Im trying to assign Create Database Permission to one of User Account in Azure SQL DW but its giving error while trying to execute it.
Tsql:
grant alter any database to [test_user1]
Error:
Securable class 'server' not supported in this version of SQL Server.
Please let me know if this permission (Create Database) can be used in Azure SQL DW
Related
I have an Azure SQL server and database which have MFA login and I am the admin. But when I try to establish a connection via a new linked service from ADF to this database using System Managed Identity option, it throws error -
"Cannot connect to SQL Database. Please contact SQL server team for further support. Server: 'Server details', Database: 'database name', User: ''. Check the linked service configuration is correct, and make sure the SQL Database firewall allows the integration runtime to access.
I have already given contributor role access to ADF in SQL database using system managed Identity. Also, I have tried to access this database using Autoresolve runtime and azure runtime. But still the error is coming.
It sounds like you are missing the user creation and role assignment within the SQL database:
Connect to the database with your account and create an account for the data factory:
CREATE USER [<datafactory-name>] FROM EXTERNAL PROVIDER;
Then grant it the required role for your task:
ALTER ROLE [<roleName>] ADD MEMBER [<datafactory-name>]
Some available role names are:
db_accessadmin
db_backupoperator
db_datareader
db_datawriter
db_ddladmin
db_denydatareader
db_denydatawriter
db_owner
db_securityadmin
public
I created Azure SQL database in portal and created linked service in azure data factory with managed identity authentication I got below error:
I followed below procedure to resolve this:
I turned on the managed identity of data factory
I set admin for azure SQL database:
Login with Admin to sql database Create User username as data factory name using below code:
CREATE USER [DATAFACTORY NAME] FROM eXTERNAL PROVIDER
Added rules to the user using below code:
ALTER ROLE db_datareader ADD MEMBER [DATA FACTORY NAME];
I tested linked service again, tested successfully
It worked for me, once check from your end.
I'm trying to create an Azure Synapse Link for Azure SQL Database, using the steps from here:
https://learn.microsoft.com/en-us/azure/synapse-analytics/synapse-link/connect-synapse-link-sql-database
After I create the link connection and I want to start it I receive the following error:
The connection to the sink database is failed. Detailed error message is: Login failed for user ''.
ConnectionToAzureDB
LinkConnection
Also I have configurated the Azure SQL database to use ADD Auth. The connection to the Azure Database seems to be working.
My user ( used to create the Synapse workspace is Subscription Owner)
The user is also owner of the storage account.
I added the SQL Managed Identity as Storage Blob Data Contributor
Did anyone else got this error and manage to fix it?
There are certain limitations while connecting SQL Database to Synapse Link as per document:
When setting up your workspace, users must select "Disable Managed Virtual Network" and "Allow connections from any IP addresses."
A link connection cannot be enabled by Azure Synapse link for SQL if the database owner does not have a mapped log in. it will cause to get error.The (ALTER AUTHORIZATION command can be used to workaround this problem by changing the database owner to an user.)
With fewer than 100 DTUs, the Free, Basic, or Standard tiers do not allow Azure Synapse Link for SQL.
With is limitation I tried to Connect SQL Database to Synapse Link and able to connect without error:
I was trying to create a Synapse Link service with On Premises SQL Server and getting following error
Failed to enable Synapse Link on the source due to 'Failed to enable the source database: Some internal error happened due to 'Calling internal service failed: Failed to execute non query on change publisher with status code 400 and error Fail to non-query change publisher with error: 'sqlErrorCode - 22301; exceptionCode - TransferServiceUnknowError; error - A database operation failed with the following error: 'Could not update the metadata. The failure occurred when executing the command '(null)'. The error/state returned was 15517/1: 'Cannot execute as the database principal because the principal "dbo" does not exist, this type of principal cannot be impersonated, or you do not have permission.'. Use the action and error to determine the cause of the failure and resubmit the request.'; detailedError - A database operation failed with the following error: 'Could not update the metadata. The failure occurred when executing the command '(null)'. The error/state returned was 15517/1: 'Cannot execute as the database principal because the principal "dbo" does not exist, this type of principal cannot be impersonated, or you do not have permission.'. Use the action and error to determine the cause of the failure and resubmit the request.'
