I created a login to connect to SQL SERVER.
create login bobLogin with password = 'bobpass' , default_database = bobDB
but when i am connecting sql server using this, it does not connects? because it needs a user.
so i created a user:
create user bobDB_USER for login bobLogin
then i connected to sql server using bobLogin & tried to create table:
create table bobDbTable(eid int)
which gives permission denied error;
so i granted permission:
GRANT CREATE TABLE TO bobDB_USER
then i again connected using bobLogin, & tried to create a table but it gave error:
The specified schema name "dbo" either does not exist or you do not have permission to use it.
why so? its creating the table in the dbo schema, thats why? so how do i grant him this permission ?
i dont want to create a new schema. is it necessary?
You would need to GRANT ALTER ON SCHEMA::dbo TO bobDB_USER to allow objects to be created in the dbo schema.
I would also use a Role too.
create role bobDB_ROLE
EXEC sp_addrolemember 'bobDB_ROLE', 'bobDB_USER'
GRANT ALTER ON SCHEMA::dbo TO bobDB_ROLE
However, you could addbobDB_USER into db_owner if it requires these rights
EXEC sp_addrolemember 'db_owner', 'bobDB_USER'
Note: end user permissions are quite different to admin type rights. If 'bobDB_USER' is an end user, then they should not be creating objects
Related
My program creates databases and tables at runtime. My understanding of Schema is it is a conceptual folder for multiple databases and databases tables. So I wrote some meaningless code just to test out what schema would do to my code.
My program use SQL Server Authentication instead of Windows Authentication, and create database and tables under the username of TmpUser instead of sa.
If I create a table by CREATE TABLE TmpTable, I get dbo.TmpTable for table name. If I explicitly type a new schema in CREATE TABLE abc.TmpTable, I then get the following exception because the schema does not exist:
SqlException: The specify schema name either does not exist or you do
not have permission to use it
I went into SSMS and manually create a schema by executing CREATE SCHEMA abc. SSMS outputs saying the schema of abc has been successfully created. But in SSMS Object Explorer > Security > I see no Schema name nor anything else named abc.
Where is my Schema? If abc was not created, then why was CREATE SCHEMA abc executed and what did it create?
I went back to Visual Studio and CREATE TABLE abc.TmpTable again, still I receive the same exception.
Your TmpUser has no right to access the schema.
Option 1
CREATE SCHEMA abc AUTHORIZATION TmpUser;
Quoted from https://learn.microsoft.com/en-us/sql/t-sql/statements/create-schema-transact-sql:
"AUTHORIZATION owner_name
Specifies the name of the database-level principal that will own the schema. This principal may own other schemas, and may not use the current schema as its default schema."
TmpUser will own the schema, therefore will have permission to access it.
Option 2
Explicitly granting permission to the TmpUser:
GRANT SELECT, UPDATE, DELETE, INSERT SCHEMA abc TO TmpUser;
See usage on https://learn.microsoft.com/en-us/sql/t-sql/statements/grant-schema-permissions-transact-sql
It's like Option 1, but you can fine grain permissions.
Option 3
Put TmpUser to some database roles, e.g. db_datareader:
USE MyDatabase
GO
ALTER ROLE db_datareader ADD MEMBER TmpUser
TmpUser will have read access to all schemas in the database.
Option 4
It is similar to Option 3, but instead of using built-in roles, create your own one:
USE MyDatabase
GO
CREATE ROLE myrole
GRANT SELECT, DELETE, INSERT, UPDATE, EXECUTE TO myrole
ALTER ROLE myrole ADD MEMBER TmpUser
Users in myrole will have read/write/execute access to all schemas in the database.
