473,473 Members | 2,176 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Database Owner cannot connect

Our web application requires that when a new Organization is created,a
separate Database is to be created for the corresponding organization,
so that each organization remains a separate entity with their
corresponding employees(This is our clients requirement, so that they
can later provide the backup of the database if the organization
decides to move out). And for that what we intend to do is restore the
backup of database which already has the objects created in it.So we
intend to restore a database for the new organization from the web
page.

We are using SQL Server 2005 Enterprise Edition and the
authentication is SQL Server authentication, and the 'xy' login has
been assigned to the 'dbcreator' fixed server role only(This may be
not relevant but just in case, the 'xy' login has been assigned
'db_owner' fixed db role
in the main db. The web application uses this login to connect to the
database). When a new Organization is created, the database owner of
the new DB should be xy, and the user mapping for the login to the
'NewOrg' database should be 'dbo'. But in this case after restoring
the database
template using the SQLSMO from the application(same thing happens
after restoring the database from query analyzer using the xy login)
there is no user mapping to be seen and we are not able to connect to
the 'NewOrg' database using the xy login.

I think most will suggest to use 'exec sp_changedbowner' to update
the dbo, but for this we need sysadmin privileges, which we do not
have for the xy login.

Please suggest the best way to go about this particular
scenario(currently we are running the object creation script after
creating the database but this is time consuming, so pls suggest only
database restore method) and the also please suggest if any other
fixed server roles can be used without compromising security. Seems
this is a design issue, pls also suggest if this post is to be made in
some other appropriate groups.

Thanks,
MPL

May 15 '07 #1
6 5077
(mp*****@yahoo.com) writes:
Our web application requires that when a new Organization is created,a
separate Database is to be created for the corresponding organization,
so that each organization remains a separate entity with their
corresponding employees(This is our clients requirement, so that they
can later provide the backup of the database if the organization
decides to move out). And for that what we intend to do is restore the
backup of database which already has the objects created in it.So we
intend to restore a database for the new organization from the web
page.
Was the database originally created on the same server or on a different
server? Who is the owner of the original database?
We are using SQL Server 2005 Enterprise Edition
Which Service Pack are you on? (There is some new commands in SP2
that may be useful.)
I think most will suggest to use 'exec sp_changedbowner' to
update the dbo, but for this we need sysadmin privileges, which we do
not have for the xy login.
You could put ALTER AUTHORISZATION in a stored procedure that is signed
by a certificate, and then you grant a login created from that certificate
the rights change database owner. That login is not a real login that
can actually connect. For more information about this, see an article
on my web site: http://www.sommarskog.se/grantperm.html.
--
Erland Sommarskog, SQL Server MVP, es****@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinf...ons/books.mspx
May 15 '07 #2

Thanks for the reply.
Was the database originally created on the same server or on a different
server? Who is the owner of the original database?
The Database was created on the same server. The owner of the original
database is 'sa'.
We are using SQL Server 2005 Enterprise Edition

Which Service Pack are you on? (There is some new commands in SP2
that may be useful.)
No service pack yet applied, its RTM. Pls suggest the commands in SP2,
will try it out.

You could put ALTER AUTHORISZATION in a stored procedure that is signed
by a certificate, and then you grant a login created from that certificate
the rights change database owner. That login is not a real login that
can actually connect. For more information about this, see an article
on my web site:http://www.sommarskog.se/grantperm.html.
Will go throught the site, thanks.

Thanks,
MPLPost

May 16 '07 #3

Who is the owner of the original database?
This made me think about creating the database with the xy(the login
that connects from the web application) login and then backup the
database and then restore using the RESTORE command with the xy
login(xy is assigned to dbcreator role). This allowed me to connect
to the NewOrgDB with xy login.

But again I encountered the block when I tried restoring on a server
other than the server that I took the orginal DB backup from. Yes I
understand that this is due to the lost login-user mapping in the new
database.

Would like to restore the privilege of xy to be able to login to the
NewOrgDB without assigning it to sysadmin role. Can i make use of
sp_change_users_login in this case, but again I think we need to login
as a user with sysadmin role to NewOrgDB database and only then can i
execute this procedure, which I wouldnt be able to. Pls suggest any
solution.

May 16 '07 #4
(mp*****@yahoo.com) writes:
This made me think about creating the database with the xy(the login
that connects from the web application) login and then backup the
database and then restore using the RESTORE command with the xy
login(xy is assigned to dbcreator role). This allowed me to connect
to the NewOrgDB with xy login.

But again I encountered the block when I tried restoring on a server
other than the server that I took the orginal DB backup from. Yes I
understand that this is due to the lost login-user mapping in the new
database.
I investigated this, and the situation is the same in both cases:
you end up with the xy login being the owner according to master, but
in the database, sys.database_principals.sid is the SID for the original
owner. Be that the local sa or the xy login on the original server.