I resolved by by changing the corresponding database user to 'sa' and it works.
use [YourCorrespondingDatabase] EXEC sp_changedbowner 'sa'
I have been trying to use Managed Identity to connect to Azure SQL Database from Azure Data factory.
Steps are as follow:
Created a Linked Service and selected Managed Identity as the Authentication Type
On SQL Server, added Managed Identity created for Azure Data Factory as Active Directory Admin
The above steps let me do all data operations on the database. Actually that is the problem. I want to restrict the privileges given to Azure Data Factory on my SQL database.
First, let me know whether I have followed the correct steps to set up the managed identity. Then, how to limit privileges because I don't want data factory to do any DDL on SQL database.
As Raunak comments,you should change the role to db_datareader.
In you sql database,run this sql:
CREATE USER [your Data Factory name] FROM EXTERNAL PROVIDER;
and this sql:
ALTER ROLE db_datareader ADD MEMBER [your Data Factory name];
You can find '[your Data Factory name]' here
Then you do any DDL operation in Data Factory,you will the error like this:
"errorCode": "2200",
"message": "ErrorCode=SqlOperationFailed,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=A database operation failed. Please search error to get more details.,Source=Microsoft.DataTransfer.ClientLibrary,''Type=System.Data.SqlClient.SqlException,Message=The INSERT permission was denied on the object
Update:
1.Search for and select SQL server in azure portal
2.select you and save as admin
3.click the button and run two sql in sql database.
More details,you can refer to this documentation.
We all have a scenario in our project where we are inserting data from Databricks dataframes into Azure Synapse. While we could do this without issues on Dev environment with admin access, we could not run this in higher environment. On Higher environments, Providing INSERT permission on the schema.
The error message I get…
Py4JJavaError: An error occurred while calling o2445.save. :
com.databricks.spark.sqldw.SqlDWSideException: SQL DW failed to
execute the JDBC query produced by the connector. Underlying
SQLException(s): - com.microsoft.sqlserver.jdbc.SQLServerException:
User does not have permission to perform this action. [ErrorCode =
15247] [SQLState = S0001]
Assuming you took this approach then you will need CONTROL Database (db_owner) permissions in Synapse because it is currently required for Databricks to run CREATE DATABASE SCOPED CREDENTIAL
Though this feedback item is related to Azure Data Factory, if it were completed then more granular permissions could be used. So please vote and see my comment.
User is getting below error while running bulk insert command in Azure SQL Server. I am using Azure SQL Server and not SQL Sever. Most of the commands related to Bulk Insert grant permission is not working in Azure SQL Server.
Error
You do not have permission to use the bulk load statement.
Commands Tried in Azure SQL Server to Add User
EXEC sp_addrolemember 'db_ddladmin', 'testuser';
ALTER SERVER ROLE [bulkadmin] ADD MEMBER testuser
GRANT ADMINISTER BULK OPERATIONS TO testuser
Error
Msg 40520, Level 16, State 1, Line 5
Securable class 'server' not supported in this version of SQL Server.
Your help is highly appreciated.
In Azure SQL Database, grant ADMINISTER DATABASE BULK OPERATIONS to the principal in the context of the desire database:
GRANT ADMINISTER DATABASE BULK OPERATIONS TO testuser;
The user will also need INSERT permissions on the target table. These Azure SQL Database permissions are detailed in the BULK INSERT documentation under the permissions section.
On Azure it works on tables in the database in question only. It does not work on temp tables. So if you are bulk loading in parallel and want to use temp tables, you are in a corner.
GRANT CONTROL to testuser
nothing else is needed, just this to be executed in content DB (not master)
full steps
in Master
CREATE LOGIN login1 WITH password='1231!#ASDF!a';
in content DB
CREATE USER user1 FROM LOGIN login1;
GRANT CONTROL to user1; --(this is for bulk to work)