Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Master user lost it's permissions unexpectedly on SQL Server (rds instance)

Tags:

sql-server

amazon-web-services

amazon-rds

SQL Server master user lost his permissions unexpectedly. When I try to access my database tables, I get the following error on SSMS:

The SELECT permission was denied on the object 'query_store_runtime_stats', database 'mssqlsystemresource', schema 'sys'. (Microsoft SQL Server, Error: 229)

If I try to give permission to master user, I get the following error when mapping credentials (Security > Logins > Masteruser > Properties):

One or more databases are inaccessible and will not be displayed in list

The missing database is the one where my tables/procedures are stored. The end-users are unable to access the database too.

I have tried to grant permission using sql query but even that priviledge is disabled.

The only one user that is able to use that database is a read only user that i have created previously.

I changed my master password on Amazon AWS console, but that didn't solve my problem.

What should I do to solve this issue?

like image 950
admiri Avatar asked Feb 12 '18 15:02

admiri

2 Answers

I was able to solve my problem after contacting AWS support.

CAUSE

The cause of my problem was that db_denydatawriter and db_denydatareader were granted to master user mistakenly.

So, master user does not have read/write permissions on your database, when trying to grant or revoke permissions on SSMS the User Mapping will not be able to list the database because SSMS can't read the properties anymore and will show the error:

One or more databases are inaccessible and will not be displayed in list

To check if you have granted db_denydatawriter or db_denydatareader to your master user, try the folloing command:

use [YourDatabaseName]
go
sp_helpuser

Changing master password won't help because that will grant db_owner permission but it won't remove the Deny permission.

SOLUTION

Use the following command to remove the Deny permission:

USE [database-name]
GO
ALTER ROLE [db_denydatareader] DROP MEMBER [master-user-name]
GO
ALTER ROLE [db_denydatawriter] DROP MEMBER [master-user-name]
GO

It worked for me, hope it helps!

like image 183
admiri Avatar answered Oct 05 '22 00:10

admiri

AWS RDS SQL Server grant dbower to master user

Incase if you accidentally revoked the permission or post restore database is not accessible by master user in SQL Server RDS then only option is to you reset the password of master user from console.

You might be thinking password resent?? why :)

I faced this issue and when I reset the password from console it automatically granted the permission to this database.

like image 20
Virender Jain Avatar answered Oct 05 '22 00:10

Virender Jain
Sign in to Comment

Related questions

SQL query with limit
How do I increase the Command Timeout in OrmLite ServiceStack?
Which settings provide SQL Server default datetime format?
Remove [NOT FOR REPLICATION] from all Identity columns of Database tables
SELECT Top 1 ID, DISTINCT Field
ORDER BY ... IN(...) ASC
Store NoSQL data on SQL Server?
MSSQL Query - Sum only positive numbers
Cant find my EF code first database
Move one exact row to top of all rows leaving all other ASCENDING
How to create a fulltext catalog in an entity framework database migration? [duplicate]
SQL - Delete table with 372 million rows starting from first row
Unable to connect to LocalDB with HeidiSQL
Error converting data type nvarchar to numeric - SQL Server
SQL temporal table: It is possible to change logging time from UTC to current time?
Exclude null values using DENSE_RANK
Time difference with hours, minutes and seconds in SQL Server
Reuse calculated column in WHERE clause
Adding auto increment extra column to view which is not present in table in SQL Server [closed]
Python: Write Pandas Dataframe to MSSQL --> Database Error

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!