Minimum permissions in SQL Server for DbUp

[Michael Strasser]

We are using Octopus Deploy to deploy Windows apps to a distant on-premises data centre with strict security controls.

We want to run SQL Server migrations using DbUp but our attempts so far have failed. We believe this was because the user running DbUp did not have permissions to read the master database to confirm the existence of the database we wanted to modify.

We know that the user was granted the db_ddladmin role on the database but we think the public role had be altered to remove read permissions on master.

Can anyone confirm that we need to be able to read master for DbUp to do its stuff? If so, should we ask to be granted db_datareader role on master on the server?

Thanks

Michael Strasser

[Darrell Tunnell]

If you use the dbup method to ensure the database is created if it doesn't exist, then it will connect to master. If you don't use that method, then I don't think you need master access. I resolved a similar issue by not using that method recently.

Get Outlook for Android

---

From: dbup-d...@googlegroups.com <dbup-d...@googlegroups.com> on behalf of Michael Strasser <mst...@thoughtworks.com>
Sent: Friday, May 17, 2019 7:51:22 AM
To: DbUp Discuss
Subject: Minimum permissions in SQL Server for DbUp

 

--
You received this message because you are subscribed to the Google Groups "DbUp Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dbup-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dbup-discuss/79e9584f-4e7c-4414-8b67-f7637554d694%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Michael Strasser]

Hi Darrell

Thanks for your response. We had a script that queried a view in the master database, but realised that we don’t need it. 

DbUp now runs our other scripts without problem.

Regards

Michael

On Friday, 17 May 2019 18:35:23 UTC+10, Darrell Tunnell wrote:

If you use the dbup method to ensure the database is created if it doesn't exist, then it will connect to master. If you don't use that method, then I don't think you need master access. I resolved a similar issue by not using that method recently.

Get Outlook for Android

---

From: dbup-d...@googlegroups.com <dbup-d...@googlegroups.com> on behalf of Michael Strasser <mst...@thoughtworks.com>
Sent: Friday, May 17, 2019 7:51:22 AM
To: DbUp Discuss
Subject: Minimum permissions in SQL Server for DbUp

 

We are using Octopus Deploy to deploy Windows apps to a distant on-premises data centre with strict security controls.

We want to run SQL Server migrations using DbUp but our attempts so far have failed. We believe this was because the user running DbUp did not have permissions to read the master database to confirm the existence of the database we wanted to modify.

We know that the user was granted the db_ddladmin role on the database but we think the public role had be altered to remove read permissions on master.

Can anyone confirm that we need to be able to read master for DbUp to do its stuff? If so, should we ask to be granted db_datareader role on master on the server?

Thanks

Michael Strasser

--
You received this message because you are subscribed to the Google Groups "DbUp Discuss" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dbup-d...@googlegroups.com.