Azure SQL - Newly Created SQL user does not allow me to access database.

Atulkumar Thummar 101 Reputation points
2021-10-13T07:37:01.59+00:00

Hello,

In Azure SQL - Master database I have created new SQL user that should be used to access all the database on the same server.

but while i am trying to access with that user it shows below error :

140106-microsoftteams-image-2.png

.

Have follow below sql queries

-CREATE LOGIN testlogin WITH password='...';

--CREATE USER testloginUser FOR LOGIN testlogin
--WITH DEFAULT_SCHEMA = master;

--alter role [dbmanager] add member testloginUser;

Azure SQL Database
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,808 questions
SQL Server Migration Assistant
SQL Server Migration Assistant
A Microsoft tool designed to automate database migration to SQL Server from Access, DB2, MySQL, Oracle, and SAP ASE.
496 questions
Transact-SQL
Transact-SQL
A Microsoft extension to the ANSI SQL language that includes procedural programming, local variables, and various support functions.
4,558 questions
Accepted answer
  1. Ronen Ariely 15,096 Reputation points
    2021-10-13T08:17:04.76+00:00

    Good day Atulkumar,

    You can try this 

    -- in the master database we need to create LOGIN  
create login [MyLogin] with password = 'Not1My2Real3Password'  
  
-- in teach database including the the master database, we need to create a USER, so we will be able to use the it by the LOGIN  
-- This mean that in each database we add this the person will be able to connect, but still will have no permissions to do anything - keep reading  
-- My guess is that you only created a USER in the master database but a USER is a databases level entity  
create user [MyUser] from login [MyLogin];

    Now we are moving to the permissions which you want to give your LOGIN/User. Here are some options for example 

    -- if you want the user to be able to create databases, then in the master database  
exec sp_addRoleMember 'dbmanager', 'MyUser';  
  
-- if you want the user to be able to create other LOGIN, then in the master database  
exec sp_addRoleMember 'loginmanager', 'MyUser'  
  
-- in each individual database, that you want to give the USER full control in the database level, grant him db_owner  
exec sp_addRoleMember 'db_owner', 'MyUser';

    Note! Give the USER only the permission that he need and nothing more! The above is only a sample of a few permissions. Use GRANT to give permissions on specific entities in the database and don't make each USER a database owner.

    For more information you should check the following document:

    https://learn.microsoft.com/en-us/azure/azure-sql/database/logins-create-manage

    https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles

    2 people found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. YufeiShao-msft 7,061 Reputation points
    2021-10-13T08:26:59.63+00:00

    Hi @Atulkumar Thummar ,

    Check to see if your user is mapped to the DB you are trying to log into.

    in SSMS, expand Security->Logins, right-click the appropriate login and choose Login Properties
    select User Mapping, from here you can select additional database you want to log into with this user

    https://stackoverflow.com/questions/19009488/the-server-principal-is-not-able-to-access-the-database-under-the-current-securi

    1 person found this answer helpful.