14,499 questions
Hi,
Same logins and map to the same database user on both instance ?
Create user to access Alwayson readonly databaes
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 42%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Ashwan
536
Reputation points
Hi Our env sql server version is 2016 SP2 EE edition always on enabled. So when we create database user for access the report though link server(expected to connect readonly replica databases ) from other remote node then I I noted permission(DB user) has blown away each time when do AG fail over/failover back process. how to maintain permission on READ ONLY site consistently on the DB on the user . At thi stage I cant access ready only site as permission has blow away .( permission granted db_owner)
note: AG already set it as "read intent only"
thing I have tested:
create DB user user with same "SID" on both instance
create DB user user with different "SID" on both instance
no luck any on the way.
any one can help would be great
SQL Server | Other
4 answers
Sort by: Most helpful
-
-
Ashwan 536 Reputation points
2020-08-25T21:43:44.537+00:00 Hi Cris ,same login is there issue is readonly site database unable to access as permission has wiped off. after fail over / fail back both way( AG ) thne peromission will wipe off from readonly site
thank you-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 78%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECZ%3C/text%3E%3C/svg%3E)
Cris Zhan-MSFT 6,661 Reputation points2020-08-28T07:11:23.947+00:00 Hi,
Do you connect the readonly secondary database through the listener( Read-only routing) , or directly connecting the secondary replica by specifying instance name of the secondary replica ?
Sign in to comment -
-
Ashwan 536 Reputation points
2020-09-02T17:14:49.477+00:00 Hi I used to login using listener. But I can see when fail over and fail back the AG then read only site will removing the permission from DB users. not sure why is that . I created user with same as problem description. thank you
-
Edwin M Sarmiento 261 Reputation points2020-09-02T22:14:06.857+00:00 The proper way to create logins across replicas in a SQL Server Availability Group is by using the article that Criszhan-msft mentioned. However, since you've already created the SQL Server logins on the secondary replicas, you can use the steps outlined in the section Resolve an Orphaned User in this documentation.