I'm trying to create a SQL Azure database. While the database successfully gets created, I can't login to it. The reason why is, I don't know what the default username / password is. Or, how to create the first user that can access the database.
There has to be something basic I'm missing here. How do I create the first user for a SQL Azure database.
The database exists on an Azure SQL Instance. You need the administrative loginid/password you assigned when you created the instance.
When you are in the Azure Management Portal (https://manage.windowsazure.com) go to "SQL DATABASES".
On the "DATABASES" page (along the top), find your database. Look for the name of your databases' server in the "SERVER" column, and click on the link for the server.
On the page for the server, along the right side under "quick glance", you will see the "ADMINISTRATOR LOGIN" and further up you see a link to "Reset Administrator Password". You can reset it if you don't remember it.
Now, you can login using those credentials (admin login/pwd) and create additional logins as needed.
Hope that helps.
Related
I have a contractor who I want to give access to a website that connects to a database. I need to create a SQL Server user that can connect and read and write to the database.
However, I don't want this user to be able to connect to the SQL Server via something like Management Studio. Are there permissions that need to be enabled or disabled to accomplish this in SQL Server Management Studio?
SQL Server Management Studio (SSMS) is basically a normal client that makes SQL statements in the background. If you create a login in the SSMS, then no magic happens, but a CREATE LOGIN. This can be recognized by the fact that there is (almost) always the possibility to generate the appropriate SQL statement via "Script as", which is normally done in SSMS via the graphical user interface.
If you would lock out SSMS, then other clients as well. And even if there were a setting, there are other possibilities via Powershell and the like. So this is not the way to go.
I suppose you don't want the contractor playing around on the SQL server just because he got access to a database? He is allowed in the house, but not in all rooms....
In other words, it can only be done via permissions, where there is a login to connect to the SQL Server on the one hand and a database user who gets access to the database on the other hand. Therefore there are authorizations on SQL server level (login) and database level (user).
CREATE LOGIN testlogin WITH PASSWORD = 'wowThisIsKewl';
GO
USE [YourDatabase]
GO
CREATE USER [dbuserlogin] FOR LOGIN [testlogin] WITH DEFAULT_SCHEMA=[db_owner]
GO
Each login belongs first to the SQL Server role "public", unless additional or different authorizations are granted. You can connect to this role, but e.g. you can not create databases, perform backups etc.... Just try it out.... =)
At the same time DB_OWNER at database level allows the login to read and write data, etc. and more.
I've been searching everywhere but it seems as nobody has my problem. I recently created an Azure SQL Database and I have not had luck at all with figuring out what to do with the error 18456. I Many times I've seen the "Just right click the database and go to properties and security" but there is no security. In fact there seem to be a lot of things I don't have when I right click. I barely know anything about any of this though, so I've tried quite a few things. At one point I thought I needed to use the sample adventure works. but that wasn't it. So I'd be really grateful if anyone helped.
[SSMS Version: 16.4.1]
[Azure SQL Database: Server Version 12]
Picture of my properties menu in SSMS(SQL Server Management Studio)
]
Picture of my right click
]
Your error is common, but the way you solve it on-premise or using virtual machines (Infrastructure-as-a-Service, IaaS) is different than how you would solve it for Windows Azure SQL Database (WASD). WASD is a Platform-as-a-Service version of SQL Server. The SQL Instance is logical, so you have to change some of your thought processes. One of the chief ways you'll need to change your thought processes is in how you manage your SQL Databases.
When you're in WASD and you create a database, you're asked to create an administrative username and password. Using that account you can deploy the schema of your database as well as SQL Authenticated Users and permissions. You don't have permission to change the instance's authentication types, that's why you don't see an option for security when you right-click on the instance name and choose properties.
The following steps are how you would create a new LOGIN to allow this new user to authenticate to the virtual instance. After you've created a LOGIN, you then need to create a database USER for this LOGIN. With this USER, you can then assign permissions for what this USER can and cannot do.
Adding Logins for your Windows Azure SQL Database
A few notes before we get started. In the following code anything in angle brackets (< and >) mean this is a variable you can change. So would be the username you want to create for your Entity-Framework application. would be the password you want to use for your .
Use your administrative credentials to connect to your instance. This account has permissions to control everything about your database. When you connect, you should find that by default you've connected to the master database on that instance. If not, use the drop-down at the top of SSMS to change to master. "USE master" will not work.
From this connection, the following T-SQL will create your Entity-Framework's username and password.
CREATE LOGIN [<username>] WITH PASSWORD = '<password>';
At this point, if you were to try and connect to the virtual instance with this and , you could connect to your virtual instance, but not any database on this virtual instance. Your error message would say something like:
The server principal "" is not able to access the database
"" under the current security context....
You need to take at least one more step before this user can connect to your user database.
Now, from that same SSMS script window, change the database to the user database () you're granting access to. This will be the database you want your Entity-Framework application to use. Remember, use the drop-down at the top.
First we will create a database user for the login created in the previous step.
CREATE USER [<username>] FOR LOGIN <username>
Then, we will allow this to connect to your user database , the database you want the Entity-Framework application to use.
GRANT CONNECT TO [<username>]
At this point, your new username can log in to the virtual instance and connect to your user database.
Now, you will need to add any other permissions this user will need. For example, if your will only need read permissions, you could get away with adding the user to the db_datareader database role. Add those permissions now.
Special note about connection and connection strings
Your user is now setup to connect to your user database. That means in SSMS if you try and connect with your Entity-Framework user, there is an extra step to your connection dialog box. Before you click Connect, you have to hit the Options button.
Since your user cannot hit master, you have to tell SSMS you want to connect to the user database first and avoid hitting master. By default, SSMS will try to connect to your SQL instance's master database first.
