Menu
I have been using a connection string like this to connect my website to my database:
<add name="MyDb"
connectionString="Data Source=MyDb;
Initial Catalog=Staging;
User Id=website_staging;
Password=secret;"
providerName="System.Data.SqlClient" />
The website_staging user is a member of the db_ddladmin role so that when I publish, and my MigrateDatabaseToLatestVersion initialiser runs, it has the permissions required to migrate the database to the latest version automatically.
I want to reduce the standard user's permissions (by adding it only to the db_datareader and db_datawriter roles) and connect with a different user (in the db_ddladmin role) during migrations.
So I added another connection string with a different name and user:
<add name="Migrations"
connectionString="Data Source=MyDb;
Initial Catalog=Staging;
User Id=website_staging_migrations;
Password=secret;"
providerName="System.Data.SqlClient" />
And I changed the name of the connection string used by the context initialised in my DatabaseMigrationConfig class:
public class DatabaseMigrationConfig
{
internal static void Register()
{
using (var context = new MyDbContext(Name="Migrations"))
{
Database.SetInitializer(new MigrateDatabaseToLatestVersion<MyDbContext,
Migrations.Configuration>());
context.Database.Initialize(false);
}
}
}
And in the constructor of my Migrations.Configuration class I also changed the connection string:
internal sealed class Configuration : DbMigrationsConfiguration<SID2013Context>
{
public Configuration()
{
AutomaticMigrationsEnabled = false;
AutomaticMigrationDataLossAllowed = false;
string cs = ConfigurationManager.ConnectionStrings["Migrations"].ConnectionString;
TargetDatabase = new DbConnectionInfo(cs, "System.Data.SqlClient");
}
}
I then tried publishing the website. It appears to correctly pick the connection string with the higher rights, but it attempts to run the Initial migration. How can I stop it doing that?
307
From the Permissions section, select the insert and Update Data option. By default, the option Read Design and Read Data will appear checked to you. You have to uncheck Administer, Modify Design and Delete Data. Tap the Apply button. To close the opened dialog box click the ok button. How To Specify Level Of Access To Each Access Database Users?
This means that when this migration is applied to future databases, the schema that already existed in the local database will be created by migrations. There are a few things you need to be aware of when using Migrations against an existing database.
Permissions in the Database Engine are managed at the server level assigned to logins and server roles, and at the database level assigned to database users and database roles. The model for SQL Database has the same system for the database permissions, but the server level permissions are not available.
Assigned the Receive As permission on the on-premises mailbox database that stores the user mailboxes. For a remote move migration, the migration administrator account must be: A member of the Domain Admins group in Active Directory Domain Services (AD DS) in the on-premises organization.
I finally solved this by adding the website_staging_migrations user to the db_datareader and db_datawriter roles as well as the db_ddladmin role.
The user obviously needs to read the data in the __MigrationHistory table. What threw me was that EF doesn't report the failure to access the table as an error and instead I got this error when it tried to run the initial migration:
There is already an object named '----' in the database.
And the user also needs to write to the __MigrationHistory table. I got this error until I added the user to the db_datawriter role:
The INSERT permission was denied on the object '__MigrationHistory',
database 'Staging', schema 'dbo'.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With