I found a user in mssql 2008 database - domain\testuser2 with login domain\testuser2.
But I couldn't find this login by using Mssql Management Studio or in the system tables (sys.server_principals, sys.syslogins, sys.linked_logins, sys.remote_logins).
When I try to make another user with this login (CREATE USER _test FOR login [domain\testuser2]), the error is following: The login already has an account under a different user name.
So, this login is exist. Where could I find it? Is there some system tables or views?
I've solved this problem.
In MSSQL you can create database users with Windows Authentification without logins.
For example, you can successfully execute the following sql-query (even you haven't sql-login [MyDomainName\myWinLogin])
CREATE USER [MyDomainName\myWinLogin]
Related
I have a database that somebody else has built and I need to attach it on my SQL Server. The main user that owns schemas is named 'LSadmin'.
I want to use that same name for login to the server, and then have the rights for that login to access the database.
For some reason a login already exist LSadmin but it does not have any rights to access the attached database. When I want to Map the login to the database and give it datawritter and datareader for example, SQL Server shows that a user already exists.
When I try to delete the user to recreate it, then I can't because it owns schemas.
I found two ways to resolve this. One is to give the login a sysadmin rights, which of course is not desirable, and the other one is to move schemas ownership to another user, and then give database rights through mapping.
Is there any other solution that is not so "complicated"?
On my production system I login to SQL Server with CPSDOM\mconnors. When I execute 'SELECT CURRENT_USER;' it returns 'CPSDOM\mconnors'.
On my test system I login to SQL Server with CPSDOM\mconnors. When I execute 'SELECT CURRENT_USER;' it returns 'dbo'.
Can someone help me understand what is going on? Is this difference based on a configuration setting?
Thanks in advance.
There's a difference between a login and a user on SQLServer.
Each database has a set of users and a set of logins. Logins are server-wide, users are per-database. The login can be your Windows user account or a SQLServer internal one (eg sa).
The login is mapped to a user for each database, so in the production system you have your windows user (the login) mapped to a user with the same name. In the test system they just mapped your login to the inbuilt dbo user.
You should not rely on your login being the same name as the windows account, when you setup security for the sql server, it will default-map your windows user to a new sql user of the same name, but sometimes people map it to pre-defined sql users, and sometimes for dev/test to one of the 'admin' users that already exist.
You can see this mapping in the security section of SQLServer management studio, or in the users section of the individual database.
I created a new MySQL database named "guestbook" using the free "Merkury" pricing level in the Azure Portal and I connected to it using MySQL Workbench using the username and password shown on Azure.
Just connecting works fine, but it seems like the provided user does not have the rights to add new MySQL users.
SQL Query:
USE guestbook;
CREATE USER 'gb-webserver'#'localhost' IDENTIFIED BY '<PASSWORD>';
===> Error Code: 1227. Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation
How do I create a new MySQL user on a MySQL database that is hosted on Azure?
It looks like it is not possible to create new users or get root access to MySQL databases hosted on Azure, at least not when using the free "Merkury" pricing level.
I am using db2 9.7.2 (express) version. Trying to connect the db2 via ODBC to MS Office 2007. connection all worked well but when try to open table from access error saying db2admin user does not have previlage for the operation...
I has done the typical installation of db2.. so Is there anything more to do for user right ?.. db2/msoffice works good. Only thing with the access right...
please help me to solve this.
Who created the database (owns DBADB profile) and who created the instance (SYSADMIN profile)?
Probably, you created a database with a different user to db2admin, and for this database the user db2admin does not have special privileges.
Check the groups in you operative system, the sysadmin_grp group in the instance, and who created the database. The problem could be solve just by adding db2admin in a operative system group (db2admins).
If db2admin could connect to the database, because the connection grant is public, but the data access is restricted to some users. Just by adding dbadm to db2admin or giving the profile sysadmin, then db2admin will have the complete control of the database.
I have a SQL Server server which has around 50 databases on it.
I wish to create a new Login for a client who wishes to have access to their database.
But I don't want to give them access to the other 49 databases.
How can I do this?
I think this is what we like to do very much.
--Step 1: (create a new user)
create LOGIN hello WITH PASSWORD='foo', CHECK_POLICY = OFF;
-- Step 2:(deny view to any database)
USE master;
GO
DENY VIEW ANY DATABASE TO hello;
-- step 3 (then authorized the user for that specific database , you have to use the master by doing use master as below)
USE master;
GO
ALTER AUTHORIZATION ON DATABASE::yourDB TO hello;
GO
If you already created a user and assigned to that database before by doing
USE [yourDB]
CREATE USER hello FOR LOGIN hello WITH DEFAULT_SCHEMA=[dbo]
GO
then kindly delete it by doing below and follow the steps
USE yourDB;
GO
DROP USER newlogin;
GO
For more information please follow the links:
Hiding databases for a login on Microsoft Sql Server 2008R2 and above
Connect to your SQL server instance using management studio
Goto Security -> Logins -> (RIGHT CLICK) New Login
fill in user details
Under User Mapping, select the databases you want the user to be able to access and configure
UPDATE:
You'll also want to goto Security -> Server Roles, and for public check the permissions for TSQL Default TCP/TSQL Default VIA/TSQL Local Machine/TSQL Named Pipesand remove the connect permission
For anyone else out there wondering how to do this, I have the following solution for SQL Server 2008 R2 and later:
USE master
go
DENY VIEW ANY DATABASE TO [user]
go
This will address exactly the requirement outlined above..
this is to topup to what was selected as the correct answer. It has one missing step that when not done, the user will still be able to access the rest of the database.
First, do as #DineshDB suggested
1. Connect to your SQL server instance using management studio
2. Goto Security -> Logins -> (RIGHT CLICK) New Login
3. fill in user details
4. Under User Mapping, select the databases you want the user to be able to access and configure
the missing step is below:
5. Under user mapping, ensure that "sysadmin" is NOT CHECKED and select "db_owner" as the role for the new user.
And thats it.