In SQL Azure how can I create a read only user

sql sql-server tsql azure-sql-database

34,345

Solution 1

A pure TSQL script is super messy, SQL Azure disables the USE command, so you are stuck opening connections to each DB you need to give the user read access.

This is the gist of the pattern.

In Master DB:

CREATE LOGIN reader WITH password='YourPWD';
-- grant public master access
CREATE USER readerUser FROM LOGIN reader;

In each target DB (requires a separate connection)

CREATE USER readerUser FROM LOGIN reader;
EXEC sp_addrolemember 'db_datareader', 'readerUser';

Solution 2

OR... Use the Azure User Management console - AUMC to manage the Logins and Users.

It's a open source project available on codeplex AUMC.codeplex.com

Project Description

Azure User Management Console - AUMC is a User Graphic Interface (GUI) that manages the users and logins of an Azure SQL database. The tool is simply converting your action into T-SQL commands and execute them on the Azure SQL Database.

A quick simple tool with a user interface! Don

Enjoy!

34,345

Author by

Sam Saffron

Co-founder: http://www.discourse.org email: [email protected] blog: http://samsaffron.com twitter: @samsaffron Ex Stack Overflow Valued Associate #00008, creator of Stack Exchange Data Explorer, co-creator of Media Browser ( now Emby ) Other Projects: Logster : https://github.com/discourse/logster rack-mini-profiler : https://github.com/MiniProfiler/rack-mini-profiler message_bus : https://github.com/SamSaffron/message_bus memory_profiler: https://github.com/SamSaffron/memory_profiler flamegraph : https://github.com/SamSaffron/flamegraph All original source snippets I post on Stack Overflow are dedicated to the public domain. Do with them as you see fit.

Updated on May 04, 2020

Comments

Sam Saffron about 4 years

I would like to create an SQL Azure user and grant her read-only access on a handful of DBs, what script can I use to achieve this?
zam6ak over 9 years

Why is there a "CREATE USER..." in master DB? In all docs I looked at, it only says you have to create user in target DB...Just curious...
shadowf about 8 years

Ancient answer and old comment, but for anyone interested... I think he's included the create user in master DB so the user (readerUser) can login to the server instance via Management Studio - if the user doesn't exist under master, they won't be able to use SQL authentication in Management Studio to sign in.
DeepSpace101 almost 8 years

It's a little spooky to plug your database credentials into apps just downloaded from the internet ... just saying ...
Shaiju T over 7 years

Grant permissions at object level or for selected tables check this and this , hope helps.