1

I am trying to create a user that only has access to a few views and procedures. The user seems to be created fine, but when I attempt to log in to the user account using the connection string below, I get the error Login failed for user 'Interface_Admin'. 

User ID=Interface_Admin;Password=letmein01;Integrated Security=False;server=SQL02;database=TESTDB;Trusted_Connection=False;

My code to create the user and grant permissions is below. 

USE TESTDB
GO

IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'Interface_Admin') DROP USER Interface_Admin
IF EXISTS (SELECT * FROM master.dbo.syslogins WHERE name = 'Interface_Admin_Login') DROP LOGIN Interface_Admin_Login
IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'Interface_Users') DROP ROLE Interface_Users

-- Create role and add user accounts
CREATE ROLE Interface_Users
CREATE LOGIN Interface_Admin_Login WITH PASSWORD = 'letmein01'
CREATE USER Interface_Admin FROM LOGIN Interface_Admin_Login
EXEC sp_addrolemember @rolename='Interface_Users', @membername='Interface_Admin'
GO

-- Grant permissions
-- Views
GRANT SELECT ON Vw_Interface_Main TO Interface_Users;

-- Procedures
GRANT EXECUTE ON Proc_GetNextFileSequence TO Interface_Users;
GRANT EXECUTE ON Proc_OutboundFiles TO Interface_Users;
GRANT EXECUTE ON Proc_InsertOrUpdateFile TO Interface_Users;
Improve this question
12
  • Mixed authentication turned on? Commented Mar 19, 2018 at 17:09
  • @dfundako not entirely sure what you mean there. I take it that's a setting in SQL Server somewhere? Commented Mar 19, 2018 at 17:10
  • Run this: SELECT CASE SERVERPROPERTY('IsIntegratedSecurityOnly') WHEN 1 THEN 'Windows Authentication' WHEN 0 THEN 'Windows and SQL Server Authentication' END as [Authentication Mode] Commented Mar 19, 2018 at 17:11
  • In SSMS, right-click the SQL Server node at the top, select properties, then click on the "Security" tab, and ensure SQL Server authentication mode allows both Windows and SQL Server logins. Commented Mar 19, 2018 at 17:12
  • Yes the server allows both Windows and SQL Server logins Commented Mar 19, 2018 at 17:13

2 Answers 2

Reset to default
1

Your original script has Create Login with Interface_Admin_Login, but then User Id in the connection string is Interface_Admin.

Logins should be done with the Login name, not user name. Login = access to the instance, users are used to handle permissions within each database. Generally users are created with the same name as the login to avoid confusion.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

So, I think this is down to a misunderstanding on my part, but I was able to resolve this by giving the same name to both the user and the login. 

-- Create role and add user accounts
CREATE ROLE Interface_Users
CREATE LOGIN Interface_Admin WITH PASSWORD = 'letmein01'
CREATE USER Interface_Admin FROM LOGIN Interface_Admin
EXEC sp_addrolemember @rolename='Interface_Users', @membername='Interface_Admin'
GO
Improve this answer

2 Comments

Yep, you need to login using the login name. Login = access to the instance, then users are used to handle permissions within each database. Generally you'll create users with the same name as the login to avoid confusion.
Ok, thanks for elaborating, that explains a lot. If you phrase that as an answer then I'll mark it as best answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.