There are two administrative accounts (Server admin and Active Directory admin) that act as administrators. My requirement is to find out the names of these accounts. I have looked into sys.database_principles view and sys.sql_logins view but could not find anything relevant to the same. From SQL query i could not find any helpful system view to fetch the information. Can anyone please help me here?
You can use the TSQL script below to get the Server Admin and Active Directory Admin account names.
SELECT [name], [type], [type_desc], [authentication_type], [authentication_type_desc] FROM sys.database_principals
WHERE (type = 'S' AND [name] != 'dbo' AND authentication_type = 1) OR
(type = 'X' AND authentication_type = 4)
Important Note:
You need to run the TSQL against the master system database
Use the latest version of SQL Server Management Studio
Alternatively, you can get both account names from the Azure portal as shown below.
Reference: Controlling and granting database access
Related
I am new to an organization, and there was a SQL Server link set up before I started between to servers. There are 12 databases on the linked server, and I can access all of them but one. For example, I run [SELECT * FROM [SERVER].Database.dbo.table1] and get a result set. And this is the case for all databases except 1. I run [SELECT * FROM [SERVER].Database2.dbo.table1] on that one and get "The OLE DB provider "SQLNCLI11" for linked server "SERVER" does not contain the table ""Database2"."dbo"."Table1"". The table either does not exist or the current user does not have permissions on that table. The table exists, and I am able to select from it on the originating server with no issues. I am logging in with windows authentication. Any ideas?
I have verified that I have the same database permissions on 1 that I can reference as the one I cannot.
We are trying to grant a Azure AD group to one of our SQL Server Database. When try to run the script
CREATE USER [Group Name] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA = [dbo];
The SSMS is giving an error
Principal 'Group Name' could not be found or this principal type is
not supported.
We tried with a different group name without spaces in the name. That worked.
Can somebody let us know what is going wrong?
Regards,
John
Make sure you are using the Security Group Display Name instead of an alias. Make sure also to download the latest version of SQL Server Management Studio from here.
I suggest to enter a support case. In the meantime use your workaround w/o spaces
In Sql Server 2000, is it possible to return, via SQL query, a complete list of database roles that exist in a given database?
I know it is possible to see these roles by expanding the Security, Roles, and Database Roles nodes in SQL Server Management Studio, but I'd like to get them through a query that I can parse programmatically.
To clarify, I'm not looking for a list of users with their roles, but just the list of roles themselves.
Every database in SQL Server 2000 has a sysusers system table
Probably something like
Use <MyDatabase>
Select
[name]
From
sysusers
Where
issqlrole = 1
will do the trick
With our SQL Server 2016 this works for me
Use Sandbox
Select
name, principal_id
From
sys.database_principals
Where
type = 'R' and principal_id < 16384
where Sandbox is the name of my database.
(I'm using SQL with ESRI ArcGIS Enterprise 10.6.)
I have created 10 database of 'Northwind' for training purpose. Suppose I have 10 students, so databases are Northwind_Student1,Northwind_Student2 etc. I would like to create separate login for each pupil, so that Student1 can only see(or can access) the data base 'Northwind_Student1'. How can I accomplish this using T-SQL or SSMS 2008 ?
You can create different users for different databases and assign permissions like below. It's for SQL 2008, but it will be same for 2005 also :
In SSMS, expand the Security tree of the server in Object Explorer and right-click Logins to choose New Login..., then add as many as needed.
Then in the Security tree of each individual database, add the login as a user of that db and grant appropriate rights.
Create 10 different logins and assign each to the database it can access.
CREATE LOGIN yourloginname WITH PASSWORD = 'yourpassword'
Background:
We are running a web application where each user has a login to the system. The application login is mapped to an actual SQL Server 2005 login (which we needed to create). Our development and disaster recovery sites are simply copies of this setup. On a nightly basis, the production database is backed up, the dump is archived, and we restore dev and DR using this file. When this is done, we need to run sp_change_users_login for each user to remap the database user to the SQL login.
Problem:
When the user changes their password on production, the SQL login password is changed. This is not getting synced to dev/DR, so if they try to log on to one of those sites, they can't, and need to reset their password. Is there a [good] way to keep these SQL logins synced across multiple installs?
The next version of this product eliminates the SQL login need, but upgrading is not a current priority.
Script the logins with the password hashed and then drop and re-create them on your target server after you drop the database and before you restore the database back-up. That's how we script SQL2005 logins with our scripter software. You might like to try the software - www.dbghost.com - or build your own solution.
Solution:
This is a follow up to markbaekdal's answer. Here's how I did it:
I run the following against the production database:
SELECT 'ALTER LOGIN ' + CAST(name AS VARCHAR) + ' WITH PASSWORD = ', password_hash, ' HASHED;'
FROM sys.sql_logins
JOIN mydatabase..mytable
ON mycolumn = name
GO
and pipe it through "findstr ALTER" (ah, windows) to a file named loginUpdates.sql. I then run that file against the development and DR databases. It works like a charm.
If you want to get really hardcore, here's a support article a coworker of mine found:
http://support.microsoft.com/kb/918992.