create a login on snapshot database on mirroring server

  • hi all,

    i would like to create a login on snapshot database on mirroring server.

    i have tried to create a login on snapshot database via principal database and when login on mirroring server , it s saying that the snapshot database is on ready only.

    any help please.

    thanks.

    regard.

  • You will need to create the login and grant it permissions in the database before you create the snapshot. The "content" of the snapshot never changes, so if the login does not have access to anything in the principal database then when you create the snapshot, that login will not have access and never will.

    If you are using a SQL Server login, you will need to specify the SID when you create the login on the mirror server. It will need to be the same on both sql instances. IF you are using Windows Logins, then simply granting the user access to the both servers is enough - in this case, the SID is automatically supplied from active directory.

    Next, grant the login access to the database (on the principal) with the permissions that it needs.

    Mirroring will now copy the relevant security information from the principal database to the mirror.

    Next, create the snapshot.

    That should be enough for what you need

  • thanks for your reply...

    what do you mean the SID ..? security ID..? the certificat when you create your mirroring..?

    that means when you create the login you have to mappe the certificat.?

    regard

  • I suggest that you have a look at the syntax for "CREATE LOGIN" - it has some info in SID

    SID is short for security identifier (or at least that is my understanding). For windows users, Active Directory automatically assigns a SID to each and everything that it knows about. No matter what a Windows user accesses, the SID is used to identifier the user (this is a highly abridged discussion on this - you could spend hours reading up on what AD actually does when identifying and authenticating users).

    SQL Server also uses a SID to identify users. For Windows users, it uses the SID that AD is already using - why create yet another identifier for the user.

    For SQL Server logins, someone or something beside AD needs to supply a value for the SID (since AD has no knowledge of those logins). If you do not specify a value, the "CREATE LOGIN" command will generate one on your behalf. Normally, the value that is generated is not important but when you are using the same database on a different instance of SQL Server, it does matter. This is because SQL Server uses the SID when trying to find whether a user in a database is a login for the instance. If they don't match, then as far as SQL Server is concerned, the login does not have access to the database. If they do match, all is good.

    So, when creating the login on the mirror server, by specifying the same SID as is being used on the principal server, any permissions the user has will also be present at the mirror.

    And finally, the actual value of the SID is not significant - you can use the NEWID function to generate a value if you want. The only requirement is for the same value to be used on both the principal and the mirror server when creating the login.

    Hope that explains SID for you

  • thanks so much for the explain

    what i dont understand is how to generate the SID.

    you talked about the NEWID fonction..?

    i create the sqlserver login

    thanks for your help

  • i think i found the solution

    in the sys.database_principals vue

    thanks again.

    Cdt.

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply