I need to script a specific SQL Login, with it's associated User Mappings and role memberships. Is this possible? If so, someone please point me in the right direction.
Thanks!
Script the logon in SSMS
Script the user in SSMS
Script the role in SSMS
Do the sp_addrolemember manually
It's just as quick
Or modify this. Which is just as quick as using SSMS...
USE master
GO
CREATE LOGIN SomeLogin --FROM WINDOWS?
GRANT CONNECT SQL TO SomeLogin
GO
USE MYDB
GO
CREATE USER SomeUser FOR LOGIN SomeLogin
GRANT CONNECT TO SomeUser
GO
CREATE ROLE SomeRole AUTHORIZATION [dbo]
GO
EXEC sp_addrolemember 'SomeRole', 'SomeUser'
GO
OR... Use the Azure User Management console - AUMC to manage the Logins and Users.
It's a open source project available on codeplex AUMC.codeplex.com
Project Description
Azure User Management Console - AUMC is a User
Graphic Interface (GUI) that manages the users and logins of an Azure
SQL database. The tool is simply converting your action into T-SQL
commands and execute them on the Azure SQL Database.
A quick simple tool with a user interface! Don
Enjoy!
Related
I would like to change the Azure SQL Managed Instance admin (this is not for the Active Directory Admin). I do not see any way to do this directly. I am guessing that if I create another sysadmin user, and then delete the current Managed Instance admin user which is also a sysadmin. This might force the backend to fall back and look for any sysadmin available to fill the vacated Managed Instance admin. I have not tried this because the current Azure SQL Managed Instance is in use. I am afraid the Azure SQL Managed Instance might blow up if it loses its Managed Instance admin.
What will occur if one deletes the Managed Instance admin user?
Connect to the instance name from Azure Data Studio and create a new admin user:
Go to the master db and run the create login script
CREATE LOGIN newusername WITH PASSWORD = 'password123'
Go to your database and run
use databasename
go
Create user [newusername] from login [newusername]
go
exec sp_addrolemember 'db_owner', 'newusername';
Remove your old user admin
When provisioning a new Azure Active Directory user's access to an Azure SQL Data Warehouse or Database does the user need to be added to the master database in the Azure SQL Server?
This documentation only talks about adding the Azure Active directory user to the specific warehouse database and associating them with a role within that database. I have however found that unless the user is added also added to the master database then they cannot sign on via SSMS.
Here is what I am doing:
CREATE USER [joe#domain.com]
from external provider
WITH DEFAULT_SCHEMA = dbo
EXEC sp_addrolemember 'db_datareader', 'joe#domain.com'
--toggle to master
CREATE USER [joe#domain.com]
from external provider
WITH DEFAULT_SCHEMA = dbo
Does the user always need to be added to master? Is there a better way to configure security so that I do not always have to add the user to master? Am I totally missing something here?
I am working on a project and I have access to SQL Server as external user with limited privileges.
When I want to create a login for example with this command, I get permission denied:
CREATE LOGIN [login] WITH PASSWORD=N'test', DEFAULT_DATABASE=[master],
DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF)
However when I try to create a login with this command I can make it and also I have privileges now to enable xp_cmd shell as well:
EXECUTE('EXECUTE(''CREATE LOGIN [test5] WITH PASSWORD=N''''test'''',
DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF'') AT "hostname\domain"')
EXECUTE('EXECUTE(''ALTER SERVER ROLE [sysadmin] ADD MEMBER [test5]'')
EXECUTE('EXECUTE(''ALTER SERVER ROLE [db_owner] ADD MEMBER [test5]'')
Can someone please explain why is that?
EXECUTE('string sql statement') AT "hostname\domain" == the 'string sql statement' is a pass-through command executed at the linked server "hostname/domain".
Has someone created a loop-back linked server (a linked server that points to the sql instance itself)?
Linked servers have their own security configuration/settings. If the security of the linked server is configured (for any login) to be made under the security context of a privileged login(eg. sa) then exec('') at linkedserver will be executed with way more/elevated permissions (than expected). This is a major security issue/hole.
Check the security of the linked server and change accordingly (and do you really need a loopback linked server?)
I am trying add a photo in the SQL Management Studio 2018. But it tells to use bulk load statement. On the Stackoverflow I saw some steps that may help me. It was recommended to go to the login->security->properties and activate 'bulkadmin'. This operation failed saying that it is not enough permission.
If you are trying to grant the bulkadmin Server Role to a Login, the login you are using to make this change will need to either have CONTROL permissions on the Login, or the ALTER ANY LOGIN permission on the SQL Server itself.
The easiest solution if possible would be for your own Login to be granted the sysadmin Server Role by another Login with the necessary permissions to do this.
More information about Server-Level Roles from Microsoft here.
I'm new to SQL Server 2008. I just installed SQL Server Express. I'm having trouble creating a new database, and I think I don't have permission.
I login like this, please see this screenshot:
Then I tried to create a new database and I got this:
I tried to search for some solution and this what I've got:
http://blogs.msdn.com/b/sqlexpress/archive/2010/02/23/how-to-take-ownership-of-your-local-sql-server-2008-express.aspx
But I can't download the script and the page says:
An error occurred while processing your request.
Please help. Kind regards
I resolved my problem with the following steps:
Set the instance of the SQL Service to single-user mode:
Open SQL Server Configuration Manager. Double click SQL Server Services.
Stop all SQL Server services
Right click SQL service and click Properties, in the Advanced tab, look for 'Startup Parameters'
Insert '-m;' at the beginning of the Startup Parameters value
Start the SQL service
Open SQL Server Management Studio and login with Windows authentication, you can now add user or change password of different users.
Hope this helps!
Try logging in with the sa account and grant permissions to your Windows account.
If you do not know the sa password use sqlcmd and execute the following commands:
Use Master
Go
ALTER LOGIN [sa] WITH PASSWORD=N'NewPassword'
Go
Login with the sa account and GRANT permission to the account.
USE Master;
GRANT CREATE DATABASE TO Jommel;