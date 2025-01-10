Introduction

Database administrators regularly detach and attach databases as part of their daily tasks. During this process, they often face challenges, particularly with file permissions. . One common error is the "Access Denied" error when one administrator attempts to attach a database detached by another. In this article , we'll be discussing SQL Server file permission settings and how these settings impact Windows and SQL logins. We will use a practical scenario involving two DBAs to explore how we might resolve these access denied errors. Understanding these permissions can help you manage attachments in your database and avoid these kinds of issues in your SQL Server environment. Issue

Two database administrators belong to the local server Administrators group on a SQL Server machine and possess sysadmin privileges on the SQL Server instance.

Understanding MDF and LDF Files

SQL Server databases rely heavily on MDF and LDF files, but their structure can be quite complex. The MDF is the core storage, which contains all integral components such as tables, views , and procedures , defining the model as well as information inserted into it . The LDF , on the other hand, acts as the bookkeeper , diligently recording each and every transaction through comprehensive logs. This ensures the database can recover from failures and keep all the contents consistent. Even though technical aspects like files run underneath, it is their combined forces that maintain databases to remain reliable .

Scenario

DBA One detaches the database with their Windows login. When DBA Two tries to attach the database with their own Windows login, they encounter an error. Subsequently, DBA two connects to the SQL Server instance with a SQL login that has sysadmin privileges but still faces the same error message when trying to attach the database.

Msg 5120, Level 16, State 101, Line 3 Unable to open the physical file "D:\SQLDATA\MSSQL13.MSSQLSERVER\MSSQL\DATA\TestDB.mdf". Operating system error 5: "5(Access is denied.)". Msg 1802, Level 16, State 7, Line 3 CREATE DATABASE failed. Some file names listed could not be created. Check related errors.

Solution

When someone detaches a database using a Windows login, only that login has permissions for the MDF and LDF files. To let another user attach the database, you need to grant permissions to either the Database Engine security identifier (SID) NT SERVICE\MSSQLSERVER or the Windows login trying to attach it.

Upon reattachment, the permissions for the database files will shift to the Database Engine SID, and the privileges associated with the individual Windows login will be removed.

The following steps illustrate this scenario using SQL Server 2016 Developer Edition. Two domain user accounts, SQLAdminOne and SQLAdminTwo, are created. Both accounts are added to the local Administrators group on the Windows server and are assigned sysadmin privileges on the SQL Server instance.

First Step: Create TestDB database