Applies to: SQL Server (all supported versions)
|Product Name||SQL Server|
|Message Text||The server principal "%.*ls" is not able to access the database "%.*ls" under the current security context.|
The login does not have sufficient permissions to connect to the named database. Logins that can connect to this instance of SQL Server but that do not have specific permissions in a database receive the permissions of the guest user. This is a security measure to prevent users in one database from connecting to other databases where they do not have privileges. This error message can occur when the guest user does not have CONNECT permission to the named database and the trustworthy property is not set. This error message can occur when the guest user does not have CONNECT permission to the named database.
When CONNECT permission to the msdb database is denied or revoked, SQL Server Management Studio can receive this error when Object Explorer tries to show the Policy Based Management status of each database. Object Explorer uses the permissions of the current login to query the msdb database for this information, which causes the error. The following error message also occurs:
Failed to retrieve data for this request. (Microsoft.SqlServer.Management.Sdk.Sfc)
Before circumventing this security measure be sure to have a clear understanding of users are authenticated in various databases. The following methods may allow users that have permissions in one database to connect to other databases which could expose data to a malicious user. When contained databases are enabled, the following steps can allow database owners in one database to grant access to other database on the instance of SQL Server.
You can connect to the database in one of the following ways:
Grant the specific login access to the named database. The following example grants the login
Adventure-Works\Larryaccess to the
USE msdb ; GO GRANT CONNECT TO [Adventure-Works\Larry] ;
Grant the CONNECT permission to the database named in the error message for the guest user. The following example grants the
CONNECTpermission to the
msdbdatabase for the user
USE msdb ; GO GRANT CONNECT TO guest ;
Enable the TRUSTWORTHY property on the database that has authenticated the user.
ALTER DATABASE AdventureWorks SET TRUSTWORTHY ON;