I did create an External Datasource, identical to the guide described here .The process is pretty simple, so just for illustration.
CREATE MASTER KEY ENCRYPTION ...
CREATE DATABASE SCOPED CREDENTIAL ...
Not covered in the article is how to create login and user. On the master database I did execute
CREATE LOGIN <externaldbname> WITH PASSWORD = '<somepassword1>';
CREATE USER externaldbname FOR LOGIN externaldbname;
And on the externaldb
CREATE USER externaldbname FOR LOGIN externaldbname;
Then continued with the guide
CREATE EXTERNAL DATA SOURCE ...
CREATE EXTERNAL TABLE ..
All executed successfully. Now when I try to select something from the external database, this error is raised
Msg 46823, Level 16, State 2, Line 10 Error retrieving data from one
or more shards. The underlying error message received was: Cannot
open database externaldb requested by the login. The login failed.
Login failed for user externaldbname.
I am able to login with the given credential to the externaldb if using Visual Studio. Is there any special permission that needs to be granted or what might be wrong?
Issue resolved. The database name in the external data source definition was not the same (typo) as actual database name.
The credentials you created, do they have read access to the remote database that you are trying to access?
If the permissions are all fine, then can you email me your setup details along with the T-SQL statements you used at SDoomra(at)Microsoft(dot)com?
Thanks
Silvia Doomra
Related
i'm using Azure SQL. In Azure Portal, i was create 1 Azure SQL Server (with username login user01) and 2 Azure SQL Database (ExDatabase1 and ExDatabase2) inside it.
In Microsoft SQL server management studio tool, i'm login success with user user01. i'm using transparent data encryption (TDE) and try create Database Master Key for master database with command bellow:
USE master;
Go
CREATE MASTER KEY ENCRYPTION by PASSWORD = 'Strongp#ssw0rd';
Go
But, i received error:
Msg 15247, Level 16, State 1, Line 3
User does not have permission to perform this action.
So, what is permission for this current user (this is owner database)? and how to do that?. thanks!
USE statement is not supported to switch between databases. Use a new connection to connect to a different database on Azure SQL Database.
To create a master key in Azure SQL just run the following statement on the Azure SQL Database context not on the master database.
CREATE MASTER KEY
GO
For a full example please read this article.
Another example can be found here.
CREATE MASTER KEY ENCRYPTION BY PASSWORD='MyPassw0rdIsComplex.'
GO
I am trying to create a contained user for just one database in Azure SQL Server,
I have tried using the sp_configure keyword, it says it is not available in the version of the SQL Server I am using.
Also, I used the Alter database statement, I got the error below:
ALTER DATABASE statement failed; this functionality is not available
in the current edition of SQL Server.
Please, how can I solve this problem???
You do not need to run the ALTER DATABASE ... SET CONTAINMENT command on Azure SQL DBs to accept contained users - it is already enabled by default. You simply need to create the user with just a login and password. A simple example of a contained user with password:
CREATE USER yourUser WITH PASSWORD = 'yourPassword';
See the official documentation for more examples:
https://learn.microsoft.com/en-us/sql/t-sql/statements/create-user-transact-sql?view=sql-server-ver15#e-creating-a-contained-database-user-with-password
https://learn.microsoft.com/en-us/sql/t-sql/statements/create-user-transact-sql?view=sql-server-ver15#f-creating-a-contained-database-user-for-a-domain-login
sp_configure is not supported in Azure SQL database, even use the Alter database:
In Azure SQL database, login is used to login the Azure SQL server, user is to connect to the database. User is database level, and login is server level.
Create login in master DB(( Login must be created in master DB)):
CREATE LOGIN AbolrousHazem
WITH PASSWORD = '340$Uuxwp7Mcxo7Khy';
Then we can create user in user DB( create the database contained user in user DB):
CREATE USER AbolrousHazem FOR LOGIN AbolrousHazem;
GO
For more details, please ref: https://learn.microsoft.com/en-us/azure/azure-sql/database/logins-create-manage
When I create a user, it messages "error15063"
login already has an account under a different user name. (Error: 15063)
The login was mapped to the database as the dbo, which is wrong. It happened because this account actually created a database during the installation.
The login already has an account under a different user name. (Microsoft SQL Server, Error: 15063)
To resolve this
Please run the script against your database:
I have a database A where I have CREATE DATABASE LINK privilege and a database B where I can connect as a read-only user (I don't have the privilege here). I just want to do SELECT queries.
I would like to know if it's possible to create a database link on this user.
I did many researches about my problem, but nothing works.
I also tried SET TRANSACTION READ ONLY but it did nothing.
CREATE DATABASE LINK dblink_name
CONNECT TO user_with_read_only
IDENTIFIED BY password
USING('(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=<host>)(PORT=<port>))(CONNECT_DATA=(SERVICE_NAME=<service_name>)))
I got those errors:
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-16000: database open for read-only access
I'm trying to export a SQL Azure database to a .bacpac file using the Azure portal. The administrator username on my database contains a *. When I use it in the username field I get this error.
The login name must meet the following requirements:
It must be a SQL Identifier.
It cannot be a system name, for example:
- admin, administrator, sa, root, dbmanager, loginmanager, etc.
- Built-in database user or role like dbo, guest, public, etc.
It cannot contain:
- White space like spaces, tabs, or returns
- Unicode characters
- Nonalphabetic characters ("|:*?\/#&;,%=)
It cannot begin with:
- Digits (0 through 9)
- #, $, +
So I add a new user to the database using the following tSQL.
USE master;
CREATE LOGIN gu6t6rdb WITH PASSWORD = 'kjucuejcj753jc8j'
USE MyActualDB;
CREATE USER gu6t6rdb FOR LOGIN gu6t6rdb
The portal export form accepts that username but later errors with the following message.
Error encountered during the service operation. Could not extract
package from specified database. The reverse engineering operation
cannot continue because you do not have View Definition permission on
the 'MyActualDB' database.
To fix this I tried the following tSQL
GRANT VIEW ANY DEFINITION TO gu6t6rdb
which throws the following error
Securable class 'server' not supported in this version of SQL Server
How should I use tSQL to provide an additional user on my database and give the user sufficient privileges to export the database through the Azure portal to a .bacpac file in an Azure blobstore?
This will not work on sql azure. You will need to grant view definition at the database level. (without the ANY keyword)
GRANT VIEW DEFINITION TO gu6t6rdb
P.S: I hit the exact same issue and this seemed to solve my problem. I also had to do a Grant Execute (but it depends on what your bacpac is applying to the database)
Got it. I can add the user to the db_owner role and then the export proceeds without error.
EXEC sp_addrolemember 'db_owner', 'gu6t6rdb'
as of now, GRANT VIEW DEFINITION TO [username] works in Azure SQL, I just verified it myself. See https://learn.microsoft.com/en-us/sql/relational-databases/security/permissions-database-engine?view=sql-server-ver15 for reference:
So in order to successfully export database as bacpak file you can created contained user (no need in CREATE LOGIN... command) and give the following permissions:
CREATE USER [user_from_azure_AD] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [user_from_azure_AD]
GRANT VIEW DEFINITION TO [user_from_azure_AD]