I cannot change the log_error_verbosity using mysql workbench.
set global log_error_verbosity = 4;
Error Code: 1227. Access denied; you need (at least one of) the SUPER privilege(s) for this operation
I can login as the root user with mysql workbench, but I cannot give that user the super privilege to change this setting.
It is not listed in the configuration options on the google cloud sql admin panel.
Does anyone know how to do it?
Thank you.
Because Cloud SQL is a managed service and to ensure its operation, it's not possible to grant users super privileges.
There's an open Feature Request to allow users to have super privileges on their instances.
In Cloud SQL, MySQL error logs are actually enabled by default. If you go to the Cloud Console > SQL > Instance page, you can find the "View MySQL error logs" button on the bottom right. This will take you to Stackdriver Logging, in which you can view logs with the property logName: "projects/[PROJECT_NAME]/logs/cloudsql.googleapis.com%2Fmysql.err", i.e. the mysql error logs. You can also verify that info, warning, and error messages will be shown, and you can filter these with the appropriate Stackdriver filters.
Related
i tried everything possible to fix this but nothing worked for me ,pls help me to create a table on my database .
AS your question title says, the error is a clear problem with your user autentication. This problem may be due to a very large list of causes, but I will give you what in my humble opinion is a quick troubleshooting that may lead you to solve this problem:
First of all, check the permissions of your user on the specified database. Using SQL Server Management Studio, right click your user, properties, then user mapping. Right there you have to check for the correct database mapping and the desired role.
Check server authentication mode, to see if it is on mixed mode. In many cases, I´ve seen many installations where the authentication is set to windows only, and users keep getting this message having the correct permissions on user and correct mappings.
I've been searching everywhere but it seems as nobody has my problem. I recently created an Azure SQL Database and I have not had luck at all with figuring out what to do with the error 18456. I Many times I've seen the "Just right click the database and go to properties and security" but there is no security. In fact there seem to be a lot of things I don't have when I right click. I barely know anything about any of this though, so I've tried quite a few things. At one point I thought I needed to use the sample adventure works. but that wasn't it. So I'd be really grateful if anyone helped.
[SSMS Version: 16.4.1]
[Azure SQL Database: Server Version 12]
Picture of my properties menu in SSMS(SQL Server Management Studio)
]
Picture of my right click
]
Your error is common, but the way you solve it on-premise or using virtual machines (Infrastructure-as-a-Service, IaaS) is different than how you would solve it for Windows Azure SQL Database (WASD). WASD is a Platform-as-a-Service version of SQL Server. The SQL Instance is logical, so you have to change some of your thought processes. One of the chief ways you'll need to change your thought processes is in how you manage your SQL Databases.
When you're in WASD and you create a database, you're asked to create an administrative username and password. Using that account you can deploy the schema of your database as well as SQL Authenticated Users and permissions. You don't have permission to change the instance's authentication types, that's why you don't see an option for security when you right-click on the instance name and choose properties.
The following steps are how you would create a new LOGIN to allow this new user to authenticate to the virtual instance. After you've created a LOGIN, you then need to create a database USER for this LOGIN. With this USER, you can then assign permissions for what this USER can and cannot do.
Adding Logins for your Windows Azure SQL Database
A few notes before we get started. In the following code anything in angle brackets (< and >) mean this is a variable you can change. So would be the username you want to create for your Entity-Framework application. would be the password you want to use for your .
Use your administrative credentials to connect to your instance. This account has permissions to control everything about your database. When you connect, you should find that by default you've connected to the master database on that instance. If not, use the drop-down at the top of SSMS to change to master. "USE master" will not work.
From this connection, the following T-SQL will create your Entity-Framework's username and password.
CREATE LOGIN [<username>] WITH PASSWORD = '<password>';
At this point, if you were to try and connect to the virtual instance with this and , you could connect to your virtual instance, but not any database on this virtual instance. Your error message would say something like:
The server principal "" is not able to access the database
"" under the current security context....
You need to take at least one more step before this user can connect to your user database.
Now, from that same SSMS script window, change the database to the user database () you're granting access to. This will be the database you want your Entity-Framework application to use. Remember, use the drop-down at the top.
First we will create a database user for the login created in the previous step.
CREATE USER [<username>] FOR LOGIN <username>
Then, we will allow this to connect to your user database , the database you want the Entity-Framework application to use.
GRANT CONNECT TO [<username>]
At this point, your new username can log in to the virtual instance and connect to your user database.
Now, you will need to add any other permissions this user will need. For example, if your will only need read permissions, you could get away with adding the user to the db_datareader database role. Add those permissions now.
Special note about connection and connection strings
Your user is now setup to connect to your user database. That means in SSMS if you try and connect with your Entity-Framework user, there is an extra step to your connection dialog box. Before you click Connect, you have to hit the Options button.
Since your user cannot hit master, you have to tell SSMS you want to connect to the user database first and avoid hitting master. By default, SSMS will try to connect to your SQL instance's master database first.
You have to enter the name of the database in the "connect to database" entry. After you've entered the database, you can then hit connect.
I'll guess that in your application it already had the "Default Catalog=" value set to your user database, and you were able to connect. Setting this value in options is like setting that "Default Catalog=" value.
