I have a database server with several databases on it. I'd like to create a login for one of these databases, but when the user logs in to the server, I don't want the other databases on the server to show up. Is this possible?
I've created a login on the server and gave that login the db_readonly role on just one server. However, when I connect via SQL Server Managment Studio, I see a list of all of the databases. I can't see what tables are defined in each of them.
I want to remove this clutter so that when a user connects there is only one (or two if you include master) database available.
you may use the SSMS interface as following: -
1) Go to your SQL Server Instance, right click and select Properties.
2) Choose Permission on the left pane.
3) Select the specific user that you mention on the "Logins or roles" section.
4) At the permissions for section, check on Deny column for "View any database"
5) Go to the newly added databases, right click and select Properties.
6) Add the specific user under "Users or roles"
7) At the permissions for section, check on Grant column for "View database state" or any other permission that you would like to grant"
Related
I've been searching everywhere but it seems as nobody has my problem. I recently created an Azure SQL Database and I have not had luck at all with figuring out what to do with the error 18456. I Many times I've seen the "Just right click the database and go to properties and security" but there is no security. In fact there seem to be a lot of things I don't have when I right click. I barely know anything about any of this though, so I've tried quite a few things. At one point I thought I needed to use the sample adventure works. but that wasn't it. So I'd be really grateful if anyone helped.
[SSMS Version: 16.4.1]
[Azure SQL Database: Server Version 12]
Picture of my properties menu in SSMS(SQL Server Management Studio)
]
Picture of my right click
]
Your error is common, but the way you solve it on-premise or using virtual machines (Infrastructure-as-a-Service, IaaS) is different than how you would solve it for Windows Azure SQL Database (WASD). WASD is a Platform-as-a-Service version of SQL Server. The SQL Instance is logical, so you have to change some of your thought processes. One of the chief ways you'll need to change your thought processes is in how you manage your SQL Databases.
When you're in WASD and you create a database, you're asked to create an administrative username and password. Using that account you can deploy the schema of your database as well as SQL Authenticated Users and permissions. You don't have permission to change the instance's authentication types, that's why you don't see an option for security when you right-click on the instance name and choose properties.
The following steps are how you would create a new LOGIN to allow this new user to authenticate to the virtual instance. After you've created a LOGIN, you then need to create a database USER for this LOGIN. With this USER, you can then assign permissions for what this USER can and cannot do.
Adding Logins for your Windows Azure SQL Database
A few notes before we get started. In the following code anything in angle brackets (< and >) mean this is a variable you can change. So would be the username you want to create for your Entity-Framework application. would be the password you want to use for your .
Use your administrative credentials to connect to your instance. This account has permissions to control everything about your database. When you connect, you should find that by default you've connected to the master database on that instance. If not, use the drop-down at the top of SSMS to change to master. "USE master" will not work.
From this connection, the following T-SQL will create your Entity-Framework's username and password.
CREATE LOGIN [<username>] WITH PASSWORD = '<password>';
At this point, if you were to try and connect to the virtual instance with this and , you could connect to your virtual instance, but not any database on this virtual instance. Your error message would say something like:
The server principal "" is not able to access the database
"" under the current security context....
You need to take at least one more step before this user can connect to your user database.
Now, from that same SSMS script window, change the database to the user database () you're granting access to. This will be the database you want your Entity-Framework application to use. Remember, use the drop-down at the top.
First we will create a database user for the login created in the previous step.
CREATE USER [<username>] FOR LOGIN <username>
Then, we will allow this to connect to your user database , the database you want the Entity-Framework application to use.
GRANT CONNECT TO [<username>]
At this point, your new username can log in to the virtual instance and connect to your user database.
Now, you will need to add any other permissions this user will need. For example, if your will only need read permissions, you could get away with adding the user to the db_datareader database role. Add those permissions now.
Special note about connection and connection strings
Your user is now setup to connect to your user database. That means in SSMS if you try and connect with your Entity-Framework user, there is an extra step to your connection dialog box. Before you click Connect, you have to hit the Options button.
Since your user cannot hit master, you have to tell SSMS you want to connect to the user database first and avoid hitting master. By default, SSMS will try to connect to your SQL instance's master database first.
You have to enter the name of the database in the "connect to database" entry. After you've entered the database, you can then hit connect.
I'll guess that in your application it already had the "Default Catalog=" value set to your user database, and you were able to connect. Setting this value in options is like setting that "Default Catalog=" value.
I hope this helps you in breaking into WASD a little more.
