5. Creating Logins and Users
With SQL Azure, the process
of creating logins and users is mostly identical to that in SQL Server,
although certain limitations apply. To create a new login, you must be
connected to the master database. When you're connected, you create a
login using the CREATE LOGIN command. Then, you need to create a user account in the user database and assign access rights to that account.
5.1. Creating a New Login
Connect to the
master database using the administrator account (or any account with
the loginmanager role granted), and run the following command:
CREATE LOGIN test WITH PASSWORD = 'T3stPwd001'
At this point, you should have
a new login available called test. However, you can't log in until a
user has been created. To verify that your login has been created, run
the following command, for which the output is shown in Figure 11:
select * from sys.sql_logins
If you attempt to create the login account in a user database, you receive the error shown in Figure 12. The login must be created in the master database.
If your password isn't complex enough, you receive an error message similar to the one shown in Figure 13. Password complexity can't be turned off.
NOTE
Selecting a strong
password is critical when you're running in a cloud environment, even
if your database is used for development or test purposes. Strong
passwords and firewall rules are important security defenses against
attacks to your database.
5.2. Creating a New User
You can now create a user
account for your test login. To do so, connect to a user database using
the administrator account (you can also create a user in the master
database if this login should be able to connect to it), and run the
following command:
CREATE USER test FROM LOGIN test
If you attempt to create a user without first creating the login account, you receive a message similar to the one shown in Figure 14.
6. Assigning Access Rights
So far, you've created the
login account in the master database and the user account in the user
database. But this user account hasn't been assigned any access rights.
To allow the test account
to have unlimited access to the selected user database, you need to
assign the user to the db_owner group:
EXEC sp_addrolemember 'db_owner', 'test'
At this point, you're ready to use the test account to create tables, views, stored procedures, and more.
NOTE
In SQL Server,
user accounts are automatically assigned to the public role. However,
in SQL Azure the public role can't be assigned to user accounts for
enhanced security. As a result, specific access rights must be granted
in order to use a user account.
7. Understanding Billing for SQL Azure
SQL Azure is a
pay-as-you-go model, which includes a monthly fee based on the
cumulative number and size of your databases available daily, and a
usage fee based on actual bandwidth usage. However, as of this writing,
when the consuming application of a SQL Azure database is deployed as a
Windows Azure application or service, and it belongs to the same
geographic region as the database, the bandwidth fee is waived.
To view your current
bandwidth consumption and the databases you've provisioned from a
billing standpoint, you can run the following commands:
SELECT * FROM sys.database_usage -- databases defined
SELECT * FROM sys.bandwidth_usage -- bandwidth
The first statement
returns the number of databases available per day of a specific type:
Web or Business edition. This information is used to calculate your
monthly fee. The second statement shows a breakdown of hourly
consumption per database.
Figure 15 shows a sample output of the statement returning bandwidth consumption. This statement returns the following information:
time.
The hour for which the bandwidth applies. In this case, you're looking
at a summary between the hours of 1 AM and 2 AM on January 22, 2010.
database_name. The database for which the summary is available.
direction. The direction of data movement. Egress shows outbound data, and Ingress shows inbound data.
class.
External if the data was transferred from an application external to
Windows Azure (from a SQL Server Management Studio application, for
example). If the data was transferred from Windows Azure, this column
contains Internal.
time_period. The time window in which the data was transferred.
quantity. The amount of data transferred, in kilobytes (KB).
Visit http://www.microsoft.com/windowsazure for up-to-date pricing information.