Create Logins and Users in SQLServer Flex Instances

Prerequisites

• You have created a Service Account.
  (See: Create a Service account)
• You have assigned the required project permissions to this service account.
  (See: Assign permissions to a service account)
• You have created an Access Token for this service account.
  (See: Assign authentication token to a service account)

Creating first login after creating a new SQLServer Flex instance

Creating the first login is the first step after setting up a new SQLServer Flex instance. Without this login there is no possibility to access the instance and perform any operation there. The first login is the customer main account to perform database administrative tasks.

When setting up the login, the following requirements must be met:

• There is no fixed name for the login, you can choose whatever you want.
  The password to this account, however, must adhere to SQL Server password policy, which includes the following rules:
  • Password does not contain the account name of the user.
  • Password is at least six characters long.
  • Password contains characters from three of the following four categories: uppercase letters, lowercase letters, base 10 digits, and symbols.
  • Password expires 90 days after the login creation or after the last password change.
  • User must change password at next login.
• The login has to be assigned the SQL Server server role**##STACKIT_LoginManager##** in order to be able to create other logins.
  Using this account, you can create other logins with the same level of administrative permissions as the main administrative login, as well as other logins with normal permissions.
• Also, the login needs the SQL Server server role **##STACKIT_DatabaseManager##** in order to be able to create databases.
  Any databases created by this login are owned by this account by default.

The login can be created via the following methods:

Portal

1. Navigate to SQLServer Flex and select the database server on which you want to create a database.
2. Select Users from the menu.
3. Click Create User.
4. Enter the username and select the roles for this user.
   See: Creating first login after creating a new SQLServer Flex instance.
5. Select the default database for this user.
   If you do not select a database or there is none to select, the user will be assigned tempdb as default database.
6. Click Create.
7. Copy and save the created credentials in a safe place.
   These credentials cannot be retrieved later!
8. Click Done.

The user is now available and can be used to create a new database. (See: Create Databases in SQLServer Flex Instances).

• Click the username in the user list to see the details of a user.

API

API calls can be performed using Postman or curl

Postman

1. Prepare the JSON payload, which a simple JSON object containing the username and the roles of the new account (replace Administrator with the login name of your choice):

{
    "username":"Administrator",
    "roles": ["##STACKIT_LoginManager##", "##STACKIT_DatabaseManager##"]
}

2. Download and install Postman: Download Postman | Get Started for Free

3. Open Postman and create a new workspace.

4. Name the new workspace and define the access.

5. Go to Collection and press the ”+” sign to create a new API request.

6. In the Request window, select the POST option from the drop-down list.

7. Paste the endpoint URL into the address bar: https://mssql-flex-service.api.eu01.stackit.cloud/v2/projects/{PROJECT_ID}/instances/{INSTANCE_ID}/users and replace {PROJECT_ID}, {REGION} and {INSTANCE_ID} with the project id, region id and the instance id of your SQL Server instance, respectively.

   Where do I find the Project ID? The project ID is displayed in the projects list of the Resource manager:

   Where do I find the Instance ID? The instance ID has the form of a UUID. It is displayed in the Overview tab of your instance in the STACKIT portal, in the section General information. For some products, the display of the instance ID in the portal is not implemented yet. In these cases the instance ID is visible as part of the instance URL in the address field of your browser when you are on the instance page in the portal, and it can be copied from there:

8. Go to Authorization section and select Bearer Token from teh Type drop-down list.

9. Copy your token and past it into the Token section to be used in authentication process when executing the API.

10. Select the _Body* tab.

11. Select raw and paste the JSON payload you prepared before into the input area. 12. Send the request.

curl unter macOS / Linux

1. Open a terminal.
2. Paste the code below.
3. Replace {PROJECT_ID}, {REGION}, {INSTANCE_ID} and {TOKEN} with the project ID and the instance ID of your SQL Server instance.
4. Replace Administrator with the login name of your choice.
5. Execute the code.

