I am very new to the database field and I have followed various sources such as Creating new user/login in sql azure
and this
to create and grant new user access to databases, they were all successful during the creation process but as soon as I tried logging in to the database, I get the following error.
Authentication:14678e5d-f8f5-4b1f-bb19-c67effaf2309[Microsoft.SqlServer.MessageText=Login failed for user 'vitra_public_user'. ,Microsoft.SqlServer.MessageSeverity=14,Microsoft.SqlServer.MessageId=18456]
So here is the procedure and details of how I created and granted the user access, can someone spot any mistakes that I have made pls.
creating a new LOGIN under the master database. CREATE LOGIN vitra_public WITH password='<mY_PasSwOrd_hErE>'
go into the specific(e.g. 'vitra-web') database to create user linking to the login. CREATE USER vitra_public_user FOR LOGIN vitra_public
But as I tried logging onto the vitra-web database on Azure, I got the error so if anyone can spot any mistake that I made will be great!
Thanks
Ken
Related
On the master db of a Serverless Synapse Analytics instance an external login is created for AAD Security Group.
CREATE LOGIN [sg-aad-name] FROM EXTERNAL PROVIDER;
The login does not show up in the table sys.server_principals.
The following query doesn't return any results:
SELECT SUSER_SID('sg-aad-name')
But I can't ALTER or DROP the login. The message that is returned: 'it does not exist or you do not have permission'. When I try to create it again, it indicates that is already exists.
When I try to add the login to a server role, it again indicates 'it does not exist or you do not have permission'.
I have SQL Administrator rights and so does the AAD security group for which I try to create the login. This issues appears on two instances. On another instance it worked and is functioning properly.
What am I overlooking? Can someone enlighten me on what is happening here or how this can be solved? I want to create an external login, have it visible in the sys.server_principals table and add to server role.
Tried all statements above. Read various blog posts and fora such a Stackoverflow.
Issue solved. The security group already had a login in sys.server_principals where the name was the Azure object ID of the security group. Dropping this login allowed for creation of the new login. This new external login was stored under the name of the security group in sys.server_principals.
Our problem is follow:
We have an Azure App Service and Azure SQL Database. Recently, we have a problem of data missing from the SQL Database. The App Service was running and the users could create and retrieve the records from App Service. However, when we did a select statement using SSMS, the record could not be found. The next day, record cannot be seen via App Service as well.
We also have Azure Function App which was running during the same problematic period, but there was no issues with the updating. All records were updated into the database successfully.
Does anyone having similar problem? Any advice is greatly appreciated.
Best regards,
Ben
The issue seems like with User permission for Azure SQL Server user. If the user is able to update it looks like he has only updating permission in the schema. I suggest you to cross-check the User permission on table(s) and schema for better clarity.
Refer below example to create Login, User and GRANT permission:
CREATE LOGIN utkarsh WITH PASSWORD = 'Uuxwp7Mcxo7Khy';
USE AdventureWorks;
CREATE USER utkarsh FOR LOGIN utkarsh;
GO
Grant Select permission:
GRANT SELECT TO utkarsh
Refer: GRANT Database Permissions (Transact-SQL)
You can add a database user to a database role using the following query:
EXEC sp_addrolemember N'db_datareader', N'userName'
I have got myself into a little bit of a bind, using SQL Server Management Studio to create a database in Azure SQL. My issue appears to be with assigning roles to users in the database. When I created the database, it prompted me to create a new login, with an associated user, that appeared to have all the rights of a database owner. However, I am now trying to create two additional logins and I realize I am screwed. The login that I created when I made the database isn't the database owner, even though I could do all the DDL / DML necessary to create the full schema under that account. I created an additional login, and I added two users to that login. I now want to add that login to a role (db_datareader, db_denywrite) but I cannot.
It appears that the database owner is a user / login called "dbo" that I did not set up. This is the only user that is added as a database owner, and subsequently is the only one that can edit roles. But I do not know the login credentials for this user!
if I use what I believed to be the administrator account (the one I made) to add a role I get the error:
Cannot alter the role 'db_datareader', because it does not exist or you do not have permission.
How can I fix this? How can I get my original account added as a DB Owner? There has got to be a way, but everything I tried points to the fact that I am not the owner of the resource I created; I'm an outcast in my own country...
Thanks!
I am trying to give permissions to a user I just created and has a login associated logged into my master.
I was not able to give any permissions since it says you do not have permissions to do this.
I gave myself dbowner rights in the master but still.
Any help?
Might it be that the database I created does not have the schema dbo?
UPDATE:
I thought you said the user you added didn't have any permissions, my bad! Well the answer still might be helpful :-)
I'm not an SQL expert so this may not answer your question, but I had to do something like this today and listing my steps might help.
You can use a graphical tool like Azure User Management Console (AUMC) if you want to add users without having to write a bunch of SQL queries.
Connect to your server, go to Logins and create a new login (if you want to give server access as well), then go to Users, select your database, create a new user, then here you can link the user to the login you just created and give database permissions.
Here is the documentation on granting users/logins permissions:
http://blogs.msdn.com/b/sqlazure/archive/2010/06/21/10028038.aspx
EXEC sp_addrolemember 'db_datareader', 'readonlyuser';
I would like to create an SQL Azure user and grant her read-only access on a handful of DBs, what script can I use to achieve this?
A pure TSQL script is super messy, SQL Azure disables the USE command, so you are stuck opening connections to each DB you need to give the user read access.
This is the gist of the pattern.
In Master DB:
CREATE LOGIN reader WITH password='YourPWD';
-- grant public master access
CREATE USER readerUser FROM LOGIN reader;
In each target DB (requires a separate connection)
CREATE USER readerUser FROM LOGIN reader;
EXEC sp_addrolemember 'db_datareader', 'readerUser';
OR... Use the Azure User Management console - AUMC to manage the Logins and Users.
It's a open source project available on codeplex AUMC.codeplex.com
Project Description
Azure User Management Console - AUMC is a User
Graphic Interface (GUI) that manages the users and logins of an Azure
SQL database. The tool is simply converting your action into T-SQL
commands and execute them on the Azure SQL Database.
A quick simple tool with a user interface! Don
Enjoy!
You can create new user without creating login on master DB (which is require make a separate connection)
CREATE USER user1 WITH password='<Strong_Password>';
https://azure.microsoft.com/en-us/documentation/articles/sql-database-manage-logins/