附加数据库时访问被拒绝
我使用的是 SQL Server 2008 开发人员版。我试图附加 AdventureWorks2008 数据库。
当我尝试附加时,收到“访问被拒绝”错误。根据事件日志,它来自操作系统:
打开失败:无法打开文件号 0 的文件 D:\ProjectData\AdventureWorks\AdventureWorksLT2008_Data.mdf。操作系统错误:5(访问被拒绝。)。
我以为“NTFS 问题”,但系统(和我)具有对这两个文件的修改访问权限。
我发现如果我以 sa 身份登录,我可以成功附加数据库,但我的用户帐户不起作用。
我是我的计算机上本地管理员组的成员,并且在 SQL Server 实例中担任 sysadmins 角色。
知道为什么我必须以 sa 身份登录吗?
I am using SQL Server 2008 developer edition. I was trying to attach the AdventureWorks2008 database.
When I tried to attach, I received an "access is denied" error. According to the event log, it came from the O/S:
Open failed: Could not open file D:\ProjectData\AdventureWorks\AdventureWorksLT2008_Data.mdf for file number 0. OS error: 5(Access is denied.).
I thought "NTFS problem", but System (and I) have modify access to both files.
I found that I can successfully attach the database if I log in as sa, but my user account won't work.
I am a member of the local administrators group on my machine, and I am in the sysadmins role in SQL Server instance.
Any idea why I had to be logged in as sa?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(30)
以管理员身份运行 SQL Server Management Studio。 (右键单击->以管理员身份运行)解决了我的案例中的所有奇怪问题。
SQL SRV EXPRESS 2008 R2。视窗7
Run SQL Server Management Studio as an Administrator. (right click-> run as administrator) that took care of all the weirdness in my case.
SQL SRV EXPRESS 2008 R2. Windows 7
感谢您的所有评论。你们中的一些人帮助我找到了答案。这是我发现的:
这是 NTFS 权限问题,而不是 SQL 问题。此外,它看起来有点像错误(并且是可重复的)。
问题:
我使用的帐户对 mdf 和 ldf 文件具有完全控制 NTFS 权限。但是,它通过组成员身份拥有这些权限(本地管理员组拥有权限,我的帐户是本地管理员的成员)。 (我验证了权限)
如果我尝试执行附加操作,以我的身份连接到 SQL Server(我位于管理员组中),则会因 NTFS 问题而失败。
但是,如果我直接向我的域帐户授予本地管理员组具有的相同文件权限,那么我可以毫无问题地附加。
(哦,是的,我检查了这台计算机上的本地组,并且验证了我的域帐户确实是本地管理员组的成员)。
因此,看起来发生错误的原因是某些代码(在 SQL Server 或 Management Studio 中)检查用户帐户拥有的权限,但并没有检查用户帐户继承的组权限。
这对我来说听起来很奇怪,但我可以一遍又一遍地重现它,所以我得出结论,这就是答案。
更新:我将此报告为错误:https://connect.microsoft.com/SQLServer/feedback/details/539703/access-denied-attaching-a-database-when-permissions-are-inherited
Thank you for all of the comments. Some of you helped to lead me to the answer. Here's what I found:
It was an NTFS permission problem, and not a SQL problem. Further, it looks kind of bug-like (and it's repeatable).
The problem:
The account that I was using had full control NTFS permissions to the mdf and ldf files. However, it had those permissions through group membership (the Local Administrators group had permissions, and my account is a member of local admins). (I verified the permissions)
If I try to do the attach, connect to SQL Server as me (where I am in the admins group), it fails with the NTFS problem.
However, if I grant the same file permissions that the local admin group has directly to my Domain Account, then I can attach with no problems.
(oh, and yes, I checked the local groups on this machine, and I verified that my domain account is indeed a member of the local admins group).
So, it looks as though the error occurs because some code (either in SQL Server or Management Studio) checks for the permissions that the user account holds, but it doesn't go so far as to check group permissions that the user account inherits.
That sounds weird to me, but I can reproduce it over and over again, so I have concluded that it is the answer.
Update: I reported this as a bug: https://connect.microsoft.com/SQLServer/feedback/details/539703/access-denied-attaching-a-database-when-permissions-are-inherited
我想在已发布的答案中添加其他信息。
分离数据库时要小心,因为您登录的Windows 用户将成为唯一有权访问 .mdf 文件的用户! .mdf 文件的原始权限包括用户
SQLServerMSSQLUser$$
和管理员帐户,该权限会被您登录的任何 Windows 用户(不是 sql server 用户)覆盖)。繁荣,所有权限就这样消失了。因此,按照其他人所说的操作,右键单击您的 .mdf 文件并仔细检查权限。我遇到这个问题是因为我使用 SSMS 连接到数据库(与哪个 sql server 帐户无关)并分离了数据库。完成此操作后,我的 Windows 用户是唯一对 .mdf 文件具有任何权限的用户。因此,后来当我尝试使用 sa 帐户附加数据库时,它引发了“访问被拒绝”错误。
为了保持原始权限不变,您应该使数据库脱机,然后分离,然后按顺序附加,如下所示:
I'd like to add additional info to the answers that were posted.
Be careful when detaching the database because the windows user you are logged in as becomes the only user with permissions to the .mdf file! The original permissions the .mdf file had which included the user
SQLServerMSSQLUser$<computer_name>$<instance_name>
and the Administrators account get overwritten by whichever windows user you are logged in as (not sql server user). Boom, all permissions gone just like that. So do as others have said and right click your .mdf file and double check the permissions.I ran into this problem because I used SSMS to connect to the database (doesn't matter which sql server account) and detached the database. After doing that my windows user was the only one that had any permissions to the .mdf file. So later on when I tried to attach the db using the sa account, it threw the "access denied" error.
To keep the original permissions in tact you should take the database offline, then detach, then attach in that order like so:
添加对
.mdf
文件所在文件夹的权限。检查此名称:
NT Service\MSSQLSERVER
并将
位置
更改为您的服务器名称。Add permission to the folder where your
.mdf
file is.Check this name:
NT Service\MSSQLSERVER
And change the
Location
to your server name.以管理员身份运行 SQL Server Management Studio。 (右键单击 -> 以管理员身份运行)在 Windows 7 - SQL Server 2008 R2 上为我工作
Run SQL Server Management Studio as an Administrator. (right click-> run as administrator) worked for me with Windows 7 - SQL server 2008 R2
这个问题是由UAC(用户帐户控制)引起的,不是吗?尽管您的用户帐户是管理员组的成员,但 Windows 7 中的 UAC 不允许您执行管理员操作,除非您“以管理员身份”运行程序。这并不是 SQL Server 或 Management Studio 等中真正的错误。 (尽管它可能知道问题所在并要求您提升权限,而不仅仅是抱怨“错误 5”。)
This problem is caused by UAC (User Account Control), isn't it? Although your user account is a member of Administrators group, the UAC in Windows 7 doesn't allow you do do administrator things unless you run programs "as administrator". It is not a real bug in SQL Server or Management Studio or whatever. (Although it could possibly know the problem and ask you for elevated permissions instead of just complaining "error 5".)
在Windows 7中可以通过这种方式附加SQL2005数据库:
然后附加数据库成功完成。
A SQL2005 database can be attached in this way in Windows 7:
And then attached database successfully completed.
当您以
sa
(或任何 Sql Server 帐户)身份登录时,您将作为 SQL Server 服务帐户运行,当您以您的身份登录时,您将拥有您帐户的权限。由于某种原因,您没有适当的文件访问权限,但服务帐户有。When you login as
sa
(or any Sql Server account), you're functioning as the SQL Server service account, when you're logged in as you, you have the permissions of your account. For some reason you don't have the appropriate file access but the service account does.我找到了这个解决方案:右键单击存储 .mdf 文件的文件夹 -->单击属性-->选择“安全”选项卡,单击“编辑...”并给予其完全控制权。
希望这有帮助!
I found this solution: Right click on folder where you store your .mdf file --> click Properties --> choose Security tab, click Edit... and give it full control.
Hope this helps!
它可以轻松修复,但要彻底修复,只需转到存储mdf 文件的文件夹即可。选择文件->右键单击 -> 单击属性并授予登录用户安全性文件的完全权限。
it can be fixed easly but radicaly, just go to the folder where you have stored mdf file. select file-> Right click ->click on properties and give full permissions to file for logged in user Security.
sa
用户使用 NTFS 帐户SQLServerMSSQLUser$$
和SQLServerSQLAgentUser$$
访问数据库文件。您可能想要尝试为这些用户之一或两者添加权限。我不知道是否能解决您的问题,因为您说您对
sa
用户没有任何问题,但我希望它有帮助。The
sa
user uses NTFS accountsSQLServerMSSQLUser$<computer_name>$<instance_name>
andSQLServerSQLAgentUser$<computer_name>$<instance_name>
to access the database files. You may want to try adding permissions for one or both these users.I don't know if solves your problem since you say you have no problems with the
sa
user, but I hope it helps.与我一起
- 在窗口 8 上运行
- 右键单击 SQL Server Manager Studio ->用管理员运行。 ->附加没有问题
With me
- Running on window 8
- RIght click SQL Server Manager Studio -> Run with admin. -> attach no problems
每次我遇到此问题时,都是在尝试附加与 SQL Server 中设置的默认数据库目录不同的目录中的数据库时。
我强烈建议您只需将数据文件移动到 sql server 期望找到它的目录中,而不是劫持各种目录和帐户的权限。
Every time I have run into this issue was when attempting to attach a database that is in a different directory from the default database directory that is setup in SQL server.
