Search code examples
azure-sql-database

How can I give permission to a user in an Azure SQL database?

I have an Azure SQL database with an admin user that I can see in the Azure portal. Now I want to create another user that has the permissions of the admin user exactly so I can perform some functions.

I run the following statements in my database:

CREATE USER [test] 
FOR LOGIN [test] 
WITH DEFAULT_SCHEMA = dbo; 

ALTER ROLE db_datareader ADD MEMBER [test]; 
ALTER ROLE db_datawriter ADD MEMBER [test]; 
ALTER ROLE db_ddladmin ADD MEMBER [test];
ALTER ROLE db_owner ADD MEMBER [test];

But I still get an error doing my operation. Is there any other roles I need to add? I want to create a copy of the admin user as another username.

UPDATE:

ERROR:

ERROR: (ImportExportJobError) The ImportExport operation with RequestId failed due to 'An unexpected error was returned by SQL. Error number: 916

UPDATE:

use master 

CREATE LOGIN testuser 
WITH PASSWORD = <pwd> 



 USE TESTDB
CREATE USER [testuser] 
FOR LOGIN [testuser] 
WITH DEFAULT_SCHEMA = dbo; 


ALTER ROLE db_datareader ADD MEMBER [testuser]; 
ALTER ROLE db_datawriter ADD MEMBER [testuser]; 
ALTER ROLE db_ddladmin ADD MEMBER [testuser];
ALTER ROLE dbmanager ADD MEMBER [testuser];
Solution

  • I think your question is related to this other question What's the minimum role a SQL user needs to export a bacpac in Azure?

    And based on your comment above, I noticed you have provided db_backupoperator but this permission isn't applicable to Azure SQL database

    Azure SQL Database and Azure Synapse have special roles, and instead you should be giving dbmanager permission to your user, and here is the description of it

    Can create and delete databases. A member of the dbmanager role that creates a database, becomes the owner of that database, which allows that user to connect to that database as the dbo user. The dbo user has all database permissions in the database. Members of the dbmanager role don't necessarily have permission to access databases that they don't own.

    And after some back and forth in the comments, I created a lab scenario, and here are the correct steps to achieve what you are trying to do

    1. Connect to your Azure SQL Server via SQL Server Management Studio, and expand Databases, System Databases and right-click on master and choose New Query

    right-click on master database, new query

    1. In the Query editor, type and execute the following commands create login and alter role
    CREATE LOGIN exportbacpac WITH PASSWORD = 'abc@1234'
GO

CREATE USER exportbacpac FOR LOGIN exportbacpac
GO

ALTER ROLE dbmanager ADD MEMBER exportbacpac
GO

    1. Now, go the database you want to provide permissions, right-click and choose New Query new query in chosen database

    2. In the Query editor, type and execute the following commands create user chosen database

    CREATE USER exportbacpac FOR LOGIN exportbacpac WITH DEFAULT_SCHEMA = dbo;
GO

ALTER ROLE db_owner ADD MEMBER [exportbacpac];
GO
    1. Then go to Azure Portal, in your database, chose export and use the new username create

    export database in Azure portal with new user

    1. And keep watching the Import/Export progress in Azure SQL Server monitor the export operation

    2. Until it completes completion

    And finally checked in the Storage Account bacpac in Storage Account

    Source: