I have the following PHP script to test if my user can connect to my SQL Server database:
<?php
$serverName = "ABC-XXXXXXX";
$uid = "my_user";
$pwd = "my_password";
$databaseName = "my_database";
$connectionInfo = array("UID"=>$uid,
"PWD"=>$pwd,
"Database"=>$databaseName);
$conn = sqlsrv_connect( $serverName, $connectionInfo);
var_dump($conn);
The connection fails, and I'm not sure why, but I'm guessing it's either because I am using the wrong $serverName
or the user doesn't have the right permissions.
To get the $serverName
, in SQL Server Management Studio (SSMS), I have followed these steps:
- Open the object explorer.
- Right-click on the database and click on Properties.
- Click "View connection properties" in the left column.
- In the Server Environment section, I use the value for the Computer Name row.
To grant the user access to the database, I have tried both SSMS and also tried a query, but I'm not sure if either had the desired effect.
The query I ran was...
USE [my_database];
GRANT SELECT, UPDATE, INSERT, DELETE
ON SCHEMA :: [dbo] TO my_user;
The query completes successfully, but I'm not sure if this gives the user access to the database. If I look at the user's permission in the SSMS object explorer (my_database > Security > Users > (right-click) my_user > Properties), it looks like the query had the desired effect. There is a line for the dbo schema, and if I click on that line I see that the SELECT, UPDATE, INSERT and DELETE boxes are checked below. However, I am not sure if I need to grant other permissions besides these to connect to the database from my script.
The web server is IIS and the OS is Windows 10.
UPDATE: When I print the sqlsrv_errors()
, I see
Login failed for user 'my_user'
UPDATE 2: When I change the "Server authentication" setting to "SQL Server and Windows Authentication mode" and run my test script, there is an additional error message:
Cannot open database "my_database" requested by the login. The login failed.
UPDATE 3: After going to Security > Logins > my_user (right-click) > Properties > Securables and checking the box for "Connect any database," the error message has changed to:
The SELECT permission was denied on the object 'block_content', database 'my_database', schema 'dbo'.
UPDATE 4: My test script was able to connect to the database after I assigned my database user to the 'sysadmin' role at Security > Logins > my_user (right-click) > Properties > Server Roles. Though it's possible the other actions I took (following the suggestions in the comments) also contributed.
1条答案
按热度按时间kjthegm61#
To summarize the conversation in the comments, and provide an answer to the question for posterity:
Every login has a default database, if you do not specify one
master
is assumed. You can change the default database for a login using TSQLALTER LOGIN <LoginName> WITH DEFAULT_DATABASE = <DatabaseName>
or using the SSMS gui:Security->Logins->Properties
At the bottom of the general tab is Default database.You should specify a database in your connection string. This can very depending on what you're using to connect, but typically it's
Database=<DatabaseName>;
.You'll need to grant the user permissions to the objects you want it to be able to use. You're best off if you can apply least permission from the get go.
A user needs permission to connect to the database, you can grant this using TSQL:
GRANT CONNECT ON Database::<DatabaseName> TO <UserName>;
or through the GUI:Databases-><Database>->Security->Users-><User>->Properties
Search, All Objects of the types..., Databases, Select the database and scroll down to Connect.You can grant permissions to individual objects using TSQL:
GRANT SELECT ON <SchemaName>.<ObjectName> TO <UserName>;
. A database role might be more appropriate: https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles?view=sql-server-ver16 . You can add a user to a role using TSQL:ALTER ROLE <RoleName> ADD MEMBER <UserName>;
. You can also grant server level roles which have a wider scope, if that's appropriate.