I'm trying to add db_backupuperator to a UserMapping but I can't. It returns the Error 15150 and the message:
"Drop failed for User 'dbo' (Microsoft.SqlServer.Smo)
Additional information:
an exception occurred while executing a Transact-SQL statment or batch
(Microsoft.SqlServer.ConnectionInfo)"
I've already tried apply these sugested solutions:
https://blog.sqlauthority.com/2017/12/12/sql-server-fix-msg-15150-cannot-alter-user-dbo/
Use database_name
sp_changedbowner 'sa'
I've tried also delete the database and create a new one, but then I can't edit any option of User Mapping, can't even add db_datareader or db_datawriter
If the user is member of the dbo database role, you will first have to remove him from this role. If he is the database owner, you will first have to change the database owner to another user. Then afterwards you can grant thim indivually the permissions needed, or create a database role which includes the permissions and put him in that role. This will be much more easier, if you have additional users holding the same rights as the mentioned user.
Reference link from Here.
Related
I am trying to add a role in my master database in SQL Server 2016 using below command:
SP_AddRole 'test'
I am getting this error:
There is already an object named "test" in the database.
I have checked expanding Roles in my master database, and I found that there is no Role with name "test" in my master database.
Still I have tried to Drop that Role using below query:
Drop Role 'Test'
I get this error:
Cannot drop the role because it does not exist or you do not have permissions
When I try to alter Role using below query:
Alter Role Add Member "Domain\userName"
I was getting same error as below:
Cannot alter the role because it does not exist or you do not have permissions.
Note: I have all permissions and privileges to SQL Server and master database.
Can someone please suggest what can be done in order to resolve this?
I can't change the name of the role as it is very important for my applications to create a role with this name.
There was an already created SCHEMA in that SQL Server database.
I have deleted that schema
DROP SCHEMA Test
And then below SQL query worked.
SP_AddRole 'Test'
When I create Role, a default schema with same name gets created which was visible when I expand Schemas.
When I try to Drop the Role, I will need to first Drop the schema and then the Role.
Even if the schema with same name(But Role does not) present, SQL Server does not allow me to create new Role with same name.
Reference here
I try to map my other DB to a user by going to Security > Logins > right click someuser > Properties > User Mapping > Select DB > set as db_owner and then ok, but I keep on getting an error saying
User, group, or role 'someuser' already exists in the current database. (Microsoft SQL Server, Error: 15023)
What is causing the error, and how do I map that user to the database?
To fix the user and login mapping you need to open a query window in the SQL Server Management Studio. Enter the following two lines and replace myDB with the database name and myUser with the correct user name:
USE myDB
EXEC sp_change_users_login 'Auto_Fix', 'myUser'
If run successfully you should get an output like this one:
The row for user '****' will be fixed by updating its login link to a login already in existence.
The number of orphaned users fixed by updating users was 1.
The number of orphaned users fixed by adding new logins and then updating users was 0.**
Your user should now be mapped correctly.
Edit:
New way to Resolve/Fix an Orphaned User:
In the master database, use the CREATE LOGIN statement with the SID option to recreate a missing login, providing the SID of the database user.
CREATE LOGIN <login_name>
WITH PASSWORD = '<use_a_strong_password_here>',
SID = <SID>;
To map an orphaned user to a login which already exists in master, execute the ALTER USER statement in the user database, specifying the login name.
ALTER USER <user_name> WITH Login = <login_name>;
When you recreate a missing login, the user can access the database using the password provided. Then the user can alter the password of the login account by using the ALTER LOGIN statement.
ALTER LOGIN <login_name> WITH PASSWORD = '<enterStrongPasswordHere>';
if it is just one or two users, then easiest way is to drop the database user from the restored database, remap the database user to the server login using SSMS. If the server login does not exist then just create it, map the user.
Option 2: If you are migrating a large number of users, use sp_help_revlogin. sp_help_revlogin is a Microsoft supplied stored procedure that will help migrate logins from one server to another, including passwords and SIDs. Here is a good article about it SP_HELP_REVLOGIN : http://www.databasejournal.com/features/mssql/article.php/2228611/Migrating-Logins-from-One-SQL-Server-to-Another.htm
Code patches to help use it :
run following T-SQL Query in Query Analyzer. This will return all the existing users in database in result pan.
USE YourDB
GO
EXEC sp_change_users_login 'Report'
GO
Run following T-SQL Query in Query Analyzer to associate login with the username. ‘Auto_Fix’ attribute will create the user in SQL Server instance if it does not exist. In following example ‘ColdFusion’ is UserName, ‘cf’ is Password. Auto-Fix links a user entry in the sysusers table in the current database to a login of the same name in sysxlogins.
USE YourDB
GO
EXEC sp_change_users_login 'Auto_Fix', 'ColdFusion', NULL, 'cf'
GO
Run following T-SQL Query in Query Analyzer to associate login with the username. ‘Update_One’ links the specified user in the current database to login. login must already exist. user and login must be specified. password must be NULL or not specified
USE YourDB
GO
EXEC sp_change_users_login 'update_one', 'ColdFusion', 'ColdFusion'
GO
2) If login account has permission to drop other users, run following T-SQL in Query Analyzer. This will drop the user.
