3

I want to write a stored procedure that checks the environment a database resides in (Based on the name) and creates the appropriate user and role for our application.

This would allow us to automate setting up permissions if we move a database between environments (Currently due to the limitations of Windows Azure SQL Database we have to manually run a script which is not ideal and prone to human error).

So the syntax we are using is:

DECLARE @UserToAdd VARCHAR(50) = (
    SELECT  CASE 
            WHEN @Environment = 'Development' THEN 'DevelopmentApplicationUser'
            WHEN @Environment = 'Test' THEN 'TestingApplicationUser'
            ELSE ''
        END
)

IF (@UserToAdd != '')
BEGIN
    EXEC ('CREATE USER [' + @UserToAdd + '] FOR LOGIN [' + @UserToAdd + '];')

    EXEC ('EXEC sp_addrolemember N''WebUser'', N''' + @UserToAdd + ''';')
END

This works correctly on our development server (SQL Server 2008 R2) but in Windows Azure SQL Database we get the below error:

The CREATE USER statement must be the only statement in the batch

Now the MSDN documentation does state:

If the CREATE USER statement is the only statement in a SQL batch, Windows Azure SQL Database supports the FOR | FROM LOGIN clause. If the CREATE USER statement is not the only statement in a SQL batch or is executed in dynamic SQL, the FOR | FROM LOGIN clause is not supported.

However this means that we cannot automate our permissions whatsoever.

Has anyone got around this issue and been able to produce dynamic sql that creates a user? Alternatively is there a way around this in a stored procedure?

Improve this question
1
  • As a note on this; the same issue occurs with ALTER USER. You can run CREATE USER [x] WITHOUT LOGIN however ALTER USER will not let you rebind it to a login Commented Oct 25, 2013 at 12:46

2 Answers 2

Reset to default
2

I opened a support case with Microsoft to see if this is possible and the response was that if you want to check the existence of a login or a user and then create that login or user, you MUST use separate connections for the check and then the creation. It is NOT possible to check and create if not exists in the same transaction or batch. In Sql Azure.

Hth, Oli

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you Oli; so we could write a custom C# program or SSIS package that does this for us using 2 seperate batches, but we cannot perform the same logic is a stored procedure.
Exactly. I used powershell to do it.
1

I speak under correction here. you can create the user without FOR LOGIN then use sp_change_users_login to map the user to a login after the fact

Improve this answer

1 Comment

Thank you @Maxui; that would work perfectly on a standard SQL Server instance, however I've just tried sp_change_users_login and it appears it is not supported on Windows Azure SQL Database. Bad times as that would've been exactly what we needed

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.