Server-Level Roles on Azure SQL Database

Question

Server-Level Roles on Azure SQL Database

HE-ARC User 21

Hello to all.

I am a computer science student and I am currently learning SQL Server. I currently have a free student subscription which gives me access to install a SQL database on Azure.

In order to affiliate myself with the environment, I decided to create two logins and two users (affiliated with these logins) on which I would like to be able to assign them different server-roles, but I am running into a problem.

On this page: server-level-roles, I noticed that we can assign different roles. The one I am interested in is dbcreator (example I am trying to document).

However, when I try to assign dbcreator to my (fictitious) stephanlogin login ;

ALTER SERVER ROLE dbcreator ADD MEMBER stephanlogin;  
ALTER SERVER ROLE dbcreator ADD MEMBER stephanuser;  
EXEC sp_addrolemember 'dbcreator', 'stephanlogin';  
EXEC sp_addrolemember 'dbcreator', 'stephanuser';

I get different errors;

Msg 15151, Level 16, State 1, Line 1  
Cannot alter the server role 'dbcreator', because it does not exist or you do not have permission.  
Msg 15151, Level 16, State 1, Line 2  
Cannot alter the server role 'dbcreator', because it does not exist or you do not have permission.  
Msg 15410, Level 11, State 1, Procedure sp_addrolemember, Line 35 [Batch Start Line 0]  
User or role 'stephanlogin' does not exist in this database.  
Msg 15410, Level 11, State 1, Procedure sp_addrolemember, Line 35 [Batch Start Line 0]  
User or role 'stephanuser' does not exist in this database.

My questions are simple :

How do I assign a role-server on one of my logins (or user)?
Is there an error in my commands?
Or, since I'm using Azure SQL Database as a PaaS, I don't have permission to add such server roles to a login? (If so, do you have any Microsoft documentation that states this please).

Thank you for your attention to my request and have a nice day

Accepted answer

3 additional answers

Your answer

Answer 1

Oury Ba-MSFT 20,911 Microsoft Employee Moderator

Hello @HE-ARC User Welcome to Microsoft Q&A and Thank you for posting your question.
@Alberto Morillo and @Guoxiong Thanks also for sharing your insights and for helping the community.
The script above only applies to SQL Server and Parallel Data Warehouse Azure SQL does not support Server Roles , Please follow this documentation for more info.
Please do let us know if you have further query. Thanks
.

Alberto Morillo 34,671 Reputation points MVP Volunteer Moderator

2021-04-21T22:06:57.753+00:00

It is a database level role not a server level role. Please refer to this documentation. https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles?view=sql-server-ver15#special-roles-for--and-azure-synapse

Answer 2

Guoxiong 8,206

If you want to assign a server role to a login, you need to use the system stored procedure sp_addsrvrolemember. For your case, try this:

EXEC sp_addsrvrolemember 'stephanlogin', 'dbcreator';

HE-ARC User 21 Reputation points

2021-04-21T20:40:44.057+00:00
Hello @Guoxiong

Thank you for your message.
But when I try your command, I got this message :

Msg 2812, Level 16, State 62, Line 3 Could not find stored procedure 'sp_addsrvrolemember'.

I think it's not supported on Azure SQL Database, isn'it ?
Guoxiong 8,206 Reputation points

2021-04-21T22:11:36.37+00:00
You are right. sp_addsrvrolemember is not supported on Azure SQL Database. You need to make sure that only users in the master database can be added to these database roles (dbmanager and loginmanager). Here is a good example code from the article "Managing databases and logins in Azure SQL Database" on the GitHub:

-- first, connect to the master database CREATE LOGIN login1 WITH password='<ProvidePassword>'; CREATE USER login1User FROM LOGIN login1; EXEC sp_addrolemember 'dbmanager', 'login1User'; EXEC sp_addrolemember 'loginmanager', 'login1User';

Answer 3

Alberto Morillo 34,671 MVP Volunteer Moderator

The proper role name on Azure SQL database is not dbcreator but dbmanager. Logins assigned to this role are able to create and drop databases.

To assign a login to this role, please see below example usign an Azure Active Directory user..

-- add contained Azure AD user   
CREATE USER [******@sqlcoffee.com]   
FROM EXTERNAL PROVIDER   
WITH DEFAULT_SCHEMA = dbo;    
    
-- add user to role(s) in db   
ALTER ROLE dbmanager ADD MEMBER [******@sqlcoffee.com];

For a normal SQL login you can assign the login to the role as shown below:

alter role [dbmanager] add member sqlloginname;

You can learn more about the dbmanager role here.

HE-ARC User 21 Reputation points

2021-04-21T20:55:06.297+00:00
I also thank you for answering me.

When I execute your command, I got this :

Msg 15151, Level 16, State 1, Line 3 Cannot add the principal 'stephanlogin', because it does not exist or you do not have permission.

It's strange because I connect with the administrator account that I set up when I created my database on the Azure portal. And this without specifying a database when I connect (so logically in the master database)
Alberto Morillo 34,671 Reputation points MVP Volunteer Moderator

2021-04-21T22:04:27.937+00:00

Please try this on the master database:

CREATE LOGIN stephanlogin WITH PASSWORD = 'hjdajdajhhda'

CREATE USER stephanlogin FROM LOGIN stephanlogin;

ALTER ROLE dbmanager ADD MEMBER stephanlogin;

Answer 4

HE-ARC User 21

Hello to all.

Thank you for taking the time to write to me.

I have indeed managed to "solve" my problem. That is to say, I have assigned the dbmanager role to my stephanlogin login.

Here are the queries I used in my SQL database server (and it has worked) :

CREATE LOGIN michaellogin WITH password='...';

CREATE USER michaeluser FOR LOGIN michaellogin
WITH DEFAULT_SCHEMA = master;

alter role [dbmanager] add member michaeluser;

I wish you a good day

Share via

Server-Level Roles on Azure SQL Database

3 additional answers

Your answer