I'm trying to crearte a DB user account that only has access to a specific database, and can't read or change other databases, and can't alter credentials for any other accounts.
I accidentally removed this user from the "public" server role while troubleshooting a connection issue, which hosed my access to the server from Management Studio for the account
The only way to get access is to add the user to the sysadmin role, which won't work because the user now has access to all the databases.
now when I try to add the user back to the public server role I get an error saying membership in the role can't be changed.
Curiously, when I right click the user and view properties, it claims the user is a member of the public role, and won't allow me to alter the membership.
Questions:
- So if public role membership can't be changed then how was I able to remove the user from the role in the first place?
- How do I add the user back in so I can regain acces to management studio for that user?
Best Answer
To help with additional details, here is how it should all look so you can say exactly which portion isn't correct. You have a login for the server, and a user for the database for the account you're having trouble with. On the server and database levels, you'll see a public role (server role and database role). The properties of the public server role won't show users, but the properties of the login will show the public database role for all of the databases (it will be checked, and you can't uncheck it). The properties of the public database role will not show any members either, and the properties of the database user will also not show the public role. Because of all of this, I don't believe you removed the user from the public role.
If you want to try to delete and recreate the user, you can first try to go into the database and just delete the database user. This will leave the login, which you can go into the properties of, and, under User Mapping, there should be no database checked. You should be able to check the database now (because the database user has been deleted), and choose whatever roles you need. If this doesn't work, you can also delete the login along with the database user to try and clear everything out. For one last check on the user, you can run this SQL:
This will show you any orphaned users, which could mean there is still an issue with your user. This can usually be fixed with:
To try and wrap this up before it gets any longer, there could be something else altogether causing your connection issue for this user. If none of this works, can you post up the error message you get when logging in?