I am trying to use the SqlTableDependency class in my C# .Net application and I am unable to grant myself the required database permissions needed. Specifically, I need permissions:
ALTER
CONTROL
CREATE CONTRACT
CREATE MESSAGE TYPE
CREATE PROCEDURE
CREATE QUEUE
CREATE SERVICE
EXECUTE
SELECT
SUBSCRIBE QUERY NOTIFICATIONS
VIEW DATABASE STATE
VIEW DEFINITION
CONNECT
The error message states:
"An unhandled exception of type
'TableDependency.SqlClient.Exceptions.UserWithNoPermissionException'
occurred in TableDependency.SqlClient.dll. Additional information:
User with no CREATE MESSAGE TYPE permission"
I have tried granting myself the permission using this query:
GRANT CREATE MESSAGE TYPE TO dbo
but I get this error:
"Cannot grant, deny, or revoke permissions to sa, dbo, entity owner,
information_schema, sys, or yourself."
I have confirmed that dbo is the owner of my database.
I am running Sql Server 2008 R2.
How can I grant myself permissions to my server?
Whatever credentials you used in your connection string needs to be db_owner of database. I made that user as db_owner and it worked for me.
Make sure to do this:
Enable broker
ALTER DATABASE Your_db_name SET ENABLE_BROKER WITH ROLLBACK IMMEDIATE;
Go
Add to db_owner
ALTER ROLE db_owner ADD MEMBER Your_user_db_name
GO
Set authorization
ALTER AUTHORIZATION ON DATABASE::Your_db_name TO Your_user_db_name;
I hope this help.
My problem too.
When downgrade SqlTableDependency verson from 4.6.7.8 to 4.6.7, my code is running well :)
I have been trying to access the remote MySql database server in C# Entity framework but end in following error
{"Access denied for user 'test'#'%' to database 'test'"}
My connection string is server='192.168.0.1';uid=test;database=test;password=1234
However if i access the database through workbench it allows me to access the server and inserting and deleting the data in tables.
What causing the error ?
Execute below statement to grant access on test-
GRANT all privileges on test.* to test#'%' identified by '1234';
Note: You can change all privileges with your specific permissions.
You can also assign rights on all databases by-
GRANT all privileges on *.* to test#'%' identified by '1234';
Note: Best way is that rights should provide only to specific ip and limited rights as per requirement.
How can I create a SQL user in a SQL Server Express database that I added to my project?
I need to create a user to use in a connection string that doesn't use Integrated Security.
You would need to create a SQL Authenticated login first with CREATE LOGIN then add a user associated with that login to your database by using CREATE USER.
USE [master]
GO
CREATE LOGIN [JohnEgbert] WITH PASSWORD=N'YourPassword',
DEFAULT_DATABASE=[YourDB], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
USE [YourDB]
GO
CREATE USER [JohnEgbert] FOR LOGIN [JohnEgbert] WITH DEFAULT_SCHEMA=[dbo]
GO
If you create a SQL login and a SQL user without errors, but then get an error when trying to connect, you may have the SQL Authentication mode disabled. To check, run:
SELECT SERVERPROPERTY('IsIntegratedSecurityOnly')
If this returns 1, then SQL Authentication (mixed mode) is disabled.
You can change this setting using SSMS, regedit, or T-SQL:
EXEC xp_instance_regwrite N'HKEY_LOCAL_MACHINE', N'Software\Microsoft\MSSQLServer\MSSQLServer', N'LoginMode', REG_DWORD, 2
Then restart the SQL Server service, and create a login and a user, here with full permissions:
CREATE LOGIN myusername WITH PASSWORD=N'mypassword',
DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
EXEC sp_addsrvrolemember 'myusername', 'sysadmin'
CREATE USER myusername FOR LOGIN myusername WITH DEFAULT_SCHEMA=[dbo]
How can I create owner for my database (that has been created with codes) owner with user guest?? I want to give access to my database to every client on local network. If I manually set guest it works true but I want with code do it.
My code is:
use test
alter user[guest] login [guest]
exec sp_addrolemember 'db_owner','guest';
I want to set the owner of my database to guest user that exist, but this code doesn't execute successfully. Where is my problem??
thanks.
use test;
alter user 'guest' WITH login='guest';
exec sp_addrolemember 'db_owner','guest';
GO;