MSSQLSERVER_916

Details

Product Name

SQL Server

Product Version

10.5

Product Build Number

10.50

Event ID

916

Event Source

MSSQLSERVER

Component

SQLEngine

Symbolic Name

NOTUSER

Message Text

The server principal "%.*ls" is not able to access the database "%.*ls" under the current security context.

Explanation

The login does not have sufficient permissions to connect to the named database. Logins that can connect to this instance of SQL Server but that do not have specific permissions in a database receive the permissions of the guest user. This is a security measure to prevent users in one database from connecting to other databases where they do not have privileges. This error message can occur when the guest user does not have CONNECT permission to the named database and the trustworthy property is not set. This error message can occur when the guest user does not have CONNECT permission to the named database.

When CONNECT permission to the msdb database is denied or revoked, SQL Server Management Studio can receive this error when Object Explorer tries to show the Policy Based Management status of each database. Object Explorer uses the permissions of the current login to query the msdb database for this information, which causes the error. The following error message also occurs:

Failed to retrieve data for this request. (Microsoft.SqlServer.Management.Sdk.Sfc)

User Action

Warning

Before circumventing this security measure be sure to have a clear understanding of users are authenticated in various databases. The following methods may allow users that have permissions in one database to connect to other databases which could expose data to a malicious user.

You can connect to the database in one of the following ways:

  • Grant the specific login access to the named database. The following example grants the login Adventure-Works\Larry access to the msdb database.

    USE msdb ;

    GO

    GRANT CONNECT TO [Adventure-Works\Larry] ;

  • Grant the CONNECT permission to the database named in the error message for the guest user. The following example grants the CONNECT permission to the msdb database for the user guest.

    USE msdb ;

    GO

    GRANT CONNECT TO guest ;

  • Enable the TRUSTWORTHY property on the database that has authenticated the user.

    ALTER DATABASE AdventureWorks SET TRUSTWORTHY ON;