Aug 13, 2011
no image

Recently I was working with some database restoring and configuring stuff. And I was getting errors due to the conflicts on database users, server logins and their permissions.

In the ideal scenario, there should be a 'login' in the database server, and a corresponding 'user' for the database. Sometimes people get confused with the difference of these two. But they are for two entirely different purposes.

  • Login - Used for user authentication, and created in the server level

  • User (Database user) – Provide the database access and used for permission validations on the data base. Created for each database specifically.

A login is required for accessing the database server. And in the usual case a user account (corresponding to each of those logins) is associated for each database which provide access to the database. If a database user account is not not associated with a login, the user is not able to log into SQL Server server. This usually happens when a database is restored to a different server (which was the problem I had)

Restored database contains a set of users and permissions but there may not be any corresponding logins or the logins may not be associated with the same users. This situation is usually is known as having "orphaned users". Following steps will be able to resolve this situation.

-- Creating the login

Use master

sp_addlogin 'test', 'password', 'TestDB'



-- Granting the access to the created loginUse TestDB

Use TestDB

sp_grantdbaccess 'test'



-- Resolve orphaned users

Use TestDB

sp_change_users_login 'update_one', 'test', 'login_pswd'

In above the first step (creating the login), TestDB is the default database for the login. Which is the first database login connected after logging in.

The converse of the above described scenario; if no user account exists in a database for a specific login, the user that is using that login cannot access the database even though the user may be able to connect to SQL Server.

But there’s a single exception to this. Even if there is no user account is created in a database for a particular login, still the login can access the database trough a “guest user”. This guest user is created automatically for each database when it was created. And it is set to disabled by default. Another important thing to mention is, this guest login cannot be deleted from the database. 

You can enable and disable that account using the below query.
-- To give access to guest account from SA login:

USE TEST_TABLE  

GRANT CONNECT TO GUEST  



-- To revoke access to guest account from SA login:

USE TEST_TABLE  

REVOKE CONNECT FROM GUEST  



-- To grant permission on tables for guest user

GRANT SELECT ON TestDB.EmloyeeDetails TO GUEST
Granting the permission can be also done with using the SQL server Management Studio through it’s GUI.  Now try a SELECT query on the database table, with a login which its database user is not created in the TestDB database. You should be able to perform the operation even without having the database user name.

However it is not recommended for giving the sensitive database permissions for guest user. I found some articles on the web (link) where, people have published about possible security risks/bugs in using the guest user and granting permissions on it. 
Aug 9, 2011
no image


If you have experience with SQL Server, you may have heard the terms MDF, NDF and LDF already. Those are the commonly used file name extensions in SQL Server for specify the Primary Data files, Secondary data files and Log files respectively.

In SQL Server, data and log information are never stored in the same file. Furthermore, those individual files (primary data, secondary data and log) are used by only one server. However, below is a brief description about the three file types in SQL Server.

Primary data files

Primary data file is the starting point of the database. It points to the other files in the database. Therefore, every database has one primary data file. Also, all the data in the database objects (tables, stored procedures, views, triggers.. etc.) are stored in the primary data files. The recommended and the most common file name extension for primary data files is ".mdf".

Secondary data files

You can only have one primary data file for a database. Rest made up by secondary data files. But its not necessary to have a secondary data file. Therefore some databases may not have any secondary data file. But its also possible to have multiple secondary data files for a single database. ".ndf" is usually recommended to denote secondary data files. It’s also possible to store the secondary data file in a separate physical drive than the one which primary data file is stored.

Log files

Log files in SQL Server databases hold all the log information. Those information can be later used to recover the database. Size of the log file is determined by the logging level you have set up on the database.  There must be at least one log file for each database. But it is also possible to have more than one log file for a single database. The recommended file name extension for log files is ".ldf".


IMPORTANT : Though it’s recommended to use these .mdf, .ndf and .ldf filename extensions, SQL Server never enforces to use the same file extensions.

Locations of all the files of user databases (primary, secondary and log files of each) are stored in the primary data file of the database and in the master database. When the SQL Server Database Engine want to use the file location information of those  files, it retrieves the data from the master database.