I would highly recommend that instead of jacking with permissions on various directories and accounts that you simply move your data file into the directory that sql server expects to find it.
我也只是想添加这些信息。
http://www.mssqltips。 com/sqlservertip/2528/database-attach-failure-in-sql-server-2008-r2/
解决方案
您收到此错误是因为两个不同的登录名执行了分离和附加操作。因此,分离后的文件由第一次登录拥有,但附加失败,因为使用的登录不是 mdf 和 ldf 文件的所有者。
当我们分离数据库文件时,所有者成为执行分离命令的人,因此要解决此问题,我们需要更改或添加其他登录名作为 mdf 和 ldf 文件的所有者。
右键单击“filename.mdf”文件,选择属性,检查mdf文件的权限。在这里我们可以看到只有一个帐户有权访问“filename.mdf”文件,因为这是用于分离数据库的帐户。
要解决此问题,请单击“添加...”按钮添加其他登录名或所需的任何其他登录名,并授予该登录名完全控制权。您也应该对“ldf”文件执行此操作。完成此任务后,单击“确定”按钮。 (请注意,对于其他操作系统版本,您可能有一个“编辑”选项,请先单击此选项,然后您将看到“添加...”选项。)
I just wanted to add this information as well.
http://www.mssqltips.com/sqlservertip/2528/database-attach-failure-in-sql-server-2008-r2/
Solution
You get this error because two different logins did the detach and attach operations. So the files, when detached, were owned by the first login, but the attach failed because the login that was used was not the owner of the mdf and ldf files.
When we detach database files, the owner becomes the person who did the detach command, so to resolve the issue we need to change or add the other login as the owner of the mdf and ldf files.
Right click on the "filename.mdf" file and select properties to check the permissions of the mdf file. Here we can see that only one account has permission to the "filename.mdf" file because that was the account that was used to detach the database.
To resolve this issue, click on the Add... button to add the other login or any other login needed and give the login Full Control. You should do this for the "ldf" file as well. Once you have completed this task click the OK button. (Note for other OS versions you may have an Edit option , click this first and then you will see the Add... option.)
我收到此错误。
就我而言,数据库安全并不重要。
我添加了每个人对 mdf 和 ldf 文件的完全控制权,
并附加顺利。
I got this error as sa.
In my case, database security didn't matter.
I added everyone full control to the mdf and ldf files,
and attach went fine.
对于任何遇到此问题的特定变体的人来说,我所拥有的价值是:
通过 App_data 文件夹的上下文菜单,我创建了一个用于调试目的的 SQL Express 数据库。连接字符串(由 NHibernate 使用)如下:
这在数据库文件上给了我相同的“访问被拒绝”错误。我尝试给予各种用户对文件夹和文件的完全控制权,甚至一度给予“每个人”。没有任何帮助,所以我再次删除了添加的权限。
最终解决的方法是在 Visual Studio 中打开服务器资源管理器,然后连接到 MDF,然后再次将其分离。完成此操作后,我的网络应用程序可以正常访问数据库。
附言。学分转到这篇博文 我在谷歌搜索这个特定问题时发现,触发了附加/分离数据库来解决问题的想法。
For what it's worth to anyone having the particular variation of this problem that I had:
Through the context menu of the App_data folder I had created a SQL Express database for debugging purposes. The connection string (used by NHibernate) was as follows:
This gave me the same "Access denied" error on the database file. I tried giving various users Full Control to the folder and files, at one point even to "Everyone". Nothing helped, so I removed the added permissions again.
What finally solved it was to open the Server Explorer in Visual Studio, then connect to the MDF, and detach it again. After I'd done that my web app could access the database just fine.
PS. Credits go to this blog post I found while googling this particular problem, triggering the idea to attach/detach the database to solve the issue.
