I need to write a query to find all Login objects in the master database that are not any longer assigned to a database. I don't even know where to start on this, because every example I've found either doesn't return what I expect, or it doesn't work in Azure SQL.
How can you write a query for Azure SQL that returns the Login object details for each Login that doesn't have a User assigned in any database?
Related
I am attempting to share an SQL view via Azure Data Share. I have set up the data share, created a share to send, and am attempting to add a dataset. I am logged into Azure Portal as me#example.com. I am also connected to the database (an Azure SQL DB) in SSMS as me#example.com. I do the following:
Select "Add datasets"
Select "Azure SQL Database"
Select the resource group
Select the SQL server
I got the the message about setting up permissions (the create user and exec sp_addrolemember db_datareader query), which I did successfully in SSMS. So, next I select the data, which was found successfully, and select "Next". This is where the problem starts.
I am given the options for Tables and Views. However, neither is populated. I can see all the tables and views in SSMS, including the view I created. However, when I select, say, "View" from the 2 options, it finds nothing and says, "No results to show".
This is mystifying. I clearly have access and permissions, yet it won't even populate the list of views. Any suggestions what might be causing this? This is my first Azure Data Share, and I could easily have missed something, but it seems like it should have everything that it needs for this operation.
Here are my assumptions:
It is using my Azure Portal login credentials to authorize access to populate the list.
The fact that I can see the tables and views in the SSMS Object Explorer implies sufficient permission to see the same in Azure Portal.
Since this data share and the database are in the same resource group, no firewall configuration is needed.
I am deploying a web application, this is not a production application but it's important to me none the less. I am deploying it via dacpac and I would like to script out the creation of a login / user account with sql server authentication.
At minimum this users will need access to read, write, update, and delete on all of the database tables, these tables are separated into different schema's. The user will also need access to execute all stored procedures and functions in my database.
How would i script this out? What permissions do I give to the user?
This is what i got so far, I actually have no database tables in the dbo schema, but since this was the default for sql server i figured it might make sense to leave it the default for the user, but i would like to finish this script giving explicit access to all tables in a given schema with all of the permissions i listed, as well as permission to sprocs and functions.
CREATE LOGIN [webProcessLogin] WITH PASSWORD = 'Pa$$word';
CREATE USER webProcessUser FOR LOGIN
[webProcessLogin]
WITH DEFAULT_SCHEMA=[dbo];
GRANT CONNECT TO [webProcessUser]
I backed up a database from a SQL Server 2008 and restored it to my local machine using SQL Server 2012, now I'm trying to login to the server with the copied database user account and I wasn't able to do so.
After googling the issue I found that I have to change the user type from SQL User Without Login to SQL User with Login but the drop-down list is disabled as you can see in the picture below, how can I fix this and is this is the best way of doing what I need to accomplish or do I need to add this user to the server level?
I remember running into this before when doing backup / restore across servers. Basically it comes down to how SQL Server works. There's SQL Server users & there's database users (SQL Server users who are database users are represented via mappings). They are however not the same thing.
A SQL Server user belongs to the SQL Server, a database user ONLY belongs to the associated database. What happens when you have a database user, but not a SQL Server user? You can't login to SQL Server non-obviously.
Thereby what I do is after moving the database, I add the user I need to login as to SQL Server users using SSMS, remove the old database user (it's got dependencies associated w it that prevent mapping to it) & lastly make a new user on the database by mapping my SQL user to the database w appropriate permissions.
This approach is by no means elegant, but it works 100% of the time w no code needed, & you should consider a more permanent system if you have automated backup / restores happening. For the one off, this is how I've always done it.
As per requirement i need to get the information whether an user is present in given database or not. Whether there is any stored procedure which i can use to get this information of user. I just want to check whether user is present in given database, and proceed further with my usage.
I am using MSSQL Server 2005.
Also i need another information, there is on method LastErrorMessage() to get the last error message in ADO. is there any method to get the error number.
Thanks,
Santhosha
SQL Server has logins (server level) and users (database level). Users are permissioned on databases/database objects and are mapped (well not neccessarily) to logins (roles are also at database level).
users are available from the sys.database_principals system view in each database
logins are available from the sys.server_principals
You need to be aware that you can only see objects/principals which the user you are using to connect to SQL server has permission to see. So a user might exist, even if you don't see it in the views.
I'm quite new to Microsoft SQL Server. I have some experience with MySQL, and there you have a user with privileges, if I understand things right; these privileges decide which databases you have access to on the MySQL server.
However now I am in the situation where I have to restore a database on my SQL Server 2005 Express, and this database has it's own users and user password. So if I want to make these users accessible from the outside (so that they can connect to my server), how would I go about that?
To illustrate clearer; say there are two login accounts on the database server "Mike" and "John", and on the database "Animals" there are two users; "Chris" and "Jeff".
I need Jeff to be able to sign in to get access to the database. Is there a good way to make this happen without creating new users/logins? And if not, what is the best/most common solution?
I would really appreciate any helpful input on this!
One server-level object (login) is mapped to multiple database-level objects (users).
A login cannot be mapped to more than one user within a database, but can be mapped to at most one user in each database.
Therefore, you need to create new logins for those users, but map them to existing users. This is done with ALTER USER command. Or, if you don't have any use for the Mike and John logins apart from mapping them to those existing users, you can do so, too.
Any user needing to access a database needs to either have their own login, or you can create a login for a Windows security group and grant access that way to a whole set of users. Then if you need to give access to more users in the future you can just add them to the windows security group.