User Security Management for SQL Server divided into two levels, the entire SQL Server server layer, database layer of each.
- In the account server layer, called logins ( SQL Server: server roles ), you can set it to manage the entire SQL Server server (open track, modify Sql Server security configuration, back up all databases, etc.).
- In the database layer, called the account database ( SQL Server: database role ), you can set it to this particular database read and write, modify table structure, stored procedure definitions and other privileges.
Login account for the server, database users for a specific database of terms. The equivalent of a safe room stood a lot, you have house keys, and have to have a key to each safe to take something from the safe. Logon account is the key to the door, the user database is safe keys.
1. What is the orphaned users
As described above exists between the "login account" and "Account Database" layer mapping, if the account "CMS" Database "A" but not "login account" corresponding thereto, then the "CMS" account can not connect SQL Server services, so it has no effect, set up an isolated user.
2. have orphaned users under what circumstances
The first case of a server:
- A database
- A database has cms account, and there cms access your account.
A backup data in the first server, and restore the second database server, the second server where:
- A database
- A database has cms account, there is no corresponding login account
At this point in the database A second server will produce a solitary account cms, run the following statement in the second server can also be seen in isolation account cms:
Use A
exec sp_change_users_login 'report'If built directly access your account. "Cms", and to develop its "Database Access" database A, will prompt "** user already exists", as shown below:
3. How to resolve orphaned users
Resolve orphaned accounts is essentially to create a "login account" and related "account login" and "database account."
Establish a login account (usually with isolated accounts of the same name, namely "cms"), to not set the "login account" of database access and data roles, and set the "login account" password (usually the same as those orphaned accounts), then connect the "login account" and "database account."
Use A
exec sp_change_users_login 'update_one', 'cms', 'cms'So that the implementation of "exec sp_change_users_login 'report'" would not see orphaned accounts "cms" a.
sp_change_users_login syntax
exec sp_change_users_login 'update_one', '登陆账户名', '数据库账户名'Note: The "landing account" account name and password and can be "orphaned accounts" is different from the configuration database applications should be "login account" account name and password, rather than "database account."
4. Another solution
Assuming that there is data in isolation account cms A, whose password is "123456", the Database Configuration Application of this is. In order to enable applications to normal use, you can do the following:
- Establish access your account. "Cms", and set a password and default database were 123456, cms
- Set the login account "server role" as the "System Administrators"
- Not access your account settings related to "database access" for the property
- The following error will be prompted to save, do not bother
This method simply creates a cms user sa similar, although the application can guarantee the normal use, but it does not resolve orphaned users.
Reproduced in: https: //www.cnblogs.com/rainman/p/3509842.html