2) database from
2 successfully created Datasource and DSV for a cube with 2 fact tables and several dimensions.
3 Click deploy
I see the following 2 prompts
Login: greyed out, can’t type anything here
the password is required for the impersonation account of data source Adventure Works DW.
Now, Whether I enter a password or not, I get:
Error 3 Either the 'Gary-PC\Gary' user does not have permission to create a new object in 'GARY-PC', or the object does not exist. 0 0
what objects is SSAS trying to create? are these objects in the relational database?
You have to add your user account as an administrator in the Analysis Services portion of the SQL server.
For some reason the database and the analysis services portion of the server do not share login information. The user you run Visual Studio under needs to have administrative access to the Analysis Services engine; this is the reason running as administrator works. The account you use to access the Database Engine is arbitrary.
Right-click on the SQL Server Management Studio icon and then select "Run as Administrator"
Select "Analysis Services" from the "Server type:" drop-down list in the "Connect to Server" dialog box, then click connect.
Right-click on the localhost definition in the Object Explorer panel and select Properties.
Click on Security in the left panel of the Analysis Server Properties.
Click the Add... button and type your user name and click the Check Names button to make sure you typed it right. Then click OK.
Click OK.
Note: This may not the most secure solution, but it enables not running Visual Studio as administrator every time and possibly opening up yourself to attack.
The Error message is:
"domain\user does not have permission to alter object 'mf20'..................."
I gone through the work around and found the solution as below:
Open Services, go to Analysis services--->right click on it -->
Properties-->LogOn --> select This Account -->give server and your
user name here. confirm it is your user, click ok.
Stop the service and again start the service. check the service Log On As in your user name.
That's it. save your cube in BIDS and close and reopen the cube, then deploy the cube. it will deploy and process it.
I hope this will help.
I had the same exact issue, but I was using the Adventure Works DW 2012. The problem is not on the database end but how your trying to deploy. When you run BIDS (or SQL Data Tools 2012 or Visual Studio 2010) use the "Run as Administrator" menu option. It will then ask you to authenticate, but the authentication should be accepted.
The user account you're using to deploy the SSAS database must have appropriate access to the SSAS instance in order to create the database and objects inside. Since this is a dev-setup, you could try adding your user account to the Server Admins.
In SSMS, log into the SSAS instance and right click on it (in the object explorer) and select properties. The last option in the left-pane is security and here is where you can add admin users.
are you talking about the " impersonation information" tab when you double click on the data source ? You should set it to "use service account"
In BIDS Solution Explorer → select the (in my case xx=08) Data Source and double-click on it. From the Data Source Designer screen click on the “Impersonation Information” tab, and enter the username and password of the user who has access for that remote data base or data source, and click OK.
So I created a new database on my SQL Server box and then added an ODBC entry so my ASP code knows what it is. Now I am getting this error:
Cannot open database "DB_NAME" requested by the login. The login failed.
I checked out the permissions by right clicking the db in Management Studio and checked permissions and low and behold it is empty.
I am just trying to duplicate the permissions of one of any of the other twenty or so databases sitting on the box. Is there a quick way to do this? Either way I just need to open up the lines of communication between my ASP code and my SQL Server db
Here is my connect code in ASP:
Set sqlConnection = Server.CreateObject("ADODB.CONNECTION")
sqlConnection.Open "DB_NAME"
Is there some reason to avoid using a proper connection string:-
sqlConnection.Open "Provider=sqloledb;Data Source=myServerAddress;Initial Catalog=DB_NAME;User Id=myUsername;Password=myPassword;"
On top of what John said, when you create a new database, you have to map the login (either SQL login or Windows login from Application Pool) to this database. You can use management studio to do this - open login properties and map it to the new database. Open Object Explorer, then click Security, Logins and rightclick login that is used by your application. Select Properties. Click User Mapping and add appropriate entry for your database in the grid you will see.
The other option is to run statement to create user within the database:
Use DB_NAME
go
create user [web_user] from login [web_login]
go
Another question is to see what rights have to be assigned to the user in the database. You have to check users permissions in one of the existing databases. Again in Object Explorer, click your existing database, then Security, Users and rightclick Properties of the user that you want to check. Observe information displayed on the dialog box in the General tab and check if there are any Securables assigned to the user. You have to copy these settings to the user in your new database.
HTH
Piotr
Try adding the user id and password into your connection string.