I am getting the following error
Cannot execute as the database principal because the principal "dbo"
does not exist, this type of principal cannot be impersonated,
or you do not have permission.
I read about ALTER AUTHORIZATION, but I have no idea what database this is happening in. This error is getting spit out very frequently, and grows the error log by about 1GB every day.
I resolved this issue by setting database owner. My database did not have had any owner before this issue. Execute this command in your database to set owner to sysadmin account:
use [YourDatabaseName] EXEC sp_changedbowner 'sa'
Do Graphically.
Database right click-->properties-->files-->select database owner-->select [sa]-- ok
USE [<dbname>]
GO
sp_changedbowner '<user>' -- you can use 'sa' as a quick fix in databases with SQL authentication
KB913423 - You cannot run a statement or a module that includes the EXECUTE AS clause after you restore a database in SQL Server 2005
After restoring a Database from SQL2016 to SQL2019, I had the same issue when I try to access Database Diagrams. I had the correct Database owner already but owner of Files was empty. Once I set that, it worked properly...
This may also happen when the database is a restore from a different SQL server or instance. In that case, the security principal 'dbo' in the database is not the same as the security principal on the SQL server on which the db was restored.
Don't ask me how I know this...
another way of doing it
ALTER AUTHORIZATION
ON DATABASE::[DatabaseName]
TO [A Suitable Login];
Selected answer and some others are all good. I just want give a more SQL pure explanation. It comes to same solution that there is no (valid) database owner.
Database owner account dbo which is mentioned in error is always created with database. So it seems strange that it doesn't exist but you can check with two selects (or one but let's keep it simple).
SELECT [name],[sid]
FROM [DB_NAME].[sys].[database_principals]
WHERE [name] = 'dbo'
which shows SID of dbo user in DB_NAME database and
SELECT [name],[sid]
FROM [sys].[syslogins]
to show all logins (and their SIDs) for this SQL server instance. Notice it didn't write any db_name prefix, that's because every database has same information in that view.
So in case of error above there will not be login with SID that is assigned to database dbo user.
As explained above that usually happens when restoring database from another computer (where database and dbo user were created by different login). And you can fix it by changing ownership to existing login.
Under Security, add the principal as a "SQL user without login", make it own the schema with the same name as the principal and then in Membership make it db_owner.
Also had this error when accidentally fed a database connection string to the readonly mirror - not the primary database in a HA setup.
As the message said, you should set permission as owner to your user. So you can use following:
ALTER AUTHORIZATION
ON DATABASE::[YourDBName]
TO [UserLogin];
Hope helpful!
Leave comment if it's ok for you.
In my case I got this error when trying to impersonate as another user. E.g.
EXEC AS USER = 'dbo';
And as the database was imported from another environment, some of its users did not match the SQL Server logins.
You can check if you have the same problem by running the (deprecated) sp_change_users_login (in "Report" mode), or use the following query:
select p.name,p.sid "sid in DB", (select serp.sid from sys.server_principals serp where serp.name = p.name) "sid in server"
from sys.database_principals p
where p.type in ('G','S','U')
and p.authentication_type = 1
and p.sid not in (select sid from sys.server_principals)
If in that list shows the user you are trying to impersonate, then you probably can fix it by assigning the DB user to the proper login in your server. For instance:
ALTER USER dbo WITH LOGIN = dbo;
Go to the Properties - Files.
The owner name must be blank. Just put "sa" in the user name and the issue will be resolved.
I'm using SQL Server Express 2008 SP1 (10.0.2531) and would like to limit access for a SQL account to one database. I have the SQL account created. How do I grant this user access to the database but deny access to the others?
Thanks!
You create a USer.
1 - Using Security/logins. Add your user here (new login)
2 - User mapping
3 - users mapped to this login.
4- choose the DB that your user can access
If you create a user in the security/logins node with the server role of public only they will not, by default, have access to any database.
Secondly, under the security/users node of the database base add themas a new user and then set the roles as required.
Finally, returning to the security/logins node you may want to change the default database to the specific one they are a user for.
Hope that helps
I'm trying to set up a user in SQL Server 2008 R2 so when they login, they only see one database and so they only see views with 1 schema.
They should not be able to see that other databases exist, that any tables exist within the database that they can see, or any views that exist other than tables that belong to one schema.
How can I go about doing this?
Thank you in advance
Edit: some more information. I have managed to get a user to only see 1 database and no others in the past by denying view all databases and making the user the owner of the database. In this case the user can not be the owner of the database.
You can move the database to a new instance.
I have a DBML on a single database in a named instance. The instance has a linked server to another MSSQL database in another server/instance. Both instances and databases have the same dbo-level user. Both databases are MSSQL 2008.
I have some C# code (Framework 3.5) that uses the DBML that accesses the tables and views and sprocs on DatabaseA. I now need to access a table on DatabaseB. What is the smartest way for my code to get to the table/entity over the linked server connection?
Thanks.
One clean way of doing this is to create views inside DatabaseA that encapsulate enities on the other side. You will have to manually define the primary keys and relationships for these entities in your .dbml file. Once this is done they can work just like any other table with CRUD functionality as long as the DTC service is running on DatabaseA.
Try adding a linked server to your local:
EXEC sp_addlinkedserver
#server=N'SERVER',
#srvproduct=N'',
#provider=N'SQLNCLI',
#datasrc=N'SERVER';
SELECT * FROM sys.servers
EXEC sp_addlinkedsrvlogin '<SERVER>', 'false', '<DOMAIN>\<USERNAME>', '<USER>', '<PASSWORD>';
And access your local referring to the linked server:
SELECT * FROM SERVER.DB.SCHEMA.OBJECT
I had used SQL Synonyms in Entity Framework and LINQ-To-SQL, you can create a SQL Synonnym to point to a linked Server object, like this:
And then perform a SQL Query:
Northwnd db = new Northwnd(#"c:\northwnd.mdf");
IEnumerable<Customer> results = db.ExecuteQuery<Customer>
("SELECT contactname FROM customersSynonym WHERE city = {0}",
"London");
You can read the documentation here and also you can read another question like this one but using Entity Framework, which uses the same principle, using a SQL Synonym.
In my SQL Server 2005 server I create databases and logins using Management Studio. My application requires that I give a newly created user read and write permissions to another database.
To do this I right-click the newly created login, select properties and go to User Mapping. I put a check beside the database to map this login to the db and select db_datareader and db_datawriter as the roles to map.
Can this be done programmatically? I've read about using Alter User and sp_change_users_login but I'm having problems getting these to work, since sp_change_users_login has been deprecated so I'd prefer to use Alter User.
Please note my understanding of SQL Server database users/logins/roles is basic
Logins are for the server instance. Users are at the database level. Roles are generally found at the database level but there are some fixed roles like sysadmin at the server instance level.
Go here for the grammar to create a user on a database.
Go here for the syntax for adding that user to a database role.
You are likely going to execute something like the following to accomplish all of this.
Create Login temp1 with Password = '123!##$FAF', Default_Database = test
GO
use test;
Create User user_blah1 from Login temp1
GO
use test;
Exec sp_addrolemember #rolename = 'db_datareader',
#membername = 'user_blah1'