你只能有一個服務器級別的管理員。您可以根據需要創建儘可能多的其他登錄名和用戶,但需要分別授予他們訪問各個數據庫的權限。您可以通過天藍色門戶重置服務器級別管理員的密碼。
Azure SQL數據庫中沒有授予對所有數據庫訪問權限的服務器角色。 dbmanager
允許您創建數據庫,loginmanager
允許您創建登錄,但必須使用服務器級別的主體登錄來授予對各個數據庫的訪問權限。
要創建一個新用戶並授予DBO權限,以一個或多個數據庫:
-- in master
create login [XXXX] with password = 'YYYYY'
create user [XXXX] from login [XXXX];
-- if you want the user to be able to create databases and logins
exec sp_addRoleMember 'dbmanager', 'XXXX';
exec sp_addRoleMember 'loginmanager', 'XXXX'
-- in each individual database, to grant dbo
create user [XXXX] from login [XXXX];
exec sp_addRoleMember 'db_owner', 'XXXX';
是的,你把用戶你會在本地SQL一樣。
如果你想使一個新用戶作爲DBO上的所有數據庫的服務器上,你可以使用一個小的PowerShell,使您的生活更輕鬆:
$newSqlUser = 'YOUR_NEW_LOGIN_HERE';
$serverName = 'YOUR-SERVER-NAME.database.windows.net'
$sqlAdminLogin = 'YOUR-ADMIN-SQL-LOGIN'
$createAdminUser = $TRUE;
# generate a nice long random password
Add-Type -Assembly System.Web
$newSqlPassword = [Web.Security.Membership]::GeneratePassword(25,3) -Replace '[%&+=;:/]', "!";
# prompt for your server admin password.
# Don't need the username param here but can be nice to avoid retyping
$sqlCreds = get-Credential -Username $sqlAdminLogin -Message 'Enter admin sql credentials'
# Create login and user in master db
$sql = "create login [$newSqlUser] with password = '$newSqlPassword'; create user [$newSqlUser] from login [$newSqlUser];"
invoke-sqlcmd -Query $sql -ServerInstance $serverName -Database 'master' -Username $sqlCreds.UserName -Password ($sqlCreds.GetNetworkCredential().Password)
"new login: $newSqlUser"
"password: $newSqlPassword"
# sql to create user in each db
if ($createAdminUser) { `
$createUserSql = "create user [$newSqlUser] from login [$newSqlUser]; exec sp_addRoleMember 'db_owner', '$newSqlUser'; "; `
} else { `
$createUserSql = "create user [$newSqlUser] from login [$newSqlUser]; exec sp_addRoleMember 'db_datareader', '$newSqlUser'; exec sp_addRoleMember 'db_denydatawriter', '$newSqlUser';"; `
}
# can't have multiple Invoke-SQLCmd in a pipeline so get the dbnames first, then iterate
$sql = "select name from sys.databases where name <> 'master';"
$dbNames = @()
invoke-sqlcmd -Query $sql -ServerInstance $serverName -Database 'master' -Username $sqlCreds.UserName -Password ($sqlCreds.GetNetworkCredential().Password) | `
foreach { $dbNames += $_.name }
# iterate over the dbs and add user to each one
foreach ($db in $dbNames) { `
invoke-sqlcmd -Query $createUserSql -ServerInstance $serverName -Database $db -Username ($sqlCreds.UserName) -Password $($sqlCreds.GetNetworkCredential().Password); `
"created user in $db database"; `
}
不起作用。我沒有看到任何[dbo]。***表在我的非主數據庫中,當試圖在非主數據庫中創建一個表時,我得到一個錯誤,如'CREATE TABLE權限在數據庫master'中被拒絕。'(儘管我不是嘗試在主數據庫中創建表...) – DeepSpace101
我相信在Azure SQL數據庫中沒有服務器角色可授予對所有數據庫的訪問權限。 'dbmanager'可以讓你創建數據庫,'loginmanager'可以讓你創建登錄,但是必須使用服務器級別的主體登錄來授予訪問單個數據庫的權限。 – Rory