我将数据库 mdf 从默认的 Data 文件夹移动到我的 asp.net app_data 文件夹,并在尝试将数据库重新设置为联机时遇到了此问题。
我将原始位置中其他文件数据库的安全设置与移动的文件进行了比较,发现 MSSQL$SQLEXPRESS 未为其新位置中的文件分配权限。我添加了“NT SERVICE\MSSQL$SQLEXPRESS”的完全控制(必须包括 NT SERVICE),并且它附加得很好。
原始数据文件夹似乎具有这些权限,并且文件继承了它。移动文件,继承当然会中断。
我检查了另一个项目的 mdf 文件,该文件是我直接创建到其 app_data 文件夹中的。它没有 MSSQL$SQLEXPRESS 权限。嗯。我想知道为什么 SQL Express 喜欢其中之一而不喜欢另一个?
I moved a database mdf from the default Data folder to my asp.net app_data folder and ran into this problem trying to set the database back online.
I compared the security settings of the other file databases in the original location to the moved files and noticed that MSSQL$SQLEXPRESS was not assigned permissions to the files in their new location. I added Full control for "NT SERVICE\MSSQL$SQLEXPRESS" (must include that NT SERVICE) and it attached just fine.
It appears that the original Data folder has these permissions and the files inherit it. Move the files and the inheritance breaks of course.
I checked another project's mdf file which I created directly into its app_data folder. it does not have MSSQL$SQLEXPRESS permissions. Hmmm. I wonder why SQL Express likes one but not the other?
这听起来像 NTFS 权限。这通常意味着您的 SQL Server 服务帐户对该文件具有只读访问权限(请注意,无论您如何登录,SQL Server 都使用相同的服务帐户来访问数据库文件)。您确定在以您自己身份登录和以 sa 身份登录之间没有更改文件夹权限吗?如果您断开并重试,还会出现同样的问题吗?
This sounds like NTFS permissions. It usually means your SQL Server service account has read only access to the file (note that SQL Server uses the same service account to access database files regardless of how you log in). Are you sure you didn't change the folder permissions in between logging in as yourself and logging in as sa? If you detach and try again, does it still have the same problem?
附加数据库时我遇到了同样的问题。这不是 SQL 问题,而是帐户问题。转到面板控制/用户帐户控制设置/设置为“从不通知”。最后,重新启动计算机,它对我有用。
I had the same issue when attaching a database. It wasn't a SQL issue it was an account issue. Go to the panel control/User Account Control Settings/Set to "never notify". Finally,restart the computer and it worked for me.
我通过右键单击数据库并删除日志文件来附加 mdf 文件
AdventureWorks2012_Data_log.ldf 位于向导中。 mdf 文件放置在以下位置
上述方法帮助我解决了问题。
I attached the mdf file by right clicking the database and removing the log file
AdventureWorks2012_Data_log.ldf in the wizard . The mdf file was placed in the following location
The above method helped me to resolve the issue .
将数据库复制到其他文件夹并附加或使用“Windows 身份验证”登录 SQLServer
Copy Database to an other folder and attach or Log in SQLServer with "Windows Authentication"
我正在阅读此页面,其中有一个有趣的句子:
当然,他们还有这样的:
因此,如果您是域管理员并且在 SQL“sysadmin”组中,那么世界应该是您的甲壳类动物。
当然,根据 Microsoft 的说法,您应该快速浏览一下这两个页面:
数据库先决条件链接
安装数据库的链接
您很顽皮并试图手动附加它们:) 说真的,您是否具备 AdventureWorks2008 数据库的所有先决条件?
我怀疑这只是微软的另一个奇怪/边缘案例,但我可能是错的。
I was reading this page and they have an interesting sentence in there:
Of course, they also have this:
So if you're a domain admin and in SQL 'sysadmin' group, the world should be your crustacean.
Of course, according to Microsoft, you should be taking a quick look at these two pages:
Link to Database Prerequisites
Link to Installing Databases
You're being naughty and trying to attach them manually :) Seriously though, do you have all the prerequisites for the AdventureWorks2008 database?
I suspect this is just another Microsoft oddity/edge case, but I could be wrong.