USE YourDB
GO
EXEC sp_dropuser 'ColdFusion'
GO
Create the same user again in the database without any error.
If you assign permissions to a database user without mapping it to the database first, it throws the error you mentioned.
You should be able to delete the user, map it to the database and then assign the user to the db_owner role.
First drop your user, then execute the script below:
USE [YOURDB]
GO
CREATE USER [USERNAME] FOR LOGIN [USERNAME]
GO
USE [YOURDB]
GO
ALTER USER [USERNAME] WITH DEFAULT_SCHEMA=[dbo]
GO
I had the problem when I was trying to copy a production database to a local test database. In SSMS, I made sure to disconnect from the production server before executing scripts on the local. However, even though I thought I had disconnected, someone pointed out that the title of the production database was still there, and I got errors that objects were already there. The solution was to totally exit from SSMS and start it again, only connecting to the local test database that time.
you can solve problem by expand database ->Security -> Users
and delete the user 'someuser' ,after that go to user mapping and assign.
this problem happen some times because the database user 'someuser' was deleted from 'Logins' in Security section in SSMS and the database still own this user
Create failed for User (Microsoft.SqlServer.Smo)
SQL Server Error User, group, or role already exists in the current database. (Microsoft SQL Server, Error: 15023)
To fix above error delete user under each database individually
While fetching data through a stored procedure in SQL Server I am getting error like
Cannot execute as the database principal because the principal "dbo"
does not exist, this type of principal cannot be impersonated, or you
do not have permission.
I am getting this error only for accessing a particular stored procedure, not for all SP's.
Give your database a valid owner. Try this:
ALTER AUTHORIZATION
ON DATABASE::[YourDatabaseName]
TO [LoginUser];
or you can try to set it like
USE [dbname]
GO
sp_changedbowner 'someLogin'
ALTER AUTHORIZATION ON DATABASE::Example TO sa;
Basically SQL Server login is mapped to database user and this mapping is not properly defined for SQL server principals then login will not be sucessfully for that specific user of database on that specific instance and this user is called orphan user.
First, check if the orphaned user is mapped or not.
USE <database>
EXEC sp_change_users_login #Action='Report';
if not mapped then, fix the orphaned user.
USE <database>
EXEC sp_change_users_login #Action='update_one', #UserNamePattern='YOURUSERNAME', #LoginName='YOURUSERNAME';
I'm getting the following error when trying to read a SQL Job.
The SELECT permission was denied on the object 'sysjobs', database 'msdb', schema 'dbo'
How can I fix this?
You need to GRANT the SELECT permission for the user of your job.
A simple GRANT.
USE pubs
GO
GRANT SELECT
ON authors
TO public
GO
Further information about GRANT
You use the "SQL Server Agent Fixed Database Roles" in msdb (MSDN link): don't assigned permission directly, it'll be a pain to manage
And a "how to" for SSMS: "How to: Configure a User to Create and Manage SQL Server Agent Jobs (SQL Server Management Studio)"
Note: you need a user (MSDN) in one of these roles: no need to GRANT any rights
Make sure you aren't overriding the default user, usually a SQL Agent Account, with a user who does not belong to the necessary role.
I have created one user named "tuser" with create database rights in SQL server 2005.
and given the 'db_owner' database role of master and msdb database to "tuser".
From this user login when I run the script for create database then it will create new database.
But "tuser" don't have access that newly created database generated from script.
Any one have any idea?, I want to write the script so "tuser" have access that new created database after creation and can have add user permission of newly created database.
I want to give 'db_owner' database roles to "tuser" on that newly created database in the same script which create new database. The script run under 'tuser'.
Grant securityadmin server role to [tuser]
Members of the securityadmin fixed
server role manage logins and their
properties. They can GRANT, DENY, and
REVOKE server-level permissions. They
can also GRANT, DENY, and REVOKE
database-level permissions.
Additionally, they can reset passwords
for SQL Server logins.
CREATE DATABASE says
Each database has an owner that can
perform special activities in the
database. The owner is the user that
creates the database. The database
owner can be changed by using
sp_changedbowner (Transact-SQL).
So tuser should own the DB already.
However, you could set up tuser as db_owner in the model db which used as the template for every db creation
BTW, why make tuser the owner of master and msdb?
If tuser doesn't have access to the new database it means is not the owner. The database owner cannot be denied access into his/her own database.
How does the CREATE DATABASE statement look like? Do you have any AUTHORIZATION clause that would change the database ownership of the new database?
Who is the actual owner of the new database? Check SELECT name, SUSER_SNAME(owner_sid) FROM sys.databases;
Thanks for your input.
i have given access of tuser to database from ehich the new database created.
now the issue is resolved.
Many thanks.