Why can't my test script connect to a SQL Server database?

m2xkgtsf  于 2023-08-02  发布在  SQL Server
关注(0)|答案(1)|浏览(123)

I have the following PHP script to test if my user can connect to my SQL Server database:

<?php
$serverName = "ABC-XXXXXXX";
$uid = "my_user";
$pwd = "my_password";
$databaseName = "my_database";

$connectionInfo = array("UID"=>$uid,
                        "PWD"=>$pwd,
                        "Database"=>$databaseName);

$conn = sqlsrv_connect( $serverName, $connectionInfo);

var_dump($conn);

The connection fails, and I'm not sure why, but I'm guessing it's either because I am using the wrong $serverName or the user doesn't have the right permissions.

To get the $serverName , in SQL Server Management Studio (SSMS), I have followed these steps:

  1. Open the object explorer.
  2. Right-click on the database and click on Properties.
  3. Click "View connection properties" in the left column.
  4. In the Server Environment section, I use the value for the Computer Name row.

To grant the user access to the database, I have tried both SSMS and also tried a query, but I'm not sure if either had the desired effect.

The query I ran was...

USE [my_database];

GRANT SELECT, UPDATE, INSERT, DELETE 
ON SCHEMA :: [dbo] TO my_user;

The query completes successfully, but I'm not sure if this gives the user access to the database. If I look at the user's permission in the SSMS object explorer (my_database > Security > Users > (right-click) my_user > Properties), it looks like the query had the desired effect. There is a line for the dbo schema, and if I click on that line I see that the SELECT, UPDATE, INSERT and DELETE boxes are checked below. However, I am not sure if I need to grant other permissions besides these to connect to the database from my script.

The web server is IIS and the OS is Windows 10.

UPDATE: When I print the sqlsrv_errors() , I see
Login failed for user 'my_user'

UPDATE 2: When I change the "Server authentication" setting to "SQL Server and Windows Authentication mode" and run my test script, there is an additional error message:

Cannot open database "my_database" requested by the login. The login failed.

UPDATE 3: After going to Security > Logins > my_user (right-click) > Properties > Securables and checking the box for "Connect any database," the error message has changed to:

The SELECT permission was denied on the object 'block_content', database 'my_database', schema 'dbo'.

UPDATE 4: My test script was able to connect to the database after I assigned my database user to the 'sysadmin' role at Security > Logins > my_user (right-click) > Properties > Server Roles. Though it's possible the other actions I took (following the suggestions in the comments) also contributed.

kjthegm6

kjthegm61#

To summarize the conversation in the comments, and provide an answer to the question for posterity:

Every login has a default database, if you do not specify one master is assumed. You can change the default database for a login using TSQL ALTER LOGIN <LoginName> WITH DEFAULT_DATABASE = <DatabaseName> or using the SSMS gui: Security->Logins->Properties At the bottom of the general tab is Default database.

You should specify a database in your connection string. This can very depending on what you're using to connect, but typically it's Database=<DatabaseName>; .

You'll need to grant the user permissions to the objects you want it to be able to use. You're best off if you can apply least permission from the get go.

A user needs permission to connect to the database, you can grant this using TSQL: GRANT CONNECT ON Database::<DatabaseName> TO <UserName>; or through the GUI: Databases-><Database>->Security->Users-><User>->Properties Search, All Objects of the types..., Databases, Select the database and scroll down to Connect.

You can grant permissions to individual objects using TSQL: GRANT SELECT ON <SchemaName>.<ObjectName> TO <UserName>; . A database role might be more appropriate: https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles?view=sql-server-ver16 . You can add a user to a role using TSQL: ALTER ROLE <RoleName> ADD MEMBER <UserName>; . You can also grant server level roles which have a wider scope, if that's appropriate.

相关问题