curl --location --request POST 'https://mssql-flex-service.api.eu01.stackit.cloud/v2/projects/{PROJECT_ID}/regions/{REGION}/instances/{INSTANCE_ID}/users' --header '
Accept: application/json' --header 'Authorization: Bearer {TOKEN}' --data '{
"username": "Administrator",
"roles": ["##STACKIT_LoginManager##", "##STACKIT_DatabaseManager##"]
}' | jq.

curl unter Windows

1. Open a PowerShell session.
2. Paste the code below.
3. Replace {PROJECT_ID}, {REGION}, {INSTANCE_ID} and {TOKEN} with the project ID and the instance ID of your SQL Server instance.
4. Replace Administrator with the login name of your choice.
5. Execute the code.

curl --location --request POST 'https://mssql-flex-service.api.eu01.stackit.cloud/v2/projects/{PROJECT_ID}/regions/{REGION}/instances/{INSTANCE_ID}/users' --header '
Accept: application/json' --header 'Authorization: Bearer {TOKEN}' --data '{
"username": "Administrator",
"roles": ["##STACKIT_LoginManager##", "##STACKIT_DatabaseManager##"]
}' | ConvertFrom-Json | ConvertTo-Json

SQL Server client tools

Server logins can be created by connecting to one of SQL Server client tools, e.g. SQL Server Management Studio, Azure Data Studio or any other client tool that supports connections to SQL Server.

SQL Server Management Studio

1. Connect to the SQL Server Flex instance.
2. Navigate to Security → Logins.
3. Right click on Logins and select New Login.
4. Enter the login name and password of the new login. Currently SQL Server Authentication is the only authentication mode available. In the example below we are creating a new server login with name app_account and a strong password:

Azure Data Studio

1. Connect to the SQLServer Flex instance.
2. Navigate to Security → Logins.
3. Right click on Logins and select New Login.
4. Enter the login name and password of the new login. Currently SQL Authentication is the only current authentication mode available. In the example below, we are creating a new server login with name app_account and a strong password:

Transact SQL (T-SQL)

You can use any SQL Server query execution tool that can execute T-SQL against an SQL Server, e. g. SQL Server Management Studio, Azure Data Studio, or PowerShell.

• Execute the CREATE LOGIN T-SQL command.

For more insights about the CREATE LOGIN command and its options, please visit the Microsoft official documentation for SQL Server.

Creating Database Users in SQLServer Flex Instance

After creating a normal server login, a database user has to be created to make this login able to connect to the database itself. The process of creating database users in SQLServer Flex instance is similar to the process of creating users in on-premises SQL Server.

The following methods can be used:

SQL Server client tools

Database users can be created by connecting to one of SQL Server client tools, e.g. SQL Server Management Studio, Azure Data Studio or any other client tool that supports connection to SQL Server.

SQL Server Management Studio

1. Connect to the SQL Server Flex instance.
2. Navigate to Databases → [database name] → Security → Users.
3. Right-click on Users and select New User.
4. In the window Database User - New go to the page General.
5. Enter the user name for the database user.
6. Select the server login name that will be mapped to the database user by clicking on … next to the input field.
7. Optional, but recommended: Define the default schema for the database user.
8. Go to the page Membership and add the necessary permissions. In the following example the database user receives the permission db_owner which lets him perform all required activities against the database.

Azure Data Studio

1. Connect to the SQLServer Flex instance.
2. Navigate to Databases → [database name] → Security → Users.
3. Right click on Users and select New User.
4. In the User - New window, enter the user name for the database user.
5. Select the server login name that will be mapped to the database user by clicking on … next to the input field.
6. Optional, but recommended: Enter the default schema for the database user.
7. Open the Membership section and add the necessary permissions. In the following example the database user receives the permission db_owner which lets him perform all required activities against the database.

Transact SQL (T-SQL)

You can use any SQL Server query execution tool that can execute T-SQL against an SQL Server, e. g. SQL Server Management Studio, Azure Data Studio, or PowerShell.

• Execute the CREATE USER T-SQL command.

For more insights about the CREATE USER command and its options, please visit the Microsoft official documentation for SQL Server.