I have an Azure SQL Server database that I am trying to put into TFS. I have created project and imported database, but when I try to do a build in Visual Studio I get the following error:
"SQL71589: Master Key must be created before a database scoped
credential".
You need to create scoped credentials for your database. See this MSDN article:
https://learn.microsoft.com/en-us/sql/t-sql/statements/create-database-scoped-credential-transact-sql?view=sql-server-2017
Depending on your scenario, the code will look something like this:
-- Create a db master key if one does not already exist, using your own password.
CREATE MASTER KEY ENCRYPTION BY PASSWORD='<EnterStrongPasswordHere>';
-- Create a database scoped credential.
CREATE DATABASE SCOPED CREDENTIAL AppCred WITH IDENTITY = 'dbUserNameFooBar',
SECRET = '<EnterStrongPasswordHere>';
GO
Hope that helps.
Related
i'm using Azure SQL. In Azure Portal, i was create 1 Azure SQL Server (with username login user01) and 2 Azure SQL Database (ExDatabase1 and ExDatabase2) inside it.
In Microsoft SQL server management studio tool, i'm login success with user user01. i'm using transparent data encryption (TDE) and try create Database Master Key for master database with command bellow:
USE master;
Go
CREATE MASTER KEY ENCRYPTION by PASSWORD = 'Strongp#ssw0rd';
Go
But, i received error:
Msg 15247, Level 16, State 1, Line 3
User does not have permission to perform this action.
So, what is permission for this current user (this is owner database)? and how to do that?. thanks!
USE statement is not supported to switch between databases. Use a new connection to connect to a different database on Azure SQL Database.
To create a master key in Azure SQL just run the following statement on the Azure SQL Database context not on the master database.
CREATE MASTER KEY
GO
For a full example please read this article.
Another example can be found here.
CREATE MASTER KEY ENCRYPTION BY PASSWORD='MyPassw0rdIsComplex.'
GO
I want to refresh my tables in the same database with my queries using with Elastic Job Agent. I need to create credential first to connect database. How can I arrange the credentials in this case? Every documentation they have either 2 database or 2 server.
I found 2 sources but I couldn't understand the concept. Can you please explain it to me in a clear way?
Source 1 : Microsoft document
--Connect to the new job database specified when creating the Elastic Job agent
-- Create a database master key if one does not already exist, using your own password.
CREATE MASTER KEY ENCRYPTION BY PASSWORD='<EnterStrongPasswordHere>';
-- Create two database scoped credentials.
-- The credential to connect to the Azure SQL logical server, to execute jobs
CREATE DATABASE SCOPED CREDENTIAL job_credential WITH IDENTITY = 'job_credential',
SECRET = '<EnterStrongPasswordHere>';
GO
-- The credential to connect to the Azure SQL logical server, to refresh the database metadata in server
CREATE DATABASE SCOPED CREDENTIAL refresh_credential WITH IDENTITY = 'refresh_credential',
SECRET = '<EnterStrongPasswordHere>';
GO
Source 2: link
--In the master database
CREATE LOGIN mastercredential WITH PASSWORD='YourPassword1';
CREATE LOGIN jobcredential WITH PASSWORD='YourPassword2';
CREATE USER mastercredential FROM LOGIN mastercredential;
--In the job database
CREATE USER mastercredential FROM LOGIN mastercredential;
--In the target database
CREATE USER jobcredential FROM LOGIN jobcredential;
-- In the job database
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'YourPassword3';
CREATE DATABASE SCOPED CREDENTIAL mastercredential
WITH IDENTITY = 'mastercredential',
SECRET = 'YourPassword1';
CREATE DATABASE SCOPED CREDENTIAL jobcredential
WITH IDENTITY = 'jobcredential',
SECRET = 'YourPassword2';
I am trying to create a contained user for just one database in Azure SQL Server,
I have tried using the sp_configure keyword, it says it is not available in the version of the SQL Server I am using.
Also, I used the Alter database statement, I got the error below:
ALTER DATABASE statement failed; this functionality is not available
in the current edition of SQL Server.
Please, how can I solve this problem???
You do not need to run the ALTER DATABASE ... SET CONTAINMENT command on Azure SQL DBs to accept contained users - it is already enabled by default. You simply need to create the user with just a login and password. A simple example of a contained user with password:
CREATE USER yourUser WITH PASSWORD = 'yourPassword';
See the official documentation for more examples:
https://learn.microsoft.com/en-us/sql/t-sql/statements/create-user-transact-sql?view=sql-server-ver15#e-creating-a-contained-database-user-with-password
https://learn.microsoft.com/en-us/sql/t-sql/statements/create-user-transact-sql?view=sql-server-ver15#f-creating-a-contained-database-user-for-a-domain-login
sp_configure is not supported in Azure SQL database, even use the Alter database:
In Azure SQL database, login is used to login the Azure SQL server, user is to connect to the database. User is database level, and login is server level.
Create login in master DB(( Login must be created in master DB)):
CREATE LOGIN AbolrousHazem
WITH PASSWORD = '340$Uuxwp7Mcxo7Khy';
Then we can create user in user DB( create the database contained user in user DB):
CREATE USER AbolrousHazem FOR LOGIN AbolrousHazem;
GO
For more details, please ref: https://learn.microsoft.com/en-us/azure/azure-sql/database/logins-create-manage
I did create an External Datasource, identical to the guide described here .The process is pretty simple, so just for illustration.
