I have a SQL Server server which has around 50 databases on it.
I wish to create a new Login for a client who wishes to have access to their database.
But I don't want to give them access to the other 49 databases.
How can I do this?
I think this is what we like to do very much.
--Step 1: (create a new user)
create LOGIN hello WITH PASSWORD='foo', CHECK_POLICY = OFF;
-- Step 2:(deny view to any database)
USE master;
GO
DENY VIEW ANY DATABASE TO hello;
-- step 3 (then authorized the user for that specific database , you have to use the master by doing use master as below)
USE master;
GO
ALTER AUTHORIZATION ON DATABASE::yourDB TO hello;
GO
If you already created a user and assigned to that database before by doing
USE [yourDB]
CREATE USER hello FOR LOGIN hello WITH DEFAULT_SCHEMA=[dbo]
GO
then kindly delete it by doing below and follow the steps
USE yourDB;
GO
DROP USER newlogin;
GO
For more information please follow the links:
Hiding databases for a login on Microsoft Sql Server 2008R2 and above
Connect to your SQL server instance using management studio
Goto Security -> Logins -> (RIGHT CLICK) New Login
fill in user details
Under User Mapping, select the databases you want the user to be able to access and configure
UPDATE:
You'll also want to goto Security -> Server Roles, and for public check the permissions for TSQL Default TCP/TSQL Default VIA/TSQL Local Machine/TSQL Named Pipesand remove the connect permission
For anyone else out there wondering how to do this, I have the following solution for SQL Server 2008 R2 and later:
USE master
go
DENY VIEW ANY DATABASE TO [user]
go
This will address exactly the requirement outlined above..
this is to topup to what was selected as the correct answer. It has one missing step that when not done, the user will still be able to access the rest of the database.
First, do as #DineshDB suggested
1. Connect to your SQL server instance using management studio
2. Goto Security -> Logins -> (RIGHT CLICK) New Login
3. fill in user details
4. Under User Mapping, select the databases you want the user to be able to access and configure
the missing step is below:
5. Under user mapping, ensure that "sysadmin" is NOT CHECKED and select "db_owner" as the role for the new user.
And thats it.
Related
I have a database that somebody else has built and I need to attach it on my SQL Server. The main user that owns schemas is named 'LSadmin'.
I want to use that same name for login to the server, and then have the rights for that login to access the database.
For some reason a login already exist LSadmin but it does not have any rights to access the attached database. When I want to Map the login to the database and give it datawritter and datareader for example, SQL Server shows that a user already exists.
When I try to delete the user to recreate it, then I can't because it owns schemas.
I found two ways to resolve this. One is to give the login a sysadmin rights, which of course is not desirable, and the other one is to move schemas ownership to another user, and then give database rights through mapping.
Is there any other solution that is not so "complicated"?
On my production system I login to SQL Server with CPSDOM\mconnors. When I execute 'SELECT CURRENT_USER;' it returns 'CPSDOM\mconnors'.
On my test system I login to SQL Server with CPSDOM\mconnors. When I execute 'SELECT CURRENT_USER;' it returns 'dbo'.
Can someone help me understand what is going on? Is this difference based on a configuration setting?
Thanks in advance.
There's a difference between a login and a user on SQLServer.
Each database has a set of users and a set of logins. Logins are server-wide, users are per-database. The login can be your Windows user account or a SQLServer internal one (eg sa).
The login is mapped to a user for each database, so in the production system you have your windows user (the login) mapped to a user with the same name. In the test system they just mapped your login to the inbuilt dbo user.
You should not rely on your login being the same name as the windows account, when you setup security for the sql server, it will default-map your windows user to a new sql user of the same name, but sometimes people map it to pre-defined sql users, and sometimes for dev/test to one of the 'admin' users that already exist.
You can see this mapping in the security section of SQLServer management studio, or in the users section of the individual database.
I need to create a user in php myadmin.
Say user -> aaa and Password -> aaa123
Now I want this new user aa to access only one database out of the multiple database in the phppmyadmin.
Any suggestion is mst welcomed.
Create the user with only that database permission.
use the command:
grant all on db_name.* to 'username'#'localhost';
Thanks
You mean to say that a single database of your choice is displayed in phpmyadmin and not all the databases in the phpmyadmin , for several reasons.
Well , answer for this is Yes , you can do that.
You need to install phpmyadmin in your server settings account, click on server settings , and then "Add the list of severs to be allowed in that "list.
I need to check some job that ran on a SQL Server 2008, but the user used when logging on to that server can not have sysadmin rights.
So my question is can I have an user that can access SQL Server Agent - Job Activity Monitor, but that user is not in the sysadmin group?
Add the user to msdb and put them in the SQLAgentOperatorRole fixed database role. For more information see the Books Online topic How to: Configure a User to Create and Manage SQL Server Agent Jobs.
In T-SQL, this would be:
USE msdb;
GO
CREATE USER UserName FROM LOGIN [UserName];
GO
EXEC sp_addrolemember N'SQLAgentOperatorRole', N'UserName';
GO
In SQL Server 2012 that sp_addrolemember should not be used; instead:
ALTER ROLE [SQLAgentOperatorRole] ADD MEMBER [UserName];
I found a user in mssql 2008 database - domain\testuser2 with login domain\testuser2.
But I couldn't find this login by using Mssql Management Studio or in the system tables (sys.server_principals, sys.syslogins, sys.linked_logins, sys.remote_logins).
When I try to make another user with this login (CREATE USER _test FOR login [domain\testuser2]), the error is following: The login already has an account under a different user name.
So, this login is exist. Where could I find it? Is there some system tables or views?
I've solved this problem.
In MSSQL you can create database users with Windows Authentification without logins.
For example, you can successfully execute the following sql-query (even you haven't sql-login [MyDomainName\myWinLogin])
CREATE USER [MyDomainName\myWinLogin]