After running these commands with Azure SQL Server (in SSMS or using the command line utility):
- run in the main table to create a CREATE LOGIN SusanDBA login with password = 'U $ 3r --- Pa55W0rd !!'
- run with AnotherDB (not master db)
CREATE USER SusanDBA from LOGIN SusanDBA
SusanDBA can log in to open a connection to AnotherDB, but cannot run the Alter Login command to change the password. It is reported that this should be done against the master database. But we do not want the user to connect to master db for security reasons.
Command
Login for SusanDBA users
with PASSWORD = 'U $ 3r --- Pa55W0rd !! --- '
OLD_PASSWORD =' U $ 3r --- Pa55W0rd !!
Receives a response
Msg 5001, Level 16, State 3, Line 1 The
user must be in the main database.
An administrator with the corresponding basic rights can change the password, but this kind of defeat is the goal: the administrator now knows the user's password.
Limitations:
- We are not able to use AD in this case, therefore its authentication is SQL.
“We would like to use a command-line utility such as SQLCMD.”
source
share