更改为
用于附加 -->对于 ATTACH_FORCE_REBUILD_LOG
change to
FOR ATTACH -- > FOR ATTACH_FORCE_REBUILD_LOG
我在 VS 2019 中遇到了同样的问题。如果有人仍然面临同样的问题,那么请确保您已经/执行了以下操作:
对于以前的版本,安装时安装此组件 - 您
必须在外部添加此组件
I was facing same issue in VS 2019. if anyone still facing same issue then please make sure you have/do following things:
this component while installing) for previous versions - you
have to add this component externally
它实际上是 NTFS 权限,也是 SQL Server 中的一个奇怪的错误。我不确定上述错误报告是否准确,或者可能引用了其他错误。
为了在 Windows 7 上解决此问题,我正常运行 SQL Server Management Studio(不是以管理员身份)。然后我尝试附加 MDF 文件。在此过程中,我使用了 UI,而不是粘贴到路径中。我发现我的路被切断了。这是因为软件为您添加的 MS SQL Server (SQLServerMSSQLUser$machinename$SQLEXPRESS) 用户没有访问该文件夹的权限(在本例中是我自己的用户文件夹深处的文件夹)。
粘贴路径并继续会导致上述错误。因此,我向 MS SQL Server 用户授予了从第一个被拒绝的目录(我的用户文件夹)开始读取的权限。然后,我立即取消了传播操作,因为它可能需要很长时间,并再次对下一个必要的子文件夹应用读取权限,并让它完全传播。
最后,我向 MS SQL Server 用户授予了对该数据库的 .mdf 和 .ldf 文件的修改权限。
我现在可以附加到数据库文件。
It is in fact NTFS permissions, and a strange bug in SQL Server. I'm not sure the above bug report is accurate, or may refer to an additional bug.
To resolve this on Windows 7, I ran SQL Server Management Studio normally (not as Administrator). I then attempted to Attach the MDF file. In the process, I used the UI rather than pasting in the path. I noticed that the path was cut off from me. This is because the MS SQL Server (SQLServerMSSQLUser$machinename$SQLEXPRESS) user that the software adds for you does not have permissions to access the folder (in this case a folder deep in my own user folders).
Pasting the path and proceeding results in the above error. So - I gave the MS SQL Server user permissions to read starting from the first directory it was denied from (my user folder). I then immediately cancelled the propagation operation because it can take an eternity, and again applied read permissions to the next subfolder necessary, and let that propagate fully.
Finally, I gave the MS SQL Server user Modify permissions to the .mdf and .ldf files for the db.
I can now Attach to the database files.
如果您运行 sql server 2012,则尝试附加旧版本的 mdf 文件可能会出现此错误。 ex 来自 sql server 2008 的 mdf 文件。
If you run sql server 2012 you can get this error by trying to attach an older version of an mdf-file. ex an mdf file from sql server 2008.
我通过将要附加到公共文件夹的 .mdf 文件解决了这个问题,在我的例子中,我将其移动到 users/public 文件夹。然后我从那里附加它,没有任何问题。希望这有帮助。
I have solved the problem by just move the .mdf file that you want to attach to the public folder, in my case I moved it to the users/public folder. Then I attach it from there without any problem. Hope this helps.
对于那些无法使用此处的其他解决方案解决问题的人,以下修复对我有用:
转到 SQL Server 安装中的“DATA”文件夹,右键单击“属性”、“安全”选项卡,然后为“添加完全控制权限”网络服务”用户。
http:// coding.wordpress.com/2008/08/25/sql-server-2005-expess-how-to-fix-error-3417/
(上面的链接适用于 SQL 2005,但这修复了 SQL 2008 R2为我安装)。
一些附加信息:在更换辅助硬盘驱动器(SQL 安装所在的位置)后,我出现了这个问题。我复制了所有文件,并将原来的盘符恢复到新硬盘上。但是,安全权限没有被复制。我想下次我会使用更好的复制数据的方法。
For those who could not fix the problem with the other solutions here, the following fix worked for me:
Go to your "DATA" folder in your SQL Server installation, right click, properties, security tab, and add full control permissions for the "NETWORK SERVICE" user.
http://decoding.wordpress.com/2008/08/25/sql-server-2005-expess-how-to-fix-error-3417/
(The above link is for SQL 2005, but this fixed a SQL 2008 R2 installation for me).
Some additional info: This problem showed up for me after replacing a secondary hard drive (which the SQL installation was on). I copied all the files, and restored the original drive letter to the new hard disk. However, the security permissions were not copied over. I think next time I will use a better method of copying data.
就我而言,解决问题的方法如下:
In my case what solved the problem was the folowing:
在分离数据库并将 ldf 和 mdf 文件从驱动器 C 移动到 F 后重新附加数据库时,我遇到了同样的问题。
为了修复它,我必须向这两个文件添加所有者权利主体,并使其完全控制它们“属性”对话框的“安全”选项卡。
I've had the same issue when re-attaching database after detaching it and moving ldf and mdf files from drive C to F.
In order to fix it I had to add OWNER RIGHTS principal to both files and gave it full control over them in the Security tab of the Properties dialog.