Steps to Create a customize Role for Azure database
Download "Azure User Management Console" tool from https://aumc.codeplex.com/
Create a Login
Use “Azure User Management Console”
EG: dbdevwebuser
Create User for login on master
Connect to master database, and execute the following:
CREATE USER dbdevwebuser FOR LOGIN dbdevwebuser WITH DEFAULT_SCHEMA=[dbo]
This has created user “dbdevwebuser” for the login “dbdevwebuser”.
Note: You can keep the login and the user name separate.
Create User for login on the database to be used by application
Connect to application database, and execute the following:
CREATE USER dbdevwebuser FOR LOGIN dbdevwebuser WITH DEFAULT_SCHEMA=[dbo]
Create Customized Role
Connect to application database, and execute the following:
CREATE ROLE [db_executor] AUTHORIZATION [dbo]
This will create a role by the name “db_executor”
Grant Permissions to Customized Role
Here I am trying to create a role to grant execute for all stored procedure
GRANT EXECUTE TO [db_executor]
This will grant execute permission to the role “db_executor”
Note: You can “GRANT” more permission to this role, to make it more customized.
Assign Roles to User Created
Assign different roles of your choice to the user
sp_addrolemember @rolename = 'db_executor', @membername = 'dbdevwebuser'
sp_addrolemember @rolename = 'db_datareader', @membername = 'dbdevwebuser'
sp_addrolemember @rolename = 'db_datawriter', @membername = 'dbdevwebuser'
This will assign roles of “db_executor”, “db_datawrited” and “db_datareader” to the user 'dbdevwebuser' on the application database.
NOTE:
1. These kind of roles are usually used when you want your application to execute procedures, read and write data. But do not want them to manipulate any Schema.
Testing working of the User for the Roles Assigned
This user should
1. Execute procedure
2. Select, Insert, Update, Delete from the database
3. Create Temporary tables
4. Select View
This user should not:
1. Create, ALTER, Delete Table
2. Create, ALTER, Delete Procedure
3. Create, ALTER, Delete View
4. Create, ALTER, Delete Function
5. See Content “sp_helptext” for a Procedure
Happy Coding !!
Download "Azure User Management Console" tool from https://aumc.codeplex.com/
Create a Login
Use “Azure User Management Console”
EG: dbdevwebuser
Create User for login on master
Connect to master database, and execute the following:
CREATE USER dbdevwebuser FOR LOGIN dbdevwebuser WITH DEFAULT_SCHEMA=[dbo]
This has created user “dbdevwebuser” for the login “dbdevwebuser”.
Note: You can keep the login and the user name separate.
Create User for login on the database to be used by application
Connect to application database, and execute the following:
CREATE USER dbdevwebuser FOR LOGIN dbdevwebuser WITH DEFAULT_SCHEMA=[dbo]
Create Customized Role
Connect to application database, and execute the following:
CREATE ROLE [db_executor] AUTHORIZATION [dbo]
This will create a role by the name “db_executor”
Grant Permissions to Customized Role
Here I am trying to create a role to grant execute for all stored procedure
GRANT EXECUTE TO [db_executor]
This will grant execute permission to the role “db_executor”
Note: You can “GRANT” more permission to this role, to make it more customized.
Assign Roles to User Created
Assign different roles of your choice to the user
sp_addrolemember @rolename = 'db_executor', @membername = 'dbdevwebuser'
sp_addrolemember @rolename = 'db_datareader', @membername = 'dbdevwebuser'
sp_addrolemember @rolename = 'db_datawriter', @membername = 'dbdevwebuser'
This will assign roles of “db_executor”, “db_datawrited” and “db_datareader” to the user 'dbdevwebuser' on the application database.
NOTE:
1. These kind of roles are usually used when you want your application to execute procedures, read and write data. But do not want them to manipulate any Schema.
Testing working of the User for the Roles Assigned
This user should
1. Execute procedure
2. Select, Insert, Update, Delete from the database
3. Create Temporary tables
4. Select View
This user should not:
1. Create, ALTER, Delete Table
2. Create, ALTER, Delete Procedure
3. Create, ALTER, Delete View
4. Create, ALTER, Delete Function
5. See Content “sp_helptext” for a Procedure
Happy Coding !!