Share via

Azure SQL - Newly Created SQL user does not allow me to access database.

Atulkumar Thummar 101 Reputation points
2021-10-13T07:37:01.59+00:00

Hello,

In Azure SQL - Master database I have created new SQL user that should be used to access all the database on the same server.

but while i am trying to access with that user it shows below error :

140106-microsoftteams-image-2.png

.

Have follow below sql queries

-CREATE LOGIN testlogin WITH password='...';

--CREATE USER testloginUser FOR LOGIN testlogin
--WITH DEFAULT_SCHEMA = master;

--alter role [dbmanager] add member testloginUser;

Azure SQL Database
SQL Server Migration Assistant
SQL Server Migration Assistant
A Microsoft tool designed to automate database migration to SQL Server from Access, DB2, MySQL, Oracle, and SAP ASE.
Developer technologies | Transact-SQL
Developer technologies | Transact-SQL
A Microsoft extension to the ANSI SQL language that includes procedural programming, local variables, and various support functions.
SQL Server | Other
Answer accepted by question author
  1. Ronen Ariely 15,216 Reputation points
    2021-10-13T08:17:04.76+00:00

    Good day Atulkumar,

    You can try this 

    -- in the master database we need to create LOGIN  
create login [MyLogin] with password = 'Not1My2Real3Password'  
  
-- in teach database including the the master database, we need to create a USER, so we will be able to use the it by the LOGIN  
-- This mean that in each database we add this the person will be able to connect, but still will have no permissions to do anything - keep reading  
-- My guess is that you only created a USER in the master database but a USER is a databases level entity  
create user [MyUser] from login [MyLogin];

    Now we are moving to the permissions which you want to give your LOGIN/User. Here are some options for example 

    -- if you want the user to be able to create databases, then in the master database  
exec sp_addRoleMember 'dbmanager', 'MyUser';  
  
-- if you want the user to be able to create other LOGIN, then in the master database  
exec sp_addRoleMember 'loginmanager', 'MyUser'  
  
-- in each individual database, that you want to give the USER full control in the database level, grant him db_owner  
exec sp_addRoleMember 'db_owner', 'MyUser';

    Note! Give the USER only the permission that he need and nothing more! The above is only a sample of a few permissions. Use GRANT to give permissions on specific entities in the database and don't make each USER a database owner.

    For more information you should check the following document:

    https://learn.microsoft.com/en-us/azure/azure-sql/database/logins-create-manage

    https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles

    2 people found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. YufeiShao-msft 7,151 Reputation points
    2021-10-13T08:26:59.63+00:00

    Hi @Atulkumar Thummar ,

    Check to see if your user is mapped to the DB you are trying to log into.

    in SSMS, expand Security->Logins, right-click the appropriate login and choose Login Properties
    select User Mapping, from here you can select additional database you want to log into with this user

    https://stackoverflow.com/questions/19009488/the-server-principal-is-not-able-to-access-the-database-under-the-current-securi

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.