EDITS: attempting to add clarity to the differences between IaaS SQL Server instances and PaaS Windows Azure SQL Database. I previously missed the FOR LOGIN clause on the CREATE USER statement.
Please let me know the steps to add 2 users in a Single database on SQL server 2008
Tried adding user to same database in security but unable to access database.
One user is working fine after adding into the database.
If you have Microsoft SQL Server management studio installed:
In SQL Server Management Studio, open Object Explorer and expand the Databases folder.
Expand the database in which to create the new database user.
Right-click the Security folder, point to New, and then click User.
On the General page, enter a name for the new user in the User name box.
In the Login name box, enter the name of a SQL Server login to map to the database user.
Click OK.
If not use these commands
USE <database name> GO
CREATE USER <new user name> FOR LOGIN <login name> ; GO
I'm trying to create a SQL Azure database. While the database successfully gets created, I can't login to it. The reason why is, I don't know what the default username / password is. Or, how to create the first user that can access the database.
There has to be something basic I'm missing here. How do I create the first user for a SQL Azure database.
The database exists on an Azure SQL Instance. You need the administrative loginid/password you assigned when you created the instance.
When you are in the Azure Management Portal (https://manage.windowsazure.com) go to "SQL DATABASES".
On the "DATABASES" page (along the top), find your database. Look for the name of your databases' server in the "SERVER" column, and click on the link for the server.
On the page for the server, along the right side under "quick glance", you will see the "ADMINISTRATOR LOGIN" and further up you see a link to "Reset Administrator Password". You can reset it if you don't remember it.
Now, you can login using those credentials (admin login/pwd) and create additional logins as needed.
Hope that helps.
I have a LocalDB running and I can log in to it via SQL Server Management Studio. I've granted my user db_datareader and other roles, but the Object Explorer tree still does not list Tables under Databases > System Databases > master.
I can create tables and select, etc. They show up in information_schema.tables with "master" as the table catalog. I created a view and it does show up under Views, so the issue seems to be limited to tables.
I don't know what else to try - any idea?
try one press on the name of the database , and then press the refresh circle line on the top of the object explorer. may be now it will work. you can see picture added.
I am using Access to try to get some links to tables in SQL Server 2008.
I've created a user name under security in SSMS for SQL Server and I've mapped it to a user that is under the database that I need. I've also given that user a default database that I need.
When I try to connect through ODBC I am not seeing the correct tables. What I am seeing is a bunch of Sys tables. Does anyone know what I am doing wrong?
Here is the create for the main user:
/* For security reasons the login is created disabled and with a random password. */
/****** Object: Login [lomuser] Script Date: 10/22/2010 08:14:03 ******/
CREATE LOGIN [lomuser] WITH PASSWORD=N'µ''ØÑëOº\¾dõMÐàæfÄ%[RríÜ2 y', DEFAULT_DATABASE=[LOMDATABASE], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
ALTER LOGIN [lomuser] DISABLE
GO
Here is the create for the specific user to the specific database (on which the top user is mapped to) also FYI they have the same name:
USE [LOMDATABASE]
GO
CREATE USER [lomuser] FOR LOGIN [lomuser] WITH DEFAULT_SCHEMA=[dbo]
GO
When you setup the DSN connection in the odbc panel or let access create this connection for you, the default database is master. So, when you link a table, the only tables you will see are the system tables. Delete your linked table (if you have any). Now, when you choose to link to a table, choose NEW in the data source to create a new DSN connection. During that process, you see the option to change the default database from system to whatever database you want.
Once you change the above default, then when you link a table, you see tables from the above selected database you choose. If you did not set above, as noted, you just going to see the system tables.
You may find a solution in this article at Microsoft support
This is a known bug in SQL Server
Beware of denying Select to the Public
because it has unintended results elsewhere
The solutions can be difficult for a casual SQL administrator.
By default when setting up (importing) a linked table from an (Azure) SQL Server database MS ACCESS chooses master as the default database. You should change this when linking the table:
1-Click Linked Table Manager under External Data tab
2-Click Add button on the right menu bar and choose SQL (Server/Azure), enter a name for the data source (so you can recognize the data source later in the Link Table Manager list of sources), click Next
3-When SQL Server Login wizard prompted, enter the address of your SQL server e.g. for Azure it should be something like this:
<you_server_name>.database.windows.net
Enter your SQL database user and password for login.
Once done, the button Options will be enabled
4-Click button Options and you will see the Database is set to Default. Click on it and choose the database you want. You should see the tables of the selected database and not master