Server role of public trumps db_owner and prevents SSMS from displaying database list?

Using SQL Server Management Studio for SQL Server 2008, I can successfully connect to the server (using SQL Server Authentication) but I cannot see the database list. When I click on the databases folder I get the error message: "The server principal "my_user_login" is not able to access the database "My_DB" under the security context. "My_user_login" is only a member of the public server role? Is this why Mangement Studio won't display contents of the databases folder? The documentation I've seen says that unless a user is specifically denied view access (s)he should be able to view all database definitions.

The user is a member of the db_owner database role for the database I'm trying to work on. Shouldn't this trump the server role of public and let me at least view the database in the SSMS Object Explorer?

asked Nov 04 '09 at 08:27 PM in Default

MGS
12 ● 1 ● 1 ● 1

(comments are locked)

3 answers:

How was the user created? Is this a restore of a db from another server? If so you may have an orphaned user, where the 'my_user_login' on the server isn't correctly associated to the 'my_user_login' on the db. This link on MSDN will guide you.

Edit: update

Sounds like you may not have the VIEW ANY DATABASE permission set

answered Nov 05 '09 at 05:14 AM

Kev Riley ♦♦
46.1k ● 39 ● 43 ● 69

I checked for orphaned users per the link above but that's not the case. 'my_user_login' was newly created. 'my_user_login' can query against the database, it just can't see the database list in SQL Server Management Studio. I'm just looking for confirmation that it's because the user only has a server_role of public. I would think that being db_owner of one of the databases on that server would allow 'my_user_login' to see at least that database in the object explorer pane.

Nov 05 '09 at 12:05 PM MGS

what do you get from running sp_helplogins 'my_user_login'? Also change to MyDb and run sp_helpuser 'my_user_login'. Might be easier to post the results as an edit to your original question.

Nov 05 '09 at 12:32 PM Kev Riley ♦♦

(comments are locked)

Kev had the answer. GRANT VIEW ANY DATABASE TO public did it. Thanks!

answered Nov 19 '09 at 01:42 PM

MGS
12 ● 1 ● 1 ● 1

Make sure you mark it as the answer by clicking on the tick next to it.

Nov 20 '09 at 10:56 AM Melvyn Harbour 1 ♦♦

(comments are locked)

While it doesn't fix your problem it may help answer your question.

The database is not the only thing that would end up under Object Explorer. You also retrieve status of the service. I suspect that you need Server Operator privileges for that functionality. Since your user only has Public he is denied the ability to populate the databases folder.

Looks like they get to do command-line management :)

answered Nov 06 '09 at 09:54 PM