tags:

views:

37

answers:

1

According to MSDN documentation this proc is supposed to grant login to a windows user, but when i run the following script, I cannot login using the specified user even though the account shows up under security.

exec sp_addsrvrolemember 'domain\user','dbcreator'

also is there a way to query if a particular login can actually login to the server or not ?

I should add that i know one should create login using CREATE LOGIN statement, just wondering if sp_addsrvrrole is behaving as it should

A: 

MSDN says to use CREATE LOGIN (which replaces sp_grantlogin and sp_addlogin) which says

Creates a new SQL Server login.

Once you have created the login, then you run sp_addsrvrolemember which says:

Adds a login as a member of a fixed server role.

This means the login should already exist before you run sp_addsrvrolemember

To test if a login exists at the SQL Server level, use SUSER_ID which will give the internal key from sys.server_principals

SELECT SUSER_ID('DOMAIN\User')

Edit:

Some system stored procs will create a sys.server_principals entry but it's not usable

You need to run this now. Or DROP LOGIN first and recreate as above

GRANT CONNECT SQL TO <login>
gbn
but sp_addsrvrolemember succeeds even without creating a login, and creates a login. The SUSER_ID function returns a value, but the user is not able to login. Shouldn't it fail if the login is not there ?