It doesn't seem that sp_change_users_login would work, although I did
not try it. ALTER USER WITH LOGIN (new command in SP2) was not accepted
for dbo. What did work was sp_changedbowner.
Would like to restore the privilege of xy to be able to login to the
NewOrgDB without assigning it to sysadmin role. Can i make use of
sp_change_users_login in this case, but again I think we need to login
as a user with sysadmin role to NewOrgDB database and only then can i
execute this procedure, which I wouldnt be able to. Pls suggest any
solution.
I can see two ways out: one is write a signed stored procedure as I
discussed in my previous post. The great thing with this is that
you can package the database creation into this procedure as well,
and thereby the login does not even need dbcreator. The link again:
http://www.sommarskog.se/grantperm.html.

The other way is to create the source database with the xy login. Then
to avoid the login/user mapping problem on the other servers, create
the login on these servers with same SID as on the source server. This
is possible with

CREATE LOGIN xy WITH PASSWORD = 'Sehr hemlig!', SID = 0x....

Get the SID on the source server from sys.server_principals. If the login
already exists on the server, you need to drop it first.
--
Erland Sommarskog, SQL Server MVP, es****@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinf...ons/books.mspx
May 16 '07 #5
Thanks for your time and suggestions.
I can see two ways out: one is write a signed stored procedure as I
discussed in my previous post. The great thing with this is that
you can package the database creation into this procedure as well,
and thereby the login does not even need dbcreator. The link >again:http://www.sommarskog.se/grantperm.html.
Will go through the URL in detail. Did u mean that I need to include
the 'RESTORE DATABASE' command within the stored procedure.
The other way is to create the source database with the xy login. Then
to avoid the login/user mapping problem on the other servers, create
the login on these servers with same SID as on the source server. This
is possible with

CREATE LOGIN xy WITH PASSWORD = 'Sehr hemlig!', SID = 0x....

Get the SID on the source server from sys.server_principals. If the login
already exists on the server, you need to drop it first.

Wow thats a good idea! But the problem is that we already have the
main database already created in the client site. The separate
database creation feature is being included as an enhancement.

May 17 '07 #6
(mp*****@yahoo.com) writes:
>I can see two ways out: one is write a signed stored procedure as I
discussed in my previous post. The great thing with this is that
you can package the database creation into this procedure as well,
and thereby the login does not even need dbcreator. The link
again:http://www.sommarskog.se/grantperm.html.

Will go through the URL in detail. Did u mean that I need to include
the 'RESTORE DATABASE' command within the stored procedure.
You don't need to. I just suggested that this could be a good idea,
as you then may have to add the xy login to the dbcreator role.

--
Erland Sommarskog, SQL Server MVP, es****@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/pro...ads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinf...ons/books.mspx
May 17 '07 #7
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
4
Storing all stored procedures in one database to minimize different connection strings
by: Minh Tran | last post by:
In order to minimize the number of connection strings I have to use to access different databases on the same Sql Server, I was considering storing all stored procedures in just one database. I...
Latest Bytes
3
Accessing SQL Database
by: TS | last post by:
I am very new to .Net. I have good experience with VB, but I'm still in an early stage of learning .Net plattform. Anyway, I don't know if I'm asking this in the correct newsgroup, but if I'm not,...
Latest Bytes
3
Specify port no to connect to Informix Database through ODBC
by: Lee | last post by:
Hi, I'm developing a socket program to connect to Informix database through the ODBC. In here i called my socket program as "tap" . My tap will listen for data from unix through port 1070. After...
Latest Bytes
4
Connecting to online database using local Enterprise Manager
by: John Morgan | last post by:
I have Enterprise Manager on my local machine. For the last twelve months it has been connecting without problem to my online SQL Server database provided by my ISP. Three weeks ago the ISP...
Latest Bytes
4
Remote access to sql database...permissions
by: Phil | last post by:
Hi all, I need some help to access an SQL db on another machine. I am using VB.NET and remoting to make a client/server connection...although I don't think this is relevant to the question. I...
Latest Bytes
11
Exchange of login for database user
by: Peter CCH | last post by:
I have a database with 2 users - 'dbo' and 'user1'. Currently: => 'dbo' is tied to login - 'login1' => 'user1' is not tied to any login. I want to change the login tied to the database users...
Latest Bytes
5
Put database in single user mode
by: mghale | last post by:
Hi, I wanted to know if there is a way in DB2 UDB/AIX v. 8.2.2 to activate/start a database in a single user mode similar to how you can start the entire instance in Admin Mode. I want to...
Latest Bytes
1
i cannot update and addnew a database
by: teenagelcruise | last post by:
hi, i have a problem with my code which is i cannot update and addnew data into the database but i can delete the data.plz give me an idea.this is my code that i wrote. <html> <head> <meta...
Latest Bytes
0
database connection problem
by: coolminded | last post by:
i am using vb6 and postgresql. i have connected this with odbc. i have created two databases, one test1 and next is test2 when i create a database as CREATE DATABASE test1 WITH OWNER =...
Latest Bytes
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
Latest Bytes
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
Latest Bytes
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Latest Bytes
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Latest Bytes
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Latest Bytes
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
Latest Bytes
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
Latest Bytes
1
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
Latest Bytes
0
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us