Home/ Questions/Q 6577425
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T15:38:02+00:00

Just reading this link: http://msdn.microsoft.com/en-us/library/aa833199.aspx It states: You cannot add users to roles in

  • 0

Just reading this link:

http://msdn.microsoft.com/en-us/library/aa833199.aspx

It states: You cannot add users to roles in a Data-tier Application (DAC) project because DAC projects do not support the EXEC StoredProcedure construct, except within the body of an object, such as a stored procedure or function. For more information, see the following page on the Microsoft Web site: Features Supported in Data-tier Applications.

So, how is it possible to grant any permission to anything as part of the deployment?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    After much digging and hacking, I finally have a solution.

    A few notes first:

    • the solution works on a brand-new DAC or an already-deployed DAC you are updating
    • my setup is VS10ult run on Win7x64 deploying to SQL Server 2008 R2 hosted in Server 2008 R2
    • all my deployment was done from VS10 — neither SSMS or the DAC PowerShell Scripts were able to deploy the DAC (both were attempted locally on the server)
    • as well, SSMS was unable to uninstall a DAC from the SQL Server Instance, but the DAC PS Scripts were able to (I included my locally-run PS script in the Footnote at the bottom)
    • the user that deploys/installs the DAC will get their login mapped to the db’s dbo user’s Login name

    To add a given domain user as a server login and db user with specific permissions:

    Step 1: create a Login

    • open the Data-Tier Application VS10 project
    • right-click the folder Schema Objects / Server Level Objects / Security / Logins
    • click Add then New Item
    • select the template Database Project / Security
    • select Login (Windows Auth)
    • hit <TAB> or click the Name textbox
    • type the bare login name (eg: for DOMAIN\USER just enter USER) and hit <Enter>

    • enter this for your code then save and close the file (USER.login.sql)

      create login [DOMAIN\USER] from windows

    Step 2: create a User

    • right-click the folder Schema Objects / Database Level Level Objects / Security / Users
    • click Add then New Item
    • select the template Database Project / Security
    • select User
    • hit <TAB> or click the Name textbox
    • type the bare user name (eg: for DOMAIN\USER just enter USER) and hit <Enter>

    • enter this for your code then save and close the file (USER.user.sql)

      create user [USER]
   for login [DOMAIN\USER]
   with default_schema = dbo;

    Step 3: grant the privileges on the user and/or login

    • right-click the folder Scripts / Post-Deployment
    • open the file Script.PostDeployment.sql for editing

    • enter this for your code then save and close the file

      alter login [DOMAIN\USER] enable
go

use [DAC-DB-NAME];

exec sp_addrolemember db_owner, [USER]
go

    • note that a set of grant statements can be substituted for the sp_addrolemember

    Ultimately, I think the real difficulty in doing this was how the post-deployment script is run. When run, the current Use database is initially set to master, but in order to issue the exec sp_addrolemember and/or grants, the use [DAC-DB-NAME]; must set the current database first. [End of pure speculation]

    Happy Coding!
    Robert McCall
    “Lasting peace & happiness for ALL human beings!”

    Footnote: PowerShell script (using DAC PS Scripts) to uninstall & drop a DAC db

    # *MUST* BE RUN AS Administrator
# Need extra line after next line to select the default 'Yes'
Set-ExecutionPolicy RemoteSigned

Import-Module DACModule

$svrName = "SERVER-NAME"
$dacName = "DAC-DB-NAME"

$svrCon = New-Object Microsoft.SqlServer.Management.Common.ServerConnection $svrName
$svrCon.Connect()

Uninstall-Dac -serverConnection $svrCon -dacInstanceName $dacName -uninstallMode DropDatabase

$svrCon.Disconnect()
    • 0