I have a front application, where i can jump in to that database. now i want to create a database for the server because one server can have many databases, so if i am in that selected database called as abc, i can go ahead and create a another databse babyabc, but want that this babyabc should have all permissions and login information of the parent abc database.
is it possible to do in sql server, if yes how can i do it
for creating a database, i can do always as:
create database babyabc
Database Permissions are set at the database level. If you have two similar databases, you need to create the appropriate USER, ROLEs, etc in both of them.
If you have some which are needed on every database, and don't have permissions specific to User objects (which differ), you can create and set the permissions in the model database. Then any databases created after you've made those changes to the model database will have those permissions.
For example, you might have an AD group that you automatically want to be on the database, and have the db_datareader role. So you would do:
USE model;
GO
CREATE USER [StackOverflow\RegisteredUsers];
GO
ALTER ROLE db_datareader ADD MEMBER [StackOverflow\RegisteredUsers];
GO
Then, if you create a new database, that user will be in the new database, and have the db_datareader role.
Related
I am not so into SQL Server and I have the following doubt: I have to require the creation of an user that can work on some databases. This user have to create\delete table, insert\delete records in these tables.
What type of permission have to be set for this user on these databases? Is dbowner ok to perform these operations? (in particular is very important that this user can create\delete tables) or am I missing something?
Just to understand first the benefits of using roles :
Roles are a part of the tiered security model:
Login security—Connecting to the server
Database security—Getting access to the database
Database objects—Getting access to individual database objects and
data**
Predefined database roles
You may need to create your own, but you have access to several predefined database roles:
db_owner: Members have full access.
db_accessadmin: Members can manage Windows groups and SQL Server
logins.
db_datareader: Members can read all data.
db_datawriter: Members can add, delete, or modify data in the tables.
db_ddladmin: allows a user to create, drop, or modify any objects within a database, regardless of who owns.
db_securityadmin: Members can modify role membership and manage
permissions.
db_bckupoperator: Members can back up the database.
db_denydatareader: Members can’t view data within the database.
db_denydatawriter: Members can’t change or delete data in tables or
views.
Fixed roles :
The fixed server roles are applied serverwide, and there are several predefined server roles:
SysAdmin: Any member can perform any action on the server.
ServerAdmin: Any member can set configuration options on the server.
SetupAdmin: Any member can manage linked servers and SQL Server
startup options and tasks.
Security Admin: Any member can manage server security.
ProcessAdmin: Any member can kill processes running on SQL Server.
DbCreator: Any member can create, alter, drop, and restore databases.
DiskAdmin: Any member can manage SQL Server disk files.
BulkAdmin: Any member can run the bulk insert command.
From the SQL Documentation:
Members of the db_owner fixed database role can perform all
configuration and maintenance activities on the database, and can also
drop the database in SQL Server.
Are you certain that is the right that you want to grant this user? It seems like a more restricted set of permissions would be more suitable for them.
For example, the roles db_ddladmin, db_datareader, and db_datawriter could be more suitable:
db_ddladmin:
Members of the db_ddladmin fixed database role can run any Data
Definition Language (DDL) command in a database.
db_datareader:
Members of the db_datareader fixed database role can read all data
from all user tables.
db_datawriter:
Members of the db_datawriter fixed database role can add, delete, or
change data in all user tables.
Alternatively, you can grant specific privileges to the user account against that database and it's user objects in order to restrict their access to the functionality subset you want.
I have got myself into a little bit of a bind, using SQL Server Management Studio to create a database in Azure SQL. My issue appears to be with assigning roles to users in the database. When I created the database, it prompted me to create a new login, with an associated user, that appeared to have all the rights of a database owner. However, I am now trying to create two additional logins and I realize I am screwed. The login that I created when I made the database isn't the database owner, even though I could do all the DDL / DML necessary to create the full schema under that account. I created an additional login, and I added two users to that login. I now want to add that login to a role (db_datareader, db_denywrite) but I cannot.
It appears that the database owner is a user / login called "dbo" that I did not set up. This is the only user that is added as a database owner, and subsequently is the only one that can edit roles. But I do not know the login credentials for this user!
if I use what I believed to be the administrator account (the one I made) to add a role I get the error:
Cannot alter the role 'db_datareader', because it does not exist or you do not have permission.
How can I fix this? How can I get my original account added as a DB Owner? There has got to be a way, but everything I tried points to the fact that I am not the owner of the resource I created; I'm an outcast in my own country...
Thanks!
In my SQL Server 2012 I have created a server role. I would like the server role can alter just one database one the server because I have many database on the server. How can I grant access for alter data in one database on the server?
Thank you in advance,
Nico.
Presumably you have just added the login to the server. Unless you have given the login sysadmin (I presume you have not), you will need to individually set the security per database ie. map the user to the database, e.g.
USE [Database]
GO
CREATE USER [User] FOR LOGIN [User] WITH DEFAULT_SCHEMA=[dbo]
GO
You will need to add the user to Security/Users in the actual database folder. If you want them to read/write data into/from existing tables, give them db_datareader and db_datawriter by right clicking and going to Properties -> Membership. If you want them to be able to create/drop objects in the database e.g. tables, they also need db_owner. They only have the rights for that db.
In addition of what TJB said, please document on : https://msdn.microsoft.com/ro-ro/library/ms178569.aspx
I am trying to keep my school works under one user account. Currently I am making a new database user for every lab session. Surely this is not the right way to go?
I want to create a another schema, alongside my existing schema.
NB. I see a dropdown option for schema in the SQL workshop. So there might be a option to create multiple schema. But I can't find how to do it. The google links all say I have to create a new user.
In Oracle user is owner of its schema. User is an account that can access database. It depends on grants if it can access only own schema or more schemas.
When you create user you create schema. You can't create just a schema and assign it to existing user. However you can create new user with schema and grant other users access to newly created schema. In your case if you want new schema for each lab you need to create user for each lab and then grant privileges to your main user.
Here you can find some explanations:
Difference between a user and a schema in Oracle?
I am looking for the best way to setup an Oracle database so that multiple roles can share a single schema with tables.
I would have, for example, several roles:
Application User
N Developer Users
DBA User
... future user types
I have been able to create groups, grant privileges to other schemas, and create a logon trigger to switch the schema on logon. However, users are not able to view tables through SQL Developer.
SQL Developer will only show the objects owned by the current user, not those that are owned by the session's current_schema setting, in the tree view unless you go to Other Users and choose the schema you're interested in. In order to see objects owned by other users, you're realistically going to have to navigate to the appropriate schema. If there are a large number of schemas in the database, you can right click on Other Users and create a filter that limits the set of users that are returned to just the schema you care about.