Menu
I wrote a little app to backup SQL Azure databases using the very usefull 'CREATE AS COPY OF' command in SQL Azure. e.g.
CREATE DATABASE MyNewDB AS COPY OF MyOldDB
I run this command with the admin login (first login you get when creating a server). My Question: What are the minimal permissions a new login would need to execute the above command?
So far here's what I've done:
-- IN MASTER DB --
CREATE LOGIN DBCreator WITH PASSWORD = '?????????????'
CREATE USER DBCreator FROM LOGIN DBCreator;
EXEC sp_addrolemember 'dbmanager', 'DBCreator';
-- IN MyOldDB --
-- (I ran this stuff when the previous commands didn't do it) --
CREATE USER DBCreator FROM LOGIN DBCreator;
EXEC sp_addrolemember 'db_datareader', 'DBCreator'; --
And the result when running the above CREATE DATABASE command:
CREATE DATABASE permission denied in database 'MyOldDB'.
933
Azure SQL Database currently provides 7 fixed server roles. The permissions that are granted to the fixed server roles can't be changed and these roles can't have other fixed roles as members. You can add server-level logins as members to server-level roles.
On either the source or destination SQL Server instance, launch the Copy Database Wizard in SQL Server Management Studio from Object Explorer and expand Databases. Then right-click a database, point to Tasks, and then select Copy Database.
I could not add the db_owner role to new login, the command
EXEC sp_addrolemember 'db_owner', 'NewLogin'
throws the error
Cannot alter the role 'db_owner', because it does not exist or you do not have permission.
But using the dbmanager role works
EXEC sp_addrolemember 'dbmanager', 'NewLogin'
There is useful information in the article Managing Databases and Logins in Windows Azure SQL Database.
102
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