I hope this helps you in breaking into WASD a little more.
EDITS: attempting to add clarity to the differences between IaaS SQL Server instances and PaaS Windows Azure SQL Database. I previously missed the FOR LOGIN clause on the CREATE USER statement.
I have a linked server that perfectly works when executing a query. But when I place the query in a job, it fails.
Here is the setting of my linked server
Error
Read SQL Server Agent job fails when the job uses a linked server.
WORKAROUND To work around this problem, use one of the following
methods:
Method 1
Make the system administrator the owner of the job.
Method2:
Use mapped security context for the linked server and modify the job
to run as OSQL.
To set the mapped security context for the linked server: Right-click
the linked server, and then click Properties. Click the Security tab.
Select either of the following options. Be made using the login's
current security context Be made using this security context To modify
the job to run as OSQL: Right-click the job, and then click
Properties. In the Steps tab, click the Step Name that you want to
edit, and then click Edit. On the General tab of the Edit Job Step
dialog box, click Operating System Command (CmdExec) in the Type list.
In the Command text box, type osql –E –Q “Exec storedProcedure”. In the Edit
Job Step dialog box, click OK. In the Properties dialog box, click OK.
In linked server definition tick:
Be made using the login's current security context
I had this same issue, And after changing user permissions etc etc etc, I found this article and instead of using "Be made using the login's current security context" i used "Be made using this security context" and i specified the account and password which solved the issue. So the issue isnt with SQL jobs or my procedure it was in actual fact my linked server. Even though the link server did work... When calling a linked server within a SQL job the linked server had to have the account details specifically specified.
I am currently encountering the following error when I try to specify a datasource from SSRS to SQL Server db (2008) using "credentials that are stored securely in the server" - this is specified as a windows account "s2\killian" with the option to "impersonate the authenticated user after a connection has been made" checked.
Msg 15157, Level 16, State 1, Line 1
Setuser failed because of one of the following reasons: the database principal 's2\killian' does not exist, its corresponding server principal does not have server access, this type of database principal cannot be impersonated, or you do not have permission.
Obviously this method of impersonation uses the SetUser() function behind the scenes and the MSDN documentation states that dbowner permissions are required in order to use this function. However I am getting the above error when using dbowner. I am not in a position to use sysadmin because of security policy.
Does anyone know how to get this mechanism of authentication and impersonation working without assigning sysadmin priveleges on the SQL Server database to the windows account used by the SSRS data source.
Is there a way of getting SetUser() to work without sysadmin priveleges?
Thanks
Killian
The clue is "the database principal 's2\killian' does not exist"
Any connection uses context change on the database side (eg SETUSER, EXECUTE AS etc) requires that the impersonated user exists in sys.server_principals and/or sys.database_principals.
Assuming you use an AD group, not individual logins, then this will cause the same error as above. Outside of any permissions. If you are db_owner, then you can impersonate at the database level. If you can't, then it's because of the previous paragraph.
I've always thought that this is an idiotic option for SSRS to have. MSDN says it uses SETUSER which is also deprecated. Ideally, you'd impersonate before connection which is possible for asp.net apps but don't know for SSRS (which is an asp.net app of course)
Sorry for lack of "do this and it works" answer...
I have been able to confirm as well that you must have Sysadmin rights to run the SETUSER function which appears to be the mechanism leveraged by SQL reporting services when "Impersonate the authenticated user after connecting" option is chosen.
MSDN's documentation for SETUSER mentions this but makes it sound like it should also be possible to run this function as just a db_owner but I have not gotten reporting services to work with an account that only has db_owner and I have not even been able to run setuser manually under an account that only has db_owner. The only way I have gotten it to work is with sysadmin privileges.
Recently I inherited a database from another programmer (created / stored with SQL Management Studio 2008), and I am having massive difficulties accessing, modifying, or even viewing the previously created databases.
Specifically, when I try to load one of the databases in SQL Management Studio I get the following error message:
"The database [database name] is not
accessible. (Object Explorer)"
I am connecting to the SQL server with windows authentication.
Anyway, is this a permissions issue left over from the last dev? (he's unavailable, unfortunately) And is there an easy work-around short of completely reinstalling SQL Management Studio?
Edit: Update:
Upon trying to access User Mapping, as suggested below, I got the following error message:
"One or more databases are inaccessible and will not be displayed in list."
Unfortunately, none of the databases I am trying to access appeared in the list, so I assume they are still inaccessible.
It could very well be a permissions problem. If you open Object Explorer in SQL Server Management Studio and expand the Security node (the one under the server instance, not the Security tab under the individual databases) and then expand the Logins node you'll see the list of logins that have been created on the server. Have a look at the properties of each of those and check out the User Mapping information. You'll be able to see which logins are mapped to which databases. It's possible the previous programmer only granted access to the database to certain logins. If you find a login that's mapped to the database you want, try changing the password of the login and then connecting to the database with that login and password. NOTE: be careful when changing the password as it may affect production applications that are using that login and password!
This message:
"One or more databases are inaccessible and will not be displayed in list."
Means that the user you are using right now cannot access to that db. If you can enter with a user that does have access and from that user change your actual user's rights through User Mapping, then you will see it.
You need a dba (or someone with dba equivalent access) to give you rights to the database.