CREATE MASTER KEY ENCRYPTION ...
CREATE DATABASE SCOPED CREDENTIAL ...
Not covered in the article is how to create login and user. On the master database I did execute
CREATE LOGIN <externaldbname> WITH PASSWORD = '<somepassword1>';
CREATE USER externaldbname FOR LOGIN externaldbname;
And on the externaldb
CREATE USER externaldbname FOR LOGIN externaldbname;
Then continued with the guide
CREATE EXTERNAL DATA SOURCE ...
CREATE EXTERNAL TABLE ..
All executed successfully. Now when I try to select something from the external database, this error is raised
Msg 46823, Level 16, State 2, Line 10 Error retrieving data from one
or more shards. The underlying error message received was: Cannot
open database externaldb requested by the login. The login failed.
Login failed for user externaldbname.
I am able to login with the given credential to the externaldb if using Visual Studio. Is there any special permission that needs to be granted or what might be wrong?
Issue resolved. The database name in the external data source definition was not the same (typo) as actual database name.
The credentials you created, do they have read access to the remote database that you are trying to access?
If the permissions are all fine, then can you email me your setup details along with the T-SQL statements you used at SDoomra(at)Microsoft(dot)com?
Thanks
Silvia Doomra
SQL Server is not my strong point and I start to get lost when going past the basic Create Table, Select from Table etc.
I am attempting to set up a database synchronisation scenario with an Microsoft SQLCompact 3.5 database being Synced through a Proxy to and SQL 2008 R2 database. It is being synced through the Microsoft Sync Framework 2.1.
I got everything set up and working fine through the proxy when the user account is the db_owner of the database.
Of course this now needs to be locked down - so I have been trying to restrict the permissions to the bare minimum required for Synchronisation.
According to the Microsoft articles, I need to do the following...
Use the principle of least permission. Do not grant more permissions than are required to perform a specific task. For example, do not grant INSERT permissions for server database tables that are involved in download-only synchronization. Synchronization operations require the following permissions:
EXECUTE permissions on all the stored procedures that Sync Framework uses to read and write to metadata tables and base tables.
SELECT, INSERT, UPDATE, and DELETE permissions for metadata tables and any base tables that will be updated during a synchronization session.
When you provision SQL Server databases that use SqlSyncProvider, be aware of the following permissions requirements for provisioning:
CREATE TABLE permissions to enable creation of the metadata tables: scope_info and scope_config, and the tracking tables that are created for each base table.
ALTER TABLE to add triggers to the base tables.
CREATE PROCEDURE permissions to create the procedures that Sync Framework requires.
SELECT and INSERT permissions for scope_info and scope_config tables.
SELECT permissions for base tables.
I allowed the wizards in Visual Studio 2010 to create the Sync database and proxy for me.
As such - I am unable to find the scope_info and scope_config tables in SQL Server databases, and I am also unable to find the metadata tables so cannot set permissions on these tables. Also - where would I find the stored procedures that the Synchronisation framework is trying to use - I have looked but cannto find them.
Where would I find these and how would I go about setting the appropriate permissions?
I have granted datareader and datawriter, Insert, Update, Delete and Select as well as Execute permissions on the SQL Server database but the sync fails. I have also granted Create Table, Create Procedure and ALTER permissions on the database for the user as well- but still it fails.
If i enable the db_owner role for the user - it works.
The error I receive is:
Unable to initialize the client database, because the schema for table 'tblApplications, tblApplicationConfiguration, tblApplicationInstallProperties, tblApplicationPreRequisites, tblApplicationTypes, tblComputerApps, tblComputers, tblComputerTypes, tblDriveHWSerials, tblDrives, tblDriveTypes, tblFunctions, tblLocationApps, tblLocationComputers, tblLocationIPAddress, tblLocations, tblLocationUsers, tblPermissions, tblRegionLocations, tblRegions, tblRegisteredModules, tblRequestFormats, tblRequestStatus, tblRequestTypes, tblRoles, tblRoleUsers, tblSecurity, tblUsers, tblVehicle, tblVehicleLocationMap, tblVehicleMake, tblRequestProcessingStatus, tblDriveStatus, tblVideoViewTypes' could not be retrieved by the GetSchema() method of DbServerSyncProvider.
Make sure that you can establish a connection to the client database and that either the SelectIncrementalInsertsCommand property or the SelectIncrementalUpdatesCommand property of the SyncAdapter is specified correctly.
I am not able to use the db_owner role when its released.
there are two types of database providers in Sync Framework, the offline provider (SqlCeClientSyncProvider/DbServerSyncProvider) which is used by the Local Database Cache project item and the collaboration/peer-to-peer provider (SqlSyncProvider/SqlCeSyncProvider).
the offline providers dont use the scope_xxx tables as such you wont find it.
assuming you used the default SQL Server Change Tracking when you configured the sync via the wizard, try granting VIEW CHANGE TRACKING permission to the account you're using to connect to the database.
I'm not sure if it will help, but I found this:
Try to set UploadOnly on the SyncTable object instead. When you set it on the SyncAdapterBuidler, the select incremental commands are not generated by the builder. These commands are used to get the table schema from the database. Since these are missing you are getting the schema error.
Also, maybe this blog entry will help.
As JuneT Mentioned, you should turn on Change Tracking
ALTER DATABASE YourDataBaseName
SET CHANGE_TRACKING = ON
(CHANGE_RETENTION = 2 DAYS, AUTO_CLEANUP = ON)