You have to enter the name of the database in the "connect to database" entry. After you've entered the database, you can then hit connect.
I'll guess that in your application it already had the "Default Catalog=" value set to your user database, and you were able to connect. Setting this value in options is like setting that "Default Catalog=" value.
I hope this helps you in breaking into WASD a little more.
EDITS: attempting to add clarity to the differences between IaaS SQL Server instances and PaaS Windows Azure SQL Database. I previously missed the FOR LOGIN clause on the CREATE USER statement.
Please let me know the steps to add 2 users in a Single database on SQL server 2008
Tried adding user to same database in security but unable to access database.
One user is working fine after adding into the database.
If you have Microsoft SQL Server management studio installed:
In SQL Server Management Studio, open Object Explorer and expand the Databases folder.
Expand the database in which to create the new database user.
Right-click the Security folder, point to New, and then click User.
On the General page, enter a name for the new user in the User name box.
In the Login name box, enter the name of a SQL Server login to map to the database user.
Click OK.
If not use these commands
USE <database name> GO
CREATE USER <new user name> FOR LOGIN <login name> ; GO
I would like to change the default database for a login to support software that can access SQL Azure but does not allow easy alteration of a connection string. It appears that SQL Azure defaults to the master database.
I've already considered:
Stored procedures. I can't find a stored procedure that does this (sp_defaultdb is not implemented in SQL Azure as far as I can tell)
Alter Login. ALTER LOGIN does not permit the DEFAULT_DATABASE option.
SSMS. SSMS doesn't seem to allow much user control through the interface for SQL Azure.
Ideas?
Connection String:
Server=tcp:[serverName].database.windows.net;Database=myDataBase;User ID=[LoginForDb]#[serverName];Password=myPassword;Trusted_Connection=False;Encrypt=True;
You can change connect default database, when you write 'Database' property at connection string.
SSMS is connect to database box which is option->secont tab at conecct dialog.
In my case I managed to do it by creating a login directly in the master database:
CREATE LOGIN newlogin WITH password='password'
GO
CREATE USER newlogin FOR LOGIN newlogin WITH DEFAULT_SCHEMA=[dbo]
GO
Then I created a user in the database I wanted to gain access to:
CREATE USER newlogin FOR LOGIN newlogin WITH DEFAULT_SCHEMA=[dbo]
GO
At last adding it to a role in the particular database to gain the right permissions:
Alter role db_owner add member newlogin
Hope this works for you too.
As you already discovered the DEFAULT_DATABASE option is not available in SQL Azure. So if you cannot change the connection string of your application in which you would normally specify the database name, you are stuck to master.
However... is it possible to create an ODBC connection, and configure your application to use ODBC? Using ODBC would allow you to specify a default database.
By far the easiest way in SSMS is to use the additional parameters tab and supply the initial catalog, e.g.
You can easily change the default database when loging in with SSMS. Click the Options button on the Login Dialog then click on the Connection Properties tab. In the "Connect to database" box enter the name of your database.
You have to use use following to be able to change "default" Database
Use "SQL Server Native Client 10.0" or higher instead on using "SQL Server as Driver
Use full user id like UserName#AzureConnnectString
For me it is
NorthWind#w6ywertsd8h.database.windows.net
More details here
http://debugmode.net/2011/04/22/connecting-microsoft-access-to-sql-azure/
Another option is to create a mapped user in the master database and the hosted database. This will allow SSMS to connect to the server and use master as the default db, then the user can open the database. I am not a DBA so I do not know the implications of this, but that is how I solved it. My database is just being used for a POC project so it doesn't have many security requirements.
I am attempting to migrate from SQL Server 2005 to SQL Server 2008. Both of these database instances are hosted on 3rd party shared servers that I do not have full permissions to. They are using mixed mode authentication.
I am running into trouble setting up the new database the same way the old one was set up. Specifically, the new web-based control panel doesn't allow a dbo to be specified when creating a new database and then when using Red Gate SQL Compare to sync up the schemas I am having problems because some objects (that don't explicitly specify dbo in the script) are being created with the prefix of the user account rather dbo.
I have poured over the documentation trying to find a way to force my login "user1" as dbo to the "db1" database. I came to the conclusion that the script should look like this:
ALTER AUTHORIZATION ON DATABASE::db1 TO user1
Before running this script, the login "user1" already exists, but is not a user for database "db1". Note I had to submit this script to the support of my hosting company in order to run it. According to the hosting company the statement successfully executes, however when I compare the databases using SQL Compare the user "user1" has not been physically added to the database like it was under SQL Server 2005. When trying to add it using the script:
CREATE USER [user1] FOR LOGIN [user1] WITH DEFAULT_SCHEMA=[dbo]
I get the error message:
"The login already has an account under a different username"
I have tried dropping all of the other users from the database, but the error message still persists - which I find odd.
While I could just fix the scripts by explicitly specifying dbo, this would inevitably be a time bomb waiting to go off because if any new script were introduced that didn't explicitly specify dbo there would be a failure during synchronization. Since some of the scripts are from 3rd parties, this is not a good solution.
So my questions: Is there another statement that I need to run in order to add "user1" to the database as a user that is dbo? Is there anything that has changed in the implementation between SQL Server 2005 and SQL Server 2008 R2 that could cause these inconsistencies?
I am unfortunately not able to test to find an answer to the second one because I don't have another SQL Server 2008 database to test with and I don't have full access to do anything I want on this one.
The old database was created through a control panel which forced dbo to be specified and the new one doesn't allow dbo to be specified when creating a database.
From what i have gathered the following should suffice.
ALTER USER [user1] WITH DEFAULT_SCHEMA=[dbo]
The create wasnt working as it already existed.